Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/H-wa34U60Z-9d-cK6ju60X-NCSc.roa
File:                     H-wa34U60Z-9d-cK6ju60X-NCSc.roa (raw, json)
Hash identifier:          VjVVi223hpHPYLNKOqq7AHauSqv069AyDsddeGeYv+Q=
Subject key identifier:   1F:EC:1A:DF:85:3A:D1:9F:BD:77:E7:0A:EA:3B:BA:D1:7F:8D:09:27
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       01929FCEB5A22388D614392C2F1D82D59E78
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/H-wa34U60Z-9d-cK6ju60X-NCSc.roa
Signing time:             Fri 18 Oct 2024 13:26:17 +0000
ROA not before:           Fri 18 Oct 2024 13:26:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62387
IP address blocks:        79.132.176.0/20 maxlen: 20
                          88.223.208.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9f:ce:b5:a2:23:88:d6:14:39:2c:2f:1d:82:d5:9e:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Oct 18 13:26:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fec1adf853ad19fbd77e70aea3bbad17f8d0927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:db:49:c6:46:a2:5c:ae:50:2c:38:da:73:60:
                    d1:06:57:77:bd:5a:03:2a:eb:ec:bb:ff:45:1d:04:
                    7c:0b:e3:51:7a:95:ef:be:c3:2e:86:27:1b:97:db:
                    e8:b5:29:5c:ba:a5:43:7d:08:e0:9f:3e:2c:ff:4c:
                    66:fe:99:86:80:e7:36:2e:79:b9:3c:fa:b4:58:29:
                    c3:d1:47:5f:85:1b:ee:a8:79:21:15:50:4d:16:bb:
                    e8:57:91:de:b9:5c:ff:72:2e:91:f5:97:1c:f9:85:
                    d5:38:ca:fb:56:59:b9:36:2a:b7:a3:a6:67:2c:df:
                    b8:15:67:24:90:0d:b3:0a:57:ab:b0:06:7f:c0:bb:
                    99:56:b5:b4:03:84:a8:bc:22:df:d5:97:dc:2d:74:
                    9f:f8:25:80:d9:cc:bf:1f:35:0d:a3:ce:b4:42:19:
                    f7:18:ac:9d:ca:32:c1:aa:a1:9e:b9:fb:27:90:92:
                    1b:3d:0b:39:29:ba:6a:ac:99:51:a0:ed:84:3d:be:
                    15:8e:db:30:21:61:d8:f1:5b:17:61:82:15:84:08:
                    9f:40:65:73:df:8c:0d:80:d7:8a:f4:25:6e:a7:11:
                    19:50:79:7b:d1:38:32:fb:af:e0:b5:63:04:9d:22:
                    f8:96:ad:45:61:d8:39:db:1b:41:90:7d:c7:80:1c:
                    2f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:EC:1A:DF:85:3A:D1:9F:BD:77:E7:0A:EA:3B:BA:D1:7F:8D:09:27
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/H-wa34U60Z-9d-cK6ju60X-NCSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.176.0/20
                  88.223.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         61:5b:55:b4:b7:1c:ef:26:a0:57:d9:ba:74:f1:fb:41:82:0a:
         c2:fa:25:64:bd:b5:ab:ef:5f:17:a8:d3:27:40:46:0c:fe:64:
         4d:dc:fc:2b:31:13:1f:99:53:4f:10:74:b6:b4:b8:40:72:b5:
         9d:aa:e3:50:9c:73:c9:73:25:2c:22:7b:bb:17:cf:b7:c6:a5:
         72:fe:29:25:1b:64:06:6d:03:b7:12:1b:e2:54:8f:3f:ec:3d:
         b9:62:08:8d:de:ba:3d:74:10:f5:0e:d4:a9:8e:df:94:36:91:
         02:9f:e3:fb:b9:86:53:49:5e:c9:61:65:8b:6f:3c:e9:c9:9a:
         a8:eb:51:fa:9d:78:bc:f7:a6:a5:6c:81:ea:3e:14:59:bf:0a:
         cb:1a:02:ac:2e:80:32:ff:6b:16:98:dd:f0:5b:97:fb:8c:5b:
         2d:50:bb:72:3d:41:87:3b:4a:79:c4:53:e4:07:a2:0a:da:00:
         ed:18:ec:b8:19:38:32:c6:be:99:69:7d:c7:23:c5:61:f2:27:
         74:b4:30:c4:52:84:9d:03:36:f2:03:e6:31:3f:a0:eb:82:a4:
         c8:28:d8:12:b3:71:c5:86:e1:eb:07:4f:68:9c:6a:97:f9:0d:
         bc:db:1f:69:15:86:82:23:c3:cb:2e:4d:70:bd:3b:d6:62:72:
         45:81:1a:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKfzrWiI4jWFDksLx2C1Z54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjQxMDE4MTMyNjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmVjMWFkZjg1M2FkMTlmYmQ3N2U3MGFlYTNiYmFkMTdmOGQwOTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9tJxkaiXK5QLDjac2DRBld3vVoD
Kuvsu/9FHQR8C+NRepXvvsMuhicbl9votSlcuqVDfQjgnz4s/0xm/pmGgOc2Lnm5
PPq0WCnD0UdfhRvuqHkhFVBNFrvoV5HeuVz/ci6R9Zcc+YXVOMr7Vlm5Niq3o6Zn
LN+4FWckkA2zClersAZ/wLuZVrW0A4SovCLf1ZfcLXSf+CWA2cy/HzUNo860Qhn3
GKydyjLBqqGeufsnkJIbPQs5KbpqrJlRoO2EPb4VjtswIWHY8VsXYYIVhAifQGVz
34wNgNeK9CVupxEZUHl70Tgy+6/gtWMEnSL4lq1FYdg52xtBkH3HgBwvMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB/sGt+FOtGfvXfnCuo7utF/jQknMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvSC13YTM0VTYwWi05ZC1jSzZqdTYwWC1OQ1NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQET4SwAwQE
WN/QMA0GCSqGSIb3DQEBCwUAA4IBAQBhW1W0txzvJqBX2bp08ftBggrC+iVkvbWr
718XqNMnQEYM/mRN3PwrMRMfmVNPEHS2tLhAcrWdquNQnHPJcyUsInu7F8+3xqVy
/iklG2QGbQO3EhviVI8/7D25YgiN3ro9dBD1DtSpjt+UNpECn+P7uYZTSV7JYWWL
bzzpyZqo61H6nXi896albIHqPhRZvwrLGgKsLoAy/2sWmN3wW5f7jFstULtyPUGH
O0p5xFPkB6IK2gDtGOy4GTgyxr6ZaX3HI8Vh8id0tDDEUoSdAzbyA+YxP6DrgqTI
KNgSs3HFhuHrB09onGqX+Q282x9pFYaCI8PLLk1wvTvWYnJFgRrx
-----END CERTIFICATE-----