Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/xsApzOxLukUzdkXA9S1sXl93VDE.roa
File:                     xsApzOxLukUzdkXA9S1sXl93VDE.roa (raw, json)
Hash identifier:          ncTBqBOt1YM0Jy29350mzqf/AxTM4V/6AUZVqREJ+Xk=
Subject key identifier:   C6:C0:29:CC:EC:4B:BA:45:33:76:45:C0:F5:2D:6C:5E:5F:77:54:31
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018CC794CEA047C6A0C505A682AC13EC4045
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/xsApzOxLukUzdkXA9S1sXl93VDE.roa
Signing time:             Tue 02 Jan 2024 00:31:07 +0000
ROA not before:           Tue 02 Jan 2024 00:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        64.137.44.0/24 maxlen: 24
                          64.137.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ce:a0:47:c6:a0:c5:05:a6:82:ac:13:ec:40:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 00:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6c029ccec4bba45337645c0f52d6c5e5f775431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ef:7c:83:1d:79:81:6c:8d:5f:7f:5c:4f:bb:
                    b5:b0:df:bf:5e:ad:c4:7a:50:cf:6c:05:ee:1f:72:
                    83:77:29:8d:c8:98:17:ac:8f:29:0c:31:85:73:98:
                    ef:b2:f0:a0:d8:78:e4:bc:82:b6:70:18:04:c6:87:
                    9b:20:a4:52:71:18:4e:b3:3e:d4:a0:30:5e:c7:1f:
                    9f:c5:f1:96:f0:c0:b2:70:0f:c8:06:3c:c3:70:79:
                    78:a9:a2:25:77:9f:14:ac:7f:79:7e:56:14:54:7d:
                    79:d2:f1:ec:0c:4f:99:7f:f1:e9:5e:4d:02:e6:96:
                    b1:c7:40:87:28:d0:8e:3c:9f:5e:47:1d:49:64:c2:
                    2c:b7:c2:88:63:d9:2f:23:bc:e4:fc:1f:6d:0f:9c:
                    dc:62:10:af:fb:2d:d7:7d:27:63:c2:e2:91:3e:27:
                    8d:b3:df:26:93:63:34:d4:7c:ca:98:8e:da:43:2f:
                    66:d0:d2:c1:a8:f6:c4:2f:cb:45:51:ef:19:41:05:
                    6b:f9:cd:9d:ee:87:99:be:f9:2f:eb:ae:b6:12:91:
                    5a:02:92:1a:4b:5e:4d:58:a0:2c:33:ba:53:65:1d:
                    fb:ae:61:55:8a:ff:98:c6:60:63:73:32:8c:d7:21:
                    ae:ee:e5:bf:85:c1:56:fd:4e:25:5d:c5:d5:0b:40:
                    91:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:C0:29:CC:EC:4B:BA:45:33:76:45:C0:F5:2D:6C:5E:5F:77:54:31
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/xsApzOxLukUzdkXA9S1sXl93VDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.44.0/24
                  64.137.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:7a:50:9e:56:ed:72:74:6d:23:e6:7a:b0:b5:65:8d:fb:b8:
         60:b3:3c:4a:0a:a8:45:92:72:f1:d7:e1:29:61:d5:19:d2:f5:
         c2:31:b4:05:f1:3e:09:8c:77:9f:7a:ef:5b:14:fe:e1:87:f7:
         7a:b9:39:45:6b:1a:13:b4:83:49:32:b6:b4:d2:ad:11:0e:4a:
         0c:2f:20:29:b3:c2:0e:18:c5:51:bd:76:ad:df:ac:c2:6a:07:
         8c:ee:91:f1:57:ee:8c:8e:12:77:89:2d:e4:53:32:9c:53:b5:
         cb:b5:24:c5:49:99:06:1e:6b:29:81:98:9a:54:5d:6e:2f:a8:
         3f:42:ad:92:f9:42:b5:69:89:92:2c:6f:29:c5:be:45:29:1a:
         7b:60:92:98:01:ea:71:5c:cd:36:1c:a4:24:f9:47:0b:b9:75:
         a6:d0:ac:47:74:d5:c3:1d:d1:00:57:ea:20:c1:9f:af:d2:c9:
         b7:50:d2:39:d9:d6:26:2a:89:2a:74:a0:1e:95:d2:2f:fb:1d:
         b1:3b:fe:b4:dd:7f:71:33:20:81:a5:66:42:50:aa:97:cc:6e:
         07:a0:54:45:d7:7a:2e:af:00:81:45:63:c5:41:06:28:7a:22:
         5f:e4:a4:fe:73:f4:65:34:f5:de:87:fa:b7:30:71:b8:bf:83:
         7b:a9:3b:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlM6gR8agxQWmgqwT7EBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwMTAyMDAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmMwMjljY2VjNGJiYTQ1MzM3NjQ1YzBmNTJkNmM1ZTVmNzc1NDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+98gx15gWyNX39cT7u1sN+/Xq3E
elDPbAXuH3KDdymNyJgXrI8pDDGFc5jvsvCg2HjkvIK2cBgExoebIKRScRhOsz7U
oDBexx+fxfGW8MCycA/IBjzDcHl4qaIld58UrH95flYUVH150vHsDE+Zf/HpXk0C
5paxx0CHKNCOPJ9eRx1JZMIst8KIY9kvI7zk/B9tD5zcYhCv+y3XfSdjwuKRPieN
s98mk2M01HzKmI7aQy9m0NLBqPbEL8tFUe8ZQQVr+c2d7oeZvvkv6662EpFaApIa
S15NWKAsM7pTZR37rmFViv+YxmBjczKM1yGu7uW/hcFW/U4lXcXVC0CRNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMbAKczsS7pFM3ZFwPUtbF5fd1QxMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEveHNBcHpPeEx1a1V6ZGtYQTlTMXNYbDkzVkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAQIksAwQA
QIkuMA0GCSqGSIb3DQEBCwUAA4IBAQCFelCeVu1ydG0j5nqwtWWN+7hgszxKCqhF
knLx1+EpYdUZ0vXCMbQF8T4JjHefeu9bFP7hh/d6uTlFaxoTtINJMra00q0RDkoM
LyAps8IOGMVRvXat36zCageM7pHxV+6MjhJ3iS3kUzKcU7XLtSTFSZkGHmspgZia
VF1uL6g/Qq2S+UK1aYmSLG8pxb5FKRp7YJKYAepxXM02HKQk+UcLuXWm0KxHdNXD
HdEAV+ogwZ+v0sm3UNI52dYmKokqdKAeldIv+x2xO/603X9xMyCBpWZCUKqXzG4H
oFRF13ourwCBRWPFQQYoeiJf5KT+c/RlNPXeh/q3MHG4v4N7qTv4
-----END CERTIFICATE-----