Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/1-Dx2NUxiXEpY2gpSnA5AavXbuIY.roa
File:                     1-Dx2NUxiXEpY2gpSnA5AavXbuIY.roa (raw, json)
Hash identifier:          36y5nDYtEZqJf8u1pw+abhyn5h9ICY67A5f6yhHDO+4=
Subject key identifier:   F8:3C:76:35:4C:62:5C:4A:58:DA:0A:52:9C:0E:40:6A:F5:DB:B8:86
Certificate issuer:       /CN=04a5ec5f52668be50b4518b687cf8bd95930ae39
Certificate serial:       018CC4938CFDA88EDD364487CBA778FAAA06
Authority key identifier: 04:A5:EC:5F:52:66:8B:E5:0B:45:18:B6:87:CF:8B:D9:59:30:AE:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/1-Dx2NUxiXEpY2gpSnA5AavXbuIY.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212603
IP address blocks:        185.60.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8c:fd:a8:8e:dd:36:44:87:cb:a7:78:fa:aa:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a5ec5f52668be50b4518b687cf8bd95930ae39
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f83c76354c625c4a58da0a529c0e406af5dbb886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:37:40:6c:01:47:b0:b5:a3:19:9d:ec:3b:d2:
                    07:58:83:24:07:7e:b0:a3:af:2b:32:6c:08:1a:65:
                    37:27:00:80:df:7c:90:8f:f1:02:e4:64:41:c7:d0:
                    a1:96:b8:8e:01:99:c7:49:24:e1:ce:06:38:7a:a8:
                    c3:4d:a7:1c:a4:8b:e0:ff:39:a9:5f:4a:e8:4a:4a:
                    18:c1:23:1d:7d:4e:79:7c:6c:83:11:ae:25:27:cd:
                    e5:52:5a:99:11:2e:16:93:fa:e6:2d:e4:03:ef:2c:
                    b4:67:6b:e6:d0:d0:3a:58:ad:99:c9:3d:37:81:41:
                    5f:e4:77:00:57:2a:44:2b:4f:0f:0d:90:b5:5a:5a:
                    2d:f2:dc:cd:3a:40:e4:7b:73:22:0d:ae:20:e5:71:
                    0d:7f:de:08:c3:47:76:b5:9e:8b:83:64:c1:82:f1:
                    55:2e:24:4e:27:65:85:c3:e2:e2:79:d8:86:94:75:
                    27:00:86:1f:c0:a1:a2:34:0b:86:c3:11:b3:0b:37:
                    92:b9:33:d0:16:6d:d7:31:6b:2b:13:05:c4:62:d2:
                    aa:f3:88:e3:de:e8:0c:6d:51:1e:cc:09:cf:16:0f:
                    96:72:48:ad:78:b7:f4:01:53:62:fb:45:19:77:f4:
                    59:4d:0d:e4:91:cc:5d:9a:38:36:b4:05:3b:d7:68:
                    c7:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:3C:76:35:4C:62:5C:4A:58:DA:0A:52:9C:0E:40:6A:F5:DB:B8:86
            X509v3 Authority Key Identifier:
                keyid:04:A5:EC:5F:52:66:8B:E5:0B:45:18:B6:87:CF:8B:D9:59:30:AE:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/1-Dx2NUxiXEpY2gpSnA5AavXbuIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:a1:56:31:55:1e:e5:bc:8d:32:13:71:4f:81:d4:c1:f3:83:
         58:3a:39:4a:c8:ac:34:52:dd:e6:d1:14:00:9d:98:ee:35:bf:
         f1:ff:1b:92:83:a7:eb:8b:52:25:ea:70:65:b2:12:4d:61:d8:
         cb:70:48:bc:d1:fd:ec:be:1e:af:7b:71:23:8f:13:e7:8e:42:
         59:26:25:8f:9c:37:49:49:27:49:a8:87:d7:3a:07:56:1d:b0:
         56:ce:15:32:ce:f1:8c:7f:b4:c6:94:80:9e:dd:a9:2d:24:a7:
         a6:98:58:07:c9:78:2c:c3:bf:f9:ef:71:c5:3b:94:76:1f:05:
         bc:48:fd:57:04:e1:50:07:c4:81:c7:78:15:04:6e:d7:44:52:
         73:d9:22:69:b5:3d:35:be:cb:d9:c2:19:ff:8d:92:a3:14:71:
         32:32:77:c9:41:a5:d9:ee:f6:22:2e:4f:71:a1:35:96:29:2b:
         3d:ab:66:69:3b:42:c9:99:47:d4:f6:73:15:d7:74:e3:b2:77:
         a2:9b:d2:e2:8c:d7:83:11:5c:66:b7:cb:fb:e3:97:56:0e:14:
         30:c1:d6:6b:76:aa:1a:40:7b:a0:f3:15:31:ad:2d:11:0c:e0:
         97:78:2a:9d:9f:67:40:e6:fe:78:b3:1a:97:a0:a4:93:58:a8:
         5e:b3:ea:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEk4z9qI7dNkSHy6d4+qoGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTVlYzVmNTI2NjhiZTUwYjQ1MThiNjg3Y2Y4YmQ5NTkz
MGFlMzkwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODNjNzYzNTRjNjI1YzRhNThkYTBhNTI5YzBlNDA2YWY1ZGJiODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDdAbAFHsLWjGZ3sO9IHWIMkB36w
o68rMmwIGmU3JwCA33yQj/EC5GRBx9ChlriOAZnHSSThzgY4eqjDTaccpIvg/zmp
X0roSkoYwSMdfU55fGyDEa4lJ83lUlqZES4Wk/rmLeQD7yy0Z2vm0NA6WK2ZyT03
gUFf5HcAVypEK08PDZC1Wlot8tzNOkDke3MiDa4g5XENf94Iw0d2tZ6Lg2TBgvFV
LiROJ2WFw+LiediGlHUnAIYfwKGiNAuGwxGzCzeSuTPQFm3XMWsrEwXEYtKq84jj
3ugMbVEezAnPFg+WckiteLf0AVNi+0UZd/RZTQ3kkcxdmjg2tAU712jHSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPg8djVMYlxKWNoKUpwOQGr127iGMB8GA1UdIwQY
MBaAFASl7F9SZovlC0UYtofPi9lZMK45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktYc1gxSm1pLVVMUlJpMmg4LUwyVmt3cmprLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wMGUzM2UtZmQ3NC00NTgzLTk4NGUt
YzZiODRjYzU4NjEwLzEvMS1EeDJOVXhpWEVwWTJncFNuQTVBYXZYYnVJWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzIvMDBlMzNlLWZkNzQtNDU4My05ODRlLWM2Yjg0Y2M1ODYx
MC8xL0JLWHNYMUptaS1VTFJSaTJoOC1MMlZrd3Jqay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALk8FDAN
BgkqhkiG9w0BAQsFAAOCAQEAa6FWMVUe5byNMhNxT4HUwfODWDo5SsisNFLd5tEU
AJ2Y7jW/8f8bkoOn64tSJepwZbISTWHYy3BIvNH97L4er3txI48T545CWSYlj5w3
SUknSaiH1zoHVh2wVs4VMs7xjH+0xpSAnt2pLSSnpphYB8l4LMO/+e9xxTuUdh8F
vEj9VwThUAfEgcd4FQRu10RSc9kiabU9Nb7L2cIZ/42SoxRxMjJ3yUGl2e72Ii5P
caE1likrPatmaTtCyZlH1PZzFdd047J3opvS4ozXgxFcZrfL++OXVg4UMMHWa3aq
GkB7oPMVMa0tEQzgl3gqnZ9nQOb+eLMal6Ckk1ioXrPq/Q==
-----END CERTIFICATE-----