Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/9a8ad8-b6c9-4c6c-ac27-62d881aa906f/1/41Oyqrj8sed8jkJPHTdPMidz25k.roa
File:                     41Oyqrj8sed8jkJPHTdPMidz25k.roa (raw, json)
Hash identifier:          EGeQxsTk6r3vcCK+FOvz1aCKGE9ZD7hsr3TzlDhkr0w=
Subject key identifier:   E3:53:B2:AA:B8:FC:B1:E7:7C:8E:42:4F:1D:37:4F:32:27:73:DB:99
Certificate issuer:       /CN=60b9615df8c659dac8cc087bd011d4b5ff373e2a
Certificate serial:       018EE74422F9FB83981EC07B88AC6E53AAE2
Authority key identifier: 60:B9:61:5D:F8:C6:59:DA:C8:CC:08:7B:D0:11:D4:B5:FF:37:3E:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YLlhXfjGWdrIzAh70BHUtf83Pio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/9a8ad8-b6c9-4c6c-ac27-62d881aa906f/1/41Oyqrj8sed8jkJPHTdPMidz25k.roa
Signing time:             Tue 16 Apr 2024 14:16:26 +0000
ROA not before:           Tue 16 Apr 2024 14:16:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42807
IP address blocks:        185.121.126.0/24 maxlen: 24
                          185.121.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/9a8ad8-b6c9-4c6c-ac27-62d881aa906f/1/YLlhXfjGWdrIzAh70BHUtf83Pio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/9a8ad8-b6c9-4c6c-ac27-62d881aa906f/1/YLlhXfjGWdrIzAh70BHUtf83Pio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YLlhXfjGWdrIzAh70BHUtf83Pio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e7:44:22:f9:fb:83:98:1e:c0:7b:88:ac:6e:53:aa:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60b9615df8c659dac8cc087bd011d4b5ff373e2a
        Validity
            Not Before: Apr 16 14:16:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e353b2aab8fcb1e77c8e424f1d374f322773db99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:39:96:9a:8f:e5:7a:74:23:6d:98:77:fb:cb:
                    7a:c9:b1:c5:c8:dc:4a:ad:bc:b9:5a:67:20:72:0e:
                    7d:80:1c:ed:77:c3:9d:f6:93:f0:cf:eb:b7:ee:84:
                    7c:49:ed:c9:aa:23:3c:58:37:13:1d:73:a9:8e:77:
                    91:4d:42:35:76:60:1a:b9:72:18:0e:7e:73:b8:5b:
                    70:da:4b:0d:d6:18:ba:b5:82:d8:59:55:8a:7e:54:
                    9e:65:e9:a6:c3:f3:2b:27:20:3b:fa:c3:e2:00:ec:
                    8b:60:57:76:32:49:22:f1:04:59:06:41:fc:ca:4b:
                    a3:f7:95:34:bd:69:eb:29:8e:ea:de:e4:9e:98:ec:
                    41:e3:e5:04:44:76:95:9c:8e:96:1a:1f:62:f2:26:
                    9b:16:37:bf:a0:6a:c4:30:04:b9:2a:ab:ed:f3:5d:
                    50:de:77:f9:60:35:6d:15:d1:85:3b:1b:06:60:50:
                    b5:bc:8d:2a:34:6e:19:cc:2f:ad:a3:6c:35:7f:65:
                    e6:ab:83:39:65:c8:81:f7:12:49:cc:47:f3:40:6e:
                    bd:73:8e:e1:55:64:71:5b:e0:cb:78:1a:73:ac:22:
                    d8:34:11:f7:14:d3:0d:14:5c:4c:3f:53:0a:ed:80:
                    07:53:f2:40:38:4e:3e:75:1a:c4:74:21:f2:59:ac:
                    e5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:53:B2:AA:B8:FC:B1:E7:7C:8E:42:4F:1D:37:4F:32:27:73:DB:99
            X509v3 Authority Key Identifier:
                keyid:60:B9:61:5D:F8:C6:59:DA:C8:CC:08:7B:D0:11:D4:B5:FF:37:3E:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YLlhXfjGWdrIzAh70BHUtf83Pio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/9a8ad8-b6c9-4c6c-ac27-62d881aa906f/1/41Oyqrj8sed8jkJPHTdPMidz25k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/9a8ad8-b6c9-4c6c-ac27-62d881aa906f/1/YLlhXfjGWdrIzAh70BHUtf83Pio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:0b:47:02:0d:37:7e:ff:9e:08:5c:a0:45:9f:7b:dc:c1:73:
         9e:54:0b:66:12:92:3a:a5:96:e4:fa:e7:4a:64:59:35:41:47:
         f6:a2:50:bc:5d:ab:c7:0b:62:82:d6:f9:fd:33:4f:45:af:2e:
         d0:09:74:68:25:f7:c9:fe:55:de:e1:e6:70:fc:f1:76:13:6b:
         ef:ae:25:82:9c:23:4e:eb:3f:cb:dc:73:b9:b3:ed:eb:5c:34:
         3a:b5:0d:bb:9c:9f:a8:03:4d:74:b3:30:02:22:56:27:29:98:
         32:db:c9:69:86:31:de:e8:ae:51:c5:17:70:2d:82:c9:09:af:
         61:5b:29:91:82:03:53:3c:3d:e5:a6:9c:c6:47:11:68:e4:88:
         fc:0b:b3:19:3c:08:a8:49:01:08:2d:8b:8b:9e:5b:93:a8:66:
         eb:27:a0:27:82:26:15:c6:36:bc:94:aa:67:e0:ab:08:70:68:
         a0:1b:bf:0c:96:68:28:8b:5b:2c:c8:18:2b:57:60:f4:d0:77:
         a7:d8:f8:12:cc:2b:ab:44:9c:b6:46:4f:f1:55:78:67:57:2a:
         3d:d4:b1:00:4a:7b:c8:ee:52:12:46:b7:c8:26:67:63:3e:f4:
         99:c7:e5:74:8f:1b:89:c9:e8:03:d1:35:12:e5:89:48:d0:2f:
         12:db:90:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7nRCL5+4OYHsB7iKxuU6riMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYjk2MTVkZjhjNjU5ZGFjOGNjMDg3YmQwMTFkNGI1ZmYz
NzNlMmEwHhcNMjQwNDE2MTQxNjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzUzYjJhYWI4ZmNiMWU3N2M4ZTQyNGYxZDM3NGYzMjI3NzNkYjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zmWmo/lenQjbZh3+8t6ybHFyNxK
rby5Wmcgcg59gBztd8Od9pPwz+u37oR8Se3JqiM8WDcTHXOpjneRTUI1dmAauXIY
Dn5zuFtw2ksN1hi6tYLYWVWKflSeZemmw/MrJyA7+sPiAOyLYFd2Mkki8QRZBkH8
ykuj95U0vWnrKY7q3uSemOxB4+UERHaVnI6WGh9i8iabFje/oGrEMAS5Kqvt811Q
3nf5YDVtFdGFOxsGYFC1vI0qNG4ZzC+to2w1f2Xmq4M5ZciB9xJJzEfzQG69c47h
VWRxW+DLeBpzrCLYNBH3FNMNFFxMP1MK7YAHU/JAOE4+dRrEdCHyWazlsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONTsqq4/LHnfI5CTx03TzInc9uZMB8GA1UdIwQY
MBaAFGC5YV34xlnayMwIe9AR1LX/Nz4qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUxsaFhmakdXZHJJekFoNzBCSFV0ZjgzUGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS85YThhZDgtYjZjOS00YzZjLWFjMjct
NjJkODgxYWE5MDZmLzEvNDFPeXFyajhzZWQ4amtKUEhUZFBNaWR6MjVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS85YThhZDgtYjZjOS00YzZjLWFjMjctNjJkODgxYWE5MDZm
LzEvWUxsaFhmakdXZHJJekFoNzBCSFV0ZjgzUGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXl+MA0G
CSqGSIb3DQEBCwUAA4IBAQCVC0cCDTd+/54IXKBFn3vcwXOeVAtmEpI6pZbk+udK
ZFk1QUf2olC8XavHC2KC1vn9M09Fry7QCXRoJffJ/lXe4eZw/PF2E2vvriWCnCNO
6z/L3HO5s+3rXDQ6tQ27nJ+oA010szACIlYnKZgy28lphjHe6K5RxRdwLYLJCa9h
WymRggNTPD3lppzGRxFo5Ij8C7MZPAioSQEILYuLnluTqGbrJ6AngiYVxja8lKpn
4KsIcGigG78Mlmgoi1ssyBgrV2D00Hen2PgSzCurRJy2Rk/xVXhnVyo91LEASnvI
7lISRrfIJmdjPvSZx+V0jxuJyegD0TUS5YlI0C8S25DP
-----END CERTIFICATE-----