Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/ndcYXik2c-8B-vqJArbqTb-_G3U.roa
File:                     ndcYXik2c-8B-vqJArbqTb-_G3U.roa (raw, json)
Hash identifier:          yy5P560QguXuhVFyLBs0BE4KQ8bMeN1jFaQHeK1c0oU=
Subject key identifier:   9D:D7:18:5E:29:36:73:EF:01:FA:FA:89:02:B6:EA:4D:BF:BF:1B:75
Certificate issuer:       /CN=4a8e17fdaa29187b8e40d630addebd9fd24c0176
Certificate serial:       0194258EE47179564765C0194C8C643EE22F
Authority key identifier: 4A:8E:17:FD:AA:29:18:7B:8E:40:D6:30:AD:DE:BD:9F:D2:4C:01:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/So4X_aopGHuOQNYwrd69n9JMAXY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/ndcYXik2c-8B-vqJArbqTb-_G3U.roa
Signing time:             Thu 02 Jan 2025 05:48:29 +0000
ROA not before:           Thu 02 Jan 2025 05:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60933
IP address blocks:        185.23.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/So4X_aopGHuOQNYwrd69n9JMAXY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/So4X_aopGHuOQNYwrd69n9JMAXY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/So4X_aopGHuOQNYwrd69n9JMAXY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 11:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:e4:71:79:56:47:65:c0:19:4c:8c:64:3e:e2:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a8e17fdaa29187b8e40d630addebd9fd24c0176
        Validity
            Not Before: Jan  2 05:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9dd7185e293673ef01fafa8902b6ea4dbfbf1b75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:0c:8c:cc:83:d3:39:70:d7:32:c7:2f:78:fc:
                    25:68:c1:ee:00:99:49:47:59:d9:75:71:39:e7:11:
                    d0:e9:2b:e5:a4:2d:27:13:b1:87:0d:3c:6a:ad:ed:
                    94:a0:44:32:1a:84:03:2a:52:ba:ef:68:bb:78:e0:
                    df:c0:5e:db:13:29:b2:9c:c7:6c:97:3b:cd:fc:94:
                    42:9d:03:48:e7:b5:b8:06:5f:76:1d:78:81:c1:d2:
                    7f:63:ff:2f:e6:3b:22:41:a0:d5:a9:c5:25:e6:20:
                    11:ac:cb:2f:70:88:c3:27:b0:b5:0e:8e:78:08:97:
                    9c:90:01:10:75:1b:e0:6a:79:4b:7b:83:64:2f:a8:
                    f1:0a:f7:99:00:58:ce:5c:56:cd:d8:50:07:1d:ad:
                    23:8f:a7:68:1b:ab:47:e8:b3:71:62:55:75:10:2d:
                    6d:60:9d:4b:0d:25:14:12:cd:5d:23:93:e7:93:ac:
                    76:13:aa:ef:d9:11:c4:05:4e:74:3c:cb:c8:7f:f8:
                    1c:12:b1:ea:9a:bb:b2:06:0c:54:6e:57:b6:25:20:
                    2d:25:e3:21:cc:07:17:43:c4:05:cc:ca:ab:a4:a4:
                    83:d5:e7:b6:e0:0d:14:e3:6a:e6:79:b7:90:f7:5b:
                    a3:c0:d2:b9:e2:8d:fc:a8:d2:fb:a8:0a:12:f7:2d:
                    45:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:D7:18:5E:29:36:73:EF:01:FA:FA:89:02:B6:EA:4D:BF:BF:1B:75
            X509v3 Authority Key Identifier:
                keyid:4A:8E:17:FD:AA:29:18:7B:8E:40:D6:30:AD:DE:BD:9F:D2:4C:01:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/So4X_aopGHuOQNYwrd69n9JMAXY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/ndcYXik2c-8B-vqJArbqTb-_G3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/c24341-a7cf-4275-ac4f-5c765c5373a3/1/So4X_aopGHuOQNYwrd69n9JMAXY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:62:57:9d:73:bb:38:8f:7f:c6:14:a0:1a:6e:eb:d6:b7:bf:
         52:b8:40:c0:f6:77:ab:73:a4:32:30:1f:37:27:7d:08:b5:14:
         aa:1a:e1:d8:94:31:d2:87:de:fa:f6:5a:9c:58:7b:a0:16:40:
         2b:e8:b9:e7:b1:94:86:55:7c:4c:69:43:63:b5:c5:ba:bc:63:
         93:93:d4:c8:73:fe:a8:3a:48:b1:8a:ac:ea:16:45:f6:58:e8:
         ce:4d:40:ad:1b:5e:87:da:4e:49:f7:f7:16:7d:78:cc:87:66:
         ca:46:5a:ff:dc:5d:fe:42:a3:88:71:ff:0c:59:ab:38:e4:bb:
         b2:a9:0b:b2:2f:98:c4:93:74:ca:ac:a0:8a:64:ae:15:34:b8:
         fa:6c:5c:26:36:eb:d9:82:75:ad:b7:08:cf:b1:13:7a:36:cf:
         5b:27:e4:ff:99:5c:39:21:2e:45:61:9d:90:3a:f7:5f:69:c1:
         2d:6c:ac:70:ba:81:67:fc:11:77:69:18:b9:3d:19:08:2c:a7:
         66:73:b7:0c:68:00:fe:31:c5:0b:12:52:51:9a:c6:8c:cd:ea:
         d9:6b:fc:e5:9d:f7:e9:3c:c4:2e:64:39:49:0b:3a:b8:73:2e:
         65:0a:89:b3:86:69:75:ed:cf:ac:e9:f8:3b:90:4e:f8:89:47:
         03:d4:e6:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljuRxeVZHZcAZTIxkPuIvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhOGUxN2ZkYWEyOTE4N2I4ZTQwZDYzMGFkZGViZDlmZDI0
YzAxNzYwHhcNMjUwMTAyMDU0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGQ3MTg1ZTI5MzY3M2VmMDFmYWZhODkwMmI2ZWE0ZGJmYmYxYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAyMzIPTOXDXMscvePwlaMHuAJlJ
R1nZdXE55xHQ6SvlpC0nE7GHDTxqre2UoEQyGoQDKlK672i7eODfwF7bEymynMds
lzvN/JRCnQNI57W4Bl92HXiBwdJ/Y/8v5jsiQaDVqcUl5iARrMsvcIjDJ7C1Do54
CJeckAEQdRvganlLe4NkL6jxCveZAFjOXFbN2FAHHa0jj6doG6tH6LNxYlV1EC1t
YJ1LDSUUEs1dI5Pnk6x2E6rv2RHEBU50PMvIf/gcErHqmruyBgxUble2JSAtJeMh
zAcXQ8QFzMqrpKSD1ee24A0U42rmebeQ91ujwNK54o38qNL7qAoS9y1FOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3XGF4pNnPvAfr6iQK26k2/vxt1MB8GA1UdIwQY
MBaAFEqOF/2qKRh7jkDWMK3evZ/STAF2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU280WF9hb3BHSHVPUU5Zd3JkNjluOUpNQVhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9jMjQzNDEtYTdjZi00Mjc1LWFjNGYt
NWM3NjVjNTM3M2EzLzEvbmRjWVhpazJjLThCLXZxSkFyYnFUYi1fRzNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9jMjQzNDEtYTdjZi00Mjc1LWFjNGYtNWM3NjVjNTM3M2Ez
LzEvU280WF9hb3BHSHVPUU5Zd3JkNjluOUpNQVhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRc8MA0G
CSqGSIb3DQEBCwUAA4IBAQCRYledc7s4j3/GFKAabuvWt79SuEDA9nerc6QyMB83
J30ItRSqGuHYlDHSh9769lqcWHugFkAr6LnnsZSGVXxMaUNjtcW6vGOTk9TIc/6o
OkixiqzqFkX2WOjOTUCtG16H2k5J9/cWfXjMh2bKRlr/3F3+QqOIcf8MWas45Luy
qQuyL5jEk3TKrKCKZK4VNLj6bFwmNuvZgnWttwjPsRN6Ns9bJ+T/mVw5IS5FYZ2Q
OvdfacEtbKxwuoFn/BF3aRi5PRkILKdmc7cMaAD+McULElJRmsaMzerZa/zlnffp
PMQuZDlJCzq4cy5lComzhml17c+s6fg7kE74iUcD1Obh
-----END CERTIFICATE-----