Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/ciboWtyR7k6PmGqNFYVzCVO_ZvU.roa
File:                     ciboWtyR7k6PmGqNFYVzCVO_ZvU.roa (raw, json)
Hash identifier:          oz8ttf5TfYfUbzT8dJ6DOvjBHXHDWiaHLWk3+1QswGE=
Subject key identifier:   72:26:E8:5A:DC:91:EE:4E:8F:98:6A:8D:15:85:73:09:53:BF:66:F5
Certificate issuer:       /CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
Certificate serial:       018CC6B7A4EA4FA5872597A25CAD095D1A2B
Authority key identifier: 60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/ciboWtyR7k6PmGqNFYVzCVO_ZvU.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60251
IP address blocks:        192.42.253.0/24 maxlen: 24
                          2a0f:6b40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a4:ea:4f:a5:87:25:97:a2:5c:ad:09:5d:1a:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7226e85adc91ee4e8f986a8d1585730953bf66f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d3:1d:b9:d7:d9:c0:bd:c0:07:12:65:bf:e2:
                    72:f0:8e:ef:9f:36:80:b6:15:cd:db:c8:c4:df:fd:
                    9c:11:42:0e:c9:5f:26:cf:f5:d1:a5:be:67:05:2c:
                    01:70:b5:e8:c3:d5:74:38:5b:74:4d:5f:91:24:19:
                    b7:7d:04:99:d7:f9:72:86:6e:78:31:02:d7:41:ec:
                    e5:dc:8f:07:71:4d:13:a5:64:22:3c:95:88:ef:e9:
                    49:22:37:78:b5:3a:44:84:7e:c0:75:22:fa:ac:42:
                    0d:f2:24:0e:a2:96:3f:e0:a5:27:6f:3e:ae:a3:1e:
                    88:29:c9:0e:5b:59:3f:1a:ea:a6:16:88:fa:ea:80:
                    2e:4a:ce:08:c5:7f:00:44:b5:ba:44:ee:7c:d9:6e:
                    00:f7:d6:88:00:bb:a9:67:80:2c:af:6c:12:e2:4c:
                    ea:0f:16:10:eb:26:ef:ea:03:c9:f9:b3:f4:7b:51:
                    8a:30:e0:9f:5b:62:35:4b:23:a6:c0:90:01:a1:98:
                    5d:03:99:d5:a4:07:63:75:b6:b1:59:2d:b5:70:ac:
                    63:31:98:ef:c4:d4:43:f4:8c:3a:a0:05:50:13:03:
                    d2:6d:65:e1:69:c0:10:5a:8a:e8:a6:fb:2a:27:9f:
                    92:2f:4c:6f:37:d4:44:87:6c:ab:18:64:43:97:19:
                    c8:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:26:E8:5A:DC:91:EE:4E:8F:98:6A:8D:15:85:73:09:53:BF:66:F5
            X509v3 Authority Key Identifier:
                keyid:60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/ciboWtyR7k6PmGqNFYVzCVO_ZvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.42.253.0/24
                IPv6:
                  2a0f:6b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:ab:60:21:10:b6:0d:91:3d:68:40:e5:07:94:0d:24:43:fa:
         9f:77:05:2c:f3:27:00:0c:de:46:cd:87:4c:0d:73:59:8d:e9:
         df:5c:c7:3c:20:8f:ad:2d:d3:fe:c0:52:21:08:a2:1e:d2:d1:
         b3:88:a3:07:a7:ab:3e:28:c1:f7:0e:37:50:b1:fb:20:e6:ab:
         db:a0:80:7c:85:e4:05:cd:ff:f7:c9:09:5b:af:dd:1f:9e:c4:
         c5:88:02:b9:2d:af:ed:57:a6:c0:5a:34:3d:08:4d:04:31:20:
         cd:f2:8a:59:52:df:06:42:93:6a:04:59:f9:d1:3d:80:90:96:
         af:f1:a3:70:78:42:3f:28:ac:3b:21:56:38:b7:49:4d:86:1b:
         af:da:ef:e5:24:34:6e:95:e6:9a:d6:73:b9:29:71:7f:39:1f:
         ce:2b:7b:39:c2:b1:80:15:f7:eb:47:99:8a:55:1d:5d:1e:83:
         ad:1e:07:2b:6c:4d:c4:c3:5d:1f:a4:b6:8a:9f:8f:e1:56:f6:
         97:78:9e:07:e7:ac:eb:66:68:18:d1:29:9e:d0:e1:64:f2:f0:
         f7:41:e9:d3:0d:fb:39:07:12:32:df:8b:2d:77:3f:89:fa:67:
         2d:42:97:d9:40:99:c5:17:94:da:b0:11:80:a7:c1:9a:42:6f:
         9b:44:73:d8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt6TqT6WHJZeiXK0JXRorMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwOTk4ZDNjOWQ4YmRjOWMxZGZmOGUzMTk0MjQ0MTJiNmNk
YzFkZDMwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjI2ZTg1YWRjOTFlZTRlOGY5ODZhOGQxNTg1NzMwOTUzYmY2NmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNMdudfZwL3ABxJlv+Jy8I7vnzaA
thXN28jE3/2cEUIOyV8mz/XRpb5nBSwBcLXow9V0OFt0TV+RJBm3fQSZ1/lyhm54
MQLXQezl3I8HcU0TpWQiPJWI7+lJIjd4tTpEhH7AdSL6rEIN8iQOopY/4KUnbz6u
ox6IKckOW1k/GuqmFoj66oAuSs4IxX8ARLW6RO582W4A99aIALupZ4Asr2wS4kzq
DxYQ6ybv6gPJ+bP0e1GKMOCfW2I1SyOmwJABoZhdA5nVpAdjdbaxWS21cKxjMZjv
xNRD9Iw6oAVQEwPSbWXhacAQWoropvsqJ5+SL0xvN9REh2yrGGRDlxnIRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHIm6Frcke5Oj5hqjRWFcwlTv2b1MB8GA1UdIwQY
MBaAFGCZjTydi9ycHf+OMZQkQSts3B3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWIt
MGVhNGQ1MzFiNzkzLzEvY2lib1d0eVI3azZQbUdxTkZZVnpDVk9fWnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWItMGVhNGQ1MzFiNzkz
LzEvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwCr9MA0E
AgACMAcDBQMqD2tAMA0GCSqGSIb3DQEBCwUAA4IBAQBAq2AhELYNkT1oQOUHlA0k
Q/qfdwUs8ycADN5GzYdMDXNZjenfXMc8II+tLdP+wFIhCKIe0tGziKMHp6s+KMH3
DjdQsfsg5qvboIB8heQFzf/3yQlbr90fnsTFiAK5La/tV6bAWjQ9CE0EMSDN8opZ
Ut8GQpNqBFn50T2AkJav8aNweEI/KKw7IVY4t0lNhhuv2u/lJDRuleaa1nO5KXF/
OR/OK3s5wrGAFffrR5mKVR1dHoOtHgcrbE3Ew10fpLaKn4/hVvaXeJ4H56zrZmgY
0Sme0OFk8vD3QenTDfs5BxIy34stdz+J+mctQpfZQJnFF5TasBGAp8GaQm+bRHPY
-----END CERTIFICATE-----