Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/eAHYBcjmEpm2XUF6fdkUJpUWZVw.roa
File:                     eAHYBcjmEpm2XUF6fdkUJpUWZVw.roa (raw, json)
Hash identifier:          IcD0WL/kmyYDR+xG97ZrUMGHhNf5H2EHN3Vizh4OFCE=
Subject key identifier:   78:01:D8:05:C8:E6:12:99:B6:5D:41:7A:7D:D9:14:26:95:16:65:5C
Certificate issuer:       /CN=60fcd55b9130858d8ea583c0987dad00f614db39
Certificate serial:       018CC49245B8101812E5941A52F0987D16C1
Authority key identifier: 60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/eAHYBcjmEpm2XUF6fdkUJpUWZVw.roa
Signing time:             Mon 01 Jan 2024 10:29:29 +0000
ROA not before:           Mon 01 Jan 2024 10:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398464
IP address blocks:        195.64.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:45:b8:10:18:12:e5:94:1a:52:f0:98:7d:16:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60fcd55b9130858d8ea583c0987dad00f614db39
        Validity
            Not Before: Jan  1 10:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7801d805c8e61299b65d417a7dd914269516655c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:63:8e:63:36:1d:3b:02:5c:d8:bb:02:6b:ab:
                    9f:cf:17:61:f8:aa:4c:db:a5:c1:c4:68:d6:22:f4:
                    c4:45:51:bb:a9:70:96:4e:36:40:9a:e9:14:5b:60:
                    50:31:dd:ac:1e:30:8e:4b:e5:de:a9:56:d6:d2:e8:
                    c3:1c:15:e1:6a:bf:a4:4f:7d:d8:32:b4:bc:4e:05:
                    9f:97:95:7b:24:ec:14:75:79:ea:88:94:72:45:2e:
                    92:0d:01:71:e1:ef:47:13:c7:5a:8c:69:ec:18:22:
                    4e:52:3e:0c:91:0f:d4:96:18:41:5b:3b:f3:8e:47:
                    36:ec:31:42:09:9b:86:88:00:f9:8f:03:e8:d3:f8:
                    42:76:c9:57:e1:c7:f6:9c:b2:7c:d2:ee:4e:c5:f1:
                    a4:6a:11:88:f0:59:1f:63:9d:d8:81:a1:25:a1:29:
                    d1:3d:ae:dc:42:f9:90:c9:10:b6:25:05:6b:b3:7a:
                    00:ec:77:bd:0b:90:22:9b:92:35:ad:a2:42:9f:ab:
                    78:5d:ed:8c:38:65:7d:d2:98:d6:e2:2a:4f:f2:7d:
                    da:3c:94:13:a5:a3:27:08:d6:b3:5e:a7:db:ff:40:
                    a1:a5:5b:1d:7f:0f:38:d9:a0:88:b4:09:c6:f8:5e:
                    0c:6b:29:25:49:4d:d9:a6:72:60:08:30:63:15:75:
                    23:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:01:D8:05:C8:E6:12:99:B6:5D:41:7A:7D:D9:14:26:95:16:65:5C
            X509v3 Authority Key Identifier:
                keyid:60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/eAHYBcjmEpm2XUF6fdkUJpUWZVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:6d:5c:ac:59:12:00:02:92:1a:cc:56:a9:b1:5a:ae:c8:3d:
         f8:2a:14:c8:3f:e9:83:71:2d:c8:4a:4e:ec:9a:b2:7e:68:cc:
         50:a7:12:83:e3:66:d4:f6:bd:e9:2c:cb:04:65:da:d8:ed:94:
         00:b3:29:98:07:60:5b:88:5d:df:2f:a9:62:d6:d4:87:24:2b:
         ff:0b:07:51:dd:41:a4:45:97:30:40:27:69:30:94:42:ba:52:
         c4:ae:b8:60:5e:22:0a:a2:c0:60:55:4e:ae:bb:67:a9:50:85:
         26:bf:a7:3a:e4:7f:fc:10:cd:2a:9f:e6:7c:dd:11:38:d4:a8:
         3e:51:cf:61:7e:68:51:82:56:eb:8a:e0:25:d6:55:ab:76:e2:
         ce:4f:d4:6f:b5:c0:a5:6e:f4:8a:01:3e:52:6b:db:7e:a6:53:
         52:c7:39:78:52:f6:9e:c0:fe:bc:cf:bf:ca:d7:3f:c8:fd:51:
         a9:10:4c:3e:dd:89:5b:50:7f:82:8f:50:55:71:93:eb:c5:64:
         66:5f:d4:25:7b:6f:75:0a:de:85:28:60:0b:19:d6:5b:9d:a5:
         b5:e3:ca:7f:ed:53:c5:72:58:a6:b5:01:33:8a:b8:f9:7b:48:
         59:32:58:9f:78:49:f5:3d:47:32:86:ff:c1:d3:22:10:92:73:
         84:2f:8f:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkW4EBgS5ZQaUvCYfRbBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZmNkNTViOTEzMDg1OGQ4ZWE1ODNjMDk4N2RhZDAwZjYx
NGRiMzkwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODAxZDgwNWM4ZTYxMjk5YjY1ZDQxN2E3ZGQ5MTQyNjk1MTY2NTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGOOYzYdOwJc2LsCa6ufzxdh+KpM
26XBxGjWIvTERVG7qXCWTjZAmukUW2BQMd2sHjCOS+XeqVbW0ujDHBXhar+kT33Y
MrS8TgWfl5V7JOwUdXnqiJRyRS6SDQFx4e9HE8dajGnsGCJOUj4MkQ/UlhhBWzvz
jkc27DFCCZuGiAD5jwPo0/hCdslX4cf2nLJ80u5OxfGkahGI8FkfY53YgaEloSnR
Pa7cQvmQyRC2JQVrs3oA7He9C5Aim5I1raJCn6t4Xe2MOGV90pjW4ipP8n3aPJQT
paMnCNazXqfb/0ChpVsdfw842aCItAnG+F4MayklSU3ZpnJgCDBjFXUjFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgB2AXI5hKZtl1Ben3ZFCaVFmVcMB8GA1UdIwQY
MBaAFGD81VuRMIWNjqWDwJh9rQD2FNs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTkt
ZWQzMGI5YmIxMmQ1LzEvZUFIWUJjam1FcG0yWFVGNmZka1VKcFVXWlZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTktZWQzMGI5YmIxMmQ1
LzEvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0B6MA0G
CSqGSIb3DQEBCwUAA4IBAQBmbVysWRIAApIazFapsVquyD34KhTIP+mDcS3ISk7s
mrJ+aMxQpxKD42bU9r3pLMsEZdrY7ZQAsymYB2BbiF3fL6li1tSHJCv/CwdR3UGk
RZcwQCdpMJRCulLErrhgXiIKosBgVU6uu2epUIUmv6c65H/8EM0qn+Z83RE41Kg+
Uc9hfmhRglbriuAl1lWrduLOT9RvtcClbvSKAT5Sa9t+plNSxzl4UvaewP68z7/K
1z/I/VGpEEw+3YlbUH+Cj1BVcZPrxWRmX9Qle291Ct6FKGALGdZbnaW148p/7VPF
climtQEzirj5e0hZMlifeEn1PUcyhv/B0yIQknOEL4+n
-----END CERTIFICATE-----