Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Do610frDxofc_GIwlM0_-BIBi58.roa
File:                     Do610frDxofc_GIwlM0_-BIBi58.roa (raw, json)
Hash identifier:          2fSLFdraUb7r/St9XyxC3w/gDUXK6jtGxtd4pLLXBT4=
Subject key identifier:   0E:8E:B5:D1:FA:C3:C6:87:DC:FC:62:30:94:CD:3F:F8:12:01:8B:9F
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019424B386F9352AF59CF29DBE7ACDDAFBC7
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Do610frDxofc_GIwlM0_-BIBi58.roa
Signing time:             Thu 02 Jan 2025 01:48:52 +0000
ROA not before:           Thu 02 Jan 2025 01:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207713
IP address blocks:        62.60.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:86:f9:35:2a:f5:9c:f2:9d:be:7a:cd:da:fb:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 01:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e8eb5d1fac3c687dcfc623094cd3ff812018b9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5e:e0:ba:1c:62:ca:cc:45:17:c9:5b:9e:9a:
                    b4:36:32:c5:53:b9:06:b4:a7:98:51:7a:e9:cd:d9:
                    55:04:27:03:39:f7:8f:d6:cd:d2:8b:82:ef:96:c4:
                    05:b8:cc:22:0d:e8:99:49:f3:2e:75:39:bc:6e:2b:
                    2e:19:03:bf:07:47:14:c0:0b:2f:9d:b3:ad:65:ab:
                    b7:93:57:15:f3:26:eb:38:e4:56:be:b1:a2:f4:e0:
                    db:d5:9a:ac:40:ea:b2:18:16:df:59:bb:92:dc:db:
                    1b:9d:96:ea:2e:6d:7b:33:de:9d:04:f0:44:28:66:
                    10:f6:f3:78:d8:28:a3:3d:27:a9:6a:4e:bf:39:a1:
                    b8:17:86:77:cf:05:59:18:9a:8f:99:a9:81:a9:e1:
                    f5:df:a5:d4:6f:79:7f:b0:75:cc:a1:b4:8d:54:99:
                    07:a3:69:91:4e:db:0a:32:ff:a5:cb:46:9d:e8:80:
                    c2:27:00:c3:c6:d0:93:e3:c3:bd:f6:3c:43:63:cf:
                    8f:46:4c:9e:c8:7a:6c:66:23:33:a2:45:d7:20:68:
                    c9:c2:06:24:3f:3c:38:93:7e:c4:1e:83:95:7f:3b:
                    8a:5a:ea:57:d0:c5:c6:a7:a5:df:78:c7:e0:e4:bd:
                    c9:52:7a:15:34:57:46:cd:07:19:7d:a1:41:d0:51:
                    39:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:8E:B5:D1:FA:C3:C6:87:DC:FC:62:30:94:CD:3F:F8:12:01:8B:9F
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/Do610frDxofc_GIwlM0_-BIBi58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:bb:f3:09:f1:7b:f5:d2:c1:8b:aa:60:09:b5:85:1a:fd:67:
         88:12:f6:1c:76:f7:7d:e2:d6:82:a1:ef:ff:27:3b:e9:56:f8:
         5f:ea:e5:14:e9:b4:de:27:b6:28:e0:c9:ff:07:6c:4f:00:03:
         41:d7:ec:cf:b6:e2:47:18:59:f5:8c:74:71:03:1c:02:b9:77:
         df:03:18:02:81:ae:98:ab:d8:32:9c:6c:59:49:93:4e:cb:79:
         2e:89:cd:c6:5a:c6:cb:7c:75:f5:6d:51:ad:9d:f8:bd:1b:2d:
         f1:1a:fd:76:ec:49:b1:49:33:b9:7d:7f:84:c9:25:13:05:0b:
         70:f9:c2:30:0a:44:a2:ae:95:b7:88:f4:ae:37:08:dc:6c:10:
         93:5c:97:3e:cf:4a:1d:8a:03:48:6b:d6:b7:a3:42:52:78:e9:
         94:0a:19:5f:5c:59:6f:18:ce:99:ae:e6:d2:33:ab:57:c6:c9:
         de:85:3a:f7:e8:d1:dd:d5:2b:85:3b:ed:1d:81:1a:9b:95:69:
         b5:51:8a:96:67:6a:a2:5a:1b:ad:d2:3e:72:e2:1d:f0:4c:90:
         85:20:4a:40:7f:e4:ca:4e:d1:ba:9e:d8:e0:01:fc:ff:aa:b5:
         9d:c1:fa:fb:0c:23:63:8f:47:2a:31:b8:72:2c:ca:b5:9d:c1:
         dc:39:2d:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks4b5NSr1nPKdvnrN2vvHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwMTAyMDE0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZThlYjVkMWZhYzNjNjg3ZGNmYzYyMzA5NGNkM2ZmODEyMDE4YjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAql7guhxiysxFF8lbnpq0NjLFU7kG
tKeYUXrpzdlVBCcDOfeP1s3Si4LvlsQFuMwiDeiZSfMudTm8bisuGQO/B0cUwAsv
nbOtZau3k1cV8ybrOORWvrGi9ODb1ZqsQOqyGBbfWbuS3NsbnZbqLm17M96dBPBE
KGYQ9vN42CijPSepak6/OaG4F4Z3zwVZGJqPmamBqeH136XUb3l/sHXMobSNVJkH
o2mRTtsKMv+ly0ad6IDCJwDDxtCT48O99jxDY8+PRkyeyHpsZiMzokXXIGjJwgYk
Pzw4k37EHoOVfzuKWupX0MXGp6XfeMfg5L3JUnoVNFdGzQcZfaFB0FE5rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6OtdH6w8aH3PxiMJTNP/gSAYufMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvRG82MTBmckR4b2ZjX0dJd2xNMF8tQklCaTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjy7MA0G
CSqGSIb3DQEBCwUAA4IBAQCqu/MJ8Xv10sGLqmAJtYUa/WeIEvYcdvd94taCoe//
JzvpVvhf6uUU6bTeJ7Yo4Mn/B2xPAANB1+zPtuJHGFn1jHRxAxwCuXffAxgCga6Y
q9gynGxZSZNOy3kuic3GWsbLfHX1bVGtnfi9Gy3xGv127EmxSTO5fX+EySUTBQtw
+cIwCkSirpW3iPSuNwjcbBCTXJc+z0odigNIa9a3o0JSeOmUChlfXFlvGM6ZrubS
M6tXxsnehTr36NHd1SuFO+0dgRqblWm1UYqWZ2qiWhut0j5y4h3wTJCFIEpAf+TK
TtG6ntjgAfz/qrWdwfr7DCNjj0cqMbhyLMq1ncHcOS36
-----END CERTIFICATE-----