Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/99286a-45b3-4cee-8db5-937081a9cefa/1/Dr4KrsmSdl1Q_MOPLF3tD3Wljco.roa
File:                     Dr4KrsmSdl1Q_MOPLF3tD3Wljco.roa (raw, json)
Hash identifier:          Jyc8bHHpSXgyvXANcmD1F5pFSoC+AApcaKTXO5R99qI=
Subject key identifier:   0E:BE:0A:AE:C9:92:76:5D:50:FC:C3:8F:2C:5D:ED:0F:75:A5:8D:CA
Certificate issuer:       /CN=60635e04c34c2f781ee980a1651ff66e5132bc44
Certificate serial:       018CC2DB08E2A4D4A01408FFD00D62DA6512
Authority key identifier: 60:63:5E:04:C3:4C:2F:78:1E:E9:80:A1:65:1F:F6:6E:51:32:BC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGNeBMNML3ge6YChZR_2blEyvEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/99286a-45b3-4cee-8db5-937081a9cefa/1/Dr4KrsmSdl1Q_MOPLF3tD3Wljco.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49788
IP address blocks:        185.57.252.0/22 maxlen: 22
                          84.243.128.0/18 maxlen: 24
                          2a02:6060::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/99286a-45b3-4cee-8db5-937081a9cefa/1/YGNeBMNML3ge6YChZR_2blEyvEQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/99286a-45b3-4cee-8db5-937081a9cefa/1/YGNeBMNML3ge6YChZR_2blEyvEQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGNeBMNML3ge6YChZR_2blEyvEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:08:e2:a4:d4:a0:14:08:ff:d0:0d:62:da:65:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60635e04c34c2f781ee980a1651ff66e5132bc44
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ebe0aaec992765d50fcc38f2c5ded0f75a58dca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:00:ae:18:4b:b6:0e:bb:08:13:93:63:d2:c5:
                    9e:96:ea:1b:f8:70:b2:d3:e8:1c:62:98:98:94:88:
                    cf:6b:ef:f8:80:df:f5:06:0e:e0:6f:b6:d4:9c:4d:
                    0a:74:26:1d:42:82:49:05:a2:d4:4a:a9:c6:d1:c7:
                    30:e2:4a:12:4b:81:90:51:01:62:e7:9d:30:40:55:
                    43:57:11:96:56:86:e0:6a:22:2b:4f:ac:57:9e:60:
                    8c:ac:9f:46:f1:34:75:e0:a7:76:9a:c0:d0:cf:05:
                    3c:a8:ba:0a:da:61:8f:a3:c4:98:e4:98:03:31:1b:
                    0a:36:34:83:4a:dd:f3:5d:f2:91:6b:2f:19:6d:1b:
                    b2:85:05:03:c5:f4:5a:a3:98:e5:f9:1a:af:14:e6:
                    e0:76:c9:a0:2a:18:a6:4f:fe:3e:6b:f8:46:43:52:
                    09:2b:cb:eb:38:0d:91:0d:ed:21:af:74:6b:d5:87:
                    0e:be:ec:fb:fe:c7:c8:40:8a:1a:5f:80:a2:8c:46:
                    98:2f:05:c6:ae:4d:8b:91:33:92:c9:70:e5:a8:3c:
                    8f:85:c0:83:9d:f3:d2:c7:d6:e4:28:06:9a:00:c8:
                    52:5b:f7:68:86:23:19:9d:1f:d8:6d:bd:42:fd:ce:
                    7f:06:ea:dd:fc:7c:82:af:14:4b:79:dc:46:4d:54:
                    ba:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:BE:0A:AE:C9:92:76:5D:50:FC:C3:8F:2C:5D:ED:0F:75:A5:8D:CA
            X509v3 Authority Key Identifier:
                keyid:60:63:5E:04:C3:4C:2F:78:1E:E9:80:A1:65:1F:F6:6E:51:32:BC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGNeBMNML3ge6YChZR_2blEyvEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/99286a-45b3-4cee-8db5-937081a9cefa/1/Dr4KrsmSdl1Q_MOPLF3tD3Wljco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/99286a-45b3-4cee-8db5-937081a9cefa/1/YGNeBMNML3ge6YChZR_2blEyvEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.243.128.0/18
                  185.57.252.0/22
                IPv6:
                  2a02:6060::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:e2:8d:5d:65:9e:21:63:6d:ac:28:3b:07:ab:8b:17:09:fc:
         a0:81:f9:e1:fb:e7:9d:ba:4e:4a:cd:80:77:d8:71:d3:f2:4d:
         86:a2:6f:a1:1f:6e:71:53:b7:b1:6d:4a:44:6a:b0:33:06:4e:
         4e:3e:4d:77:cd:76:85:1f:24:80:83:d2:a8:8b:a6:2d:22:b0:
         70:4b:d8:6d:d7:13:66:86:7f:76:87:71:f7:36:ac:92:4e:23:
         b3:60:59:3d:5f:99:00:82:2c:15:7c:1c:2f:47:42:00:0e:f5:
         fd:3d:1f:60:75:8b:77:12:5e:b4:be:bc:ff:e2:10:60:16:19:
         60:e1:d1:6b:49:fc:47:da:08:32:91:0a:ad:bb:d6:74:fe:5a:
         d6:e7:40:10:b7:59:36:c8:ba:db:76:14:3e:82:3f:58:54:ad:
         c9:42:5c:21:7d:a3:c8:59:bc:74:ea:58:bc:06:cc:e7:d7:d3:
         f7:1e:a1:d4:cb:85:28:23:83:d3:95:dd:7f:54:4e:21:7a:c4:
         7d:89:d1:d7:7b:68:5e:62:ff:82:06:7e:fb:c4:8e:2b:fe:5c:
         9a:6d:bf:80:61:b7:18:f2:a1:c3:18:9f:39:2c:7c:db:b2:6d:
         72:bd:c6:1f:8c:44:86:39:8d:2b:8d:9a:f2:ab:9a:79:4c:d1:
         64:2f:4c:67
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2wjipNSgFAj/0A1i2mUSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjM1ZTA0YzM0YzJmNzgxZWU5ODBhMTY1MWZmNjZlNTEz
MmJjNDQwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWJlMGFhZWM5OTI3NjVkNTBmY2MzOGYyYzVkZWQwZjc1YTU4ZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlACuGEu2DrsIE5Nj0sWeluob+HCy
0+gcYpiYlIjPa+/4gN/1Bg7gb7bUnE0KdCYdQoJJBaLUSqnG0ccw4koSS4GQUQFi
550wQFVDVxGWVobgaiIrT6xXnmCMrJ9G8TR14Kd2msDQzwU8qLoK2mGPo8SY5JgD
MRsKNjSDSt3zXfKRay8ZbRuyhQUDxfRao5jl+RqvFObgdsmgKhimT/4+a/hGQ1IJ
K8vrOA2RDe0hr3Rr1YcOvuz7/sfIQIoaX4CijEaYLwXGrk2LkTOSyXDlqDyPhcCD
nfPSx9bkKAaaAMhSW/dohiMZnR/Ybb1C/c5/Burd/HyCrxRLedxGTVS6BQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFA6+Cq7JknZdUPzDjyxd7Q91pY3KMB8GA1UdIwQY
MBaAFGBjXgTDTC94HumAoWUf9m5RMrxEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdOZUJNTk1MM2dlNllDaFpSXzJibEV5dkVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS85OTI4NmEtNDViMy00Y2VlLThkYjUt
OTM3MDgxYTljZWZhLzEvRHI0S3JzbVNkbDFRX01PUExGM3REM1dsamNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS85OTI4NmEtNDViMy00Y2VlLThkYjUtOTM3MDgxYTljZWZh
LzEvWUdOZUJNTk1MM2dlNllDaFpSXzJibEV5dkVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGVPOAAwQC
uTn8MA0EAgACMAcDBQAqAmBgMA0GCSqGSIb3DQEBCwUAA4IBAQBG4o1dZZ4hY22s
KDsHq4sXCfyggfnh++eduk5KzYB32HHT8k2Gom+hH25xU7exbUpEarAzBk5OPk13
zXaFHySAg9Koi6YtIrBwS9ht1xNmhn92h3H3NqySTiOzYFk9X5kAgiwVfBwvR0IA
DvX9PR9gdYt3El60vrz/4hBgFhlg4dFrSfxH2ggykQqtu9Z0/lrW50AQt1k2yLrb
dhQ+gj9YVK3JQlwhfaPIWbx06li8Bszn19P3HqHUy4UoI4PTld1/VE4hesR9idHX
e2heYv+CBn77xI4r/lyabb+AYbcY8qHDGJ85LHzbsm1yvcYfjESGOY0rjZryq5p5
TNFkL0xn
-----END CERTIFICATE-----