Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/q-DPSgWdItEeYRUxntMTxnncxM4.roa
File:                     q-DPSgWdItEeYRUxntMTxnncxM4.roa (raw, json)
Hash identifier:          fiF3KDNpFUOXyp7g0ajJpqjUe425LfAhTJFM9wIcG2Q=
Subject key identifier:   AB:E0:CF:4A:05:9D:22:D1:1E:61:15:31:9E:D3:13:C6:79:DC:C4:CE
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01928ADFC973C5157514B977FE77047FBB44
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/q-DPSgWdItEeYRUxntMTxnncxM4.roa
Signing time:             Mon 14 Oct 2024 11:52:54 +0000
ROA not before:           Mon 14 Oct 2024 11:52:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55154
IP address blocks:        62.60.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8a:df:c9:73:c5:15:75:14:b9:77:fe:77:04:7f:bb:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Oct 14 11:52:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abe0cf4a059d22d11e6115319ed313c679dcc4ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a3:92:84:84:f7:50:3a:ea:4d:fe:5f:5e:0e:
                    bf:86:03:5d:76:cf:c9:bb:09:90:9f:56:04:a9:fb:
                    c2:c4:37:e7:02:2f:2f:e2:0c:9d:bd:f1:8f:05:d0:
                    12:8e:22:02:39:df:69:af:d2:30:3d:24:cb:87:57:
                    73:9c:f3:5a:0b:70:80:77:2f:5b:35:9f:85:52:8b:
                    b9:5a:ce:bf:ca:59:62:78:46:4b:53:08:f1:c0:21:
                    f9:6b:c6:a7:20:3d:32:0d:a8:d5:73:57:49:72:29:
                    ff:86:5b:f1:41:30:79:57:84:9c:83:00:d2:98:68:
                    d7:c0:a0:8e:98:76:d0:ce:6b:75:24:09:9d:2a:d6:
                    2b:af:0f:95:3d:5d:95:7f:cf:df:42:b0:46:e7:ea:
                    67:63:cd:c5:98:6c:97:2d:30:2d:d3:a6:46:77:9d:
                    1a:a9:34:f4:39:ac:20:e6:f8:6e:7b:a5:09:16:43:
                    e6:c4:5d:b8:80:58:4d:ae:0f:9b:5f:57:88:2a:34:
                    44:81:ec:b6:60:18:4e:f0:b5:19:b4:71:8b:11:6b:
                    45:48:f4:fa:0d:cb:7b:97:f9:73:f9:66:6c:06:0a:
                    7d:c6:1a:7c:78:53:01:1e:0d:3c:06:94:42:30:c9:
                    df:5d:8c:18:8d:55:41:d1:1c:3a:81:7a:32:76:9f:
                    5c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:E0:CF:4A:05:9D:22:D1:1E:61:15:31:9E:D3:13:C6:79:DC:C4:CE
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/q-DPSgWdItEeYRUxntMTxnncxM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:d7:63:d1:86:60:78:c0:d1:c1:fd:97:81:0e:71:86:93:ac:
         79:49:56:99:aa:d4:3a:fe:3e:bb:a8:04:05:8d:bc:d6:93:60:
         0b:35:9b:83:18:bb:da:00:6c:e4:91:7c:f1:25:4e:63:bf:9b:
         33:37:6e:5d:a7:1c:1b:28:ef:16:0f:34:3f:23:82:eb:02:20:
         fd:7d:0f:24:e6:ed:a7:b8:cc:16:62:35:5d:20:85:b4:a4:c1:
         0b:41:92:5a:c5:ee:71:f2:3b:e5:8c:eb:01:f3:9e:e8:cc:3b:
         de:65:2f:82:8d:9a:99:cf:5b:d4:1b:53:18:a4:8c:52:7f:77:
         d7:67:98:5d:5b:f4:5e:a0:c3:e9:21:9b:e7:79:e4:0b:44:e1:
         e8:78:4a:63:e3:b9:b4:e8:a5:38:21:ef:f9:3c:48:32:a1:81:
         1a:83:19:a6:d0:cd:bd:c6:86:97:50:97:54:f9:49:45:4e:d4:
         46:1f:4d:a9:1b:61:81:37:aa:31:0e:5e:14:35:50:d0:32:19:
         4f:fd:65:2d:b8:94:13:ad:59:d6:17:a5:f4:cf:2e:7c:bb:ad:
         79:58:a7:f0:04:11:f2:88:b1:56:14:a1:86:6b:a5:d7:4c:32:
         fe:3d:30:58:41:1e:3d:ab:be:52:60:da:34:2d:32:a8:d7:74:
         95:83:00:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKK38lzxRV1FLl3/ncEf7tEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQxMDE0MTE1MjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmUwY2Y0YTA1OWQyMmQxMWU2MTE1MzE5ZWQzMTNjNjc5ZGNjNGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6OShIT3UDrqTf5fXg6/hgNdds/J
uwmQn1YEqfvCxDfnAi8v4gydvfGPBdASjiICOd9pr9IwPSTLh1dznPNaC3CAdy9b
NZ+FUou5Ws6/yllieEZLUwjxwCH5a8anID0yDajVc1dJcin/hlvxQTB5V4ScgwDS
mGjXwKCOmHbQzmt1JAmdKtYrrw+VPV2Vf8/fQrBG5+pnY83FmGyXLTAt06ZGd50a
qTT0Oawg5vhue6UJFkPmxF24gFhNrg+bX1eIKjREgey2YBhO8LUZtHGLEWtFSPT6
Dct7l/lz+WZsBgp9xhp8eFMBHg08BpRCMMnfXYwYjVVB0Rw6gXoydp9cDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvgz0oFnSLRHmEVMZ7TE8Z53MTOMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvcS1EUFNnV2RJdEVlWVJVeG50TVR4bm5jeE00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjyWMA0G
CSqGSIb3DQEBCwUAA4IBAQAW12PRhmB4wNHB/ZeBDnGGk6x5SVaZqtQ6/j67qAQF
jbzWk2ALNZuDGLvaAGzkkXzxJU5jv5szN25dpxwbKO8WDzQ/I4LrAiD9fQ8k5u2n
uMwWYjVdIIW0pMELQZJaxe5x8jvljOsB857ozDveZS+CjZqZz1vUG1MYpIxSf3fX
Z5hdW/ReoMPpIZvneeQLROHoeEpj47m06KU4Ie/5PEgyoYEagxmm0M29xoaXUJdU
+UlFTtRGH02pG2GBN6oxDl4UNVDQMhlP/WUtuJQTrVnWF6X0zy58u615WKfwBBHy
iLFWFKGGa6XXTDL+PTBYQR49q75SYNo0LTKo13SVgwD8
-----END CERTIFICATE-----