Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/l6LoUqLoqriKRFQXErP2Qc1uVzw.roa
File:                     l6LoUqLoqriKRFQXErP2Qc1uVzw.roa (raw, json)
Hash identifier:          7N76w9pifDbPMTKiXVMiFfk4w9FJFbEfnQdYHSw00Ek=
Subject key identifier:   97:A2:E8:52:A2:E8:AA:B8:8A:44:54:17:12:B3:F6:41:CD:6E:57:3C
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018CC794CD202259BFB17043628B6D2130DC
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/l6LoUqLoqriKRFQXErP2Qc1uVzw.roa
Signing time:             Tue 02 Jan 2024 00:31:06 +0000
ROA not before:           Tue 02 Jan 2024 00:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        64.137.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:cd:20:22:59:bf:b1:70:43:62:8b:6d:21:30:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 00:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97a2e852a2e8aab88a44541712b3f641cd6e573c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:7a:ee:eb:89:d4:a4:71:54:d4:5b:d5:1d:2f:
                    1a:22:23:72:db:a7:18:fa:f2:08:4c:85:43:29:1f:
                    e7:3f:58:8e:a0:11:43:69:61:ef:ab:df:80:da:c1:
                    02:af:21:29:62:5b:63:9b:ce:b6:8c:93:ae:dc:54:
                    86:75:a1:df:f4:48:41:5d:72:78:e2:bb:86:c5:82:
                    62:5d:2f:93:5e:3c:6f:fa:08:41:bb:f5:f6:f7:b9:
                    ec:ea:a0:13:7f:98:62:9e:57:9c:eb:0f:e4:d4:b1:
                    21:dd:d9:9e:f1:44:16:12:9d:44:07:74:72:44:75:
                    26:26:b4:3c:12:d1:93:53:19:b5:63:26:1a:e4:03:
                    80:7b:5d:aa:5f:0f:1d:ad:f8:4c:61:11:b5:15:a6:
                    e4:d1:ec:04:6d:93:bd:79:93:fa:99:bb:4d:eb:1d:
                    a2:e7:48:9e:65:c1:1e:6d:1e:c9:3f:1e:55:a7:56:
                    8b:51:0d:53:9d:10:8b:09:d1:7b:a4:d0:24:f6:dd:
                    84:2d:7e:fb:33:b5:56:c8:b0:82:f4:2c:b8:df:8f:
                    23:d5:98:66:5e:5a:17:ad:28:c9:da:fa:bf:47:03:
                    79:21:20:a8:b7:4e:47:ca:f8:89:69:d2:2f:2f:25:
                    04:65:c8:a1:a5:2e:26:12:8f:e8:01:c9:96:88:30:
                    44:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:A2:E8:52:A2:E8:AA:B8:8A:44:54:17:12:B3:F6:41:CD:6E:57:3C
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/l6LoUqLoqriKRFQXErP2Qc1uVzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ed:ea:98:07:54:32:ce:8e:17:cc:6d:02:20:45:7f:d3:28:
         ce:c0:fc:01:84:54:0e:c6:fa:c0:e8:ae:f1:7f:f4:c8:d6:9d:
         0a:7f:dc:77:b7:cd:73:0c:16:f1:ce:08:9a:79:51:df:30:07:
         12:a4:b6:73:6f:c7:d6:45:5a:b9:20:6d:8e:77:ea:1d:3a:ea:
         a8:39:c4:82:99:e2:c3:45:ba:88:2c:bd:eb:39:00:24:64:25:
         75:9c:d0:af:08:f2:5d:3e:67:e6:04:2b:0d:24:21:13:57:ad:
         7f:71:32:21:ae:3b:eb:99:65:6a:ae:38:9a:21:9f:88:06:d6:
         b7:b8:68:95:9c:78:c2:d3:c4:89:45:36:03:c5:7e:98:2b:6f:
         9b:cc:e7:29:ef:d2:67:87:b9:03:a2:fd:32:02:5b:f7:e2:bc:
         54:22:34:79:ff:e7:7e:e9:ba:11:6e:fb:38:46:0b:d0:81:ab:
         5a:80:2c:37:06:ab:81:fd:80:91:d9:37:b7:c3:95:2c:1e:0f:
         dc:bf:56:3d:a0:41:bd:53:13:8b:a4:c1:b7:07:9d:61:2d:54:
         bf:9b:1e:1e:8b:73:de:9c:70:25:a9:48:b9:70:b7:9d:1f:e5:
         3f:bd:ce:73:c7:74:1a:62:82:8a:25:e2:cd:25:e5:e9:df:7b:
         3c:77:71:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlM0gIlm/sXBDYottITDcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwMTAyMDAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2EyZTg1MmEyZThhYWI4OGE0NDU0MTcxMmIzZjY0MWNkNmU1NzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnru64nUpHFU1FvVHS8aIiNy26cY
+vIITIVDKR/nP1iOoBFDaWHvq9+A2sECryEpYltjm862jJOu3FSGdaHf9EhBXXJ4
4ruGxYJiXS+TXjxv+ghBu/X297ns6qATf5hinlec6w/k1LEh3dme8UQWEp1EB3Ry
RHUmJrQ8EtGTUxm1YyYa5AOAe12qXw8drfhMYRG1Fabk0ewEbZO9eZP6mbtN6x2i
50ieZcEebR7JPx5Vp1aLUQ1TnRCLCdF7pNAk9t2ELX77M7VWyLCC9Cy4348j1Zhm
XloXrSjJ2vq/RwN5ISCot05HyviJadIvLyUEZcihpS4mEo/oAcmWiDBE4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJei6FKi6Kq4ikRUFxKz9kHNblc8MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvbDZMb1VxTG9xcmlLUkZRWEVyUDJRYzF1Vnp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQIkdMA0G
CSqGSIb3DQEBCwUAA4IBAQBb7eqYB1Qyzo4XzG0CIEV/0yjOwPwBhFQOxvrA6K7x
f/TI1p0Kf9x3t81zDBbxzgiaeVHfMAcSpLZzb8fWRVq5IG2Od+odOuqoOcSCmeLD
RbqILL3rOQAkZCV1nNCvCPJdPmfmBCsNJCETV61/cTIhrjvrmWVqrjiaIZ+IBta3
uGiVnHjC08SJRTYDxX6YK2+bzOcp79Jnh7kDov0yAlv34rxUIjR5/+d+6boRbvs4
RgvQgatagCw3BquB/YCR2Te3w5UsHg/cv1Y9oEG9UxOLpMG3B51hLVS/mx4ei3Pe
nHAlqUi5cLedH+U/vc5zx3QaYoKKJeLNJeXp33s8d3EM
-----END CERTIFICATE-----