Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/60GYLWZuelZJPcs-Od7RQGAXj3g.roa
File:                     60GYLWZuelZJPcs-Od7RQGAXj3g.roa (raw, json)
Hash identifier:          2q8gncUUX9jhYk28efDWHIDbDdTxjp4jU70rmf0dQuY=
Subject key identifier:   EB:41:98:2D:66:6E:7A:56:49:3D:CB:3E:39:DE:D1:40:60:17:8F:78
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       0197DFDFE801BA908574D07F9B58CA3E4BDB
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/60GYLWZuelZJPcs-Od7RQGAXj3g.roa
Signing time:             Sun 06 Jul 2025 13:14:42 +0000
ROA not before:           Sun 06 Jul 2025 13:14:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202685
IP address blocks:        176.46.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 20:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:df:df:e8:01:ba:90:85:74:d0:7f:9b:58:ca:3e:4b:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Jul  6 13:14:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb41982d666e7a56493dcb3e39ded14060178f78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:92:1a:66:02:f0:c9:e4:7e:d6:e8:04:ad:5c:
                    c9:5f:72:22:6e:14:ca:7d:66:0e:14:d5:9b:e5:51:
                    11:0d:62:15:8d:69:7d:f9:34:ff:6c:dd:1a:fc:19:
                    6d:1d:2c:d7:80:1a:2a:86:02:b6:8e:fe:5b:f0:99:
                    32:81:05:f9:8a:9a:ed:40:7e:26:7a:92:f2:9f:d9:
                    c6:53:9e:2f:51:18:15:1b:1c:ed:26:29:40:5c:ef:
                    02:88:06:11:bc:09:92:2b:a9:c9:a5:7f:bb:a3:b8:
                    f7:d5:58:d0:c7:e4:67:64:c8:d2:09:43:5d:f4:30:
                    03:3b:7c:bd:9a:b0:aa:78:20:86:c8:91:6d:73:75:
                    a9:28:30:07:db:d0:19:39:9a:97:ba:1a:de:02:ad:
                    ec:04:49:19:91:72:89:ff:ef:fd:c9:4f:8e:cf:e4:
                    31:5b:97:30:af:98:5e:f3:38:83:6e:83:19:42:b3:
                    56:69:05:36:23:02:cf:6e:f5:81:11:4a:a0:72:c2:
                    5d:a7:56:5f:b6:18:6f:96:c0:01:5a:19:6f:de:50:
                    d2:3c:90:e6:9c:91:28:21:41:3b:fa:94:23:74:4a:
                    cc:0b:04:f2:b2:c9:7b:44:38:04:69:dd:75:25:30:
                    6a:40:f0:5b:45:3f:91:1c:d8:5e:94:b4:3f:b7:85:
                    ee:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:41:98:2D:66:6E:7A:56:49:3D:CB:3E:39:DE:D1:40:60:17:8F:78
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/60GYLWZuelZJPcs-Od7RQGAXj3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.46.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:3e:07:a9:12:d7:5b:6d:81:9f:b8:36:10:b3:c0:99:3a:0c:
         50:db:e9:cb:21:18:1f:ee:6e:a3:3b:11:7f:f7:1e:b9:32:6f:
         ff:6f:82:e6:7a:06:f2:21:b8:5f:c7:06:2b:58:85:71:0e:aa:
         00:2f:0b:53:2f:03:db:7e:fd:81:66:d3:62:86:77:ca:54:e6:
         ad:c8:de:2d:04:06:a5:8f:26:8a:b2:5e:d5:56:e5:df:7b:fa:
         1c:68:13:a2:c9:bc:44:01:ca:60:8c:c5:44:d6:dd:aa:d5:7f:
         f7:83:32:59:b5:8b:86:a1:91:1c:56:9d:f1:db:79:0e:1d:72:
         7c:f7:03:c8:80:d4:31:87:0e:f1:c1:b6:2d:0b:08:1f:0f:c7:
         98:06:25:88:63:4c:8e:e1:76:08:2c:33:47:2e:c3:37:12:c0:
         98:ee:65:73:b2:d8:af:d1:1e:3e:59:28:97:29:af:ff:9e:9b:
         df:a6:f5:42:29:33:d7:81:76:ee:0c:13:95:4f:82:e8:c9:a1:
         df:50:c7:d6:e4:fc:f9:b5:ea:95:0d:77:77:b2:05:9b:21:d0:
         6d:3b:4b:11:2a:2f:d1:f7:2c:6a:3f:cd:f3:b1:dd:7e:de:2c:
         56:b4:a4:e8:dc:72:8c:05:91:6d:4b:e4:89:cf:38:2c:0d:d9:
         46:ef:a6:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZff3+gBupCFdNB/m1jKPkvbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUwNzA2MTMxNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjQxOTgyZDY2NmU3YTU2NDkzZGNiM2UzOWRlZDE0MDYwMTc4Zjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJIaZgLwyeR+1ugErVzJX3IibhTK
fWYOFNWb5VERDWIVjWl9+TT/bN0a/BltHSzXgBoqhgK2jv5b8JkygQX5iprtQH4m
epLyn9nGU54vURgVGxztJilAXO8CiAYRvAmSK6nJpX+7o7j31VjQx+RnZMjSCUNd
9DADO3y9mrCqeCCGyJFtc3WpKDAH29AZOZqXuhreAq3sBEkZkXKJ/+/9yU+Oz+Qx
W5cwr5he8ziDboMZQrNWaQU2IwLPbvWBEUqgcsJdp1ZfthhvlsABWhlv3lDSPJDm
nJEoIUE7+pQjdErMCwTyssl7RDgEad11JTBqQPBbRT+RHNhelLQ/t4Xu5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtBmC1mbnpWST3LPjne0UBgF494MB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvNjBHWUxXWnVlbFpKUGNzLU9kN1JRR0FYajNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsC6eMA0G
CSqGSIb3DQEBCwUAA4IBAQA3PgepEtdbbYGfuDYQs8CZOgxQ2+nLIRgf7m6jOxF/
9x65Mm//b4LmegbyIbhfxwYrWIVxDqoALwtTLwPbfv2BZtNihnfKVOatyN4tBAal
jyaKsl7VVuXfe/ocaBOiybxEAcpgjMVE1t2q1X/3gzJZtYuGoZEcVp3x23kOHXJ8
9wPIgNQxhw7xwbYtCwgfD8eYBiWIY0yO4XYILDNHLsM3EsCY7mVzstiv0R4+WSiX
Ka//npvfpvVCKTPXgXbuDBOVT4LoyaHfUMfW5Pz5teqVDXd3sgWbIdBtO0sRKi/R
9yxqP83zsd1+3ixWtKTo3HKMBZFtS+SJzzgsDdlG76Yn
-----END CERTIFICATE-----