Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/63wugFSzZMkrdwKXYfpxZRPTLTw.roa
File:                     63wugFSzZMkrdwKXYfpxZRPTLTw.roa (raw, json)
Hash identifier:          coOmiaE6+foXP6g+298jHAaOn7CLLjCkhaq0vtRTMKQ=
Subject key identifier:   EB:7C:2E:80:54:B3:64:C9:2B:77:02:97:61:FA:71:65:13:D3:2D:3C
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0192542BCAEB52602629DCE22CA6DCF7B368
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/63wugFSzZMkrdwKXYfpxZRPTLTw.roa
Signing time:             Thu 03 Oct 2024 20:56:49 +0000
ROA not before:           Thu 03 Oct 2024 20:56:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        45.150.34.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:54:2b:ca:eb:52:60:26:29:dc:e2:2c:a6:dc:f7:b3:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Oct  3 20:56:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb7c2e8054b364c92b77029761fa716513d32d3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3d:8b:1d:39:a6:cc:37:35:b1:69:5b:63:9e:
                    55:ba:ed:82:15:27:33:3d:e6:7e:03:92:26:2e:52:
                    ab:47:ba:c0:55:11:a0:fe:fe:2b:50:73:be:7a:77:
                    08:13:bd:92:49:e6:b7:a0:33:82:b0:5d:b4:3b:6d:
                    a1:09:35:a6:90:f6:1f:f8:38:da:c7:d4:c1:e6:e8:
                    21:ff:61:c3:09:93:76:28:56:e8:98:31:df:ad:51:
                    35:39:22:33:a8:eb:e5:25:5e:3c:74:fe:68:59:79:
                    ee:58:b9:08:db:a0:2a:2e:ab:5e:11:f9:3d:39:68:
                    ec:5d:9f:39:44:fe:6b:bb:d6:ac:e8:32:40:31:4a:
                    1f:ce:ea:4b:6f:c0:a5:16:b0:09:6a:84:cc:93:65:
                    39:0c:03:e3:7f:04:c1:ac:0f:9c:bc:a2:05:50:b2:
                    c5:a6:54:33:2e:f0:b8:30:ea:c1:46:9d:85:99:0d:
                    49:dc:28:37:5a:98:14:92:66:68:ec:06:ff:41:09:
                    c1:0f:f7:7d:00:49:12:89:02:0e:a9:44:d4:f0:73:
                    59:a5:4b:86:26:ee:e8:b0:57:ac:cf:82:67:04:73:
                    74:10:e8:41:0f:04:e4:8f:d0:51:d6:17:ed:27:e2:
                    16:86:b5:8e:59:ee:14:bb:2c:bc:56:9a:d0:3c:a2:
                    42:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:7C:2E:80:54:B3:64:C9:2B:77:02:97:61:FA:71:65:13:D3:2D:3C
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/63wugFSzZMkrdwKXYfpxZRPTLTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:a2:23:41:87:7c:9c:c4:fa:6f:e8:8e:35:39:e7:62:e4:55:
         bc:db:ad:2b:46:f1:ae:44:12:0a:23:40:81:a5:e4:12:37:8a:
         b4:8d:86:65:11:39:42:65:c7:14:22:28:e8:74:08:6c:2f:e8:
         7f:c0:50:af:48:c8:dd:fd:75:a1:97:a6:55:97:3c:33:ed:44:
         e7:fc:5c:32:4c:ab:12:9b:92:f1:16:ce:fc:bb:db:a8:bf:81:
         28:86:ef:62:88:f6:4b:78:d7:7c:00:7f:5c:39:d6:f6:99:18:
         12:62:e5:9e:04:56:a4:fc:6d:82:93:b0:b1:92:af:f2:7a:b9:
         a9:09:1e:85:2c:06:3d:8a:21:96:98:96:b8:ef:e2:6c:84:6e:
         46:b6:00:a6:98:66:de:8f:39:29:60:57:ed:7b:31:34:5a:aa:
         21:09:1d:6e:63:36:fc:34:0a:09:ac:80:0c:cf:df:89:33:c5:
         fd:84:b1:4b:c7:c4:d2:fb:89:75:1d:2e:24:64:a3:f1:b6:1f:
         2a:1d:bb:79:99:85:91:38:82:92:ea:80:76:29:16:9b:ab:cc:
         12:50:25:f2:31:aa:4e:82:2d:fc:1b:71:58:40:5c:88:f5:03:
         f5:58:d5:c0:22:a9:36:02:5f:23:e7:b3:02:be:4a:90:86:9d:
         87:8c:5e:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJUK8rrUmAmKdziLKbc97NoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQxMDAzMjA1NjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjdjMmU4MDU0YjM2NGM5MmI3NzAyOTc2MWZhNzE2NTEzZDMyZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj2LHTmmzDc1sWlbY55Vuu2CFScz
PeZ+A5ImLlKrR7rAVRGg/v4rUHO+encIE72SSea3oDOCsF20O22hCTWmkPYf+Dja
x9TB5ugh/2HDCZN2KFbomDHfrVE1OSIzqOvlJV48dP5oWXnuWLkI26AqLqteEfk9
OWjsXZ85RP5ru9as6DJAMUofzupLb8ClFrAJaoTMk2U5DAPjfwTBrA+cvKIFULLF
plQzLvC4MOrBRp2FmQ1J3Cg3WpgUkmZo7Ab/QQnBD/d9AEkSiQIOqUTU8HNZpUuG
Ju7osFesz4JnBHN0EOhBDwTkj9BR1hftJ+IWhrWOWe4Uuyy8VprQPKJCNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOt8LoBUs2TJK3cCl2H6cWUT0y08MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvNjN3dWdGU3paTWtyZHdLWFlmcHhaUlBUTFR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZYiMA0G
CSqGSIb3DQEBCwUAA4IBAQBkoiNBh3ycxPpv6I41Oedi5FW8260rRvGuRBIKI0CB
peQSN4q0jYZlETlCZccUIijodAhsL+h/wFCvSMjd/XWhl6ZVlzwz7UTn/FwyTKsS
m5LxFs78u9uov4Eohu9iiPZLeNd8AH9cOdb2mRgSYuWeBFak/G2Ck7Cxkq/yermp
CR6FLAY9iiGWmJa47+JshG5GtgCmmGbejzkpYFftezE0WqohCR1uYzb8NAoJrIAM
z9+JM8X9hLFLx8TS+4l1HS4kZKPxth8qHbt5mYWROIKS6oB2KRabq8wSUCXyMapO
gi38G3FYQFyI9QP1WNXAIqk2Al8j57MCvkqQhp2HjF6q
-----END CERTIFICATE-----