Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/e72a9d-9ea5-47db-a67e-6d2e11fe08cd/1/CIXo5fMvtQS8qMVOIupwTDO6haw.roa
File:                     CIXo5fMvtQS8qMVOIupwTDO6haw.roa (raw, json)
Hash identifier:          skwCFrBSqOr/rGffVi9z8c25oNqgUT3XgjbPBq9tpyI=
Subject key identifier:   08:85:E8:E5:F3:2F:B5:04:BC:A8:C5:4E:22:EA:70:4C:33:BA:85:AC
Certificate issuer:       /CN=641c78fc1748bdcc6a6c88c67d283e1d02d9dcc8
Certificate serial:       018CC794D5AE808A154B64CE2CDC894EE94D
Authority key identifier: 64:1C:78:FC:17:48:BD:CC:6A:6C:88:C6:7D:28:3E:1D:02:D9:DC:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBx4_BdIvcxqbIjGfSg-HQLZ3Mg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/e72a9d-9ea5-47db-a67e-6d2e11fe08cd/1/CIXo5fMvtQS8qMVOIupwTDO6haw.roa
Signing time:             Tue 02 Jan 2024 00:31:09 +0000
ROA not before:           Tue 02 Jan 2024 00:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47719
IP address blocks:        185.61.48.0/24 maxlen: 24
                          185.61.51.0/24 maxlen: 24
                          185.61.50.0/24 maxlen: 24
                          185.61.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/e72a9d-9ea5-47db-a67e-6d2e11fe08cd/1/ZBx4_BdIvcxqbIjGfSg-HQLZ3Mg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/e72a9d-9ea5-47db-a67e-6d2e11fe08cd/1/ZBx4_BdIvcxqbIjGfSg-HQLZ3Mg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBx4_BdIvcxqbIjGfSg-HQLZ3Mg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:d5:ae:80:8a:15:4b:64:ce:2c:dc:89:4e:e9:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641c78fc1748bdcc6a6c88c67d283e1d02d9dcc8
        Validity
            Not Before: Jan  2 00:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0885e8e5f32fb504bca8c54e22ea704c33ba85ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c8:95:47:d7:09:9d:a7:bf:43:bc:70:99:7e:
                    f1:59:26:af:43:51:01:76:17:9c:82:a4:a4:e4:75:
                    09:51:f8:f0:49:d0:a0:dd:51:83:60:ec:2d:78:ce:
                    a1:f4:64:98:be:e3:51:69:a4:0e:fe:ce:2c:63:79:
                    c3:e5:c1:81:db:13:8d:d6:56:f4:b7:cd:e0:8e:83:
                    39:91:0e:d7:ea:f9:a3:2f:af:02:75:cc:5c:21:e1:
                    c3:14:ae:5b:e7:5e:f0:d5:99:9e:07:2f:53:f6:47:
                    10:32:b4:27:9e:34:e9:6c:83:43:fb:23:e4:41:53:
                    da:af:06:9d:be:4e:db:7e:37:07:f1:a0:ca:66:63:
                    4c:cb:f8:c2:32:09:72:f3:6e:c9:65:f8:36:89:87:
                    8e:a4:9f:b9:c5:d0:72:9a:ba:5a:75:96:9c:72:c8:
                    bc:95:7e:27:2e:b0:ea:dd:17:4a:ca:89:2b:b4:1f:
                    62:38:58:45:dd:f3:f6:9d:23:ec:6f:9e:a6:9f:93:
                    a5:8a:14:9e:f2:5b:50:e1:e8:46:98:66:67:2a:08:
                    f5:b6:52:7c:7d:41:d6:e0:54:e4:54:f4:20:8c:ea:
                    3f:28:29:cd:9c:e7:80:e3:93:fd:70:b0:7f:92:0b:
                    ba:b7:09:99:19:d6:d2:be:d2:99:e1:e6:4a:27:4e:
                    f4:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:85:E8:E5:F3:2F:B5:04:BC:A8:C5:4E:22:EA:70:4C:33:BA:85:AC
            X509v3 Authority Key Identifier:
                keyid:64:1C:78:FC:17:48:BD:CC:6A:6C:88:C6:7D:28:3E:1D:02:D9:DC:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBx4_BdIvcxqbIjGfSg-HQLZ3Mg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e72a9d-9ea5-47db-a67e-6d2e11fe08cd/1/CIXo5fMvtQS8qMVOIupwTDO6haw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e72a9d-9ea5-47db-a67e-6d2e11fe08cd/1/ZBx4_BdIvcxqbIjGfSg-HQLZ3Mg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.61.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         eb:e8:1c:0b:41:61:2b:e3:24:c6:0d:b8:ba:47:a2:99:94:18:
         1d:f5:11:47:61:04:6c:35:66:38:df:6e:93:6b:eb:0e:67:a4:
         97:0b:16:cd:0d:55:15:12:a4:49:67:4b:54:ee:ec:22:50:83:
         c4:a9:4a:62:c2:45:40:93:5f:b3:e2:c8:f4:fa:e4:2e:05:b7:
         5a:fe:41:62:e7:d1:a4:82:43:c1:6e:fb:6f:9c:10:ab:9e:da:
         23:7b:86:08:c5:b4:5a:99:83:85:8c:39:f6:29:d5:d3:d8:99:
         8a:d1:15:bd:3c:ef:7d:66:e7:20:95:f7:4e:ba:22:24:a4:56:
         a2:a7:85:4e:36:00:ed:dd:09:f2:93:1e:28:27:96:14:1b:49:
         64:52:2b:60:53:2f:0f:ff:40:f2:23:85:a9:11:8c:0a:fb:c8:
         aa:76:4a:25:33:73:af:5a:00:56:d5:41:80:95:f0:88:25:65:
         d4:af:c0:74:30:5a:5e:87:23:39:e2:aa:75:5b:e0:9c:9a:b0:
         e5:98:19:f4:5a:b3:8d:a9:24:12:c1:2c:1b:02:86:97:67:a8:
         61:03:3e:d2:55:f4:ba:7e:50:f2:fe:7d:f7:75:10:b4:8e:95:
         20:73:5a:3c:1d:de:f6:8f:fb:a6:cb:2b:19:1b:38:d3:2d:0d:
         ae:8d:bd:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlNWugIoVS2TOLNyJTulNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MWM3OGZjMTc0OGJkY2M2YTZjODhjNjdkMjgzZTFkMDJk
OWRjYzgwHhcNMjQwMTAyMDAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODg1ZThlNWYzMmZiNTA0YmNhOGM1NGUyMmVhNzA0YzMzYmE4NWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsiVR9cJnae/Q7xwmX7xWSavQ1EB
dhecgqSk5HUJUfjwSdCg3VGDYOwteM6h9GSYvuNRaaQO/s4sY3nD5cGB2xON1lb0
t83gjoM5kQ7X6vmjL68CdcxcIeHDFK5b517w1ZmeBy9T9kcQMrQnnjTpbIND+yPk
QVParwadvk7bfjcH8aDKZmNMy/jCMgly827JZfg2iYeOpJ+5xdBymrpadZaccsi8
lX4nLrDq3RdKyokrtB9iOFhF3fP2nSPsb56mn5OlihSe8ltQ4ehGmGZnKgj1tlJ8
fUHW4FTkVPQgjOo/KCnNnOeA45P9cLB/kgu6twmZGdbSvtKZ4eZKJ070tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiF6OXzL7UEvKjFTiLqcEwzuoWsMB8GA1UdIwQY
MBaAFGQcePwXSL3MamyIxn0oPh0C2dzIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJ4NF9CZEl2Y3hxYklqR2ZTZy1IUUxaM01nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lNzJhOWQtOWVhNS00N2RiLWE2N2Ut
NmQyZTExZmUwOGNkLzEvQ0lYbzVmTXZ0UVM4cU1WT0l1cHdURE82aGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lNzJhOWQtOWVhNS00N2RiLWE2N2UtNmQyZTExZmUwOGNk
LzEvWkJ4NF9CZEl2Y3hxYklqR2ZTZy1IUUxaM01nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuT0wMA0G
CSqGSIb3DQEBCwUAA4IBAQDr6BwLQWEr4yTGDbi6R6KZlBgd9RFHYQRsNWY4326T
a+sOZ6SXCxbNDVUVEqRJZ0tU7uwiUIPEqUpiwkVAk1+z4sj0+uQuBbda/kFi59Gk
gkPBbvtvnBCrntoje4YIxbRamYOFjDn2KdXT2JmK0RW9PO99ZucglfdOuiIkpFai
p4VONgDt3Qnykx4oJ5YUG0lkUitgUy8P/0DyI4WpEYwK+8iqdkolM3OvWgBW1UGA
lfCIJWXUr8B0MFpehyM54qp1W+CcmrDlmBn0WrONqSQSwSwbAoaXZ6hhAz7SVfS6
flDy/n33dRC0jpUgc1o8Hd72j/umyysZGzjTLQ2ujb0R
-----END CERTIFICATE-----