Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/60kez5E8tU1qx0TTvLpwwOmqJPM.roa
File:                     60kez5E8tU1qx0TTvLpwwOmqJPM.roa (raw, json)
Hash identifier:          ooRDWi6UfD8+CXLZ4F0Bs69z57BBzf7Yu441rhOqEKs=
Subject key identifier:   EB:49:1E:CF:91:3C:B5:4D:6A:C7:44:D3:BC:BA:70:C0:E9:AA:24:F3
Certificate issuer:       /CN=0dd441c3ffae829842249e944b03851081f4d9e0
Certificate serial:       01941FFA44811D3B4001903B169AFA7E925A
Authority key identifier: 0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/60kez5E8tU1qx0TTvLpwwOmqJPM.roa
Signing time:             Wed 01 Jan 2025 03:48:02 +0000
ROA not before:           Wed 01 Jan 2025 03:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63339
IP address blocks:        193.23.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:44:81:1d:3b:40:01:90:3b:16:9a:fa:7e:92:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd441c3ffae829842249e944b03851081f4d9e0
        Validity
            Not Before: Jan  1 03:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb491ecf913cb54d6ac744d3bcba70c0e9aa24f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:78:39:96:41:e9:81:a7:08:e9:a0:8b:0f:02:
                    40:15:a4:e3:dd:29:fd:83:7c:e8:cd:6c:cd:66:14:
                    25:ad:0c:28:87:20:5a:01:94:23:b0:5a:3c:26:e1:
                    95:8b:a3:49:21:2b:95:0b:fc:22:9e:3e:31:7f:d8:
                    b7:0d:44:c7:4e:83:4e:d9:e1:0b:50:5e:75:d9:89:
                    fb:67:ab:03:ef:2e:08:84:6f:14:32:08:2f:b4:52:
                    4a:08:50:27:5f:66:8a:21:5b:31:53:ae:1f:6e:f9:
                    4a:4b:1d:55:55:69:85:db:74:14:5d:e5:8e:4c:64:
                    64:1f:4a:d9:af:ae:c8:50:ea:1a:bb:e4:29:3d:37:
                    d7:3f:29:b8:cc:95:94:f0:a9:f6:35:9f:f2:90:c7:
                    b0:9d:48:22:74:45:13:48:a7:ef:cc:b8:67:8a:28:
                    83:0a:9a:06:9b:0a:ab:40:cd:78:da:0f:3c:03:91:
                    46:f2:1f:b7:44:5c:1e:ca:23:2e:1a:01:3a:9c:f6:
                    1f:36:9a:d2:44:40:40:be:cb:bd:e3:f4:34:30:47:
                    ee:44:4d:37:26:b6:fb:83:16:a6:11:fe:b8:e1:d3:
                    4b:ae:0f:ca:0f:8a:6f:e2:67:be:5e:15:bf:f2:e2:
                    e1:d9:71:45:34:fd:20:f7:8f:79:95:30:cb:e2:43:
                    d0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:49:1E:CF:91:3C:B5:4D:6A:C7:44:D3:BC:BA:70:C0:E9:AA:24:F3
            X509v3 Authority Key Identifier:
                keyid:0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/60kez5E8tU1qx0TTvLpwwOmqJPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:23:af:f1:22:b6:2b:4c:7b:b6:c4:f0:4e:03:74:f3:25:f5:
         a1:51:38:a3:e9:31:c0:d2:da:8f:cc:01:aa:72:07:a9:8c:17:
         38:1b:e1:68:39:85:d6:ac:4e:16:78:81:a0:fb:8e:43:f4:7f:
         eb:42:30:3b:52:00:8b:69:19:03:2a:28:19:68:e0:07:86:22:
         41:1e:97:60:4d:f2:6e:50:fd:de:f1:6d:80:41:ca:96:36:cd:
         04:96:4a:74:28:af:ed:9a:fd:e1:5b:2a:64:33:93:d2:bc:ed:
         59:53:f3:f1:fc:6e:9d:fe:44:79:5f:04:82:8b:af:e8:08:03:
         9f:ad:6f:cb:57:15:fa:4f:d4:71:fd:07:7f:e6:5c:28:8a:75:
         e8:b1:53:04:49:10:99:b2:8c:2d:36:b8:70:b4:20:d9:31:72:
         2e:95:ab:4c:bb:0c:e4:f9:da:c6:63:10:e2:6b:88:82:88:0e:
         73:34:39:ae:37:40:c4:f8:ea:90:27:d3:f2:b9:7b:cd:84:2d:
         5e:66:d4:e7:26:50:e0:e3:6f:45:29:95:5e:70:95:54:11:c6:
         3b:1a:42:7f:61:18:48:e7:6e:58:4a:e3:cd:72:a8:e9:44:3f:
         ac:63:ee:26:b1:09:90:f1:65:b5:fd:96:16:73:1b:f3:b1:c4:
         2c:48:64:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+kSBHTtAAZA7Fpr6fpJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDQ0MWMzZmZhZTgyOTg0MjI0OWU5NDRiMDM4NTEwODFm
NGQ5ZTAwHhcNMjUwMTAxMDM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjQ5MWVjZjkxM2NiNTRkNmFjNzQ0ZDNiY2JhNzBjMGU5YWEyNGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXg5lkHpgacI6aCLDwJAFaTj3Sn9
g3zozWzNZhQlrQwohyBaAZQjsFo8JuGVi6NJISuVC/winj4xf9i3DUTHToNO2eEL
UF512Yn7Z6sD7y4IhG8UMggvtFJKCFAnX2aKIVsxU64fbvlKSx1VVWmF23QUXeWO
TGRkH0rZr67IUOoau+QpPTfXPym4zJWU8Kn2NZ/ykMewnUgidEUTSKfvzLhniiiD
CpoGmwqrQM142g88A5FG8h+3RFweyiMuGgE6nPYfNprSREBAvsu94/Q0MEfuRE03
Jrb7gxamEf644dNLrg/KD4pv4me+XhW/8uLh2XFFNP0g9495lTDL4kPQowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtJHs+RPLVNasdE07y6cMDpqiTzMB8GA1UdIwQY
MBaAFA3UQcP/roKYQiSelEsDhRCB9NngMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMt
ZTljOTEzMjgzNmZmLzEvNjBrZXo1RTh0VTFxeDBUVHZMcHd3T21xSlBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMtZTljOTEzMjgzNmZm
LzEvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRd2MA0G
CSqGSIb3DQEBCwUAA4IBAQCZI6/xIrYrTHu2xPBOA3TzJfWhUTij6THA0tqPzAGq
cgepjBc4G+FoOYXWrE4WeIGg+45D9H/rQjA7UgCLaRkDKigZaOAHhiJBHpdgTfJu
UP3e8W2AQcqWNs0Elkp0KK/tmv3hWypkM5PSvO1ZU/Px/G6d/kR5XwSCi6/oCAOf
rW/LVxX6T9Rx/Qd/5lwoinXosVMESRCZsowtNrhwtCDZMXIulatMuwzk+drGYxDi
a4iCiA5zNDmuN0DE+OqQJ9PyuXvNhC1eZtTnJlDg429FKZVecJVUEcY7GkJ/YRhI
525YSuPNcqjpRD+sY+4msQmQ8WW1/ZYWcxvzscQsSGS6
-----END CERTIFICATE-----