Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/b1B34JvO-GcunbVTm8j4sBQw6MA.roa
File:                     b1B34JvO-GcunbVTm8j4sBQw6MA.roa (raw, json)
Hash identifier:          0+rTmm2udmOGJ/v+UrcQLZyo966itB803WI6uUxjsqQ=
Subject key identifier:   6F:50:77:E0:9B:CE:F8:67:2E:9D:B5:53:9B:C8:F8:B0:14:30:E8:C0
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       0194266B61F0EC4CEE3914F727FC1EDCD2B9
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/b1B34JvO-GcunbVTm8j4sBQw6MA.roa
Signing time:             Thu 02 Jan 2025 09:49:19 +0000
ROA not before:           Thu 02 Jan 2025 09:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201464
IP address blocks:        185.74.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:61:f0:ec:4c:ee:39:14:f7:27:fc:1e:dc:d2:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  2 09:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f5077e09bcef8672e9db5539bc8f8b01430e8c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f5:2f:75:8b:bc:11:5e:d8:1d:f0:73:f6:36:
                    5f:ab:a0:6a:43:43:cb:da:a6:61:e0:1c:90:ff:ea:
                    0e:9b:6e:2a:1d:e2:ab:97:68:d3:b4:67:cd:d3:46:
                    d2:2d:65:59:6d:16:51:71:fb:0a:e3:d2:f3:bc:be:
                    88:22:07:bb:65:54:0b:44:15:1c:9b:a5:5c:a0:e7:
                    80:b8:ed:d7:d7:c0:e6:d4:ae:4c:8a:3b:c1:e0:91:
                    96:18:b7:13:24:c6:de:57:42:21:e2:df:9b:02:83:
                    40:ca:83:03:30:d1:d9:cc:df:d9:1c:15:02:0c:0d:
                    53:dc:b3:97:b7:15:76:2a:2c:1b:1b:d3:2e:0a:96:
                    14:b7:91:35:4a:97:4a:d6:0d:24:8e:ed:4f:fb:60:
                    f3:18:f5:e4:90:8a:12:7d:9c:32:66:5b:58:81:76:
                    94:69:6a:28:eb:1e:b6:42:ba:0a:9d:2b:93:d2:dc:
                    fd:fb:d4:5d:d7:08:75:3b:1e:0f:35:a1:5e:94:37:
                    68:1a:11:1d:64:68:be:a8:ba:bf:df:c7:fe:49:bb:
                    82:89:df:5d:78:4e:83:5d:aa:1f:49:87:c8:e2:30:
                    6e:ed:0d:83:f5:8d:1d:dc:68:bf:2f:6d:2d:c4:35:
                    ea:09:81:5b:cc:d3:cf:a7:71:ad:9a:87:03:cd:2c:
                    e8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:50:77:E0:9B:CE:F8:67:2E:9D:B5:53:9B:C8:F8:B0:14:30:E8:C0
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/b1B34JvO-GcunbVTm8j4sBQw6MA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:ac:7d:96:16:d4:0c:9e:b9:9e:9d:83:2e:f6:2b:5e:6a:3b:
         ec:4e:5c:1e:5a:fa:4b:2a:47:71:03:00:55:65:22:07:49:c0:
         b1:dd:9e:da:0b:1c:60:70:33:46:7a:36:df:fb:9e:88:a7:37:
         1a:56:55:0b:c3:b8:19:e3:77:85:ba:c4:61:32:b8:95:26:0b:
         51:f0:be:38:56:68:46:f7:4b:45:8e:c0:16:2e:a1:26:7a:f7:
         55:17:d9:43:ae:f9:94:c0:b1:d1:1c:11:3c:ae:c5:a7:4b:01:
         59:e1:85:78:57:aa:b1:83:bf:ff:3d:b9:1c:c1:db:9f:44:c3:
         35:9e:3c:3e:f5:82:f8:6d:12:c1:7b:d0:47:2f:82:5d:fc:4a:
         32:95:17:73:0b:3a:dd:14:90:b9:05:66:84:98:0b:c9:c6:78:
         24:f1:e1:1d:3a:38:51:ee:fd:79:bb:0f:cc:ae:42:0d:71:44:
         00:65:20:89:0d:16:fc:04:5b:f0:86:f1:5e:4a:71:8d:80:f5:
         d8:fd:fd:95:cd:10:97:1f:2f:03:16:b1:16:7d:a4:bc:6f:65:
         c6:f8:b3:09:82:e5:d9:c4:80:32:5e:b6:c7:bd:c5:39:cb:14:
         12:a7:d7:66:a8:58:5a:50:6f:3d:1a:95:e3:d4:7d:ee:e1:25:
         a5:c7:fa:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma2Hw7EzuORT3J/we3NK5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjUwMTAyMDk0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjUwNzdlMDliY2VmODY3MmU5ZGI1NTM5YmM4ZjhiMDE0MzBlOGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfUvdYu8EV7YHfBz9jZfq6BqQ0PL
2qZh4ByQ/+oOm24qHeKrl2jTtGfN00bSLWVZbRZRcfsK49LzvL6IIge7ZVQLRBUc
m6VcoOeAuO3X18Dm1K5MijvB4JGWGLcTJMbeV0Ih4t+bAoNAyoMDMNHZzN/ZHBUC
DA1T3LOXtxV2KiwbG9MuCpYUt5E1SpdK1g0kju1P+2DzGPXkkIoSfZwyZltYgXaU
aWoo6x62QroKnSuT0tz9+9Rd1wh1Ox4PNaFelDdoGhEdZGi+qLq/38f+SbuCid9d
eE6DXaofSYfI4jBu7Q2D9Y0d3Gi/L20txDXqCYFbzNPPp3GtmocDzSzooQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9Qd+CbzvhnLp21U5vI+LAUMOjAMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvYjFCMzRKdk8tR2N1bmJWVG04ajRzQlF3Nk1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUo9MA0G
CSqGSIb3DQEBCwUAA4IBAQB1rH2WFtQMnrmenYMu9iteajvsTlweWvpLKkdxAwBV
ZSIHScCx3Z7aCxxgcDNGejbf+56IpzcaVlULw7gZ43eFusRhMriVJgtR8L44VmhG
90tFjsAWLqEmevdVF9lDrvmUwLHRHBE8rsWnSwFZ4YV4V6qxg7//PbkcwdufRMM1
njw+9YL4bRLBe9BHL4Jd/EoylRdzCzrdFJC5BWaEmAvJxngk8eEdOjhR7v15uw/M
rkINcUQAZSCJDRb8BFvwhvFeSnGNgPXY/f2VzRCXHy8DFrEWfaS8b2XG+LMJguXZ
xIAyXrbHvcU5yxQSp9dmqFhaUG89GpXj1H3u4SWlx/oi
-----END CERTIFICATE-----