Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/61-rGEbSQyHAtyvdUUVFeX8CZDc.roa
File:                     61-rGEbSQyHAtyvdUUVFeX8CZDc.roa (raw, json)
Hash identifier:          W+gJHwCoJVv2zr1lMHxbjUeMGc2KFHB9jjEeCuM4tRQ=
Subject key identifier:   EB:5F:AB:18:46:D2:43:21:C0:B7:2B:DD:51:45:45:79:7F:02:64:37
Certificate issuer:       /CN=3a41b155aab6d1229fd348eaa03d0f7903f1267a
Certificate serial:       018CC500F8E55308676F7D286FB95C7888BD
Authority key identifier: 3A:41:B1:55:AA:B6:D1:22:9F:D3:48:EA:A0:3D:0F:79:03:F1:26:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OkGxVaq20SKf00jqoD0PeQPxJno.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/61-rGEbSQyHAtyvdUUVFeX8CZDc.roa
Signing time:             Mon 01 Jan 2024 12:30:24 +0000
ROA not before:           Mon 01 Jan 2024 12:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        185.197.136.0/22 maxlen: 22
                          2a0a:7a40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/OkGxVaq20SKf00jqoD0PeQPxJno.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/OkGxVaq20SKf00jqoD0PeQPxJno.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OkGxVaq20SKf00jqoD0PeQPxJno.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:f8:e5:53:08:67:6f:7d:28:6f:b9:5c:78:88:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a41b155aab6d1229fd348eaa03d0f7903f1267a
        Validity
            Not Before: Jan  1 12:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb5fab1846d24321c0b72bdd514545797f026437
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2d:a8:f6:1a:ee:36:0b:53:3b:b5:e6:34:9e:
                    6f:6f:5d:2e:38:76:1c:82:dc:f1:0e:8b:3b:32:ce:
                    7e:66:1f:6e:e4:a4:6f:3c:5a:fe:4e:02:6c:c3:94:
                    18:37:cd:90:e1:ff:8e:09:28:76:f7:f2:6b:34:d2:
                    68:c3:65:df:9f:21:1b:82:0a:9a:3b:4d:04:f2:4b:
                    84:3b:3a:1f:1e:97:4b:61:54:a0:93:a7:c8:7a:f4:
                    a5:9a:08:a1:0a:67:24:71:bc:b6:93:3b:96:81:97:
                    57:bf:54:1f:7d:ad:da:b3:3b:79:cc:65:10:a6:75:
                    31:6f:27:1d:cd:da:75:49:8b:2f:a8:9e:ac:5d:3f:
                    7c:44:3e:ce:9b:f7:90:0d:85:3f:81:6a:2b:5c:54:
                    29:f1:86:a9:0a:a4:73:a8:11:94:97:f8:f7:68:fa:
                    3e:24:c7:ea:0e:23:1d:ec:09:20:80:b1:9e:87:1f:
                    1e:a6:da:47:41:76:b0:f1:d8:7b:99:a4:3a:29:ac:
                    45:d3:4c:76:09:6f:ec:28:ed:64:f3:f3:67:e7:ca:
                    ba:eb:64:1c:98:fa:ee:d2:26:bd:87:5c:e6:44:68:
                    78:49:59:b8:65:1d:44:39:23:27:14:eb:fb:36:17:
                    ae:c3:4c:51:fe:26:7f:e1:6c:d3:2b:9c:cc:c6:e2:
                    7b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:5F:AB:18:46:D2:43:21:C0:B7:2B:DD:51:45:45:79:7F:02:64:37
            X509v3 Authority Key Identifier:
                keyid:3A:41:B1:55:AA:B6:D1:22:9F:D3:48:EA:A0:3D:0F:79:03:F1:26:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OkGxVaq20SKf00jqoD0PeQPxJno.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/61-rGEbSQyHAtyvdUUVFeX8CZDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/bccaea-68ce-4224-97a5-2b3b4c780419/1/OkGxVaq20SKf00jqoD0PeQPxJno.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.136.0/22
                IPv6:
                  2a0a:7a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:c5:9f:98:e0:8a:ee:0a:97:17:e2:42:b9:9a:77:dd:10:e1:
         de:d1:65:89:48:1b:dc:76:c4:c1:ae:c8:07:ee:01:d3:27:2d:
         55:13:c4:52:40:a8:c7:e6:da:3d:f5:e3:8b:ee:15:af:86:6a:
         e6:7a:1d:92:7d:2c:b1:06:cd:db:5c:44:e9:14:be:4e:0a:03:
         1a:5d:eb:b9:97:c9:88:39:8d:91:56:6f:1a:6e:80:c7:05:91:
         42:57:7e:b3:26:18:c5:e8:58:db:92:b8:4a:7a:89:59:9b:4a:
         8e:f6:cb:f9:83:de:85:52:28:fb:c3:05:b7:72:35:f7:88:d5:
         a7:f9:84:cc:c3:66:39:0d:de:7c:9e:74:f7:70:bb:ec:56:0c:
         56:00:13:79:6d:6f:b6:69:20:12:ac:3c:0f:ce:4b:41:82:d5:
         d5:d5:9a:37:27:cf:71:84:b0:f7:74:91:98:a2:7e:86:49:52:
         1e:ed:ad:c1:45:a9:55:d5:1a:32:af:95:6d:05:1c:23:bb:26:
         7f:b9:6c:bd:56:08:a0:95:a3:07:8f:8c:39:41:7c:d4:f7:80:
         1b:5b:75:fb:3b:05:7e:bd:ed:f8:b2:8f:0f:ef:7e:ed:12:2c:
         25:d2:43:5a:99:b0:ca:f4:2a:68:9e:e9:25:d6:63:15:01:b4:
         a1:6c:e8:79
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAPjlUwhnb30ob7lceIi9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNDFiMTU1YWFiNmQxMjI5ZmQzNDhlYWEwM2QwZjc5MDNm
MTI2N2EwHhcNMjQwMTAxMTIzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjVmYWIxODQ2ZDI0MzIxYzBiNzJiZGQ1MTQ1NDU3OTdmMDI2NDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAry2o9hruNgtTO7XmNJ5vb10uOHYc
gtzxDos7Ms5+Zh9u5KRvPFr+TgJsw5QYN82Q4f+OCSh29/JrNNJow2XfnyEbggqa
O00E8kuEOzofHpdLYVSgk6fIevSlmgihCmckcby2kzuWgZdXv1Qffa3aszt5zGUQ
pnUxbycdzdp1SYsvqJ6sXT98RD7Om/eQDYU/gWorXFQp8YapCqRzqBGUl/j3aPo+
JMfqDiMd7AkggLGehx8eptpHQXaw8dh7maQ6KaxF00x2CW/sKO1k8/Nn58q662Qc
mPru0ia9h1zmRGh4SVm4ZR1EOSMnFOv7Nheuw0xR/iZ/4WzTK5zMxuJ76wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOtfqxhG0kMhwLcr3VFFRXl/AmQ3MB8GA1UdIwQY
MBaAFDpBsVWqttEin9NI6qA9D3kD8SZ6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2tHeFZhcTIwU0tmMDBqcW9EMFBlUVB4Sm5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9iY2NhZWEtNjhjZS00MjI0LTk3YTUt
MmIzYjRjNzgwNDE5LzEvNjEtckdFYlNReUhBdHl2ZFVVVkZlWDhDWkRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9iY2NhZWEtNjhjZS00MjI0LTk3YTUtMmIzYjRjNzgwNDE5
LzEvT2tHeFZhcTIwU0tmMDBqcW9EMFBlUVB4Sm5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucWIMA0E
AgACMAcDBQMqCnpAMA0GCSqGSIb3DQEBCwUAA4IBAQAIxZ+Y4IruCpcX4kK5mnfd
EOHe0WWJSBvcdsTBrsgH7gHTJy1VE8RSQKjH5to99eOL7hWvhmrmeh2SfSyxBs3b
XETpFL5OCgMaXeu5l8mIOY2RVm8aboDHBZFCV36zJhjF6FjbkrhKeolZm0qO9sv5
g96FUij7wwW3cjX3iNWn+YTMw2Y5Dd58nnT3cLvsVgxWABN5bW+2aSASrDwPzktB
gtXV1Zo3J89xhLD3dJGYon6GSVIe7a3BRalV1Royr5VtBRwjuyZ/uWy9VgiglaMH
j4w5QXzU94AbW3X7OwV+ve34so8P737tEiwl0kNambDK9Cponukl1mMVAbShbOh5
-----END CERTIFICATE-----