Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/YM1tKfihR4z5cXmE1Jjl24S18eg.roa
File:                     YM1tKfihR4z5cXmE1Jjl24S18eg.roa (raw, json)
Hash identifier:          U43Ucgs65abrclVtS1PPkbK1jJhb18h1M2nHnnl+CL4=
Subject key identifier:   60:CD:6D:29:F8:A1:47:8C:F9:71:79:84:D4:98:E5:DB:84:B5:F1:E8
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0192E7CE0588A58FE773CC48C47A14F4F112
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/YM1tKfihR4z5cXmE1Jjl24S18eg.roa
Signing time:             Fri 01 Nov 2024 12:58:11 +0000
ROA not before:           Fri 01 Nov 2024 12:58:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     268624
IP address blocks:        170.62.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e7:ce:05:88:a5:8f:e7:73:cc:48:c4:7a:14:f4:f1:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Nov  1 12:58:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60cd6d29f8a1478cf9717984d498e5db84b5f1e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d0:4e:b4:bc:c6:2a:57:69:6d:f3:70:b3:a3:
                    f8:26:83:90:96:80:6c:b0:24:40:97:f2:82:78:a8:
                    2c:07:47:a5:e5:9e:42:40:03:a7:29:2d:c6:6e:6b:
                    60:f5:f9:09:54:06:19:dc:5d:d8:6b:23:9d:ba:bb:
                    b8:97:78:cd:03:4e:9c:71:6f:40:23:42:68:3a:2b:
                    85:b2:80:73:6e:a4:7c:a1:72:93:14:f1:3b:a5:d9:
                    56:1b:e9:fa:72:5d:d6:b0:e7:eb:87:47:7a:0a:9b:
                    4b:3c:c1:6c:3c:4f:7f:41:06:e2:d2:82:be:8e:b9:
                    ea:15:cb:f2:22:d5:7f:86:3f:cf:b4:88:6a:1c:d4:
                    17:33:1b:96:2b:1b:97:82:b3:d9:96:11:d2:f0:f4:
                    5e:cf:30:a1:af:82:cc:7e:72:d2:e9:c9:ba:8c:42:
                    13:a8:8a:85:94:dd:e6:ec:0c:4e:dc:6c:a0:c0:bd:
                    ec:05:c4:bd:28:13:39:c7:b5:9f:71:59:cc:5d:67:
                    48:e6:22:63:9a:76:56:25:2e:5f:24:c0:14:ce:2c:
                    79:c0:60:39:5d:10:80:f6:6e:f4:01:5e:e9:02:11:
                    2b:e0:bf:56:9f:6d:12:6a:4d:a1:e6:40:a9:3b:4a:
                    75:75:44:35:f6:1d:a9:e4:34:3a:c1:e6:c8:33:05:
                    9d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:CD:6D:29:F8:A1:47:8C:F9:71:79:84:D4:98:E5:DB:84:B5:F1:E8
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/YM1tKfihR4z5cXmE1Jjl24S18eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.62.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:1f:3b:4b:62:e4:4e:b6:32:29:09:02:e8:eb:05:f7:62:d4:
         bd:fc:bf:14:9f:60:08:c5:10:f1:20:12:29:a3:cd:5d:eb:52:
         cd:e7:d1:af:9f:1a:d1:70:73:fd:8a:d6:5e:3f:79:f3:26:9e:
         49:22:64:e1:53:07:e3:54:f1:32:33:76:33:40:aa:ee:5b:1f:
         42:de:e7:20:b0:64:91:8a:1e:b4:ce:40:e6:12:ef:1e:83:5e:
         93:a9:b0:d9:80:c9:1f:07:15:24:33:13:76:ef:bd:54:8a:fd:
         fb:bc:a2:b8:a6:96:d6:ca:6d:1f:b7:8d:98:2d:a7:8a:c8:5f:
         da:5f:58:e9:d5:b1:d9:83:f1:63:9b:f8:82:a6:8c:19:ad:59:
         c0:b4:c0:bf:aa:c3:4c:9e:e5:17:50:05:83:7f:01:ab:45:85:
         9a:f8:1a:5a:77:a6:1a:0c:79:9f:1e:5e:6b:fe:ab:8f:e1:57:
         49:40:90:ef:17:89:e8:3a:3e:0e:a8:03:37:0d:85:8a:e5:bb:
         e5:b8:e9:99:25:a7:e5:c5:4c:0d:e2:8b:cf:1d:b4:3f:85:6f:
         c4:ca:f1:8c:8c:d5:e1:d3:7a:af:4a:75:d2:8b:46:47:ef:78:
         f3:5c:40:23:25:9f:22:90:01:df:b6:63:8c:a4:4e:cc:9a:e3:
         d0:a3:89:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLnzgWIpY/nc8xIxHoU9PESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQxMTAxMTI1ODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGNkNmQyOWY4YTE0NzhjZjk3MTc5ODRkNDk4ZTVkYjg0YjVmMWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNBOtLzGKldpbfNws6P4JoOQloBs
sCRAl/KCeKgsB0el5Z5CQAOnKS3Gbmtg9fkJVAYZ3F3YayOduru4l3jNA06ccW9A
I0JoOiuFsoBzbqR8oXKTFPE7pdlWG+n6cl3WsOfrh0d6CptLPMFsPE9/QQbi0oK+
jrnqFcvyItV/hj/PtIhqHNQXMxuWKxuXgrPZlhHS8PRezzChr4LMfnLS6cm6jEIT
qIqFlN3m7AxO3GygwL3sBcS9KBM5x7WfcVnMXWdI5iJjmnZWJS5fJMAUzix5wGA5
XRCA9m70AV7pAhEr4L9Wn20Sak2h5kCpO0p1dUQ19h2p5DQ6webIMwWdlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDNbSn4oUeM+XF5hNSY5duEtfHoMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWU0xdEtmaWhSNHo1Y1htRTFKamwyNFMxOGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqj6hMA0G
CSqGSIb3DQEBCwUAA4IBAQCIHztLYuROtjIpCQLo6wX3YtS9/L8Un2AIxRDxIBIp
o81d61LN59GvnxrRcHP9itZeP3nzJp5JImThUwfjVPEyM3YzQKruWx9C3ucgsGSR
ih60zkDmEu8eg16TqbDZgMkfBxUkMxN2771Uiv37vKK4ppbWym0ft42YLaeKyF/a
X1jp1bHZg/Fjm/iCpowZrVnAtMC/qsNMnuUXUAWDfwGrRYWa+Bpad6YaDHmfHl5r
/quP4VdJQJDvF4noOj4OqAM3DYWK5bvluOmZJaflxUwN4ovPHbQ/hW/EyvGMjNXh
03qvSnXSi0ZH73jzXEAjJZ8ikAHftmOMpE7MmuPQo4kT
-----END CERTIFICATE-----