Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/1-Ls4q-ChZ0ZaOTjP1nQ6tqwVR7w.roa
File:                     1-Ls4q-ChZ0ZaOTjP1nQ6tqwVR7w.roa (raw, json)
Hash identifier:          YXXZf8p+XXstJczN+ymTH8ANFDcZF/VCsvvC/wyu2tg=
Subject key identifier:   F8:BB:38:AB:E0:A1:67:46:5A:39:38:CF:D6:74:3A:B6:AC:15:47:BC
Certificate issuer:       /CN=3b8fe2465843031b778bb8d8b7bd35a094fccf48
Certificate serial:       0194A7276DBBC5E930E295455319EFA71225
Authority key identifier: 3B:8F:E2:46:58:43:03:1B:77:8B:B8:D8:B7:BD:35:A0:94:FC:CF:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O4_iRlhDAxt3i7jYt701oJT8z0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/1-Ls4q-ChZ0ZaOTjP1nQ6tqwVR7w.roa
Signing time:             Mon 27 Jan 2025 09:46:06 +0000
ROA not before:           Mon 27 Jan 2025 09:46:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.117.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/O4_iRlhDAxt3i7jYt701oJT8z0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/O4_iRlhDAxt3i7jYt701oJT8z0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O4_iRlhDAxt3i7jYt701oJT8z0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a7:27:6d:bb:c5:e9:30:e2:95:45:53:19:ef:a7:12:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b8fe2465843031b778bb8d8b7bd35a094fccf48
        Validity
            Not Before: Jan 27 09:46:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8bb38abe0a167465a3938cfd6743ab6ac1547bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:22:a8:f2:b5:3b:84:18:55:07:22:44:ad:6c:
                    2f:aa:97:01:1a:44:b6:eb:28:d3:80:cd:e1:b3:58:
                    90:1e:c3:e3:56:87:d0:5b:12:71:b3:31:7f:f8:a9:
                    93:eb:e6:69:33:f6:ca:b4:e3:57:27:47:78:ee:f9:
                    6f:e2:5c:02:53:63:9a:fc:3b:d0:1b:ff:66:8f:e7:
                    e5:35:fc:34:4b:63:67:ea:de:c6:50:0b:a2:82:9a:
                    88:03:3c:21:8f:a4:51:1c:ad:79:04:c8:19:e8:1f:
                    cc:d7:0a:12:93:f2:4c:d9:af:5d:9b:35:c0:d3:54:
                    0e:ad:fc:78:98:87:06:96:70:29:11:3f:24:68:25:
                    26:58:e6:65:3b:5c:d5:fc:74:d3:06:67:12:d6:04:
                    3e:d7:2c:a9:f6:b7:21:23:d5:76:50:1e:68:f9:b6:
                    90:99:ff:4c:b6:f4:ad:9e:7a:a7:7e:e8:f9:0a:a3:
                    0b:d1:66:94:a6:ce:1a:78:10:b4:1b:22:b3:58:69:
                    01:1b:9e:93:ba:5d:5b:6c:b5:cf:ed:04:8b:ff:ec:
                    1f:cf:b2:99:b8:ad:e5:03:84:bc:26:5d:d9:dc:fb:
                    79:4a:7e:5c:52:c2:60:d8:26:fe:90:fe:a4:a6:d0:
                    82:86:38:26:8d:8e:bb:f0:6f:f6:5c:32:b5:6e:c4:
                    41:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:BB:38:AB:E0:A1:67:46:5A:39:38:CF:D6:74:3A:B6:AC:15:47:BC
            X509v3 Authority Key Identifier:
                keyid:3B:8F:E2:46:58:43:03:1B:77:8B:B8:D8:B7:BD:35:A0:94:FC:CF:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O4_iRlhDAxt3i7jYt701oJT8z0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/1-Ls4q-ChZ0ZaOTjP1nQ6tqwVR7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ef20cf-4c39-4707-857c-7c35006e07a1/1/O4_iRlhDAxt3i7jYt701oJT8z0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:50:6d:8c:1f:86:52:e3:c0:da:57:67:5a:f2:94:ff:89:6b:
         34:51:e3:d4:d8:8f:7f:d7:07:5e:56:92:ac:96:4e:44:f5:dc:
         51:60:48:24:70:c9:1f:e2:13:08:48:cd:a6:58:07:0f:77:5b:
         51:ba:69:2b:b2:eb:36:ce:c8:ac:71:73:84:05:95:ce:03:82:
         58:86:8a:bf:1e:8a:e1:ce:99:c2:da:a6:9f:ef:76:33:3d:2e:
         19:6d:99:f0:bb:f5:4d:02:c1:44:9c:3f:b5:e4:46:63:9c:b6:
         b0:c2:83:29:2f:f2:c5:2c:67:99:28:09:f2:1c:fb:5b:ac:d3:
         0e:79:3d:0f:69:2a:4c:4b:b4:08:8b:65:46:49:a2:3a:91:71:
         5a:53:38:41:2c:4b:d5:18:14:75:f3:4d:a2:d2:f6:29:2f:fc:
         9c:e7:1a:c6:a6:6a:f9:a3:99:90:c3:48:88:ba:89:ed:20:36:
         a6:d7:cc:b0:c3:b3:c0:61:a0:a7:5c:61:58:31:e8:da:f8:89:
         87:6d:92:38:41:d9:4c:c1:11:24:ad:b5:e3:d5:db:36:61:f5:
         7f:f8:a0:5e:51:ab:d4:50:fe:1a:31:f3:b1:25:a0:59:6b:c9:
         c2:98:06:50:5b:70:58:fb:fd:a2:33:2b:e5:8d:68:92:96:c5:
         06:19:01:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZSnJ227xekw4pVFUxnvpxIlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOGZlMjQ2NTg0MzAzMWI3NzhiYjhkOGI3YmQzNWEwOTRm
Y2NmNDgwHhcNMjUwMTI3MDk0NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGJiMzhhYmUwYTE2NzQ2NWEzOTM4Y2ZkNjc0M2FiNmFjMTU0N2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCKo8rU7hBhVByJErWwvqpcBGkS2
6yjTgM3hs1iQHsPjVofQWxJxszF/+KmT6+ZpM/bKtONXJ0d47vlv4lwCU2Oa/DvQ
G/9mj+flNfw0S2Nn6t7GUAuigpqIAzwhj6RRHK15BMgZ6B/M1woSk/JM2a9dmzXA
01QOrfx4mIcGlnApET8kaCUmWOZlO1zV/HTTBmcS1gQ+1yyp9rchI9V2UB5o+baQ
mf9MtvStnnqnfuj5CqML0WaUps4aeBC0GyKzWGkBG56Tul1bbLXP7QSL/+wfz7KZ
uK3lA4S8Jl3Z3Pt5Sn5cUsJg2Cb+kP6kptCChjgmjY678G/2XDK1bsRBmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPi7OKvgoWdGWjk4z9Z0OrasFUe8MB8GA1UdIwQY
MBaAFDuP4kZYQwMbd4u42Le9NaCU/M9IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzRfaVJsaERBeHQzaTdqWXQ3MDFvSlQ4ejBnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9lZjIwY2YtNGMzOS00NzA3LTg1N2Mt
N2MzNTAwNmUwN2ExLzEvMS1MczRxLUNoWjBaYU9UalAxblE2dHF3VlI3dy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmEvZWYyMGNmLTRjMzktNDcwNy04NTdjLTdjMzUwMDZlMDdh
MS8xL080X2lSbGhEQXh0M2k3all0NzAxb0pUOHowZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALl1PTAN
BgkqhkiG9w0BAQsFAAOCAQEAoVBtjB+GUuPA2ldnWvKU/4lrNFHj1NiPf9cHXlaS
rJZORPXcUWBIJHDJH+ITCEjNplgHD3dbUbppK7LrNs7IrHFzhAWVzgOCWIaKvx6K
4c6Zwtqmn+92Mz0uGW2Z8Lv1TQLBRJw/teRGY5y2sMKDKS/yxSxnmSgJ8hz7W6zT
Dnk9D2kqTEu0CItlRkmiOpFxWlM4QSxL1RgUdfNNotL2KS/8nOcaxqZq+aOZkMNI
iLqJ7SA2ptfMsMOzwGGgp1xhWDHo2viJh22SOEHZTMERJK2149XbNmH1f/igXlGr
1FD+GjHzsSWgWWvJwpgGUFtwWPv9ojMr5Y1okpbFBhkBQQ==
-----END CERTIFICATE-----