Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/NUPQRS0ooRsar2f147MR7z_4vbA.roa
File:                     NUPQRS0ooRsar2f147MR7z_4vbA.roa (raw, json)
Hash identifier:          CmMZuOujUXhdqhz27/qbC9mkinQYp7izfWsg278vT1s=
Subject key identifier:   35:43:D0:45:2D:28:A1:1B:1A:AF:67:F5:E3:B3:11:EF:3F:F8:BD:B0
Certificate issuer:       /CN=04a5ec5f52668be50b4518b687cf8bd95930ae39
Certificate serial:       01942067F24260B139C669174A4EB51BC096
Authority key identifier: 04:A5:EC:5F:52:66:8B:E5:0B:45:18:B6:87:CF:8B:D9:59:30:AE:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/NUPQRS0ooRsar2f147MR7z_4vbA.roa
Signing time:             Wed 01 Jan 2025 05:47:50 +0000
ROA not before:           Wed 01 Jan 2025 05:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212603
IP address blocks:        185.60.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 20:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f2:42:60:b1:39:c6:69:17:4a:4e:b5:1b:c0:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a5ec5f52668be50b4518b687cf8bd95930ae39
        Validity
            Not Before: Jan  1 05:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3543d0452d28a11b1aaf67f5e3b311ef3ff8bdb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:64:6d:8e:b5:2e:f8:1b:64:ad:4a:84:17:28:
                    ad:05:93:68:31:23:27:45:48:35:f7:02:f4:63:a8:
                    ef:b1:4c:8d:50:8e:81:a9:98:db:95:f5:c1:82:a3:
                    49:1a:3e:d0:92:ec:35:ba:d1:44:66:c8:8f:9b:9e:
                    71:3a:b2:bf:4f:da:7e:e4:b9:cf:a7:70:f8:f4:60:
                    5f:b2:e3:15:14:9e:8d:45:3a:70:c2:97:63:37:48:
                    44:d9:35:2f:2c:c1:6f:b1:90:78:b6:65:4e:a9:f6:
                    27:18:d2:19:48:5a:fc:82:ea:59:b6:7d:76:e1:da:
                    8a:03:c4:05:f5:cc:be:41:6f:44:94:13:34:c5:e2:
                    4f:b4:32:62:74:31:fa:ba:6f:51:8b:8a:c0:49:2b:
                    28:44:ac:0c:45:92:7d:8a:e3:7d:98:c5:84:2c:8a:
                    23:9d:87:a7:c5:4e:db:67:f2:9e:06:3e:5b:bb:95:
                    e3:c0:25:09:86:d2:ca:d2:e3:57:df:08:4e:cf:51:
                    a9:31:a5:6f:d8:67:3a:79:dc:fc:04:43:7b:db:b7:
                    4d:86:97:06:0b:81:56:ff:03:95:24:4e:c7:65:de:
                    47:48:b8:71:27:7a:fe:14:cd:24:9e:29:19:64:ab:
                    fa:ae:b8:57:29:6a:7c:d7:86:50:22:01:e5:f2:30:
                    6c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:43:D0:45:2D:28:A1:1B:1A:AF:67:F5:E3:B3:11:EF:3F:F8:BD:B0
            X509v3 Authority Key Identifier:
                keyid:04:A5:EC:5F:52:66:8B:E5:0B:45:18:B6:87:CF:8B:D9:59:30:AE:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/NUPQRS0ooRsar2f147MR7z_4vbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:ae:da:1f:92:72:41:cf:c2:46:d3:5c:8e:f5:33:12:67:9b:
         a6:ef:a8:ce:ef:66:a2:1c:b9:b6:67:56:61:40:fa:79:0f:2a:
         35:5b:2e:da:98:02:07:68:bc:ec:ce:03:de:63:1d:03:b8:b8:
         3b:f3:d6:6b:a7:63:1b:e0:fb:4c:13:84:3c:bd:c6:a4:00:bf:
         90:c3:50:09:67:40:54:14:28:4b:28:85:b3:61:12:cb:e5:c2:
         a2:2f:11:c9:a6:4c:a5:ba:2f:bd:28:d5:6e:90:80:1e:89:01:
         3f:ee:9f:0c:64:db:02:95:0c:52:80:d0:03:e9:4a:ff:bb:c5:
         12:5e:a0:bc:ba:07:01:fc:21:ee:f0:1b:54:a7:2e:c6:db:1f:
         8d:eb:a1:0e:78:b0:7e:0e:4a:35:fc:7a:95:b3:0a:88:7f:f0:
         65:9a:15:ca:9f:24:45:77:4a:75:b2:ec:46:84:32:63:66:f4:
         aa:eb:df:34:c6:f8:70:f0:4a:c8:ba:db:e3:83:ec:a7:cd:65:
         b8:dd:65:e1:9e:72:6b:12:47:4f:01:4d:ef:b8:f9:d8:b0:34:
         00:db:3a:86:06:39:85:b9:7a:fd:e8:e5:90:ca:d4:a6:1e:1c:
         fd:7b:ae:bd:6f:7c:19:7c:33:75:e9:12:2f:ee:dd:b6:f6:ed:
         f1:0a:70:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/JCYLE5xmkXSk61G8CWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTVlYzVmNTI2NjhiZTUwYjQ1MThiNjg3Y2Y4YmQ5NTkz
MGFlMzkwHhcNMjUwMTAxMDU0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTQzZDA0NTJkMjhhMTFiMWFhZjY3ZjVlM2IzMTFlZjNmZjhiZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2RtjrUu+BtkrUqEFyitBZNoMSMn
RUg19wL0Y6jvsUyNUI6BqZjblfXBgqNJGj7Qkuw1utFEZsiPm55xOrK/T9p+5LnP
p3D49GBfsuMVFJ6NRTpwwpdjN0hE2TUvLMFvsZB4tmVOqfYnGNIZSFr8gupZtn12
4dqKA8QF9cy+QW9ElBM0xeJPtDJidDH6um9Ri4rASSsoRKwMRZJ9iuN9mMWELIoj
nYenxU7bZ/KeBj5bu5XjwCUJhtLK0uNX3whOz1GpMaVv2Gc6edz8BEN727dNhpcG
C4FW/wOVJE7HZd5HSLhxJ3r+FM0knikZZKv6rrhXKWp814ZQIgHl8jBs6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVD0EUtKKEbGq9n9eOzEe8/+L2wMB8GA1UdIwQY
MBaAFASl7F9SZovlC0UYtofPi9lZMK45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktYc1gxSm1pLVVMUlJpMmg4LUwyVmt3cmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wMGUzM2UtZmQ3NC00NTgzLTk4NGUt
YzZiODRjYzU4NjEwLzEvTlVQUVJTMG9vUnNhcjJmMTQ3TVI3el80dmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wMGUzM2UtZmQ3NC00NTgzLTk4NGUtYzZiODRjYzU4NjEw
LzEvQktYc1gxSm1pLVVMUlJpMmg4LUwyVmt3cmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTwUMA0G
CSqGSIb3DQEBCwUAA4IBAQCZrtofknJBz8JG01yO9TMSZ5um76jO72aiHLm2Z1Zh
QPp5Dyo1Wy7amAIHaLzszgPeYx0DuLg789Zrp2Mb4PtME4Q8vcakAL+Qw1AJZ0BU
FChLKIWzYRLL5cKiLxHJpkylui+9KNVukIAeiQE/7p8MZNsClQxSgNAD6Ur/u8US
XqC8ugcB/CHu8BtUpy7G2x+N66EOeLB+Dko1/HqVswqIf/BlmhXKnyRFd0p1suxG
hDJjZvSq6980xvhw8ErIutvjg+ynzWW43WXhnnJrEkdPAU3vuPnYsDQA2zqGBjmF
uXr96OWQytSmHhz9e669b3wZfDN16RIv7t229u3xCnDO
-----END CERTIFICATE-----