Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/RDaoBwTJXWBwzktYjHP5bpUC-Q4.roa
File:                     RDaoBwTJXWBwzktYjHP5bpUC-Q4.roa (raw, json)
Hash identifier:          /8sqUJWeEmCOVPx7VU96bBjyNDsSFeVD3KpxhiNJRjk=
Subject key identifier:   44:36:A8:07:04:C9:5D:60:70:CE:4B:58:8C:73:F9:6E:95:02:F9:0E
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01923D719C88279FAE39B93A91FA1596A122
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/RDaoBwTJXWBwzktYjHP5bpUC-Q4.roa
Signing time:             Sun 29 Sep 2024 11:01:48 +0000
ROA not before:           Sun 29 Sep 2024 11:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214119
IP address blocks:        62.60.224.0/24 maxlen: 24
                          62.60.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:3d:71:9c:88:27:9f:ae:39:b9:3a:91:fa:15:96:a1:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Sep 29 11:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4436a80704c95d6070ce4b588c73f96e9502f90e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:02:66:3f:34:b0:46:cb:75:5b:ef:23:5f:2f:
                    77:37:94:6e:b4:85:6b:24:61:3d:59:3f:76:25:26:
                    d5:84:9b:80:c3:39:21:41:4d:12:63:4c:5e:98:cd:
                    06:1e:56:d6:c0:66:14:f0:57:3a:30:0b:91:e2:95:
                    5b:cf:b5:4f:5c:07:31:de:ca:57:ae:e0:0a:31:d2:
                    ef:31:00:70:3f:b9:d7:2b:42:78:a7:aa:21:f0:e8:
                    d8:b2:f9:ee:27:b6:ec:80:b9:c1:35:ea:3e:57:97:
                    15:46:91:36:eb:75:d3:db:3c:19:15:d1:35:4a:0f:
                    ad:be:18:a1:68:34:cf:71:3f:05:ca:01:a3:a7:6e:
                    bd:12:64:5c:5b:a2:ba:7c:12:be:94:a1:d3:98:05:
                    18:6f:52:68:1f:3a:09:17:74:43:ff:67:ed:cb:0a:
                    ae:7e:e9:0c:97:3a:41:50:82:64:cd:9b:fc:71:5c:
                    57:61:d3:20:3d:fc:b2:3b:e0:9c:89:e5:92:4e:24:
                    14:2a:8b:87:af:b0:a2:c2:a5:c5:ee:17:56:fa:a7:
                    81:86:75:a9:8e:21:68:f2:d5:f2:90:d7:fa:eb:c9:
                    e5:1e:e6:2d:11:68:4f:7f:f5:a3:40:e2:80:a8:7e:
                    e8:a6:83:30:45:50:84:00:d3:29:98:42:c6:1c:4e:
                    8d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:36:A8:07:04:C9:5D:60:70:CE:4B:58:8C:73:F9:6E:95:02:F9:0E
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/RDaoBwTJXWBwzktYjHP5bpUC-Q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:37:f7:e9:ba:01:df:a9:a7:e8:0d:56:ec:7a:6a:63:d6:c4:
         b2:69:61:67:bb:c1:08:70:62:0d:3f:13:e8:9e:ad:96:0a:b7:
         00:74:0a:ec:6d:58:5e:dd:a8:eb:19:5f:aa:46:0d:20:d3:7e:
         80:85:72:4a:a9:fb:59:e4:13:31:21:aa:c4:32:78:83:96:63:
         96:e8:22:ab:4a:b8:19:e9:f5:af:eb:75:49:09:07:1f:18:f9:
         94:29:13:09:66:92:70:b5:01:17:c5:32:2a:5a:61:a7:e5:16:
         c3:37:97:6f:16:11:f9:21:31:4a:3d:b3:bd:db:12:c6:5b:d5:
         9c:d2:71:25:e2:a3:01:f6:70:97:ad:6e:1b:f7:d4:55:25:16:
         df:1f:fb:82:f4:78:64:b9:12:22:bb:c0:c6:99:c8:32:90:cb:
         c8:57:11:c3:2c:7f:5b:e6:d6:b8:df:72:d7:89:c7:4b:0f:d2:
         83:f8:20:3d:bc:39:14:d0:1d:02:71:52:78:10:37:e1:7d:ba:
         2c:ee:d6:a4:3d:5b:98:c2:4e:95:58:2a:f4:83:99:6e:fb:ad:
         33:8e:29:5a:74:f7:8e:00:93:1e:39:3c:6d:b1:92:b7:ad:f9:
         45:df:19:10:64:69:33:e8:c5:19:64:e9:04:c4:66:3d:24:20:
         83:f8:2e:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI9cZyIJ5+uObk6kfoVlqEiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwOTI5MTEwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDM2YTgwNzA0Yzk1ZDYwNzBjZTRiNTg4YzczZjk2ZTk1MDJmOTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QJmPzSwRst1W+8jXy93N5RutIVr
JGE9WT92JSbVhJuAwzkhQU0SY0xemM0GHlbWwGYU8Fc6MAuR4pVbz7VPXAcx3spX
ruAKMdLvMQBwP7nXK0J4p6oh8OjYsvnuJ7bsgLnBNeo+V5cVRpE263XT2zwZFdE1
Sg+tvhihaDTPcT8FygGjp269EmRcW6K6fBK+lKHTmAUYb1JoHzoJF3RD/2ftywqu
fukMlzpBUIJkzZv8cVxXYdMgPfyyO+CcieWSTiQUKouHr7CiwqXF7hdW+qeBhnWp
jiFo8tXykNf668nlHuYtEWhPf/WjQOKAqH7opoMwRVCEANMpmELGHE6NJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQ2qAcEyV1gcM5LWIxz+W6VAvkOMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvUkRhb0J3VEpYV0J3emt0WWpIUDVicFVDLVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPjzgMA0G
CSqGSIb3DQEBCwUAA4IBAQCoN/fpugHfqafoDVbsempj1sSyaWFnu8EIcGINPxPo
nq2WCrcAdArsbVhe3ajrGV+qRg0g036AhXJKqftZ5BMxIarEMniDlmOW6CKrSrgZ
6fWv63VJCQcfGPmUKRMJZpJwtQEXxTIqWmGn5RbDN5dvFhH5ITFKPbO92xLGW9Wc
0nEl4qMB9nCXrW4b99RVJRbfH/uC9HhkuRIiu8DGmcgykMvIVxHDLH9b5ta433LX
icdLD9KD+CA9vDkU0B0CcVJ4EDfhfbos7takPVuYwk6VWCr0g5lu+60zjiladPeO
AJMeOTxtsZK3rflF3xkQZGkz6MUZZOkExGY9JCCD+C6F
-----END CERTIFICATE-----