Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/bd4e5c-4147-4131-8750-33a82ab5f513/1/FIvNNxujkeosaQmK-8zL99U8I-8.roa
File:                     FIvNNxujkeosaQmK-8zL99U8I-8.roa (raw, json)
Hash identifier:          xdptKNwYHkOXesPFH1LxyuhIbU4UE4ZRfmuf1MyhTcI=
Subject key identifier:   14:8B:CD:37:1B:A3:91:EA:2C:69:09:8A:FB:CC:CB:F7:D5:3C:23:EF
Certificate issuer:       /CN=d1c4913094a21268c73a67653a3738d73e5c59a7
Certificate serial:       01941F8C329ADB32989EDD6D3148E1A4ACCE
Authority key identifier: D1:C4:91:30:94:A2:12:68:C7:3A:67:65:3A:37:38:D7:3E:5C:59:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0cSRMJSiEmjHOmdlOjc41z5cWac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/bd4e5c-4147-4131-8750-33a82ab5f513/1/FIvNNxujkeosaQmK-8zL99U8I-8.roa
Signing time:             Wed 01 Jan 2025 01:47:49 +0000
ROA not before:           Wed 01 Jan 2025 01:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39120
IP address blocks:        185.112.60.0/24 maxlen: 24
                          185.112.61.0/24 maxlen: 24
                          185.112.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/bd4e5c-4147-4131-8750-33a82ab5f513/1/0cSRMJSiEmjHOmdlOjc41z5cWac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/bd4e5c-4147-4131-8750-33a82ab5f513/1/0cSRMJSiEmjHOmdlOjc41z5cWac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0cSRMJSiEmjHOmdlOjc41z5cWac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:32:9a:db:32:98:9e:dd:6d:31:48:e1:a4:ac:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1c4913094a21268c73a67653a3738d73e5c59a7
        Validity
            Not Before: Jan  1 01:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=148bcd371ba391ea2c69098afbcccbf7d53c23ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:71:37:a6:4e:b1:9c:f0:99:98:2c:5d:db:9f:
                    4b:93:b4:f3:89:b4:07:c3:9d:06:2a:2f:ec:b8:2b:
                    4f:15:13:44:79:29:04:f9:0b:d7:2f:f6:75:47:d7:
                    f5:99:2d:bd:10:bc:f4:23:91:b0:5e:04:77:b1:60:
                    83:04:20:61:cd:13:9b:63:82:3d:b5:06:a5:f1:16:
                    2b:48:d4:4f:79:82:77:d8:ba:3f:9b:9a:35:a9:34:
                    78:15:26:de:e4:cf:0f:6d:f3:c6:0a:98:2a:a3:83:
                    e8:3d:01:51:85:34:63:f5:65:61:3f:7d:1d:49:d6:
                    48:f4:82:c6:7b:4f:96:84:06:a5:a4:59:e7:39:df:
                    64:3f:eb:78:60:bd:6f:95:1c:34:bc:e0:c2:f4:03:
                    d3:1f:3d:cb:af:30:d9:b4:e7:32:09:e1:a7:49:c3:
                    0c:69:3d:1e:34:ef:57:c4:3b:b2:58:ca:1e:27:1b:
                    c6:1e:ea:96:c1:c5:f9:d7:b9:eb:8e:68:cf:7e:fa:
                    37:73:06:e4:71:22:88:05:f7:60:fc:d2:70:59:11:
                    65:6b:15:8e:56:d5:c3:f4:c3:1a:db:86:7a:f7:ea:
                    7e:12:92:16:17:ac:bc:9d:11:9c:d3:45:2a:70:35:
                    f3:4a:4b:76:43:e4:45:44:47:4d:c7:41:7a:8f:73:
                    9d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:8B:CD:37:1B:A3:91:EA:2C:69:09:8A:FB:CC:CB:F7:D5:3C:23:EF
            X509v3 Authority Key Identifier:
                keyid:D1:C4:91:30:94:A2:12:68:C7:3A:67:65:3A:37:38:D7:3E:5C:59:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0cSRMJSiEmjHOmdlOjc41z5cWac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/bd4e5c-4147-4131-8750-33a82ab5f513/1/FIvNNxujkeosaQmK-8zL99U8I-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/bd4e5c-4147-4131-8750-33a82ab5f513/1/0cSRMJSiEmjHOmdlOjc41z5cWac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.60.0-185.112.62.255

    Signature Algorithm: sha256WithRSAEncryption
         33:70:a3:d4:85:62:a5:3a:e8:0f:7d:05:1e:48:c8:7b:ed:32:
         18:72:b7:ec:02:8a:07:f4:2d:7a:84:a1:9a:eb:a5:4c:cc:fe:
         2f:1a:a9:1e:0e:72:64:ef:49:bc:79:ae:15:90:96:50:ee:27:
         6e:cd:3b:23:c8:cb:d1:e0:87:36:f2:b4:44:46:f7:06:40:2d:
         1f:d9:2e:b3:65:59:7e:20:07:55:73:27:4a:53:03:89:67:a3:
         f0:30:ea:bd:50:55:5e:60:0e:49:18:fd:50:37:be:2f:f0:c3:
         60:69:df:76:f9:de:1a:68:cf:77:b0:6c:fd:1f:e8:33:4a:20:
         62:48:3a:31:53:05:db:81:f5:da:51:f8:49:8f:89:5a:5e:e8:
         42:62:c1:46:47:e0:61:20:5d:99:18:53:25:c8:84:31:f7:74:
         18:1f:5c:8f:68:2b:c4:10:59:87:80:eb:65:c1:db:44:9f:e8:
         56:59:d4:95:b1:f1:c1:c8:bd:6b:89:9c:9f:3f:c0:44:42:75:
         64:1d:ac:78:5d:43:a0:e3:4d:83:61:ac:22:09:0b:61:7d:70:
         85:89:25:e2:3b:df:bf:bf:60:d0:ae:3f:4e:37:f6:e6:cd:d4:
         9e:f1:22:9e:e4:1f:07:94:24:d5:9f:1a:f1:04:a3:4c:f9:af:
         a1:0c:48:8f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQfjDKa2zKYnt1tMUjhpKzOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxYzQ5MTMwOTRhMjEyNjhjNzNhNjc2NTNhMzczOGQ3M2U1
YzU5YTcwHhcNMjUwMTAxMDE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDhiY2QzNzFiYTM5MWVhMmM2OTA5OGFmYmNjY2JmN2Q1M2MyM2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3E3pk6xnPCZmCxd259Lk7TzibQH
w50GKi/suCtPFRNEeSkE+QvXL/Z1R9f1mS29ELz0I5GwXgR3sWCDBCBhzRObY4I9
tQal8RYrSNRPeYJ32Lo/m5o1qTR4FSbe5M8PbfPGCpgqo4PoPQFRhTRj9WVhP30d
SdZI9ILGe0+WhAalpFnnOd9kP+t4YL1vlRw0vODC9APTHz3LrzDZtOcyCeGnScMM
aT0eNO9XxDuyWMoeJxvGHuqWwcX517nrjmjPfvo3cwbkcSKIBfdg/NJwWRFlaxWO
VtXD9MMa24Z69+p+EpIWF6y8nRGc00UqcDXzSkt2Q+RFREdNx0F6j3OdNQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBSLzTcbo5HqLGkJivvMy/fVPCPvMB8GA1UdIwQY
MBaAFNHEkTCUohJoxzpnZTo3ONc+XFmnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNTUk1KU2lFbWpIT21kbE9qYzQxejVjV2FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9iZDRlNWMtNDE0Ny00MTMxLTg3NTAt
MzNhODJhYjVmNTEzLzEvRkl2Tk54dWprZW9zYVFtSy04ekw5OVU4SS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9iZDRlNWMtNDE0Ny00MTMxLTg3NTAtMzNhODJhYjVmNTEz
LzEvMGNTUk1KU2lFbWpIT21kbE9qYzQxejVjV2FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5cDwD
BAC5cD4wDQYJKoZIhvcNAQELBQADggEBADNwo9SFYqU66A99BR5IyHvtMhhyt+wC
igf0LXqEoZrrpUzM/i8aqR4OcmTvSbx5rhWQllDuJ27NOyPIy9HghzbytERG9wZA
LR/ZLrNlWX4gB1VzJ0pTA4lno/Aw6r1QVV5gDkkY/VA3vi/ww2Bp33b53hpoz3ew
bP0f6DNKIGJIOjFTBduB9dpR+EmPiVpe6EJiwUZH4GEgXZkYUyXIhDH3dBgfXI9o
K8QQWYeA62XB20Sf6FZZ1JWx8cHIvWuJnJ8/wERCdWQdrHhdQ6DjTYNhrCIJC2F9
cIWJJeI737+/YNCuP0439ubN1J7xIp7kHweUJNWfGvEEo0z5r6EMSI8=
-----END CERTIFICATE-----