Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/f5794a-b191-4646-a842-f49fea545e78/1/eK-V_46KTxhyS6LFLbM5bC1vFYU.roa
File:                     eK-V_46KTxhyS6LFLbM5bC1vFYU.roa (raw, json)
Hash identifier:          RpTceC+0W1I79ax00ngsaIqnPfYNbxqXPhBcOUuJVAk=
Subject key identifier:   78:AF:95:FF:8E:8A:4F:18:72:4B:A2:C5:2D:B3:39:6C:2D:6F:15:85
Certificate issuer:       /CN=60d0b0207603be43d8492e9851378b8b4f09594f
Certificate serial:       018CC4934730B7D2BDCCE9194CE28776BC38
Authority key identifier: 60:D0:B0:20:76:03:BE:43:D8:49:2E:98:51:37:8B:8B:4F:09:59:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YNCwIHYDvkPYSS6YUTeLi08JWU8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/f5794a-b191-4646-a842-f49fea545e78/1/eK-V_46KTxhyS6LFLbM5bC1vFYU.roa
Signing time:             Mon 01 Jan 2024 10:30:35 +0000
ROA not before:           Mon 01 Jan 2024 10:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        145.5.0.0/16 maxlen: 16
                          130.115.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/f5794a-b191-4646-a842-f49fea545e78/1/YNCwIHYDvkPYSS6YUTeLi08JWU8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/f5794a-b191-4646-a842-f49fea545e78/1/YNCwIHYDvkPYSS6YUTeLi08JWU8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YNCwIHYDvkPYSS6YUTeLi08JWU8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:47:30:b7:d2:bd:cc:e9:19:4c:e2:87:76:bc:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60d0b0207603be43d8492e9851378b8b4f09594f
        Validity
            Not Before: Jan  1 10:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78af95ff8e8a4f18724ba2c52db3396c2d6f1585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:22:24:46:de:f9:7a:67:7e:76:61:87:59:79:
                    79:44:9d:95:b9:32:8a:a2:99:1e:41:2c:10:ee:46:
                    f4:67:d2:e8:73:98:ce:11:33:6a:dd:7c:07:e7:c6:
                    45:54:6a:08:70:b5:4d:0e:42:85:74:c5:dd:21:4d:
                    8e:6a:ed:09:4c:d8:50:0b:b6:ea:41:ef:2e:3c:c7:
                    63:ce:f0:05:a5:0a:f4:82:15:3f:d8:76:0f:56:9f:
                    e6:2c:ee:14:c5:21:12:2f:dd:1a:23:b7:db:55:da:
                    6a:98:6d:00:4d:dc:99:99:67:30:b4:7f:d7:74:85:
                    54:74:52:54:07:6c:d2:21:5e:3f:13:1e:82:eb:a2:
                    75:9c:fa:b8:0a:27:ec:20:65:ec:83:bb:3a:4b:ac:
                    83:6b:71:9e:23:82:02:74:ae:f4:17:38:a8:09:d3:
                    98:73:19:34:3b:72:7c:16:3c:3c:a6:e2:69:f3:91:
                    ec:57:02:23:4f:d3:d9:af:31:c9:32:35:13:3c:e6:
                    e7:d3:79:7a:26:a2:dc:75:c4:b2:1f:49:01:27:d9:
                    11:91:6a:2b:f6:87:66:f4:c8:9a:6f:f7:d9:78:43:
                    8d:65:a4:4d:0b:ba:f5:6d:60:8e:3b:fd:df:9e:a2:
                    d1:f0:9e:e4:46:c9:62:f8:dd:c3:fd:51:be:bc:6c:
                    ad:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:AF:95:FF:8E:8A:4F:18:72:4B:A2:C5:2D:B3:39:6C:2D:6F:15:85
            X509v3 Authority Key Identifier:
                keyid:60:D0:B0:20:76:03:BE:43:D8:49:2E:98:51:37:8B:8B:4F:09:59:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YNCwIHYDvkPYSS6YUTeLi08JWU8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/f5794a-b191-4646-a842-f49fea545e78/1/eK-V_46KTxhyS6LFLbM5bC1vFYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/f5794a-b191-4646-a842-f49fea545e78/1/YNCwIHYDvkPYSS6YUTeLi08JWU8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.115.0.0/16
                  145.5.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         04:00:8a:00:b2:8a:2e:b4:a4:78:d9:e4:fb:31:44:45:f7:4f:
         ae:b8:40:08:2e:5d:98:79:c2:d6:df:51:6c:18:ef:03:35:2f:
         1b:67:96:0d:25:64:b8:c2:2d:60:3c:f4:ee:29:a5:b6:ca:c6:
         fa:4f:86:6b:70:ed:6c:5b:81:9e:45:74:e1:1a:f2:03:87:66:
         2f:94:23:74:16:43:6c:3f:9f:98:46:c2:38:bb:5e:07:24:e0:
         ad:ff:2f:54:b1:ca:48:d2:d9:9f:54:bd:76:87:29:cd:89:18:
         c6:25:dd:b9:5e:13:94:6b:07:6a:9e:76:d4:7d:f9:9a:b2:50:
         f5:0c:0e:0e:4e:63:78:22:7e:67:44:19:b1:35:54:ae:ea:49:
         e2:66:93:7c:46:0b:10:13:4d:61:dd:33:bf:52:5d:b2:2b:19:
         2d:ed:d9:02:6b:ef:52:8c:46:5f:ee:b5:f3:35:48:ca:60:1a:
         3c:35:82:b7:31:03:b8:87:9a:76:c2:d0:8e:f6:7a:81:f5:4e:
         84:d3:da:54:3a:75:68:c1:c5:b3:77:c7:55:1d:0e:7e:be:7c:
         32:20:8a:25:0a:c9:98:2b:69:d3:2e:24:d8:6a:47:92:24:30:
         f9:05:31:c3:e0:f2:f3:27:6e:00:2a:08:ea:75:98:40:0f:22:
         0b:48:3e:f9
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzEk0cwt9K9zOkZTOKHdrw4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZDBiMDIwNzYwM2JlNDNkODQ5MmU5ODUxMzc4YjhiNGYw
OTU5NGYwHhcNMjQwMTAxMTAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGFmOTVmZjhlOGE0ZjE4NzI0YmEyYzUyZGIzMzk2YzJkNmYxNTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2iIkRt75emd+dmGHWXl5RJ2VuTKK
opkeQSwQ7kb0Z9Loc5jOETNq3XwH58ZFVGoIcLVNDkKFdMXdIU2Oau0JTNhQC7bq
Qe8uPMdjzvAFpQr0ghU/2HYPVp/mLO4UxSESL90aI7fbVdpqmG0ATdyZmWcwtH/X
dIVUdFJUB2zSIV4/Ex6C66J1nPq4CifsIGXsg7s6S6yDa3GeI4ICdK70FzioCdOY
cxk0O3J8Fjw8puJp85HsVwIjT9PZrzHJMjUTPObn03l6JqLcdcSyH0kBJ9kRkWor
9odm9Miab/fZeEONZaRNC7r1bWCOO/3fnqLR8J7kRsli+N3D/VG+vGytLQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFHivlf+Oik8YckuixS2zOWwtbxWFMB8GA1UdIwQY
MBaAFGDQsCB2A75D2EkumFE3i4tPCVlPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU5Dd0lIWUR2a1BZU1M2WVVUZUxpMDhKV1U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9mNTc5NGEtYjE5MS00NjQ2LWE4NDIt
ZjQ5ZmVhNTQ1ZTc4LzEvZUstVl80NktUeGh5UzZMRkxiTTViQzF2RllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9mNTc5NGEtYjE5MS00NjQ2LWE4NDItZjQ5ZmVhNTQ1ZTc4
LzEvWU5Dd0lIWUR2a1BZU1M2WVVUZUxpMDhKV1U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAgnMDAwCR
BTANBgkqhkiG9w0BAQsFAAOCAQEABACKALKKLrSkeNnk+zFERfdPrrhACC5dmHnC
1t9RbBjvAzUvG2eWDSVkuMItYDz07imltsrG+k+Ga3DtbFuBnkV04RryA4dmL5Qj
dBZDbD+fmEbCOLteByTgrf8vVLHKSNLZn1S9docpzYkYxiXduV4TlGsHap521H35
mrJQ9QwODk5jeCJ+Z0QZsTVUrupJ4maTfEYLEBNNYd0zv1JdsisZLe3ZAmvvUoxG
X+618zVIymAaPDWCtzEDuIeadsLQjvZ6gfVOhNPaVDp1aMHFs3fHVR0Ofr58MiCK
JQrJmCtp0y4k2GpHkiQw+QUxw+Dy8yduACoI6nWYQA8iC0g++Q==
-----END CERTIFICATE-----