Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/iB0nh2pqz5-ySXR-fF2YCAS68X8.roa
File:                     iB0nh2pqz5-ySXR-fF2YCAS68X8.roa (raw, json)
Hash identifier:          Y94jSzgT6noKQkiYTVT17vXi3fN7I6D0Bkm1xKFYYKk=
Subject key identifier:   88:1D:27:87:6A:6A:CF:9F:B2:49:74:7E:7C:5D:98:08:04:BA:F1:7F
Certificate issuer:       /CN=ba970de126b3a0b548dad76f5efa88855c6f1ff2
Certificate serial:       0194252194D60C73C6D76ACDA2992D671A8B
Authority key identifier: BA:97:0D:E1:26:B3:A0:B5:48:DA:D7:6F:5E:FA:88:85:5C:6F:1F:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/upcN4SazoLVI2tdvXvqIhVxvH_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/iB0nh2pqz5-ySXR-fF2YCAS68X8.roa
Signing time:             Thu 02 Jan 2025 03:49:05 +0000
ROA not before:           Thu 02 Jan 2025 03:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57913
IP address blocks:        37.61.228.0/24 maxlen: 24
                          81.30.109.0/24 maxlen: 24
                          2a13:f600::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/upcN4SazoLVI2tdvXvqIhVxvH_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/upcN4SazoLVI2tdvXvqIhVxvH_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/upcN4SazoLVI2tdvXvqIhVxvH_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:94:d6:0c:73:c6:d7:6a:cd:a2:99:2d:67:1a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba970de126b3a0b548dad76f5efa88855c6f1ff2
        Validity
            Not Before: Jan  2 03:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=881d27876a6acf9fb249747e7c5d980804baf17f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fe:98:a7:68:93:d2:4f:aa:1b:84:1f:8f:aa:
                    33:7a:0c:62:13:c9:2f:a8:b8:54:59:ee:56:dc:0b:
                    47:cc:46:c5:1f:e3:90:1c:1f:4f:5a:85:d6:21:5f:
                    ab:a9:f2:3b:db:1c:4d:91:35:bd:f6:5d:ba:b0:0a:
                    84:d1:ba:1b:91:a2:82:ef:34:44:ce:a2:25:c4:e4:
                    9c:2a:c3:84:5a:5b:a4:3c:2b:c3:0b:b1:4b:ba:72:
                    4f:7b:53:c9:bb:f4:e5:bd:59:e9:69:a2:bb:cd:be:
                    2c:a6:7e:0e:1c:1e:e0:69:95:e5:3e:86:9b:73:89:
                    61:5c:7f:3e:25:d6:a9:c7:7e:a4:f9:8a:cb:8c:f5:
                    f5:6c:f8:fb:b5:fb:84:3e:81:66:87:e5:e1:09:23:
                    bd:c0:84:5a:cd:ec:61:cd:82:7f:12:6b:26:6f:72:
                    a7:42:41:94:e2:25:6c:0f:f1:36:15:2d:86:82:22:
                    db:ac:2b:53:ba:7d:98:6f:7c:ab:07:3b:7c:75:e5:
                    90:8a:64:d1:73:3e:9d:b8:85:08:1d:ab:03:b2:9c:
                    b9:cb:3b:7a:8b:22:d9:80:ff:2b:51:39:fb:4b:72:
                    05:c8:88:6f:96:29:0f:e7:8b:91:7d:18:16:ed:a9:
                    b0:ce:d2:1f:2a:9e:5a:42:01:db:cc:a1:62:bb:bf:
                    41:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:1D:27:87:6A:6A:CF:9F:B2:49:74:7E:7C:5D:98:08:04:BA:F1:7F
            X509v3 Authority Key Identifier:
                keyid:BA:97:0D:E1:26:B3:A0:B5:48:DA:D7:6F:5E:FA:88:85:5C:6F:1F:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/upcN4SazoLVI2tdvXvqIhVxvH_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/iB0nh2pqz5-ySXR-fF2YCAS68X8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/upcN4SazoLVI2tdvXvqIhVxvH_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.228.0/24
                  81.30.109.0/24
                IPv6:
                  2a13:f600::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:6e:e6:bd:73:02:e5:10:64:6d:6a:c1:aa:4e:e2:8f:4b:26:
         56:38:51:82:2f:ad:86:9b:72:ae:23:d2:9e:c7:bd:8b:45:ed:
         52:a1:d1:aa:d3:0e:99:17:e0:1a:c3:7e:26:65:e1:d2:1c:3f:
         ae:39:40:76:2e:fd:1b:de:fe:72:5e:6e:27:80:e8:4b:e9:41:
         a4:fe:1a:a9:48:4c:e6:9d:43:84:c2:fb:ec:60:02:37:8c:6d:
         be:94:08:1c:e6:fc:6d:d1:31:1e:72:f3:5b:70:fc:a0:d9:7c:
         40:44:b7:10:e5:b8:82:84:fe:79:ee:8e:38:d8:6d:9d:5f:4e:
         f0:bb:df:88:cd:d2:78:52:72:af:5f:3f:d4:96:43:02:5a:ab:
         50:fa:97:92:9b:69:14:5c:b8:4e:aa:36:ca:33:79:03:67:17:
         e8:15:95:d1:d0:77:dd:64:2e:eb:9b:df:86:b6:f1:dd:57:ce:
         69:74:63:d2:d7:0e:fe:7c:de:00:bc:bc:7e:93:e7:c2:90:1e:
         e5:2f:8f:6d:fd:77:47:70:ef:ce:17:43:77:74:b4:5b:3a:5f:
         c4:ff:e6:20:55:08:7a:7e:2a:95:c0:e9:8d:a3:42:0d:5e:96:
         ad:59:cb:a9:31:9a:e7:e2:e0:c6:ec:00:dd:91:cb:cd:8d:b7:
         f3:d1:6c:e0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlIZTWDHPG12rNopktZxqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOTcwZGUxMjZiM2EwYjU0OGRhZDc2ZjVlZmE4ODg1NWM2
ZjFmZjIwHhcNMjUwMTAyMDM0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODFkMjc4NzZhNmFjZjlmYjI0OTc0N2U3YzVkOTgwODA0YmFmMTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxP6Yp2iT0k+qG4Qfj6ozegxiE8kv
qLhUWe5W3AtHzEbFH+OQHB9PWoXWIV+rqfI72xxNkTW99l26sAqE0bobkaKC7zRE
zqIlxOScKsOEWlukPCvDC7FLunJPe1PJu/TlvVnpaaK7zb4spn4OHB7gaZXlPoab
c4lhXH8+Jdapx36k+YrLjPX1bPj7tfuEPoFmh+XhCSO9wIRazexhzYJ/Emsmb3Kn
QkGU4iVsD/E2FS2GgiLbrCtTun2Yb3yrBzt8deWQimTRcz6duIUIHasDspy5yzt6
iyLZgP8rUTn7S3IFyIhvlikP54uRfRgW7amwztIfKp5aQgHbzKFiu79BpwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIgdJ4dqas+fskl0fnxdmAgEuvF/MB8GA1UdIwQY
MBaAFLqXDeEms6C1SNrXb176iIVcbx/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXBjTjRTYXpvTFZJMnRkdlh2cUloVnh2SF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9hZjcyZTgtZjBkMi00ZDY2LWI1MjAt
M2FiYTU5NWI1OGE4LzEvaUIwbmgycHF6NS15U1hSLWZGMllDQVM2OFg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9hZjcyZTgtZjBkMi00ZDY2LWI1MjAtM2FiYTU5NWI1OGE4
LzEvdXBjTjRTYXpvTFZJMnRkdlh2cUloVnh2SF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAJT3kAwQA
UR5tMA0EAgACMAcDBQMqE/YAMA0GCSqGSIb3DQEBCwUAA4IBAQAWbua9cwLlEGRt
asGqTuKPSyZWOFGCL62Gm3KuI9Kex72LRe1SodGq0w6ZF+Aaw34mZeHSHD+uOUB2
Lv0b3v5yXm4ngOhL6UGk/hqpSEzmnUOEwvvsYAI3jG2+lAgc5vxt0TEecvNbcPyg
2XxARLcQ5biChP557o442G2dX07wu9+IzdJ4UnKvXz/UlkMCWqtQ+peSm2kUXLhO
qjbKM3kDZxfoFZXR0HfdZC7rm9+GtvHdV85pdGPS1w7+fN4AvLx+k+fCkB7lL49t
/XdHcO/OF0N3dLRbOl/E/+YgVQh6fiqVwOmNo0INXpatWcupMZrn4uDG7ADdkcvN
jbfz0Wzg
-----END CERTIFICATE-----