Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/99tSflxK1ZMyJfkB26ILosCegpo.roa
File:                     99tSflxK1ZMyJfkB26ILosCegpo.roa (raw, json)
Hash identifier:          1MOpGQQ2HOe1CkKymD9ztyvGLbWUbIEdZACwN/G6c5k=
Subject key identifier:   F7:DB:52:7E:5C:4A:D5:93:32:25:F9:01:DB:A2:0B:A2:C0:9E:82:9A
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019425FD2355E85B3D6C915A3369AAFE2702
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/99tSflxK1ZMyJfkB26ILosCegpo.roa
Signing time:             Thu 02 Jan 2025 07:48:54 +0000
ROA not before:           Thu 02 Jan 2025 07:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61330
IP address blocks:        216.173.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 17:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:23:55:e8:5b:3d:6c:91:5a:33:69:aa:fe:27:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 07:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7db527e5c4ad5933225f901dba20ba2c09e829a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c1:e3:9e:c4:0e:64:3a:73:e4:e5:18:d7:87:
                    fe:7d:69:ea:e8:73:19:a2:82:96:0f:59:ab:44:28:
                    f1:5d:d4:23:85:ba:f6:c1:93:38:22:2b:d4:62:dd:
                    17:c4:8f:a6:73:5f:d1:9e:c6:66:97:2d:8c:f4:8c:
                    0a:17:e2:bf:3c:78:91:92:39:93:8f:8d:af:e7:40:
                    08:64:d8:70:ec:93:b8:64:2f:1d:8d:ed:93:2b:95:
                    7f:55:6b:8f:4f:76:74:e2:f1:88:9b:85:dd:f7:4e:
                    27:3d:0d:fd:b2:2a:32:16:09:9c:89:26:10:d8:3f:
                    3a:f1:50:3f:3d:fa:fc:65:d9:50:de:be:80:cc:c9:
                    3b:fe:26:08:fa:cd:07:75:5d:e9:5e:9e:a9:fc:8f:
                    26:d3:e2:02:41:36:67:0f:86:41:fe:ff:29:fe:33:
                    cc:b3:ea:74:fa:c5:18:5a:ce:33:e2:9b:88:3c:cd:
                    24:a8:b3:19:77:ac:a1:7f:e9:bf:e7:b9:3b:23:d5:
                    2a:8e:42:ed:63:18:33:1a:9f:a7:ec:28:aa:44:0f:
                    f4:c4:c2:81:71:31:89:a0:b0:3e:b4:0c:56:24:e4:
                    dd:a8:44:d6:32:f7:12:e7:ba:c0:c2:7a:28:0c:9b:
                    51:93:03:e5:2a:c5:71:e7:ea:60:3f:6d:86:1f:1d:
                    d0:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:DB:52:7E:5C:4A:D5:93:32:25:F9:01:DB:A2:0B:A2:C0:9E:82:9A
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/99tSflxK1ZMyJfkB26ILosCegpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.173.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:be:63:22:d2:d2:6c:0b:9f:93:7d:16:c8:d3:3c:f3:d3:74:
         7e:c8:f4:42:d5:f6:d5:2a:b0:4a:98:e1:e7:b6:e7:61:31:f6:
         3e:21:d4:f9:51:77:b9:3c:6f:0b:5e:ca:f8:77:d3:e7:64:2b:
         97:28:85:9f:02:0f:44:d4:9d:7e:15:e9:a0:1a:96:75:30:5a:
         54:b8:f2:c0:b0:d9:78:a8:98:42:f0:b6:de:93:3d:fe:dc:65:
         c4:c5:de:28:19:71:12:88:ca:40:dd:7a:9d:47:7b:67:84:90:
         8e:a8:d5:c2:ab:7d:b1:5b:54:93:32:74:bb:c1:b8:ea:1b:24:
         78:e4:78:da:ee:62:0e:e8:7e:6f:cf:13:bb:26:41:72:ad:0c:
         89:ea:ef:c9:0c:67:28:0e:c7:02:57:fb:f3:36:a4:67:60:fa:
         6f:a9:df:c3:5f:a4:26:ea:74:0f:4a:a1:be:41:1a:b2:f4:06:
         9c:be:d5:28:18:d5:22:fc:c2:72:4d:e1:bb:1d:19:e7:ee:15:
         f8:51:4c:2b:cc:cd:b9:2e:b4:72:96:a5:9d:e7:63:e3:b2:c5:
         7d:a1:2a:fa:fd:48:29:7b:72:d0:6e:22:bf:d5:23:ce:ff:15:
         23:2d:de:a3:f1:18:ce:40:f0:ed:ca:b8:81:e6:7f:ae:5a:c8:
         fc:f3:bc:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/SNV6Fs9bJFaM2mq/icCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwMTAyMDc0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2RiNTI3ZTVjNGFkNTkzMzIyNWY5MDFkYmEyMGJhMmMwOWU4MjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosHjnsQOZDpz5OUY14f+fWnq6HMZ
ooKWD1mrRCjxXdQjhbr2wZM4IivUYt0XxI+mc1/RnsZmly2M9IwKF+K/PHiRkjmT
j42v50AIZNhw7JO4ZC8dje2TK5V/VWuPT3Z04vGIm4Xd904nPQ39sioyFgmciSYQ
2D868VA/Pfr8ZdlQ3r6AzMk7/iYI+s0HdV3pXp6p/I8m0+ICQTZnD4ZB/v8p/jPM
s+p0+sUYWs4z4puIPM0kqLMZd6yhf+m/57k7I9UqjkLtYxgzGp+n7CiqRA/0xMKB
cTGJoLA+tAxWJOTdqETWMvcS57rAwnooDJtRkwPlKsVx5+pgP22GHx3QAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfbUn5cStWTMiX5AduiC6LAnoKaMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvOTl0U2ZseEsxWk15SmZrQjI2SUxvc0NlZ3BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2K15MA0G
CSqGSIb3DQEBCwUAA4IBAQBLvmMi0tJsC5+TfRbI0zzz03R+yPRC1fbVKrBKmOHn
tudhMfY+IdT5UXe5PG8LXsr4d9PnZCuXKIWfAg9E1J1+FemgGpZ1MFpUuPLAsNl4
qJhC8Lbekz3+3GXExd4oGXESiMpA3XqdR3tnhJCOqNXCq32xW1STMnS7wbjqGyR4
5Hja7mIO6H5vzxO7JkFyrQyJ6u/JDGcoDscCV/vzNqRnYPpvqd/DX6Qm6nQPSqG+
QRqy9AacvtUoGNUi/MJyTeG7HRnn7hX4UUwrzM25LrRylqWd52PjssV9oSr6/Ugp
e3LQbiK/1SPO/xUjLd6j8RjOQPDtyriB5n+uWsj887xv
-----END CERTIFICATE-----