Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/BZiO0kiawnHBacJ07bN6fLAIS2I.roa
File:                     BZiO0kiawnHBacJ07bN6fLAIS2I.roa (raw, json)
Hash identifier:          Ph9JRVyDhmuWN1XPtNfiFB5CHloYZbnJInIjyctkHZ0=
Subject key identifier:   05:98:8E:D2:48:9A:C2:71:C1:69:C2:74:ED:B3:7A:7C:B0:08:4B:62
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0190E9C9A5E20A40A768D6D42EB403E64E59
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/BZiO0kiawnHBacJ07bN6fLAIS2I.roa
Signing time:             Thu 25 Jul 2024 12:07:04 +0000
ROA not before:           Thu 25 Jul 2024 12:07:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42532
IP address blocks:        216.173.68.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e9:c9:a5:e2:0a:40:a7:68:d6:d4:2e:b4:03:e6:4e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jul 25 12:07:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05988ed2489ac271c169c274edb37a7cb0084b62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f0:14:c9:aa:79:d3:6b:51:66:8c:75:a6:dd:
                    ab:92:bc:93:a2:7d:22:62:be:af:2c:73:1c:69:de:
                    f2:76:8b:e5:1c:c5:3b:d0:19:56:5b:fe:2c:08:c4:
                    2a:5e:cc:61:b6:02:33:77:fc:44:b7:0c:06:89:20:
                    83:53:35:aa:27:55:e1:98:c1:f7:72:af:23:1f:10:
                    b4:cd:8a:c7:f6:d2:cb:41:53:1f:33:89:71:19:d8:
                    56:a7:1f:ef:72:ba:00:26:6e:3f:90:37:da:1f:24:
                    c1:51:7e:57:eb:bc:8a:be:d7:6d:cd:10:a3:9a:94:
                    89:f7:9f:8d:3d:6b:4a:df:c3:48:1d:34:79:4f:fe:
                    92:1d:47:70:08:db:7f:68:2f:d1:e1:eb:96:81:fa:
                    0b:04:e8:93:98:14:97:d5:a6:20:b6:d1:82:a9:f8:
                    bc:9a:55:75:56:d2:87:55:83:4c:ed:44:56:26:2f:
                    28:e8:ce:0d:85:8f:d8:15:cc:38:7f:b7:c5:10:9b:
                    de:4b:ac:24:3c:4e:61:a1:d2:fc:23:2b:76:94:c5:
                    82:da:4a:13:3c:73:69:63:1f:e2:69:ff:98:fa:29:
                    87:75:dd:b7:a4:5f:ea:cb:39:83:b1:25:41:39:32:
                    df:a7:b4:ff:95:8f:99:c8:22:74:c4:7f:c2:29:1d:
                    1b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:98:8E:D2:48:9A:C2:71:C1:69:C2:74:ED:B3:7A:7C:B0:08:4B:62
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/BZiO0kiawnHBacJ07bN6fLAIS2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.173.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:ee:70:78:eb:74:92:e6:46:c9:fe:dc:f8:55:b2:6c:12:c5:
         82:d7:42:9b:4e:9a:53:36:d1:fe:6e:68:2e:0e:0a:11:cc:1a:
         fc:44:4b:2e:9d:ea:18:9b:f6:23:58:94:07:17:38:e7:ba:29:
         98:62:44:b9:84:ee:c5:15:97:ad:d7:a6:61:a1:ec:d5:89:2a:
         fe:be:be:9c:e2:c9:ce:3a:51:58:cf:4e:79:64:30:08:b7:f1:
         26:6f:cc:76:1c:44:a6:bc:88:9d:7c:27:35:14:de:f4:12:a6:
         e9:6d:6b:4e:0e:c1:f0:ac:a0:91:7f:91:3c:ea:3e:24:b5:f3:
         89:5e:02:c3:c1:27:f6:3b:a2:b9:55:d8:9d:29:0d:72:0a:94:
         24:2a:f7:f6:ac:08:e3:8a:46:32:e7:b9:6a:65:90:c9:40:3e:
         6e:a4:07:4a:52:0f:11:54:5e:f1:33:1f:49:91:ac:60:44:ff:
         3c:a5:2b:f5:a8:1f:dc:88:b0:49:76:f2:ac:98:db:b0:df:96:
         55:41:7c:ab:80:2b:97:9c:e0:fe:10:c5:8c:c9:42:e0:88:df:
         89:cf:68:f2:1d:bf:44:54:a9:cf:86:34:da:eb:e5:b1:55:03:
         98:4a:af:55:b5:11:d3:dc:48:db:2f:49:e6:a7:fd:80:50:c3:
         04:a6:92:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDpyaXiCkCnaNbULrQD5k5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNzI1MTIwNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTk4OGVkMjQ4OWFjMjcxYzE2OWMyNzRlZGIzN2E3Y2IwMDg0YjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvAUyap502tRZox1pt2rkryTon0i
Yr6vLHMcad7ydovlHMU70BlWW/4sCMQqXsxhtgIzd/xEtwwGiSCDUzWqJ1XhmMH3
cq8jHxC0zYrH9tLLQVMfM4lxGdhWpx/vcroAJm4/kDfaHyTBUX5X67yKvtdtzRCj
mpSJ95+NPWtK38NIHTR5T/6SHUdwCNt/aC/R4euWgfoLBOiTmBSX1aYgttGCqfi8
mlV1VtKHVYNM7URWJi8o6M4NhY/YFcw4f7fFEJveS6wkPE5hodL8Iyt2lMWC2koT
PHNpYx/iaf+Y+imHdd23pF/qyzmDsSVBOTLfp7T/lY+ZyCJ0xH/CKR0bCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWYjtJImsJxwWnCdO2zenywCEtiMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvQlppTzBraWF3bkhCYWNKMDdiTjZmTEFJUzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2K1EMA0G
CSqGSIb3DQEBCwUAA4IBAQAT7nB463SS5kbJ/tz4VbJsEsWC10KbTppTNtH+bmgu
DgoRzBr8REsuneoYm/YjWJQHFzjnuimYYkS5hO7FFZet16ZhoezViSr+vr6c4snO
OlFYz055ZDAIt/Emb8x2HESmvIidfCc1FN70EqbpbWtODsHwrKCRf5E86j4ktfOJ
XgLDwSf2O6K5VdidKQ1yCpQkKvf2rAjjikYy57lqZZDJQD5upAdKUg8RVF7xMx9J
kaxgRP88pSv1qB/ciLBJdvKsmNuw35ZVQXyrgCuXnOD+EMWMyULgiN+Jz2jyHb9E
VKnPhjTa6+WxVQOYSq9VtRHT3EjbL0nmp/2AUMMEppJw
-----END CERTIFICATE-----