Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/9def86-b1ac-40e6-83bd-947cc54ebe02/1/jTwTte7N4XE5ZIVAc-b0iOpIKNs.roa
File:                     jTwTte7N4XE5ZIVAc-b0iOpIKNs.roa (raw, json)
Hash identifier:          3eO78fZqlwLEonYZ+lyZ2R0qxdEYpO56nVsVmEr3qzc=
Subject key identifier:   8D:3C:13:B5:EE:CD:E1:71:39:64:85:40:73:E6:F4:88:EA:48:28:DB
Certificate issuer:       /CN=61b3e1cab8cbf5b3c6e0fbbe1491f48da60cae6c
Certificate serial:       018CC492FDA21F90FAC6B9EBFD4BC8106B64
Authority key identifier: 61:B3:E1:CA:B8:CB:F5:B3:C6:E0:FB:BE:14:91:F4:8D:A6:0C:AE:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbPhyrjL9bPG4Pu-FJH0jaYMrmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/9def86-b1ac-40e6-83bd-947cc54ebe02/1/jTwTte7N4XE5ZIVAc-b0iOpIKNs.roa
Signing time:             Mon 01 Jan 2024 10:30:16 +0000
ROA not before:           Mon 01 Jan 2024 10:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        159.60.0.0/20 maxlen: 24
                          159.60.192.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/9def86-b1ac-40e6-83bd-947cc54ebe02/1/YbPhyrjL9bPG4Pu-FJH0jaYMrmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/9def86-b1ac-40e6-83bd-947cc54ebe02/1/YbPhyrjL9bPG4Pu-FJH0jaYMrmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbPhyrjL9bPG4Pu-FJH0jaYMrmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:fd:a2:1f:90:fa:c6:b9:eb:fd:4b:c8:10:6b:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b3e1cab8cbf5b3c6e0fbbe1491f48da60cae6c
        Validity
            Not Before: Jan  1 10:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d3c13b5eecde1713964854073e6f488ea4828db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f7:44:81:80:43:07:47:ce:45:b3:0e:c4:cc:
                    94:57:f8:88:4b:65:22:26:c9:9f:37:8f:43:94:e6:
                    8b:89:d0:f3:32:ee:b8:e5:4a:d7:8c:43:4c:5d:8e:
                    b3:bb:71:78:02:6f:dd:e0:b4:f4:2b:6d:9e:95:c9:
                    49:c0:6b:07:93:50:db:37:0f:f1:8f:02:64:90:0b:
                    86:af:cf:7f:d8:81:29:bd:c3:41:ee:16:85:a9:d3:
                    ee:e2:78:fd:31:90:75:47:26:fa:16:a9:42:7d:cb:
                    66:d9:af:91:be:9d:17:8c:3a:34:45:c8:58:82:f8:
                    26:4a:d7:0c:f3:53:f7:7e:d1:d9:9b:b5:78:82:3e:
                    6e:a1:48:70:f9:59:10:9f:0d:2b:c8:db:d7:88:8d:
                    b9:72:7c:9d:0e:f0:f0:80:af:9a:6e:bd:6c:8b:b7:
                    d9:0d:39:34:c4:ef:1a:ee:ab:7a:81:4b:e1:f2:13:
                    e7:b4:65:91:0b:a3:35:fa:23:21:3d:11:fd:d3:a1:
                    fd:9b:a1:0d:2c:c3:4e:54:54:2c:7c:4e:6a:a9:9b:
                    97:38:99:6d:ce:a2:30:61:5a:1e:f7:65:ff:2d:ad:
                    96:eb:0f:87:ec:30:b2:92:9a:4c:a9:ff:e3:4c:b9:
                    67:5f:37:bc:14:00:0f:29:c8:b8:6e:cd:fa:3e:d8:
                    3c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:3C:13:B5:EE:CD:E1:71:39:64:85:40:73:E6:F4:88:EA:48:28:DB
            X509v3 Authority Key Identifier:
                keyid:61:B3:E1:CA:B8:CB:F5:B3:C6:E0:FB:BE:14:91:F4:8D:A6:0C:AE:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbPhyrjL9bPG4Pu-FJH0jaYMrmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/9def86-b1ac-40e6-83bd-947cc54ebe02/1/jTwTte7N4XE5ZIVAc-b0iOpIKNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/9def86-b1ac-40e6-83bd-947cc54ebe02/1/YbPhyrjL9bPG4Pu-FJH0jaYMrmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.60.0.0/20
                  159.60.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5b:13:3d:e0:f5:85:67:ff:60:93:11:17:67:78:07:0c:f2:ca:
         b0:ea:01:2e:98:78:98:5f:f0:e1:fc:15:5e:72:a4:2d:b9:64:
         2b:2f:b1:76:fb:1e:ee:03:25:90:d2:01:3d:97:4a:f1:d6:00:
         6f:66:39:c3:83:9b:fd:5c:11:35:b7:40:5e:ac:ed:d1:08:cf:
         b5:ba:03:be:3f:16:d2:35:ef:69:0c:96:da:41:5d:ae:cd:00:
         7a:4a:78:6e:26:c6:fb:29:1e:b2:4c:7c:00:74:85:c2:57:be:
         bd:35:1b:4c:13:bf:f6:7d:ae:4f:19:02:55:c3:ce:71:7e:c2:
         73:16:66:1c:d5:c3:28:eb:a4:7b:23:b0:72:ad:75:35:c6:c5:
         15:f1:7a:36:71:2e:60:c4:02:d7:cc:6e:92:24:ba:e2:0a:10:
         a1:80:34:c8:32:de:da:e6:13:44:c5:9c:d2:fc:03:2d:73:97:
         07:7f:3d:28:14:87:e3:5e:97:ed:31:b7:f0:7c:ac:50:6a:a5:
         3c:93:3c:e8:2b:6c:16:43:5e:8a:bd:42:1a:f8:a5:02:c8:96:
         25:f1:f1:08:12:8a:05:a5:2f:60:2d:00:1f:36:81:ae:b5:69:
         61:38:3b:e6:0a:c4:f2:dc:5e:37:fd:7d:ec:85:5e:25:0c:ad:
         16:e3:42:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkv2iH5D6xrnr/UvIEGtkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjNlMWNhYjhjYmY1YjNjNmUwZmJiZTE0OTFmNDhkYTYw
Y2FlNmMwHhcNMjQwMTAxMTAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDNjMTNiNWVlY2RlMTcxMzk2NDg1NDA3M2U2ZjQ4OGVhNDgyOGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfdEgYBDB0fORbMOxMyUV/iIS2Ui
JsmfN49DlOaLidDzMu645UrXjENMXY6zu3F4Am/d4LT0K22elclJwGsHk1DbNw/x
jwJkkAuGr89/2IEpvcNB7haFqdPu4nj9MZB1Ryb6FqlCfctm2a+Rvp0XjDo0RchY
gvgmStcM81P3ftHZm7V4gj5uoUhw+VkQnw0ryNvXiI25cnydDvDwgK+abr1si7fZ
DTk0xO8a7qt6gUvh8hPntGWRC6M1+iMhPRH906H9m6ENLMNOVFQsfE5qqZuXOJlt
zqIwYVoe92X/La2W6w+H7DCykppMqf/jTLlnXze8FAAPKci4bs36Ptg8TQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI08E7XuzeFxOWSFQHPm9IjqSCjbMB8GA1UdIwQY
MBaAFGGz4cq4y/WzxuD7vhSR9I2mDK5sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJQaHlyakw5YlBHNFB1LUZKSDBqYVlNcm13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi85ZGVmODYtYjFhYy00MGU2LTgzYmQt
OTQ3Y2M1NGViZTAyLzEvalR3VHRlN040WEU1WklWQWMtYjBpT3BJS05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi85ZGVmODYtYjFhYy00MGU2LTgzYmQtOTQ3Y2M1NGViZTAy
LzEvWWJQaHlyakw5YlBHNFB1LUZKSDBqYVlNcm13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEnzwAAwQG
nzzAMA0GCSqGSIb3DQEBCwUAA4IBAQBbEz3g9YVn/2CTERdneAcM8sqw6gEumHiY
X/Dh/BVecqQtuWQrL7F2+x7uAyWQ0gE9l0rx1gBvZjnDg5v9XBE1t0BerO3RCM+1
ugO+PxbSNe9pDJbaQV2uzQB6SnhuJsb7KR6yTHwAdIXCV769NRtME7/2fa5PGQJV
w85xfsJzFmYc1cMo66R7I7ByrXU1xsUV8Xo2cS5gxALXzG6SJLriChChgDTIMt7a
5hNExZzS/AMtc5cHfz0oFIfjXpftMbfwfKxQaqU8kzzoK2wWQ16KvUIa+KUCyJYl
8fEIEooFpS9gLQAfNoGutWlhODvmCsTy3F43/X3shV4lDK0W40I/
-----END CERTIFICATE-----