Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/43629a-5a4d-4bdf-99f8-2bb65408df74/1/b3fMK2EEtsIrZoNc5iGA0iMeYbU.roa
File:                     b3fMK2EEtsIrZoNc5iGA0iMeYbU.roa (raw, json)
Hash identifier:          4OmAdiHXhIiRoybl2xnv4bS44rFBIuMNJjiQ5B3eOEo=
Subject key identifier:   6F:77:CC:2B:61:04:B6:C2:2B:66:83:5C:E6:21:80:D2:23:1E:61:B5
Certificate issuer:       /CN=44d3cc591ceba386130f3c9f7426458b8887c2eb
Certificate serial:       018CC49329797D7FB936B1A55A25500A2F0E
Authority key identifier: 44:D3:CC:59:1C:EB:A3:86:13:0F:3C:9F:74:26:45:8B:88:87:C2:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RNPMWRzro4YTDzyfdCZFi4iHwus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/43629a-5a4d-4bdf-99f8-2bb65408df74/1/b3fMK2EEtsIrZoNc5iGA0iMeYbU.roa
Signing time:             Mon 01 Jan 2024 10:30:27 +0000
ROA not before:           Mon 01 Jan 2024 10:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        194.61.25.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/43629a-5a4d-4bdf-99f8-2bb65408df74/1/RNPMWRzro4YTDzyfdCZFi4iHwus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/43629a-5a4d-4bdf-99f8-2bb65408df74/1/RNPMWRzro4YTDzyfdCZFi4iHwus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RNPMWRzro4YTDzyfdCZFi4iHwus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:29:79:7d:7f:b9:36:b1:a5:5a:25:50:0a:2f:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44d3cc591ceba386130f3c9f7426458b8887c2eb
        Validity
            Not Before: Jan  1 10:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f77cc2b6104b6c22b66835ce62180d2231e61b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e4:a2:40:3d:15:34:ab:75:c4:fc:b8:8c:d0:
                    8b:1c:23:f6:31:f9:21:dc:df:c0:c8:bb:25:d1:64:
                    23:e4:4f:47:b8:fa:f2:32:57:03:35:98:b8:5b:9c:
                    19:2b:0d:6c:53:59:ea:85:97:12:43:85:3d:4d:49:
                    e1:54:f4:a4:a8:0c:6d:d3:70:9d:c3:7d:f7:b9:ce:
                    2f:42:74:85:62:23:93:b5:6e:26:71:c7:9a:8e:72:
                    ed:91:34:9a:aa:0d:b8:db:9a:ab:f1:ae:40:79:de:
                    38:5a:f2:2a:52:11:34:c7:08:87:c3:1c:ed:35:c8:
                    bf:b9:c6:dd:60:81:fe:13:2a:38:0e:15:b6:a0:3b:
                    ca:bd:f0:59:c1:d9:13:0e:7d:4e:71:b5:7b:eb:16:
                    bf:e8:d1:be:50:a3:3f:ab:94:4c:09:95:0d:74:20:
                    8f:28:e3:0b:67:4e:8f:4d:ea:e1:d7:25:ef:69:53:
                    8d:e0:77:94:8b:e0:83:45:75:e1:90:5b:e6:58:ec:
                    0a:b8:ce:0c:00:b1:5d:f7:9f:86:b6:9a:2e:1a:01:
                    2a:d7:71:a9:7c:29:34:e0:97:42:2b:49:46:44:3e:
                    10:4a:16:7c:d9:d8:c1:d5:0f:34:fc:0a:36:70:c7:
                    05:10:b3:58:f4:b9:13:5f:a7:f8:ec:95:74:26:d1:
                    12:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:77:CC:2B:61:04:B6:C2:2B:66:83:5C:E6:21:80:D2:23:1E:61:B5
            X509v3 Authority Key Identifier:
                keyid:44:D3:CC:59:1C:EB:A3:86:13:0F:3C:9F:74:26:45:8B:88:87:C2:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RNPMWRzro4YTDzyfdCZFi4iHwus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/43629a-5a4d-4bdf-99f8-2bb65408df74/1/b3fMK2EEtsIrZoNc5iGA0iMeYbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/43629a-5a4d-4bdf-99f8-2bb65408df74/1/RNPMWRzro4YTDzyfdCZFi4iHwus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:27:8f:cb:ad:c9:39:c6:87:0b:b4:76:1a:80:69:7c:0d:cf:
         e3:06:df:f6:08:b0:e3:c6:a2:26:5e:be:d2:5e:f9:1b:e9:75:
         30:3e:95:04:8a:9f:51:4f:b0:5b:85:ce:52:74:1f:bc:64:bf:
         4e:4a:f6:ac:83:4c:20:2f:11:cb:15:04:1c:ea:44:ee:ad:0e:
         13:74:41:81:cb:fe:f0:ef:06:ec:24:5c:49:73:63:c7:84:36:
         76:c4:c1:10:a7:f8:14:45:95:70:03:9f:e1:2e:a7:5b:94:39:
         f4:b6:83:17:46:4b:d5:92:b6:45:26:2b:11:c1:c4:96:33:47:
         fc:86:43:f2:90:eb:59:94:a4:bc:2b:1d:cd:08:38:22:16:16:
         3b:0b:b9:6f:07:0b:48:44:f9:0b:42:f3:56:eb:8a:12:27:13:
         10:4c:04:d2:36:8f:2e:85:1d:3d:3a:e4:f7:bf:fa:d2:c5:ae:
         45:c1:08:18:62:75:75:7f:04:16:81:f3:b2:ad:63:d3:ef:56:
         07:f9:66:9d:72:76:b5:1d:c5:b1:c4:d1:21:86:3f:a7:a0:7c:
         69:68:3b:75:3c:6c:fa:37:d7:d3:f3:82:75:16:ee:9b:39:12:
         cc:50:5c:48:aa:bb:b5:f8:0c:5b:7f:26:62:37:dd:a3:1b:6d:
         38:75:6e:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkyl5fX+5NrGlWiVQCi8OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZDNjYzU5MWNlYmEzODYxMzBmM2M5Zjc0MjY0NThiODg4
N2MyZWIwHhcNMjQwMTAxMTAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Zjc3Y2MyYjYxMDRiNmMyMmI2NjgzNWNlNjIxODBkMjIzMWU2MWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeSiQD0VNKt1xPy4jNCLHCP2Mfkh
3N/AyLsl0WQj5E9HuPryMlcDNZi4W5wZKw1sU1nqhZcSQ4U9TUnhVPSkqAxt03Cd
w333uc4vQnSFYiOTtW4mcceajnLtkTSaqg2425qr8a5Aed44WvIqUhE0xwiHwxzt
Nci/ucbdYIH+Eyo4DhW2oDvKvfBZwdkTDn1OcbV76xa/6NG+UKM/q5RMCZUNdCCP
KOMLZ06PTerh1yXvaVON4HeUi+CDRXXhkFvmWOwKuM4MALFd95+GtpouGgEq13Gp
fCk04JdCK0lGRD4QShZ82djB1Q80/Ao2cMcFELNY9LkTX6f47JV0JtES4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG93zCthBLbCK2aDXOYhgNIjHmG1MB8GA1UdIwQY
MBaAFETTzFkc66OGEw88n3QmRYuIh8LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk5QTVdSenJvNFlURHp5ZmRDWkZpNGlId3VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My80MzYyOWEtNWE0ZC00YmRmLTk5Zjgt
MmJiNjU0MDhkZjc0LzEvYjNmTUsyRUV0c0lyWm9OYzVpR0EwaU1lWWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My80MzYyOWEtNWE0ZC00YmRmLTk5ZjgtMmJiNjU0MDhkZjc0
LzEvUk5QTVdSenJvNFlURHp5ZmRDWkZpNGlId3VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj0ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCUJ4/Lrck5xocLtHYagGl8Dc/jBt/2CLDjxqImXr7S
Xvkb6XUwPpUEip9RT7Bbhc5SdB+8ZL9OSvasg0wgLxHLFQQc6kTurQ4TdEGBy/7w
7wbsJFxJc2PHhDZ2xMEQp/gURZVwA5/hLqdblDn0toMXRkvVkrZFJisRwcSWM0f8
hkPykOtZlKS8Kx3NCDgiFhY7C7lvBwtIRPkLQvNW64oSJxMQTATSNo8uhR09OuT3
v/rSxa5FwQgYYnV1fwQWgfOyrWPT71YH+Wadcna1HcWxxNEhhj+noHxpaDt1PGz6
N9fT84J1Fu6bORLMUFxIqru1+AxbfyZiN92jG204dW7U
-----END CERTIFICATE-----