Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/YHhKqKllORo1YpLh6r99OV2fKdU.roa
File:                     YHhKqKllORo1YpLh6r99OV2fKdU.roa (raw, json)
Hash identifier:          mexx1monVzWkvXW1/Ufj3sXVxDrM1B0b6uh/TwyrzYI=
Subject key identifier:   60:78:4A:A8:A9:65:39:1A:35:62:92:E1:EA:BF:7D:39:5D:9F:29:D5
Certificate issuer:       /CN=5b5bff9d41f719f62600c32d3410ddb99eccb30c
Certificate serial:       019422FC0938135EC2809480E87B36D6D19E
Authority key identifier: 5B:5B:FF:9D:41:F7:19:F6:26:00:C3:2D:34:10:DD:B9:9E:CC:B3:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1v_nUH3GfYmAMMtNBDduZ7Msww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/YHhKqKllORo1YpLh6r99OV2fKdU.roa
Signing time:             Wed 01 Jan 2025 17:48:50 +0000
ROA not before:           Wed 01 Jan 2025 17:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60558
IP address blocks:        83.229.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/W1v_nUH3GfYmAMMtNBDduZ7Msww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/W1v_nUH3GfYmAMMtNBDduZ7Msww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1v_nUH3GfYmAMMtNBDduZ7Msww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 04:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:09:38:13:5e:c2:80:94:80:e8:7b:36:d6:d1:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b5bff9d41f719f62600c32d3410ddb99eccb30c
        Validity
            Not Before: Jan  1 17:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60784aa8a965391a356292e1eabf7d395d9f29d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b3:f5:69:c0:d4:84:70:29:51:b4:6b:29:bb:
                    ca:10:d8:d9:7f:85:95:b8:5e:f4:a7:04:1a:7b:c7:
                    8f:a1:33:9e:84:9c:82:44:40:0c:ba:9c:85:c2:04:
                    f4:83:93:f5:61:37:4b:02:7e:6c:7b:10:68:14:53:
                    7f:93:84:c3:53:9c:6a:b6:a6:e4:5c:52:49:72:6c:
                    ca:9b:7c:f5:a6:6d:87:92:94:01:26:9f:d5:10:c3:
                    65:cf:25:4a:ee:2e:9c:ef:32:48:8a:3f:4e:a8:ea:
                    5f:40:83:0d:0f:e1:55:c4:86:f1:20:9c:af:8f:94:
                    31:1c:68:a5:7c:cd:6d:5e:da:c7:09:b5:ee:40:b6:
                    b7:f3:ab:3c:77:67:fe:9d:78:bc:00:9f:49:12:23:
                    85:e2:06:1a:8c:64:06:05:29:a4:1a:bd:29:db:6f:
                    c2:cf:9b:44:1f:91:80:53:6a:7d:30:f9:47:99:f7:
                    b2:5f:e5:60:50:f9:ff:88:34:e5:05:37:cb:1b:e9:
                    00:aa:14:8c:eb:a6:da:40:9e:eb:ce:2c:1b:2e:3b:
                    8a:28:65:d1:f8:9f:e5:e6:a9:0f:3a:8e:05:48:1e:
                    0e:d8:51:b5:ed:aa:88:42:2f:e1:0c:c2:5e:10:0d:
                    72:6b:7d:44:c1:15:05:f1:a7:2f:15:54:18:b1:d8:
                    a8:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:78:4A:A8:A9:65:39:1A:35:62:92:E1:EA:BF:7D:39:5D:9F:29:D5
            X509v3 Authority Key Identifier:
                keyid:5B:5B:FF:9D:41:F7:19:F6:26:00:C3:2D:34:10:DD:B9:9E:CC:B3:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1v_nUH3GfYmAMMtNBDduZ7Msww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/YHhKqKllORo1YpLh6r99OV2fKdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/4f43fc-4187-4bb9-905a-f0c6258b9a04/1/W1v_nUH3GfYmAMMtNBDduZ7Msww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.229.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:58:61:1a:80:00:e4:b2:ac:98:dc:fb:4d:db:64:4e:17:63:
         d4:53:29:5a:dc:d3:98:7d:15:39:73:f2:15:5e:c2:cb:26:c9:
         eb:2e:77:e1:6e:c5:7a:2e:22:07:2e:a3:30:ca:5b:13:b6:e9:
         89:51:f0:a8:52:d9:18:10:81:14:cb:db:62:93:15:a5:ea:d6:
         65:81:ed:9f:85:6d:83:25:a1:ae:ad:d0:60:7b:f7:53:9f:c1:
         54:01:de:33:d5:be:86:0f:b6:cb:78:40:e3:52:a2:56:ca:89:
         b1:ac:8f:24:11:d0:04:06:11:ea:f3:ff:a4:77:e3:2c:2b:e3:
         76:c7:97:3f:7e:53:da:5a:7e:3d:4e:15:ca:a4:71:ca:1d:3b:
         6a:4c:a4:d7:1e:33:16:64:19:3e:0d:73:aa:1e:0c:d5:f9:d0:
         ca:0b:4d:c3:03:2b:51:bf:99:83:03:c1:e2:a2:23:9c:a8:8a:
         95:e5:a6:8f:8c:59:d6:88:cf:ff:82:7e:28:75:d0:1a:b0:14:
         e1:0c:16:ee:47:68:5c:41:81:f9:16:b5:c4:55:96:4f:6c:0d:
         a3:65:68:86:ce:e2:4b:fd:4e:ed:1b:fd:d8:3f:a5:ba:24:62:
         e2:79:03:45:56:b7:22:cf:12:e3:9a:1b:a8:fb:9a:3d:48:d6:
         f2:ee:0e:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/Ak4E17CgJSA6Hs21tGeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNWJmZjlkNDFmNzE5ZjYyNjAwYzMyZDM0MTBkZGI5OWVj
Y2IzMGMwHhcNMjUwMTAxMTc0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDc4NGFhOGE5NjUzOTFhMzU2MjkyZTFlYWJmN2QzOTVkOWYyOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrP1acDUhHApUbRrKbvKENjZf4WV
uF70pwQae8ePoTOehJyCREAMupyFwgT0g5P1YTdLAn5sexBoFFN/k4TDU5xqtqbk
XFJJcmzKm3z1pm2HkpQBJp/VEMNlzyVK7i6c7zJIij9OqOpfQIMND+FVxIbxIJyv
j5QxHGilfM1tXtrHCbXuQLa386s8d2f+nXi8AJ9JEiOF4gYajGQGBSmkGr0p22/C
z5tEH5GAU2p9MPlHmfeyX+VgUPn/iDTlBTfLG+kAqhSM66baQJ7rziwbLjuKKGXR
+J/l5qkPOo4FSB4O2FG17aqIQi/hDMJeEA1ya31EwRUF8acvFVQYsdiohwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGB4SqipZTkaNWKS4eq/fTldnynVMB8GA1UdIwQY
MBaAFFtb/51B9xn2JgDDLTQQ3bmezLMMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzF2X25VSDNHZlltQU1NdE5CRGR1WjdNc3d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi80ZjQzZmMtNDE4Ny00YmI5LTkwNWEt
ZjBjNjI1OGI5YTA0LzEvWUhoS3FLbGxPUm8xWXBMaDZyOTlPVjJmS2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi80ZjQzZmMtNDE4Ny00YmI5LTkwNWEtZjBjNjI1OGI5YTA0
LzEvVzF2X25VSDNHZlltQU1NdE5CRGR1WjdNc3d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU+VkMA0G
CSqGSIb3DQEBCwUAA4IBAQA0WGEagADksqyY3PtN22ROF2PUUyla3NOYfRU5c/IV
XsLLJsnrLnfhbsV6LiIHLqMwylsTtumJUfCoUtkYEIEUy9tikxWl6tZlge2fhW2D
JaGurdBge/dTn8FUAd4z1b6GD7bLeEDjUqJWyomxrI8kEdAEBhHq8/+kd+MsK+N2
x5c/flPaWn49ThXKpHHKHTtqTKTXHjMWZBk+DXOqHgzV+dDKC03DAytRv5mDA8Hi
oiOcqIqV5aaPjFnWiM//gn4oddAasBThDBbuR2hcQYH5FrXEVZZPbA2jZWiGzuJL
/U7tG/3YP6W6JGLieQNFVrcizxLjmhuo+5o9SNby7g7m
-----END CERTIFICATE-----