Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/60U9cnLOckPfgET2TChl6_9ogjU.roa
File:                     60U9cnLOckPfgET2TChl6_9ogjU.roa (raw, json)
Hash identifier:          /mdha7t9PcZ8hZlT/a6jC4GM0xSZny5kLsGrJSEG8JI=
Subject key identifier:   EB:45:3D:72:72:CE:72:43:DF:80:44:F6:4C:28:65:EB:FF:68:82:35
Certificate issuer:       /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial:       018CC5011A4AC2C098F36343926C6D464CF5
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/60U9cnLOckPfgET2TChl6_9ogjU.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        31.171.129.0/24 maxlen: 24
                          31.171.130.0/24 maxlen: 24
                          91.230.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 07:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1a:4a:c2:c0:98:f3:63:43:92:6c:6d:46:4c:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb453d7272ce7243df8044f64c2865ebff688235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:dc:d5:6d:6f:79:5a:41:f7:94:3e:21:ed:1d:
                    6a:a5:01:9e:f5:2a:f0:ee:70:63:66:d8:1c:36:33:
                    f0:c0:2d:46:84:de:50:27:a6:ba:a0:31:f2:15:d4:
                    36:b5:ca:9a:e4:38:2f:ac:96:52:60:9c:31:de:8e:
                    25:fa:a5:cf:7d:38:9f:7e:99:e9:27:df:1b:a6:bf:
                    35:07:03:69:5c:52:6f:dc:dd:92:73:03:3c:0f:5b:
                    a9:61:b6:2b:5a:a2:d3:f1:c2:5a:12:c3:a4:9f:27:
                    f1:58:44:67:b3:7d:01:d7:e2:9e:b8:20:53:c8:bf:
                    6a:26:81:d5:b0:25:07:2e:e0:47:56:5b:22:50:5c:
                    00:c4:fe:1c:5f:16:6f:8d:83:46:63:87:2f:0a:1a:
                    16:27:15:f8:f6:a9:bd:c3:03:f5:bb:c5:18:2a:57:
                    80:60:c4:ff:df:c7:60:06:90:27:cf:95:53:0e:6e:
                    ff:23:97:33:7f:47:38:69:c8:25:3b:ba:06:38:1e:
                    ad:1d:39:96:6c:aa:9f:f4:2a:9e:e5:c9:b1:80:6f:
                    8e:59:13:32:05:10:01:c9:a1:f9:77:82:24:ea:b9:
                    54:9c:ce:ad:2b:dc:03:18:73:b0:b3:d0:c6:cc:f6:
                    ef:bd:0f:8f:75:df:5e:89:28:4f:7d:ee:69:76:be:
                    03:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:45:3D:72:72:CE:72:43:DF:80:44:F6:4C:28:65:EB:FF:68:82:35
            X509v3 Authority Key Identifier:
                keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/60U9cnLOckPfgET2TChl6_9ogjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.129.0-31.171.130.255
                  91.230.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:b1:20:e2:e8:ca:b7:3a:52:a0:72:76:6e:1c:d3:fb:de:7c:
         08:d4:b8:b1:2c:87:12:62:0b:b7:81:3b:b2:c0:f5:41:f1:2f:
         e4:fc:7b:86:60:dd:98:cd:f0:3b:66:f2:90:d5:cd:35:4d:c3:
         df:04:22:d6:dd:37:3f:1a:0f:e0:76:a3:fa:29:76:21:8b:27:
         a0:80:7f:49:05:28:08:a3:67:7a:29:14:1b:32:e8:f1:2c:60:
         29:89:c7:56:1f:e7:b0:e0:34:aa:78:6e:53:f4:6d:1a:64:b6:
         0a:b5:3f:b8:c1:b1:ab:35:62:fa:0b:d7:68:a7:9d:35:0f:75:
         ae:9f:a0:3e:c8:89:bb:d0:0b:99:3a:23:5a:ce:02:e7:c7:64:
         f1:b2:6f:1e:28:41:31:d2:54:5b:fb:6e:9a:4b:08:31:52:8e:
         a3:8c:39:c0:68:96:23:70:47:47:99:a0:7b:f0:0e:c6:77:ab:
         d3:b3:8f:35:36:de:79:37:c4:0e:e6:8e:09:37:34:3a:72:97:
         c3:ba:d5:4e:c8:af:4f:18:e5:a1:9d:59:94:bb:89:d5:80:bb:
         a6:90:a0:40:d1:c8:84:ca:07:27:0b:92:2c:e0:82:7e:6b:43:
         d9:cd:1d:a2:90:34:a0:9a:a7:37:5f:cf:fd:38:3d:93:4b:12:
         f8:fc:63:65
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzFARpKwsCY82NDkmxtRkz1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjQ1M2Q3MjcyY2U3MjQzZGY4MDQ0ZjY0YzI4NjVlYmZmNjg4MjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNzVbW95WkH3lD4h7R1qpQGe9Srw
7nBjZtgcNjPwwC1GhN5QJ6a6oDHyFdQ2tcqa5DgvrJZSYJwx3o4l+qXPfTiffpnp
J98bpr81BwNpXFJv3N2ScwM8D1upYbYrWqLT8cJaEsOknyfxWERns30B1+KeuCBT
yL9qJoHVsCUHLuBHVlsiUFwAxP4cXxZvjYNGY4cvChoWJxX49qm9wwP1u8UYKleA
YMT/38dgBpAnz5VTDm7/I5czf0c4acglO7oGOB6tHTmWbKqf9Cqe5cmxgG+OWRMy
BRAByaH5d4Ik6rlUnM6tK9wDGHOws9DGzPbvvQ+Pdd9eiShPfe5pdr4DCQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOtFPXJyznJD34BE9kwoZev/aII1MB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvNjBVOWNuTE9ja1BmZ0VUMlRDaGw2XzlvZ2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAfq4ED
BAAfq4IDBABb5uEwDQYJKoZIhvcNAQELBQADggEBAFOxIOLoyrc6UqBydm4c0/ve
fAjUuLEshxJiC7eBO7LA9UHxL+T8e4Zg3ZjN8Dtm8pDVzTVNw98EItbdNz8aD+B2
o/opdiGLJ6CAf0kFKAijZ3opFBsy6PEsYCmJx1Yf57DgNKp4blP0bRpktgq1P7jB
sas1YvoL12innTUPda6foD7IibvQC5k6I1rOAufHZPGybx4oQTHSVFv7bppLCDFS
jqOMOcBoliNwR0eZoHvwDsZ3q9OzjzU23nk3xA7mjgk3NDpyl8O61U7Ir08Y5aGd
WZS7idWAu6aQoEDRyITKBycLkizggn5rQ9nNHaKQNKCapzdfz/04PZNLEvj8Y2U=
-----END CERTIFICATE-----