Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/3rVvEb5TD5sUIiR8g28gQB62SZ4.roa
File:                     3rVvEb5TD5sUIiR8g28gQB62SZ4.roa (raw, json)
Hash identifier:          I97/quPKUPqVv98vrZrzthe6vPPP5kOtjCTGVwTGxJg=
Subject key identifier:   DE:B5:6F:11:BE:53:0F:9B:14:22:24:7C:83:6F:20:40:1E:B6:49:9E
Certificate issuer:       /CN=73b81640e1b64f51d2ba7d78f6777c056d1154bf
Certificate serial:       01941FFA06E2E4FAA7C310B385C6084D04AE
Authority key identifier: 73:B8:16:40:E1:B6:4F:51:D2:BA:7D:78:F6:77:7C:05:6D:11:54:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c7gWQOG2T1HSun149nd8BW0RVL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/3rVvEb5TD5sUIiR8g28gQB62SZ4.roa
Signing time:             Wed 01 Jan 2025 03:47:46 +0000
ROA not before:           Wed 01 Jan 2025 03:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61234
IP address blocks:        84.39.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/c7gWQOG2T1HSun149nd8BW0RVL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/c7gWQOG2T1HSun149nd8BW0RVL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c7gWQOG2T1HSun149nd8BW0RVL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:06:e2:e4:fa:a7:c3:10:b3:85:c6:08:4d:04:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73b81640e1b64f51d2ba7d78f6777c056d1154bf
        Validity
            Not Before: Jan  1 03:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=deb56f11be530f9b1422247c836f20401eb6499e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c6:8f:db:4d:40:f3:47:43:d5:90:d3:9e:36:
                    02:c8:84:4f:31:ab:9f:db:3c:c8:50:07:a3:46:df:
                    82:55:e9:8c:3c:fc:88:00:1a:fb:da:e1:77:7b:24:
                    dd:30:a6:4a:82:13:f4:e8:8e:c5:e1:ce:d7:aa:cb:
                    90:20:0b:b7:01:de:2c:52:ec:92:38:63:6b:14:93:
                    92:22:47:85:8f:56:ea:e1:a2:17:71:cf:f8:a2:a3:
                    86:6d:94:41:4c:cd:15:a5:37:a6:62:a3:27:58:40:
                    32:8d:b3:68:ea:ad:d2:b6:8b:b6:82:7b:5b:76:6a:
                    1a:48:5b:64:12:dc:d9:43:25:ed:5a:2f:c7:6b:94:
                    8e:0e:8a:98:c6:2f:9b:63:3f:a4:c0:31:76:58:2c:
                    f5:31:b6:65:db:28:83:f0:f7:56:06:a0:5a:29:68:
                    1c:f2:60:a0:8d:d8:17:7c:26:c2:a9:cd:91:77:d2:
                    22:b1:9e:54:2c:ff:50:79:61:c7:d9:b7:43:52:d3:
                    73:21:1a:d2:1b:28:26:bd:7b:53:00:3e:29:93:35:
                    80:d3:05:a5:75:34:7b:b1:93:f0:73:ce:c6:96:4a:
                    c9:cf:e6:08:c0:4c:99:51:8b:6b:0b:57:81:a8:1b:
                    14:9b:58:79:29:6c:11:ce:06:d9:d7:8b:6b:fe:a8:
                    bc:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:B5:6F:11:BE:53:0F:9B:14:22:24:7C:83:6F:20:40:1E:B6:49:9E
            X509v3 Authority Key Identifier:
                keyid:73:B8:16:40:E1:B6:4F:51:D2:BA:7D:78:F6:77:7C:05:6D:11:54:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7gWQOG2T1HSun149nd8BW0RVL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/3rVvEb5TD5sUIiR8g28gQB62SZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/abb153-51b3-4849-8985-d30f9168f801/1/c7gWQOG2T1HSun149nd8BW0RVL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.39.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:e4:d9:9a:61:aa:e2:60:7f:3e:13:7c:af:48:28:f7:5d:0c:
         b6:34:d0:b4:f9:bd:5a:3a:c1:a0:28:d2:6b:d7:4d:ef:1d:d6:
         90:e8:61:57:cf:56:8d:ee:d2:11:97:78:fa:2f:a9:34:df:dc:
         10:1a:75:36:3b:32:c5:c6:38:9b:70:a0:e6:e9:d2:9e:dd:a4:
         73:1f:06:fa:20:8a:07:eb:36:28:98:99:63:6d:dd:8f:06:f4:
         e0:76:a1:29:d5:51:fc:f7:d7:77:cf:a2:0f:61:f8:07:64:11:
         3e:16:da:61:1d:6f:e5:1c:09:40:9b:a7:04:2e:75:0a:e0:10:
         ba:5a:2a:22:16:e0:91:68:2b:3c:2c:c5:e1:f2:34:4c:aa:59:
         a3:bb:57:4b:96:7a:18:a9:08:f5:86:49:e4:c5:0b:7d:22:cd:
         cc:82:22:8b:64:a4:c3:54:c4:11:5c:e3:f1:1c:91:11:9e:33:
         c6:4b:d2:36:34:e6:86:51:1d:59:6d:86:cf:cd:f0:2e:26:12:
         27:66:a7:f7:ff:4e:f5:53:24:83:7f:f0:cd:37:f6:ec:ad:31:
         6d:fb:76:4c:fe:f1:9a:73:eb:8e:70:3b:c7:f8:64:fa:12:f3:
         2e:39:26:e9:be:ea:8a:17:af:3a:64:54:71:9f:b9:60:f4:12:
         d4:4f:7a:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+gbi5PqnwxCzhcYITQSuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYjgxNjQwZTFiNjRmNTFkMmJhN2Q3OGY2Nzc3YzA1NmQx
MTU0YmYwHhcNMjUwMTAxMDM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWI1NmYxMWJlNTMwZjliMTQyMjI0N2M4MzZmMjA0MDFlYjY0OTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsaP201A80dD1ZDTnjYCyIRPMauf
2zzIUAejRt+CVemMPPyIABr72uF3eyTdMKZKghP06I7F4c7XqsuQIAu3Ad4sUuyS
OGNrFJOSIkeFj1bq4aIXcc/4oqOGbZRBTM0VpTemYqMnWEAyjbNo6q3Stou2gntb
dmoaSFtkEtzZQyXtWi/Ha5SODoqYxi+bYz+kwDF2WCz1MbZl2yiD8PdWBqBaKWgc
8mCgjdgXfCbCqc2Rd9IisZ5ULP9QeWHH2bdDUtNzIRrSGygmvXtTAD4pkzWA0wWl
dTR7sZPwc87GlkrJz+YIwEyZUYtrC1eBqBsUm1h5KWwRzgbZ14tr/qi8PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN61bxG+Uw+bFCIkfINvIEAetkmeMB8GA1UdIwQY
MBaAFHO4FkDhtk9R0rp9ePZ3fAVtEVS/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzdnV1FPRzJUMUhTdW4xNDluZDhCVzBSVkw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9hYmIxNTMtNTFiMy00ODQ5LTg5ODUt
ZDMwZjkxNjhmODAxLzEvM3JWdkViNVRENXNVSWlSOGcyOGdRQjYyU1o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9hYmIxNTMtNTFiMy00ODQ5LTg5ODUtZDMwZjkxNjhmODAx
LzEvYzdnV1FPRzJUMUhTdW4xNDluZDhCVzBSVkw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCeZMA0G
CSqGSIb3DQEBCwUAA4IBAQCx5NmaYariYH8+E3yvSCj3XQy2NNC0+b1aOsGgKNJr
103vHdaQ6GFXz1aN7tIRl3j6L6k039wQGnU2OzLFxjibcKDm6dKe3aRzHwb6IIoH
6zYomJljbd2PBvTgdqEp1VH899d3z6IPYfgHZBE+FtphHW/lHAlAm6cELnUK4BC6
WioiFuCRaCs8LMXh8jRMqlmju1dLlnoYqQj1hknkxQt9Is3MgiKLZKTDVMQRXOPx
HJERnjPGS9I2NOaGUR1ZbYbPzfAuJhInZqf3/071UySDf/DNN/bsrTFt+3ZM/vGa
c+uOcDvH+GT6EvMuOSbpvuqKF686ZFRxn7lg9BLUT3oW
-----END CERTIFICATE-----