Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/a9a6ba-d748-40c7-8503-19ba84d84af0/1/abPR2jmYCGCdM2g_MuKwKH53ACQ.roa
File:                     abPR2jmYCGCdM2g_MuKwKH53ACQ.roa (raw, json)
Hash identifier:          5zk3AFPYv3C1J5Na4d0KqgTcctvCOKWFtY3MD7GkRIM=
Subject key identifier:   69:B3:D1:DA:39:98:08:60:9D:33:68:3F:32:E2:B0:28:7E:77:00:24
Certificate issuer:       /CN=1eab4e00c0d92cb501bbb223acf039e27091db4e
Certificate serial:       018CC2DB54B5ED49F49BDF293EC160C33380
Authority key identifier: 1E:AB:4E:00:C0:D9:2C:B5:01:BB:B2:23:AC:F0:39:E2:70:91:DB:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HqtOAMDZLLUBu7IjrPA54nCR204.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/a9a6ba-d748-40c7-8503-19ba84d84af0/1/abPR2jmYCGCdM2g_MuKwKH53ACQ.roa
Signing time:             Mon 01 Jan 2024 02:30:03 +0000
ROA not before:           Mon 01 Jan 2024 02:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.61.0/24 maxlen: 32
                          2001:7f8:9d::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/a9a6ba-d748-40c7-8503-19ba84d84af0/1/HqtOAMDZLLUBu7IjrPA54nCR204.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/a9a6ba-d748-40c7-8503-19ba84d84af0/1/HqtOAMDZLLUBu7IjrPA54nCR204.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HqtOAMDZLLUBu7IjrPA54nCR204.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:54:b5:ed:49:f4:9b:df:29:3e:c1:60:c3:33:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1eab4e00c0d92cb501bbb223acf039e27091db4e
        Validity
            Not Before: Jan  1 02:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69b3d1da399808609d33683f32e2b0287e770024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:86:67:fa:3e:88:20:f1:fe:30:ce:82:0b:5f:
                    1a:54:c2:93:cd:d0:a2:4d:d8:3f:83:07:38:28:2c:
                    1f:0f:a8:f5:ee:e2:c2:4c:be:bc:59:0d:fb:43:f6:
                    02:49:76:e6:37:51:44:84:2d:d5:8e:67:8f:27:bd:
                    d4:dd:76:8d:e6:f3:2d:37:01:74:7e:c0:5b:6f:02:
                    0b:74:bc:e1:5a:00:71:32:56:b8:e4:03:be:d5:1a:
                    ea:7a:0d:cb:86:46:dc:3f:91:c5:e0:36:ec:cf:ea:
                    97:a9:0d:a8:47:7a:ba:e2:5e:73:8c:5c:be:90:1b:
                    2e:83:dd:41:bc:29:82:82:52:e5:c9:be:7c:8d:07:
                    c7:47:86:d5:4a:ec:ba:63:5f:86:05:3c:2d:11:f4:
                    e4:47:58:00:95:de:d6:50:88:af:39:58:60:ba:f0:
                    a2:00:52:c3:ba:11:02:42:a6:84:ce:29:ec:05:70:
                    59:7b:e8:77:5b:17:7d:bb:ac:f1:ab:d9:9e:cb:a0:
                    c6:b7:90:32:38:b6:9b:78:09:ca:e1:2d:c0:7d:60:
                    74:a4:c9:e7:9c:b7:17:36:ab:e3:5d:95:ce:40:19:
                    39:9e:de:bb:20:37:4e:86:bc:6e:3c:c3:6e:87:6e:
                    7e:d5:8f:fc:0c:0a:d1:b4:f9:4a:1f:4d:24:d7:6c:
                    6d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:B3:D1:DA:39:98:08:60:9D:33:68:3F:32:E2:B0:28:7E:77:00:24
            X509v3 Authority Key Identifier:
                keyid:1E:AB:4E:00:C0:D9:2C:B5:01:BB:B2:23:AC:F0:39:E2:70:91:DB:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HqtOAMDZLLUBu7IjrPA54nCR204.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a9a6ba-d748-40c7-8503-19ba84d84af0/1/abPR2jmYCGCdM2g_MuKwKH53ACQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a9a6ba-d748-40c7-8503-19ba84d84af0/1/HqtOAMDZLLUBu7IjrPA54nCR204.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.61.0/24
                IPv6:
                  2001:7f8:9d::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:c4:26:a9:99:a7:69:04:c9:f4:af:d0:ea:1b:6f:cb:da:81:
         ca:cb:57:51:c6:45:21:05:f2:14:c1:4c:0b:87:69:8c:55:2e:
         be:43:3d:5d:e0:66:97:4b:a8:d9:26:bd:56:e7:de:62:de:8b:
         85:0b:19:5c:b2:4b:3e:56:bd:31:7b:74:49:7a:0c:25:b8:02:
         fa:1d:a5:78:85:c9:91:a6:e2:7e:f4:00:c4:99:12:ce:41:57:
         48:48:33:ba:8d:09:7a:f6:a5:c2:9b:7a:c0:c7:cd:31:0a:50:
         71:7a:b4:33:8a:5f:38:bf:8e:54:ff:52:31:c3:d7:75:a7:fd:
         7d:1c:fd:d8:75:0c:21:b4:a1:36:a3:82:3d:bb:52:53:56:d6:
         2f:e2:83:ef:91:48:2e:4f:13:52:16:5b:47:38:af:f7:05:cb:
         55:79:63:3e:07:4c:21:a3:0f:6a:de:04:5f:9a:6a:d1:7f:0d:
         3a:d7:4e:2a:6c:75:c8:7b:15:e1:e4:1b:3f:39:e6:3d:46:d3:
         66:fe:d5:6c:94:fd:21:58:1a:e2:d4:f5:1a:e6:6a:96:a1:3c:
         36:26:22:7b:ed:2a:e3:9b:ee:3d:1f:23:2d:7f:4f:7b:97:da:
         a4:fe:f6:20:88:cf:24:09:82:04:e8:1e:f4:fd:68:ef:b7:4d:
         d1:94:0f:75
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC21S17Un0m98pPsFgwzOAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYWI0ZTAwYzBkOTJjYjUwMWJiYjIyM2FjZjAzOWUyNzA5
MWRiNGUwHhcNMjQwMTAxMDIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWIzZDFkYTM5OTgwODYwOWQzMzY4M2YzMmUyYjAyODdlNzcwMDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloZn+j6IIPH+MM6CC18aVMKTzdCi
Tdg/gwc4KCwfD6j17uLCTL68WQ37Q/YCSXbmN1FEhC3VjmePJ73U3XaN5vMtNwF0
fsBbbwILdLzhWgBxMla45AO+1Rrqeg3LhkbcP5HF4Dbsz+qXqQ2oR3q64l5zjFy+
kBsug91BvCmCglLlyb58jQfHR4bVSuy6Y1+GBTwtEfTkR1gAld7WUIivOVhguvCi
AFLDuhECQqaEzinsBXBZe+h3Wxd9u6zxq9mey6DGt5AyOLabeAnK4S3AfWB0pMnn
nLcXNqvjXZXOQBk5nt67IDdOhrxuPMNuh25+1Y/8DArRtPlKH00k12xt4wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGmz0do5mAhgnTNoPzLisCh+dwAkMB8GA1UdIwQY
MBaAFB6rTgDA2Sy1AbuyI6zwOeJwkdtOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHF0T0FNRFpMTFVCdTdJanJQQTU0bkNSMjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9hOWE2YmEtZDc0OC00MGM3LTg1MDMt
MTliYTg0ZDg0YWYwLzEvYWJQUjJqbVlDR0NkTTJnX011S3dLSDUzQUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9hOWE2YmEtZDc0OC00MGM3LTg1MDMtMTliYTg0ZDg0YWYw
LzEvSHF0T0FNRFpMTFVCdTdJanJQQTU0bkNSMjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQE9MA8E
AgACMAkDBwAgAQf4AJ0wDQYJKoZIhvcNAQELBQADggEBAHnEJqmZp2kEyfSv0Oob
b8vagcrLV1HGRSEF8hTBTAuHaYxVLr5DPV3gZpdLqNkmvVbn3mLei4ULGVyySz5W
vTF7dEl6DCW4AvodpXiFyZGm4n70AMSZEs5BV0hIM7qNCXr2pcKbesDHzTEKUHF6
tDOKXzi/jlT/UjHD13Wn/X0c/dh1DCG0oTajgj27UlNW1i/ig++RSC5PE1IWW0c4
r/cFy1V5Yz4HTCGjD2reBF+aatF/DTrXTipsdch7FeHkGz855j1G02b+1WyU/SFY
GuLU9RrmapahPDYmInvtKuOb7j0fIy1/T3uX2qT+9iCIzyQJggToHvT9aO+3TdGU
D3U=
-----END CERTIFICATE-----