Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/61pqBezJLAJE5VLA7yrYYgA1x4Q.roa
File:                     61pqBezJLAJE5VLA7yrYYgA1x4Q.roa (raw, json)
Hash identifier:          wkbkRNJ1tewUM/PlCjzz6x80lWa3MJj4NI3f+PnCsBo=
Subject key identifier:   EB:5A:6A:05:EC:C9:2C:02:44:E5:52:C0:EF:2A:D8:62:00:35:C7:84
Certificate issuer:       /CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
Certificate serial:       01941FFA04D33D3B2462B383AB78ED18165D
Authority key identifier: 1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/61pqBezJLAJE5VLA7yrYYgA1x4Q.roa
Signing time:             Wed 01 Jan 2025 03:47:46 +0000
ROA not before:           Wed 01 Jan 2025 03:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43289
IP address blocks:        194.61.32.0/24 maxlen: 24
                          194.61.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:04:d3:3d:3b:24:62:b3:83:ab:78:ed:18:16:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
        Validity
            Not Before: Jan  1 03:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb5a6a05ecc92c0244e552c0ef2ad8620035c784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ec:e9:eb:e4:82:e2:a7:b0:15:c8:9b:f3:82:
                    4c:6e:1b:50:8e:d7:f8:a6:11:79:ac:1d:dd:10:8b:
                    9f:39:dc:1b:ab:a5:37:bd:e3:09:62:ef:c7:bf:41:
                    1b:83:31:93:1d:79:fa:f2:d8:78:db:0c:fd:30:7b:
                    c0:c1:a3:5a:3b:45:b5:d6:9c:83:f9:15:aa:19:6b:
                    7a:4b:77:b6:78:7b:c3:aa:7e:1f:d1:1a:3f:2f:fe:
                    05:c6:95:02:66:36:39:e2:83:96:ce:f4:55:17:15:
                    3f:9b:5c:0a:a0:d3:81:3b:cc:47:3f:34:8b:54:a3:
                    25:15:96:56:4b:bf:13:2b:cb:59:31:ac:47:40:37:
                    0c:0b:50:f1:e5:7e:36:00:e4:0b:9c:27:bd:38:dd:
                    00:8c:41:72:35:66:6a:06:c1:6f:7f:90:c8:91:d9:
                    a8:df:41:17:0a:9c:bf:61:83:0b:00:78:0c:17:68:
                    54:63:6e:1a:15:68:21:8a:13:1e:e9:6c:36:9b:68:
                    60:60:5d:c8:f4:de:45:87:f2:71:d9:19:78:11:4c:
                    4d:03:b5:96:b6:74:dd:49:b6:16:53:ad:12:5f:d9:
                    88:a1:b6:0e:9e:cd:2a:84:2e:e1:5b:ed:70:d2:3f:
                    41:ed:21:f8:91:2e:9f:b2:2a:f6:31:e1:fb:47:de:
                    c5:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:5A:6A:05:EC:C9:2C:02:44:E5:52:C0:EF:2A:D8:62:00:35:C7:84
            X509v3 Authority Key Identifier:
                keyid:1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/61pqBezJLAJE5VLA7yrYYgA1x4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:c3:5f:bc:e9:4b:a1:b2:c5:39:f4:2e:a4:b6:dc:50:bc:bc:
         17:67:80:62:f0:51:fa:4d:0c:45:46:06:07:1f:dd:0a:74:33:
         70:f7:6a:7b:5d:2b:e7:ce:45:66:3f:c1:c6:82:98:65:ff:0a:
         4c:0f:7f:7c:d9:a0:18:9e:94:b5:2c:d8:bf:3e:5c:da:69:b3:
         b1:aa:68:68:76:6a:86:4d:66:22:50:5e:81:4c:6f:7a:07:dc:
         a0:0c:d4:b7:10:58:bc:cd:d1:cd:01:2a:85:16:2b:67:bf:a7:
         c4:19:7f:c1:9c:9a:87:3e:84:93:bc:31:12:4f:ec:13:f2:c3:
         79:0d:cc:57:47:47:cf:49:d8:ec:25:d2:11:a5:b1:7e:47:07:
         3f:33:36:b3:d5:61:de:70:34:81:b6:0e:60:51:cf:c3:e8:e1:
         82:f6:68:7f:37:31:9b:7a:e0:0a:29:ec:87:d2:33:d9:50:b3:
         fc:18:73:16:fc:6b:cb:b3:30:a7:25:7c:ee:1a:ce:e1:95:4e:
         6f:07:33:61:0c:a8:0f:f0:0b:3d:94:8a:ab:af:f2:f4:55:7d:
         1d:4d:ea:0e:c9:fb:dc:be:20:97:b5:3f:fe:50:f5:5c:ae:77:
         f3:bf:0b:94:32:e1:ac:57:36:5e:d5:7e:d8:6e:6b:c9:6a:07:
         bf:bc:17:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+gTTPTskYrODq3jtGBZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZDJkNDYzYWUxNTM0NmQ1ZWRkNzkzN2I4YmZhOGUwOWIx
NDM3NmQwHhcNMjUwMTAxMDM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjVhNmEwNWVjYzkyYzAyNDRlNTUyYzBlZjJhZDg2MjAwMzVjNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOzp6+SC4qewFcib84JMbhtQjtf4
phF5rB3dEIufOdwbq6U3veMJYu/Hv0EbgzGTHXn68th42wz9MHvAwaNaO0W11pyD
+RWqGWt6S3e2eHvDqn4f0Ro/L/4FxpUCZjY54oOWzvRVFxU/m1wKoNOBO8xHPzSL
VKMlFZZWS78TK8tZMaxHQDcMC1Dx5X42AOQLnCe9ON0AjEFyNWZqBsFvf5DIkdmo
30EXCpy/YYMLAHgMF2hUY24aFWghihMe6Ww2m2hgYF3I9N5Fh/Jx2Rl4EUxNA7WW
tnTdSbYWU60SX9mIobYOns0qhC7hW+1w0j9B7SH4kS6fsir2MeH7R97FvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtaagXsySwCROVSwO8q2GIANceEMB8GA1UdIwQY
MBaAFBvS1GOuFTRtXt15N7i/qOCbFDdtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzlMVVk2NFZORzFlM1hrM3VMLW80SnNVTjIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC83MGM0NzctYThjZC00YTcyLWI2Njkt
MWY5M2MyMzlhMDEyLzEvNjFwcUJlekpMQUpFNVZMQTd5cllZZ0ExeDRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC83MGM0NzctYThjZC00YTcyLWI2NjktMWY5M2MyMzlhMDEy
LzEvRzlMVVk2NFZORzFlM1hrM3VMLW80SnNVTjIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwj0gMA0G
CSqGSIb3DQEBCwUAA4IBAQCow1+86UuhssU59C6kttxQvLwXZ4Bi8FH6TQxFRgYH
H90KdDNw92p7XSvnzkVmP8HGgphl/wpMD3982aAYnpS1LNi/PlzaabOxqmhodmqG
TWYiUF6BTG96B9ygDNS3EFi8zdHNASqFFitnv6fEGX/BnJqHPoSTvDEST+wT8sN5
DcxXR0fPSdjsJdIRpbF+Rwc/Mzaz1WHecDSBtg5gUc/D6OGC9mh/NzGbeuAKKeyH
0jPZULP8GHMW/GvLszCnJXzuGs7hlU5vBzNhDKgP8As9lIqrr/L0VX0dTeoOyfvc
viCXtT/+UPVcrnfzvwuUMuGsVzZe1X7YbmvJage/vBew
-----END CERTIFICATE-----