Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/wK5U0OA4so9Bb6LaTOAhvYcrZbw.roa
File:                     wK5U0OA4so9Bb6LaTOAhvYcrZbw.roa (raw, json)
Hash identifier:          i3F3Ec/aHEk6lLvyEsCOnZPx8LpXq7mO54DzXI/2qs4=
Subject key identifier:   C0:AE:54:D0:E0:38:B2:8F:41:6F:A2:DA:4C:E0:21:BD:87:2B:65:BC
Certificate issuer:       /CN=60f5aac76fe6bf291335d19a658e6489105b869f
Certificate serial:       0195B4EFCEB9B9DD93A7EA95C4E60EFD0FF5
Authority key identifier: 60:F5:AA:C7:6F:E6:BF:29:13:35:D1:9A:65:8E:64:89:10:5B:86:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YPWqx2_mvykTNdGaZY5kiRBbhp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/wK5U0OA4so9Bb6LaTOAhvYcrZbw.roa
Signing time:             Thu 20 Mar 2025 19:02:49 +0000
ROA not before:           Thu 20 Mar 2025 19:02:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213485
IP address blocks:        199.34.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/YPWqx2_mvykTNdGaZY5kiRBbhp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/YPWqx2_mvykTNdGaZY5kiRBbhp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YPWqx2_mvykTNdGaZY5kiRBbhp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 19:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b4:ef:ce:b9:b9:dd:93:a7:ea:95:c4:e6:0e:fd:0f:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60f5aac76fe6bf291335d19a658e6489105b869f
        Validity
            Not Before: Mar 20 19:02:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0ae54d0e038b28f416fa2da4ce021bd872b65bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8e:ce:cc:ab:ae:33:5e:4d:75:73:b1:e8:6d:
                    7a:08:27:79:72:63:fd:b1:d6:7e:d6:f6:66:65:2e:
                    ed:fc:16:62:41:90:26:1b:d1:8f:10:13:d5:17:85:
                    e6:98:e3:28:cd:13:ee:37:2f:45:e9:14:52:9b:a7:
                    3d:8e:07:05:6b:a4:22:a5:28:ee:9e:53:e1:83:33:
                    47:4b:6d:e4:c5:17:49:23:30:55:77:2e:6c:93:e6:
                    6b:ce:62:d3:b8:c7:09:6a:eb:fb:35:df:70:41:74:
                    45:b8:6f:90:73:c9:b8:cd:4c:72:ec:1e:95:b4:a6:
                    cc:18:0f:d2:61:70:47:47:67:2f:fe:6e:64:87:e4:
                    96:c4:33:a4:20:f8:4b:3b:df:01:c5:a8:69:8c:42:
                    eb:b4:8d:9c:e7:27:f1:1e:9c:e7:88:55:29:d9:92:
                    36:ca:cd:cd:a0:dd:4f:db:06:32:f4:03:a8:b8:21:
                    80:62:71:63:c8:f2:75:07:5b:e1:14:dd:75:9c:02:
                    50:a1:b7:ec:46:5d:17:c1:f8:f9:80:39:4c:4e:a8:
                    14:2c:17:a2:e6:6a:1d:96:96:7c:22:e0:6c:e6:cd:
                    cb:98:61:66:d7:2b:c8:5b:19:56:c8:e4:1a:55:a7:
                    70:29:6c:e4:33:5a:9f:0a:a0:1b:da:66:a4:e0:da:
                    02:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:AE:54:D0:E0:38:B2:8F:41:6F:A2:DA:4C:E0:21:BD:87:2B:65:BC
            X509v3 Authority Key Identifier:
                keyid:60:F5:AA:C7:6F:E6:BF:29:13:35:D1:9A:65:8E:64:89:10:5B:86:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPWqx2_mvykTNdGaZY5kiRBbhp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/wK5U0OA4so9Bb6LaTOAhvYcrZbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/YPWqx2_mvykTNdGaZY5kiRBbhp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.34.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:96:00:c3:f2:7d:0e:34:62:cc:cf:e7:dd:ab:78:e6:23:be:
         3d:be:3c:94:f2:b1:9e:83:19:92:04:b0:66:58:b2:b8:19:0a:
         b1:74:bb:3d:8f:d1:3f:68:a3:83:ec:a8:c4:bb:29:61:1d:a3:
         76:df:e5:96:b4:39:62:e7:8d:a0:0d:11:82:83:e2:bd:59:1d:
         f9:d7:71:bb:3b:ed:71:3c:b4:98:a0:11:e8:ae:e0:53:58:37:
         15:72:12:d4:fc:72:03:56:17:4b:a4:a3:a5:03:0e:cc:c7:65:
         00:34:8b:9f:6d:a6:53:ee:0a:aa:27:ee:a1:2d:96:5d:2f:df:
         ea:e1:b5:66:28:27:0f:38:1c:84:ec:71:3c:74:9d:40:c2:5b:
         c0:70:b4:af:9b:37:b8:12:21:e7:62:31:9e:50:03:40:ad:7f:
         bc:0c:cd:c8:cb:63:19:58:8f:46:cd:80:98:f2:19:51:cf:b3:
         1e:1a:3e:78:55:fc:b8:b2:dd:84:24:ea:42:0f:77:49:1c:13:
         39:02:45:5e:73:e0:55:66:17:7c:8b:6b:bf:6f:1a:88:0f:dd:
         ba:a2:da:08:4c:91:cd:80:c6:b4:13:83:9b:3e:69:d0:13:d5:
         b2:6b:21:22:54:d7:aa:27:a3:dd:63:d1:a5:0b:f8:f0:50:7a:
         09:7d:2c:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW07865ud2Tp+qVxOYO/Q/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZjVhYWM3NmZlNmJmMjkxMzM1ZDE5YTY1OGU2NDg5MTA1
Yjg2OWYwHhcNMjUwMzIwMTkwMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGFlNTRkMGUwMzhiMjhmNDE2ZmEyZGE0Y2UwMjFiZDg3MmI2NWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArY7OzKuuM15NdXOx6G16CCd5cmP9
sdZ+1vZmZS7t/BZiQZAmG9GPEBPVF4XmmOMozRPuNy9F6RRSm6c9jgcFa6QipSju
nlPhgzNHS23kxRdJIzBVdy5sk+ZrzmLTuMcJauv7Nd9wQXRFuG+Qc8m4zUxy7B6V
tKbMGA/SYXBHR2cv/m5kh+SWxDOkIPhLO98BxahpjELrtI2c5yfxHpzniFUp2ZI2
ys3NoN1P2wYy9AOouCGAYnFjyPJ1B1vhFN11nAJQobfsRl0Xwfj5gDlMTqgULBei
5modlpZ8IuBs5s3LmGFm1yvIWxlWyOQaVadwKWzkM1qfCqAb2mak4NoCEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCuVNDgOLKPQW+i2kzgIb2HK2W8MB8GA1UdIwQY
MBaAFGD1qsdv5r8pEzXRmmWOZIkQW4afMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVBXcXgyX212eWtUTmRHYVpZNWtpUkJiaHA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMTJiMDAtYWY4Mi00NzM1LWFhYzEt
MmJmYjZhZGRjZjQ1LzEvd0s1VTBPQTRzbzlCYjZMYVRPQWh2WWNyWmJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMTJiMDAtYWY4Mi00NzM1LWFhYzEtMmJmYjZhZGRjZjQ1
LzEvWVBXcXgyX212eWtUTmRHYVpZNWtpUkJiaHA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAxyJCMA0G
CSqGSIb3DQEBCwUAA4IBAQCBlgDD8n0ONGLMz+fdq3jmI749vjyU8rGegxmSBLBm
WLK4GQqxdLs9j9E/aKOD7KjEuylhHaN23+WWtDli542gDRGCg+K9WR3513G7O+1x
PLSYoBHoruBTWDcVchLU/HIDVhdLpKOlAw7Mx2UANIufbaZT7gqqJ+6hLZZdL9/q
4bVmKCcPOByE7HE8dJ1AwlvAcLSvmze4EiHnYjGeUANArX+8DM3Iy2MZWI9GzYCY
8hlRz7MeGj54Vfy4st2EJOpCD3dJHBM5AkVec+BVZhd8i2u/bxqID926otoITJHN
gMa0E4ObPmnQE9WyayEiVNeqJ6PdY9GlC/jwUHoJfSxD
-----END CERTIFICATE-----