Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/YA2hGrZNONCOfiA-puiIkfmOTqg.roa
File:                     YA2hGrZNONCOfiA-puiIkfmOTqg.roa (raw, json)
Hash identifier:          2y+I3MkQ5xggfvOHyZz+G32aatNWskcbPYUibK/oOxQ=
Subject key identifier:   60:0D:A1:1A:B6:4D:38:D0:8E:7E:20:3E:A6:E8:88:91:F9:8E:4E:A8
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       018CCA29C44E7C961648D925D1326998F8E4
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/YA2hGrZNONCOfiA-puiIkfmOTqg.roa
Signing time:             Tue 02 Jan 2024 12:33:04 +0000
ROA not before:           Tue 02 Jan 2024 12:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55154
IP address blocks:        62.60.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:c4:4e:7c:96:16:48:d9:25:d1:32:69:98:f8:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 12:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=600da11ab64d38d08e7e203ea6e88891f98e4ea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4f:e2:a3:99:0f:d6:d7:2c:25:a0:86:77:a3:
                    2e:0c:bf:44:28:67:f3:f8:92:75:81:73:3b:97:83:
                    e8:56:65:88:78:ec:90:f6:a6:ef:70:f0:99:35:b3:
                    8f:5a:f6:aa:ff:7e:ad:54:5f:17:92:0f:ad:20:12:
                    0c:e1:5b:e0:d5:b0:96:e2:34:51:d1:e8:a8:5f:87:
                    4f:5b:70:44:c2:2d:4e:56:83:e6:e1:92:a6:0d:34:
                    93:19:54:40:1b:51:9e:02:5f:23:b8:88:a0:e2:0e:
                    98:d7:b6:54:7a:89:aa:ee:ce:5b:5b:ea:dd:f6:10:
                    58:cb:a2:a4:11:21:a6:ac:a1:28:58:29:32:d4:45:
                    64:2c:3f:15:7e:a7:67:2d:e6:5c:5c:ce:71:e1:19:
                    b9:13:41:93:c6:14:89:2e:79:14:ad:be:a1:03:dd:
                    03:4b:77:65:e1:e3:00:93:34:28:63:a5:f3:a2:22:
                    fd:42:bb:04:d5:5b:4f:b1:e6:17:a0:68:07:2a:dd:
                    65:3c:ef:a2:2f:4b:0b:f2:d8:88:15:00:1f:24:fa:
                    4a:04:18:af:a1:fa:60:41:ce:3c:d0:41:6b:1b:35:
                    e7:d5:73:ac:89:2e:92:d0:d4:ae:69:4a:47:00:73:
                    d1:c5:3e:d3:73:12:1e:0d:73:28:06:f0:25:67:0a:
                    c7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:0D:A1:1A:B6:4D:38:D0:8E:7E:20:3E:A6:E8:88:91:F9:8E:4E:A8
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/YA2hGrZNONCOfiA-puiIkfmOTqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:36:32:14:46:17:15:29:d7:b7:01:65:f9:68:1a:52:6d:0c:
         c9:70:29:ef:d0:72:b9:3d:42:b7:f0:46:5b:5e:7f:11:01:fe:
         b7:c6:c5:c0:39:03:89:15:e7:c0:75:65:6b:58:9a:12:b2:10:
         41:b2:d2:3d:21:f2:de:ee:6e:11:18:b9:6a:59:d2:a3:3a:a0:
         58:a8:25:c9:44:9b:8f:a1:57:12:35:f2:a1:7e:38:1e:34:c3:
         d2:16:82:24:d1:4c:84:2a:7a:b1:53:21:1a:6d:18:61:c1:58:
         f2:57:94:d5:d1:43:dd:d2:f2:ea:9a:43:d6:ac:4a:e4:b4:0b:
         c6:44:d7:c2:bb:b0:e3:cf:b0:74:11:69:08:54:95:b6:6d:4b:
         fb:43:0f:02:28:9d:bc:ff:65:a0:15:dc:5c:91:e6:8a:b2:b1:
         19:ae:00:d3:94:17:9a:1d:d5:ca:e0:d8:6d:49:96:01:d1:c3:
         dd:29:e7:b5:ff:67:2d:55:2f:dc:49:ea:b6:6a:13:5b:93:4a:
         f9:6c:f2:43:40:1f:6e:fb:d7:b5:0f:cd:30:86:a0:01:2d:97:
         fb:11:9c:19:87:77:66:77:d1:78:db:0f:74:c5:e4:8a:6e:61:
         4c:59:d5:0b:f5:d3:9d:2d:f7:5c:cd:9b:57:ef:f1:39:37:6f:
         31:f0:cf:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKcROfJYWSNkl0TJpmPjkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwMTAyMTIzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDBkYTExYWI2NGQzOGQwOGU3ZTIwM2VhNmU4ODg5MWY5OGU0ZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtk/io5kP1tcsJaCGd6MuDL9EKGfz
+JJ1gXM7l4PoVmWIeOyQ9qbvcPCZNbOPWvaq/36tVF8Xkg+tIBIM4Vvg1bCW4jRR
0eioX4dPW3BEwi1OVoPm4ZKmDTSTGVRAG1GeAl8juIig4g6Y17ZUeomq7s5bW+rd
9hBYy6KkESGmrKEoWCky1EVkLD8VfqdnLeZcXM5x4Rm5E0GTxhSJLnkUrb6hA90D
S3dl4eMAkzQoY6XzoiL9QrsE1VtPseYXoGgHKt1lPO+iL0sL8tiIFQAfJPpKBBiv
ofpgQc480EFrGzXn1XOsiS6S0NSuaUpHAHPRxT7TcxIeDXMoBvAlZwrHvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGANoRq2TTjQjn4gPqboiJH5jk6oMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvWUEyaEdyWk5PTkNPZmlBLXB1aUlrZm1PVHFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjyWMA0G
CSqGSIb3DQEBCwUAA4IBAQCqNjIURhcVKde3AWX5aBpSbQzJcCnv0HK5PUK38EZb
Xn8RAf63xsXAOQOJFefAdWVrWJoSshBBstI9IfLe7m4RGLlqWdKjOqBYqCXJRJuP
oVcSNfKhfjgeNMPSFoIk0UyEKnqxUyEabRhhwVjyV5TV0UPd0vLqmkPWrErktAvG
RNfCu7Djz7B0EWkIVJW2bUv7Qw8CKJ28/2WgFdxckeaKsrEZrgDTlBeaHdXK4Nht
SZYB0cPdKee1/2ctVS/cSeq2ahNbk0r5bPJDQB9u+9e1D80whqABLZf7EZwZh3dm
d9F42w90xeSKbmFMWdUL9dOdLfdczZtX7/E5N28x8M/d
-----END CERTIFICATE-----