Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/61-G3WXkR-SwbN4v7xZM_7MiENo.roa
File:                     61-G3WXkR-SwbN4v7xZM_7MiENo.roa (raw, json)
Hash identifier:          dPwb3l0zAU2N1RIH5n+vuaC+VR/dScikzlcMxqnd6Lg=
Subject key identifier:   EB:5F:86:DD:65:E4:47:E4:B0:6C:DE:2F:EF:16:4C:FF:B3:22:10:DA
Certificate issuer:       /CN=09c71460ea41d3e6565c4b410b26c9e78ce16f9f
Certificate serial:       019420D61540FD16CE5192C74B05415A5316
Authority key identifier: 09:C7:14:60:EA:41:D3:E6:56:5C:4B:41:0B:26:C9:E7:8C:E1:6F:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CccUYOpB0-ZWXEtBCybJ54zhb58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/61-G3WXkR-SwbN4v7xZM_7MiENo.roa
Signing time:             Wed 01 Jan 2025 07:48:08 +0000
ROA not before:           Wed 01 Jan 2025 07:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2119
IP address blocks:        91.220.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/CccUYOpB0-ZWXEtBCybJ54zhb58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/CccUYOpB0-ZWXEtBCybJ54zhb58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CccUYOpB0-ZWXEtBCybJ54zhb58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 16:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:15:40:fd:16:ce:51:92:c7:4b:05:41:5a:53:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09c71460ea41d3e6565c4b410b26c9e78ce16f9f
        Validity
            Not Before: Jan  1 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb5f86dd65e447e4b06cde2fef164cffb32210da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:94:57:d3:da:a4:1c:a2:4c:10:91:9e:92:50:
                    5d:ff:91:2d:d5:e3:95:dc:0a:9a:c7:aa:1e:f1:34:
                    d4:66:de:9f:c3:3e:3f:30:47:7c:b8:e9:d6:32:27:
                    e4:cb:5e:1f:58:28:9b:7f:75:21:bb:d3:9d:f7:e7:
                    a2:bf:90:f2:ea:d9:fa:35:ef:73:de:69:dc:7f:44:
                    32:e2:4b:7d:c8:5b:c5:34:06:d3:fd:d3:30:ed:d2:
                    cf:04:f8:5e:69:9a:8c:57:e0:bf:0f:d0:7a:a7:66:
                    59:b2:c0:d3:7a:ab:0b:fe:7b:6e:0b:e8:ae:02:00:
                    d4:ab:1a:d2:5f:82:10:f7:c1:f5:db:1b:fc:f6:62:
                    4c:9d:2c:e4:10:b1:4b:8a:01:b3:36:34:34:1f:22:
                    55:b0:2b:0d:64:28:da:19:51:7d:43:8d:30:ca:aa:
                    23:70:22:1b:99:61:65:be:15:26:4c:90:bc:2b:b9:
                    ac:55:5e:d3:35:5c:57:ec:b1:58:44:ae:9e:c6:97:
                    35:be:d4:91:f8:9a:dc:96:3a:28:e8:4b:84:05:40:
                    7a:dc:63:fb:61:8a:39:cf:82:55:a9:f5:17:b8:b5:
                    47:21:b7:70:ba:73:1f:d7:68:95:fc:49:ca:3f:cd:
                    a2:02:e3:30:d0:83:46:29:61:6c:1d:2f:fd:f8:6c:
                    73:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:5F:86:DD:65:E4:47:E4:B0:6C:DE:2F:EF:16:4C:FF:B3:22:10:DA
            X509v3 Authority Key Identifier:
                keyid:09:C7:14:60:EA:41:D3:E6:56:5C:4B:41:0B:26:C9:E7:8C:E1:6F:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CccUYOpB0-ZWXEtBCybJ54zhb58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/61-G3WXkR-SwbN4v7xZM_7MiENo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/115703-920b-4c51-b340-86cf06acbf41/1/CccUYOpB0-ZWXEtBCybJ54zhb58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:a1:da:2d:05:3d:d4:ab:73:04:1f:7b:23:6f:85:70:84:9a:
         f5:e9:de:b7:77:b4:b0:b1:64:d3:54:88:c4:e1:e9:68:b4:25:
         d4:f0:04:bb:30:0f:80:79:d5:45:5d:24:8e:e9:5a:1f:3b:fe:
         d1:92:8c:07:59:47:e4:ed:ee:69:0e:a8:7b:93:5c:8a:7e:aa:
         90:af:57:5f:b6:49:b3:cd:5c:6f:2a:1b:76:4c:b7:8a:18:fb:
         26:58:21:75:9a:66:03:7c:33:00:d2:c8:4b:0a:41:f9:2e:2f:
         c7:66:d6:fa:7c:49:6f:e1:4d:27:fd:e6:bd:07:44:28:3a:ae:
         78:98:05:69:2c:26:ed:3d:9f:25:e8:6c:f9:6d:45:9b:b2:00:
         11:ba:56:52:f2:db:ef:16:97:b0:91:28:09:f7:16:94:90:5c:
         a9:14:70:48:ae:ea:e7:67:68:9e:11:be:57:5f:53:a4:03:69:
         c3:da:c6:a9:c3:d8:d7:6b:05:e9:4d:07:7b:ea:d6:ae:a9:0f:
         f4:62:86:1d:30:8d:13:a0:06:67:3a:63:0e:73:5b:50:c9:77:
         72:57:0d:54:88:e0:1a:37:4f:2d:fd:6b:39:f9:c7:bc:6c:2c:
         6c:d4:04:d6:0f:4a:d6:48:de:ad:95:5a:8c:80:ef:cb:6a:c3:
         c5:e3:13:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1hVA/RbOUZLHSwVBWlMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5YzcxNDYwZWE0MWQzZTY1NjVjNGI0MTBiMjZjOWU3OGNl
MTZmOWYwHhcNMjUwMTAxMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjVmODZkZDY1ZTQ0N2U0YjA2Y2RlMmZlZjE2NGNmZmIzMjIxMGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZRX09qkHKJMEJGeklBd/5Et1eOV
3Aqax6oe8TTUZt6fwz4/MEd8uOnWMifky14fWCibf3Uhu9Od9+eiv5Dy6tn6Ne9z
3mncf0Qy4kt9yFvFNAbT/dMw7dLPBPheaZqMV+C/D9B6p2ZZssDTeqsL/ntuC+iu
AgDUqxrSX4IQ98H12xv89mJMnSzkELFLigGzNjQ0HyJVsCsNZCjaGVF9Q40wyqoj
cCIbmWFlvhUmTJC8K7msVV7TNVxX7LFYRK6expc1vtSR+Jrcljoo6EuEBUB63GP7
YYo5z4JVqfUXuLVHIbdwunMf12iV/EnKP82iAuMw0INGKWFsHS/9+GxzxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtfht1l5EfksGzeL+8WTP+zIhDaMB8GA1UdIwQY
MBaAFAnHFGDqQdPmVlxLQQsmyeeM4W+fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2NjVVlPcEIwLVpXWEV0QkN5Yko1NHpoYjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8xMTU3MDMtOTIwYi00YzUxLWIzNDAt
ODZjZjA2YWNiZjQxLzEvNjEtRzNXWGtSLVN3Yk40djd4Wk1fN01pRU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8xMTU3MDMtOTIwYi00YzUxLWIzNDAtODZjZjA2YWNiZjQx
LzEvQ2NjVVlPcEIwLVpXWEV0QkN5Yko1NHpoYjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9zZMA0G
CSqGSIb3DQEBCwUAA4IBAQA+odotBT3Uq3MEH3sjb4VwhJr16d63d7SwsWTTVIjE
4elotCXU8AS7MA+AedVFXSSO6VofO/7RkowHWUfk7e5pDqh7k1yKfqqQr1dftkmz
zVxvKht2TLeKGPsmWCF1mmYDfDMA0shLCkH5Li/HZtb6fElv4U0n/ea9B0QoOq54
mAVpLCbtPZ8l6Gz5bUWbsgARulZS8tvvFpewkSgJ9xaUkFypFHBIrurnZ2ieEb5X
X1OkA2nD2sapw9jXawXpTQd76tauqQ/0YoYdMI0ToAZnOmMOc1tQyXdyVw1UiOAa
N08t/Ws5+ce8bCxs1ATWD0rWSN6tlVqMgO/LasPF4xMw
-----END CERTIFICATE-----