Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/YMc1oI5y1WCgEcO4WfzPG3clYQ0.roa
File:                     YMc1oI5y1WCgEcO4WfzPG3clYQ0.roa (raw, json)
Hash identifier:          ntGAbNMm1pBujcG1GZQ+ArpMLVgNzhVsyi7j//cukTw=
Subject key identifier:   60:C7:35:A0:8E:72:D5:60:A0:11:C3:B8:59:FC:CF:1B:77:25:61:0D
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC72751FB000183FED7A34EE6EBAD2EAD
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/YMc1oI5y1WCgEcO4WfzPG3clYQ0.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60707
IP address blocks:        213.238.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:51:fb:00:01:83:fe:d7:a3:4e:e6:eb:ad:2e:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60c735a08e72d560a011c3b859fccf1b7725610d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:6b:e2:17:4a:28:f6:f1:5e:82:f3:b2:4f:88:
                    ad:f0:1b:a9:7e:13:b2:8e:62:8e:2d:d9:48:6a:81:
                    55:8c:76:9b:2d:e8:fa:f6:5d:76:49:08:28:06:84:
                    3f:27:bf:32:e3:2b:7d:3d:eb:5a:08:21:ae:df:a1:
                    27:4e:80:6b:36:53:52:ab:a2:ce:44:4b:f3:fd:76:
                    48:f4:24:47:b5:7d:9f:18:73:ca:81:61:ed:07:ca:
                    2d:34:e4:e6:f8:6d:01:ab:82:1c:16:78:28:81:c3:
                    88:99:30:6f:00:97:45:f2:60:df:57:27:27:6c:4e:
                    d1:fe:a2:77:ef:15:f0:e2:04:38:f3:ec:d4:3c:15:
                    ea:7f:11:e8:bb:fd:4a:6b:ea:a5:0c:a8:2f:58:1f:
                    46:0b:b3:e7:4b:7f:8b:de:c7:73:ba:cc:5b:ee:03:
                    51:ad:dd:ff:d5:87:58:f0:ce:d5:a0:95:bd:72:af:
                    20:49:f2:67:12:20:6f:32:e6:5f:24:37:5c:18:97:
                    01:96:9b:81:eb:a1:56:5f:da:42:21:0a:90:4f:19:
                    0a:92:7d:92:d6:a5:23:92:7e:59:26:2d:60:81:83:
                    3d:7a:44:45:36:e5:3a:3d:21:b8:b7:aa:24:c8:f2:
                    74:9d:71:a7:02:60:04:d3:0c:c6:4a:ae:93:33:0b:
                    ea:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:C7:35:A0:8E:72:D5:60:A0:11:C3:B8:59:FC:CF:1B:77:25:61:0D
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/YMc1oI5y1WCgEcO4WfzPG3clYQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:04:12:05:e3:29:22:9c:6f:4b:1a:2f:9e:06:c5:af:41:8c:
         f3:88:54:18:2e:b4:16:68:bd:0d:06:bf:9e:ce:79:f6:b9:d2:
         ce:43:3b:d1:0a:f2:13:15:8d:5c:b1:3f:36:88:1e:ec:f6:68:
         4a:9c:c0:62:cb:09:0c:85:52:d2:69:1e:62:4b:90:d2:5d:1b:
         58:65:db:71:06:ec:52:b3:15:9e:d8:2e:05:32:f8:c8:f9:d9:
         ce:c7:da:2e:29:a4:cb:7e:e8:46:2e:ff:83:0d:45:04:a1:80:
         8c:23:d7:ea:6f:4d:21:4b:ee:a7:f6:b6:d4:b9:53:42:ac:7e:
         a6:a0:6b:d2:37:4f:8b:65:25:7a:ae:54:d1:85:3a:0e:eb:ad:
         9f:ad:f2:d4:b9:74:e5:ea:56:c0:a1:5d:ff:d6:92:58:54:d2:
         85:10:5e:62:63:53:d9:d6:09:25:c0:66:f3:26:cc:76:60:7f:
         c7:86:87:ec:08:1a:6e:bc:78:dd:fe:d4:7d:41:d9:92:0b:89:
         7a:8e:cc:bd:54:f4:8e:06:f6:e2:7e:7e:c8:9f:04:d4:03:91:
         53:ce:ea:13:01:6d:96:01:4b:99:83:05:2a:59:d0:c2:5e:a8:
         76:95:71:80:e1:56:da:5e:97:75:5f:b0:75:3f:8e:7e:e0:03:
         a3:74:b2:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1H7AAGD/tejTubrrS6tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGM3MzVhMDhlNzJkNTYwYTAxMWMzYjg1OWZjY2YxYjc3MjU2MTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4GviF0oo9vFegvOyT4it8BupfhOy
jmKOLdlIaoFVjHabLej69l12SQgoBoQ/J78y4yt9PetaCCGu36EnToBrNlNSq6LO
REvz/XZI9CRHtX2fGHPKgWHtB8otNOTm+G0Bq4IcFngogcOImTBvAJdF8mDfVycn
bE7R/qJ37xXw4gQ48+zUPBXqfxHou/1Ka+qlDKgvWB9GC7PnS3+L3sdzusxb7gNR
rd3/1YdY8M7VoJW9cq8gSfJnEiBvMuZfJDdcGJcBlpuB66FWX9pCIQqQTxkKkn2S
1qUjkn5ZJi1ggYM9ekRFNuU6PSG4t6okyPJ0nXGnAmAE0wzGSq6TMwvqvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDHNaCOctVgoBHDuFn8zxt3JWENMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvWU1jMW9JNXkxV0NnRWNPNFdmelBHM2NsWVEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6sMA0G
CSqGSIb3DQEBCwUAA4IBAQCmBBIF4ykinG9LGi+eBsWvQYzziFQYLrQWaL0NBr+e
znn2udLOQzvRCvITFY1csT82iB7s9mhKnMBiywkMhVLSaR5iS5DSXRtYZdtxBuxS
sxWe2C4FMvjI+dnOx9ouKaTLfuhGLv+DDUUEoYCMI9fqb00hS+6n9rbUuVNCrH6m
oGvSN0+LZSV6rlTRhToO662frfLUuXTl6lbAoV3/1pJYVNKFEF5iY1PZ1gklwGbz
Jsx2YH/HhofsCBpuvHjd/tR9QdmSC4l6jsy9VPSOBvbifn7InwTUA5FTzuoTAW2W
AUuZgwUqWdDCXqh2lXGA4VbaXpd1X7B1P45+4AOjdLIe
-----END CERTIFICATE-----