Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/JE63iOY_pn4KGRwRQJXw5cNaawc.roa
File:                     JE63iOY_pn4KGRwRQJXw5cNaawc.roa (raw, json)
Hash identifier:          MxiRl7UzaZKi+99heK7lH0mlebxDgUgaLV/Sp6mBG4k=
Subject key identifier:   24:4E:B7:88:E6:3F:A6:7E:0A:19:1C:11:40:95:F0:E5:C3:5A:6B:07
Certificate issuer:       /CN=123ba3802f9c9bf6756daabd324e5326ede419aa
Certificate serial:       019425FC344E95F3A27940042CECFC217F4C
Authority key identifier: 12:3B:A3:80:2F:9C:9B:F6:75:6D:AA:BD:32:4E:53:26:ED:E4:19:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EjujgC-cm_Z1baq9Mk5TJu3kGao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/JE63iOY_pn4KGRwRQJXw5cNaawc.roa
Signing time:             Thu 02 Jan 2025 07:47:52 +0000
ROA not before:           Thu 02 Jan 2025 07:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60584
IP address blocks:        193.200.243.0/24 maxlen: 24
                          2a06:18c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/EjujgC-cm_Z1baq9Mk5TJu3kGao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/EjujgC-cm_Z1baq9Mk5TJu3kGao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EjujgC-cm_Z1baq9Mk5TJu3kGao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:34:4e:95:f3:a2:79:40:04:2c:ec:fc:21:7f:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=123ba3802f9c9bf6756daabd324e5326ede419aa
        Validity
            Not Before: Jan  2 07:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=244eb788e63fa67e0a191c114095f0e5c35a6b07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9f:2a:03:85:d5:cd:92:9d:af:39:18:0f:d7:
                    11:45:b1:4c:68:a4:21:d4:a3:b8:a5:ef:ad:2f:52:
                    60:57:ad:77:27:80:06:65:b3:c6:6b:50:19:6f:99:
                    bc:3e:8d:87:55:1d:63:b6:b1:db:4a:0c:5a:8b:74:
                    56:5f:23:55:c7:ac:00:09:15:c6:08:01:a8:00:dd:
                    ad:74:ce:dd:9a:19:f5:bf:58:c1:4f:42:f4:54:a1:
                    eb:f5:08:a2:06:3d:f8:11:86:a1:82:69:ee:c9:3e:
                    28:51:b1:c9:96:22:b5:99:a6:51:7d:2a:70:20:0d:
                    89:51:ad:dd:5e:24:d7:05:72:f6:fb:a0:75:eb:d4:
                    21:3f:02:71:12:3b:06:c6:74:46:1e:30:f9:be:b8:
                    9c:86:eb:85:57:8c:c7:55:a1:d9:11:4d:a1:f6:70:
                    73:12:01:a8:63:eb:43:c7:33:11:83:6d:c7:7e:2a:
                    d1:e9:cb:72:86:53:d7:a7:ab:6b:7e:9c:05:fc:59:
                    83:ea:c4:1c:13:99:3b:66:ff:7c:16:ad:9e:4c:9c:
                    0d:15:8d:89:bc:70:90:b2:6e:fc:b8:c7:20:20:1a:
                    3e:37:42:dc:2e:2f:9f:28:cc:54:9a:25:2f:a2:4e:
                    62:b0:7c:c6:f8:23:d2:bc:f4:1a:15:a1:fc:36:79:
                    6e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:4E:B7:88:E6:3F:A6:7E:0A:19:1C:11:40:95:F0:E5:C3:5A:6B:07
            X509v3 Authority Key Identifier:
                keyid:12:3B:A3:80:2F:9C:9B:F6:75:6D:AA:BD:32:4E:53:26:ED:E4:19:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EjujgC-cm_Z1baq9Mk5TJu3kGao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/JE63iOY_pn4KGRwRQJXw5cNaawc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/61f7c3-4134-4c02-b7dd-e4d024cdae0c/1/EjujgC-cm_Z1baq9Mk5TJu3kGao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.243.0/24
                IPv6:
                  2a06:18c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:c9:59:14:b2:46:4c:a3:73:ce:20:ea:43:6d:95:cd:4f:95:
         76:54:ac:d6:9f:40:c7:53:51:d3:7f:f0:4f:60:38:bb:b6:b5:
         e3:07:b6:c9:2e:21:51:3f:be:4b:ef:f1:69:d9:23:3e:64:a5:
         91:3a:25:ba:8f:17:d5:f3:ba:42:0e:f2:30:d0:4a:f0:97:db:
         c9:c2:90:81:f9:82:e2:b7:39:bb:db:be:76:1e:05:4e:c3:65:
         ca:97:4a:92:e4:ef:4b:00:96:74:df:a9:e0:8f:1c:b0:9d:f5:
         44:6e:d4:6f:d8:b2:41:b9:f8:e9:be:e5:7a:ee:82:87:1b:c8:
         d2:01:08:44:fb:cc:81:eb:3b:e6:18:0d:3e:fe:f1:85:5c:56:
         82:d7:5e:6a:2a:f4:6c:fa:9f:b8:a6:96:4e:ac:e7:fe:3f:ed:
         e9:34:22:4b:46:c8:ed:a6:de:7c:36:27:98:31:c3:1a:12:32:
         40:3b:cf:31:01:63:82:2f:63:8d:4c:e4:e0:b6:35:33:8b:60:
         0c:37:1d:3a:ab:79:2b:d9:61:ea:4f:95:40:73:ad:91:4d:1d:
         f3:87:62:db:7a:d0:29:90:be:22:df:42:b0:20:c1:bb:da:c2:
         58:1a:65:cb:60:9f:01:d6:65:e3:db:d8:6d:56:83:aa:35:6d:
         75:91:00:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/DROlfOieUAELOz8IX9MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyM2JhMzgwMmY5YzliZjY3NTZkYWFiZDMyNGU1MzI2ZWRl
NDE5YWEwHhcNMjUwMTAyMDc0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDRlYjc4OGU2M2ZhNjdlMGExOTFjMTE0MDk1ZjBlNWMzNWE2YjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJ8qA4XVzZKdrzkYD9cRRbFMaKQh
1KO4pe+tL1JgV613J4AGZbPGa1AZb5m8Po2HVR1jtrHbSgxai3RWXyNVx6wACRXG
CAGoAN2tdM7dmhn1v1jBT0L0VKHr9QiiBj34EYahgmnuyT4oUbHJliK1maZRfSpw
IA2JUa3dXiTXBXL2+6B169QhPwJxEjsGxnRGHjD5vrichuuFV4zHVaHZEU2h9nBz
EgGoY+tDxzMRg23HfirR6ctyhlPXp6trfpwF/FmD6sQcE5k7Zv98Fq2eTJwNFY2J
vHCQsm78uMcgIBo+N0LcLi+fKMxUmiUvok5isHzG+CPSvPQaFaH8NnluFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCROt4jmP6Z+ChkcEUCV8OXDWmsHMB8GA1UdIwQY
MBaAFBI7o4AvnJv2dW2qvTJOUybt5BmqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWp1amdDLWNtX1oxYmFxOU1rNVRKdTNrR2FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi82MWY3YzMtNDEzNC00YzAyLWI3ZGQt
ZTRkMDI0Y2RhZTBjLzEvSkU2M2lPWV9wbjRLR1J3UlFKWHc1Y05hYXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi82MWY3YzMtNDEzNC00YzAyLWI3ZGQtZTRkMDI0Y2RhZTBj
LzEvRWp1amdDLWNtX1oxYmFxOU1rNVRKdTNrR2FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwcjzMA0E
AgACMAcDBQMqBhjAMA0GCSqGSIb3DQEBCwUAA4IBAQATyVkUskZMo3POIOpDbZXN
T5V2VKzWn0DHU1HTf/BPYDi7trXjB7bJLiFRP75L7/Fp2SM+ZKWROiW6jxfV87pC
DvIw0Erwl9vJwpCB+YLitzm72752HgVOw2XKl0qS5O9LAJZ036ngjxywnfVEbtRv
2LJBufjpvuV67oKHG8jSAQhE+8yB6zvmGA0+/vGFXFaC115qKvRs+p+4ppZOrOf+
P+3pNCJLRsjtpt58NieYMcMaEjJAO88xAWOCL2ONTOTgtjUzi2AMNx06q3kr2WHq
T5VAc62RTR3zh2LbetApkL4i30KwIMG72sJYGmXLYJ8B1mXj29htVoOqNW11kQDf
-----END CERTIFICATE-----