Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/tMXBcGUIKGTfYRMTtfG6biesR-c.roa
File:                     tMXBcGUIKGTfYRMTtfG6biesR-c.roa (raw, json)
Hash identifier:          JWcwNHGeY4nL5R6D6KA+SUTM4UCaSarGczrFPqLJ+XI=
Subject key identifier:   B4:C5:C1:70:65:08:28:64:DF:61:13:13:B5:F1:BA:6E:27:AC:47:E7
Certificate issuer:       /CN=afe4a0d5fda600c5d5b7f618f686d7e93051b4d7
Certificate serial:       019420D5B59A566A1F2089565E65F79DD702
Authority key identifier: AF:E4:A0:D5:FD:A6:00:C5:D5:B7:F6:18:F6:86:D7:E9:30:51:B4:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r-Sg1f2mAMXVt_YY9obX6TBRtNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/tMXBcGUIKGTfYRMTtfG6biesR-c.roa
Signing time:             Wed 01 Jan 2025 07:47:43 +0000
ROA not before:           Wed 01 Jan 2025 07:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60003
IP address blocks:        185.60.72.0/22 maxlen: 22
                          2a02:71a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/r-Sg1f2mAMXVt_YY9obX6TBRtNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/r-Sg1f2mAMXVt_YY9obX6TBRtNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r-Sg1f2mAMXVt_YY9obX6TBRtNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b5:9a:56:6a:1f:20:89:56:5e:65:f7:9d:d7:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afe4a0d5fda600c5d5b7f618f686d7e93051b4d7
        Validity
            Not Before: Jan  1 07:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4c5c17065082864df611313b5f1ba6e27ac47e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:af:fb:8d:df:32:5e:8e:60:0b:8f:38:4e:8e:
                    78:3a:a3:3c:e7:40:93:1d:51:0a:02:3f:05:1d:7a:
                    ab:3e:83:64:cd:23:c2:98:40:79:a8:d7:92:83:8e:
                    3a:55:4c:74:a0:9f:b3:4d:a6:47:20:a5:e1:48:bb:
                    1f:7f:68:91:61:b3:79:b9:ec:d7:df:a5:bb:2f:22:
                    e4:28:21:dd:a6:6d:76:31:6b:9e:17:6a:ec:17:8c:
                    46:66:89:42:5c:e8:7d:f9:fb:b6:48:c4:a8:5e:44:
                    2b:8d:d5:1d:e0:76:3f:8d:26:de:4c:be:f9:5a:2d:
                    d8:f1:35:90:dc:51:a3:1d:ee:a8:c0:44:98:64:9c:
                    d5:af:4f:c9:51:0d:3b:8e:c8:3d:b1:4c:f0:bc:d9:
                    f2:0a:2a:d5:8e:6e:8a:12:39:b4:73:76:25:9c:89:
                    30:50:dd:a1:30:ed:cf:1e:e1:02:8f:aa:74:5b:6a:
                    80:d0:89:e8:39:44:80:d6:cc:07:bb:2a:12:d9:6f:
                    c9:04:3e:b6:c6:6c:f8:31:5c:c6:1b:59:f6:01:7c:
                    ef:07:7e:78:3b:8a:8f:e9:90:fb:c1:ba:cc:1d:96:
                    b6:fa:9b:ee:ca:31:e0:e5:49:e3:e5:33:b2:ae:f8:
                    d8:2a:b6:98:b4:ce:27:dc:e2:a0:2e:3b:ab:2a:f9:
                    50:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C5:C1:70:65:08:28:64:DF:61:13:13:B5:F1:BA:6E:27:AC:47:E7
            X509v3 Authority Key Identifier:
                keyid:AF:E4:A0:D5:FD:A6:00:C5:D5:B7:F6:18:F6:86:D7:E9:30:51:B4:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r-Sg1f2mAMXVt_YY9obX6TBRtNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/tMXBcGUIKGTfYRMTtfG6biesR-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9467c8-0c90-46e1-91c0-e107d9f16c2d/1/r-Sg1f2mAMXVt_YY9obX6TBRtNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.72.0/22
                IPv6:
                  2a02:71a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:7a:7d:4f:7c:17:6b:ee:8c:a0:10:2c:17:d9:a6:7d:34:53:
         76:d4:82:e6:3c:b9:68:b6:f8:52:a0:f3:46:32:f6:8e:fb:fb:
         5f:40:93:96:ff:58:e4:1a:a5:56:65:f6:cc:56:7a:4a:a2:8f:
         7e:88:d6:b0:11:41:75:58:36:00:65:54:1b:f7:d1:29:56:58:
         4e:21:20:92:29:a6:f3:d3:31:01:d0:1f:99:46:19:0d:bf:3c:
         a1:b1:82:de:5a:29:b0:88:a9:26:df:a9:b9:f1:bc:fc:95:02:
         b5:6c:78:cf:8d:ff:24:60:8f:59:06:5d:61:58:ca:3d:ac:ad:
         ec:0f:fc:8e:5a:4a:ef:e2:ad:83:6c:2e:fe:99:7c:20:96:c7:
         ef:7f:3d:47:a3:6e:88:29:3c:25:a5:19:b0:b2:8e:b5:0c:53:
         48:d8:5e:37:1a:e3:3a:55:f8:9d:3e:80:a7:30:19:b1:78:86:
         ea:8a:b5:ee:ae:aa:af:f6:df:b6:70:82:b4:07:f9:38:33:71:
         09:0c:2d:7a:7d:75:92:61:1a:66:79:26:9f:80:ac:c7:c1:4c:
         79:a4:1b:2e:90:46:78:97:64:79:ca:db:f5:e6:f1:24:70:8f:
         00:dc:ab:6c:ac:56:f3:ac:e7:48:8c:46:e3:05:4c:0a:2f:67:
         04:7a:6d:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1bWaVmofIIlWXmX3ndcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZTRhMGQ1ZmRhNjAwYzVkNWI3ZjYxOGY2ODZkN2U5MzA1
MWI0ZDcwHhcNMjUwMTAxMDc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGM1YzE3MDY1MDgyODY0ZGY2MTEzMTNiNWYxYmE2ZTI3YWM0N2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjq/7jd8yXo5gC484To54OqM850CT
HVEKAj8FHXqrPoNkzSPCmEB5qNeSg446VUx0oJ+zTaZHIKXhSLsff2iRYbN5uezX
36W7LyLkKCHdpm12MWueF2rsF4xGZolCXOh9+fu2SMSoXkQrjdUd4HY/jSbeTL75
Wi3Y8TWQ3FGjHe6owESYZJzVr0/JUQ07jsg9sUzwvNnyCirVjm6KEjm0c3YlnIkw
UN2hMO3PHuECj6p0W2qA0InoOUSA1swHuyoS2W/JBD62xmz4MVzGG1n2AXzvB354
O4qP6ZD7wbrMHZa2+pvuyjHg5Unj5TOyrvjYKraYtM4n3OKgLjurKvlQywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLTFwXBlCChk32ETE7Xxum4nrEfnMB8GA1UdIwQY
MBaAFK/koNX9pgDF1bf2GPaG1+kwUbTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvci1TZzFmMm1BTVhWdF9ZWTlvYlg2VEJSdE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85NDY3YzgtMGM5MC00NmUxLTkxYzAt
ZTEwN2Q5ZjE2YzJkLzEvdE1YQmNHVUlLR1RmWVJNVHRmRzZiaWVzUi1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85NDY3YzgtMGM5MC00NmUxLTkxYzAtZTEwN2Q5ZjE2YzJk
LzEvci1TZzFmMm1BTVhWdF9ZWTlvYlg2VEJSdE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTxIMA0E
AgACMAcDBQAqAnGgMA0GCSqGSIb3DQEBCwUAA4IBAQCcen1PfBdr7oygECwX2aZ9
NFN21ILmPLlotvhSoPNGMvaO+/tfQJOW/1jkGqVWZfbMVnpKoo9+iNawEUF1WDYA
ZVQb99EpVlhOISCSKabz0zEB0B+ZRhkNvzyhsYLeWimwiKkm36m58bz8lQK1bHjP
jf8kYI9ZBl1hWMo9rK3sD/yOWkrv4q2DbC7+mXwglsfvfz1Ho26IKTwlpRmwso61
DFNI2F43GuM6VfidPoCnMBmxeIbqirXurqqv9t+2cIK0B/k4M3EJDC16fXWSYRpm
eSafgKzHwUx5pBsukEZ4l2R5ytv15vEkcI8A3KtsrFbzrOdIjEbjBUwKL2cEem1D
-----END CERTIFICATE-----