Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/l7VGb2C4erNw-xfOKKBu9VZWrPU.roa
File:                     l7VGb2C4erNw-xfOKKBu9VZWrPU.roa (raw, json)
Hash identifier:          9yOaApjQqKl+CQumyFjjc+4z/JwrelyQuv+Lz0TTZD4=
Subject key identifier:   97:B5:46:6F:60:B8:7A:B3:70:FB:17:CE:28:A0:6E:F5:56:56:AC:F5
Certificate issuer:       /CN=60fcd55b9130858d8ea583c0987dad00f614db39
Certificate serial:       018CC492454DBFF5308EDF7C6F92364B3F39
Authority key identifier: 60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/l7VGb2C4erNw-xfOKKBu9VZWrPU.roa
Signing time:             Mon 01 Jan 2024 10:29:29 +0000
ROA not before:           Mon 01 Jan 2024 10:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22773
IP address blocks:        195.64.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 22:03:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:45:4d:bf:f5:30:8e:df:7c:6f:92:36:4b:3f:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60fcd55b9130858d8ea583c0987dad00f614db39
        Validity
            Not Before: Jan  1 10:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97b5466f60b87ab370fb17ce28a06ef55656acf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ba:a5:d4:aa:1e:aa:6e:d4:c2:2f:a2:aa:f5:
                    ef:31:ef:a4:88:2e:b7:33:4b:aa:d2:77:87:2d:bb:
                    77:48:95:87:98:73:34:92:50:e9:51:8b:3e:ee:73:
                    b3:dc:f5:2f:eb:ad:bb:7e:7f:4a:bb:d2:c9:47:14:
                    68:95:29:e5:80:d9:df:52:68:46:ef:99:fc:09:8a:
                    ba:3e:cf:b3:71:63:8b:a0:28:52:0a:29:29:78:68:
                    57:eb:2f:98:28:78:35:9d:75:3b:48:1f:46:16:85:
                    49:72:40:ce:0b:10:86:aa:b6:5a:fd:f1:0a:79:55:
                    ef:7b:ec:58:b3:33:3c:31:4d:b9:a6:09:2a:79:87:
                    f1:52:08:99:f0:e5:db:71:ed:c7:aa:52:2e:1c:21:
                    42:08:12:8c:bb:2e:58:19:30:8a:fb:15:a1:94:aa:
                    ae:38:08:65:8d:d3:c7:0e:5b:91:1f:13:47:ea:7c:
                    06:fb:e2:ee:e9:ed:2d:35:88:3b:8a:ae:98:83:62:
                    0d:1a:98:b1:50:74:bc:06:80:c1:7a:11:04:33:b7:
                    ff:8b:b5:08:47:4b:9b:7b:6b:bf:b8:1a:77:07:e2:
                    20:b6:33:26:26:98:60:66:95:94:50:e4:e7:a4:fa:
                    2f:6a:7e:6a:7b:14:5f:4f:5e:30:34:28:1e:cf:f5:
                    eb:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:B5:46:6F:60:B8:7A:B3:70:FB:17:CE:28:A0:6E:F5:56:56:AC:F5
            X509v3 Authority Key Identifier:
                keyid:60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/l7VGb2C4erNw-xfOKKBu9VZWrPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:db:bf:de:67:18:87:a2:5d:01:a5:66:cb:09:fa:38:55:62:
         e7:6e:75:46:48:e7:e5:54:49:fd:34:08:e6:6d:2c:e8:50:40:
         63:0f:cd:f9:29:29:4f:19:53:40:0a:88:ff:17:d4:e2:66:ea:
         87:cc:bf:fa:06:4c:39:cb:20:d7:42:f3:73:64:75:80:87:34:
         19:e3:7f:64:8d:25:af:b7:ef:dc:4d:91:b9:63:a6:9f:8a:3d:
         d0:a3:60:05:14:8a:74:96:ee:bc:51:0b:f4:f4:f0:27:b1:9a:
         85:da:d3:06:e9:6c:ed:9f:10:b0:08:e2:04:0d:df:11:2f:95:
         62:8a:31:d8:88:a5:0a:2e:94:fa:11:18:3b:b9:d3:89:5c:c7:
         99:b0:7d:e6:87:e3:a2:94:f6:29:51:e1:93:6c:a3:b9:d5:2f:
         52:be:d9:81:8a:9e:9e:8f:72:31:27:c8:07:84:09:83:ad:87:
         cc:1d:20:2d:8d:75:c7:12:09:ee:69:82:35:69:11:04:9b:77:
         de:06:15:1f:ac:d3:88:80:29:f0:46:09:22:b2:b2:3b:31:f4:
         d6:c1:e7:84:33:df:26:e5:49:2c:3c:8e:d9:53:a8:47:03:22:
         4c:b0:04:9d:ae:15:6c:71:59:e0:97:1d:2f:16:08:f1:91:a6:
         0a:4b:d2:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkkVNv/Uwjt98b5I2Sz85MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZmNkNTViOTEzMDg1OGQ4ZWE1ODNjMDk4N2RhZDAwZjYx
NGRiMzkwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2I1NDY2ZjYwYjg3YWIzNzBmYjE3Y2UyOGEwNmVmNTU2NTZhY2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorql1Koeqm7Uwi+iqvXvMe+kiC63
M0uq0neHLbt3SJWHmHM0klDpUYs+7nOz3PUv6627fn9Ku9LJRxRolSnlgNnfUmhG
75n8CYq6Ps+zcWOLoChSCikpeGhX6y+YKHg1nXU7SB9GFoVJckDOCxCGqrZa/fEK
eVXve+xYszM8MU25pgkqeYfxUgiZ8OXbce3HqlIuHCFCCBKMuy5YGTCK+xWhlKqu
OAhljdPHDluRHxNH6nwG++Lu6e0tNYg7iq6Yg2INGpixUHS8BoDBehEEM7f/i7UI
R0ube2u/uBp3B+IgtjMmJphgZpWUUOTnpPovan5qexRfT14wNCgez/XrsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJe1Rm9guHqzcPsXziigbvVWVqz1MB8GA1UdIwQY
MBaAFGD81VuRMIWNjqWDwJh9rQD2FNs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTkt
ZWQzMGI5YmIxMmQ1LzEvbDdWR2IyQzRlck53LXhmT0tLQnU5VlpXclBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTktZWQzMGI5YmIxMmQ1
LzEvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0B6MA0G
CSqGSIb3DQEBCwUAA4IBAQDA27/eZxiHol0BpWbLCfo4VWLnbnVGSOflVEn9NAjm
bSzoUEBjD835KSlPGVNACoj/F9TiZuqHzL/6Bkw5yyDXQvNzZHWAhzQZ439kjSWv
t+/cTZG5Y6afij3Qo2AFFIp0lu68UQv09PAnsZqF2tMG6WztnxCwCOIEDd8RL5Vi
ijHYiKUKLpT6ERg7udOJXMeZsH3mh+OilPYpUeGTbKO51S9SvtmBip6ej3IxJ8gH
hAmDrYfMHSAtjXXHEgnuaYI1aREEm3feBhUfrNOIgCnwRgkisrI7MfTWweeEM98m
5UksPI7ZU6hHAyJMsASdrhVscVnglx0vFgjxkaYKS9I4
-----END CERTIFICATE-----