Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/s9w4qRZruVxm5HzYoKZvZpAaayA.roa
File:                     s9w4qRZruVxm5HzYoKZvZpAaayA.roa (raw, json)
Hash identifier:          EJZEB361SyKSzETQ88wlfz+T2Nm9fFJoNmVUO9U6FJw=
Subject key identifier:   B3:DC:38:A9:16:6B:B9:5C:66:E4:7C:D8:A0:A6:6F:66:90:1A:6B:20
Certificate issuer:       /CN=04a5ec5f52668be50b4518b687cf8bd95930ae39
Certificate serial:       018CC4938C9DA935602D4ED4562E4869F05C
Authority key identifier: 04:A5:EC:5F:52:66:8B:E5:0B:45:18:B6:87:CF:8B:D9:59:30:AE:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/s9w4qRZruVxm5HzYoKZvZpAaayA.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58010
IP address blocks:        185.60.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8c:9d:a9:35:60:2d:4e:d4:56:2e:48:69:f0:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a5ec5f52668be50b4518b687cf8bd95930ae39
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3dc38a9166bb95c66e47cd8a0a66f66901a6b20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ca:83:41:73:c3:5c:d4:62:25:fa:0e:22:79:
                    f9:08:02:72:7d:ea:68:4e:61:37:93:a7:2f:25:83:
                    1f:05:41:c1:76:8a:a3:95:9f:c6:1b:51:47:f6:91:
                    c8:db:d5:ea:80:5c:7d:e9:97:11:d5:45:e6:a6:68:
                    fa:61:d8:89:99:61:a7:62:9c:dd:6b:0f:29:2b:f1:
                    f0:48:27:a0:bd:36:a4:32:ce:49:bf:d4:70:5b:12:
                    a0:00:04:2d:5c:bd:09:90:06:da:5a:b9:8d:f0:92:
                    64:93:e9:0f:26:54:40:15:4e:0a:ef:53:89:b1:ae:
                    eb:42:4f:dc:c9:55:b9:57:9a:ad:89:4e:b7:fd:de:
                    9b:c0:fc:87:6c:aa:6e:bf:de:13:c9:90:a6:5f:2a:
                    47:08:79:f5:2a:97:e7:f3:b4:c8:16:97:48:88:14:
                    d9:d5:59:64:bb:bc:97:44:b3:bc:23:63:7c:c0:b3:
                    65:ed:30:e0:10:ca:1c:61:ab:50:65:56:0c:6d:2c:
                    3c:37:37:bb:ab:03:9c:eb:b4:83:82:c9:62:37:70:
                    b4:07:96:17:00:a3:00:f5:d9:f8:a1:7b:27:a1:b0:
                    51:08:13:49:fd:e2:4b:14:0d:6b:3e:de:04:1b:62:
                    f4:c0:52:51:8e:39:8a:9b:cf:e5:44:e1:d3:93:3c:
                    e4:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:DC:38:A9:16:6B:B9:5C:66:E4:7C:D8:A0:A6:6F:66:90:1A:6B:20
            X509v3 Authority Key Identifier:
                keyid:04:A5:EC:5F:52:66:8B:E5:0B:45:18:B6:87:CF:8B:D9:59:30:AE:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/s9w4qRZruVxm5HzYoKZvZpAaayA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:f0:f8:94:9e:a7:c0:75:5d:34:cc:32:df:5c:76:41:c5:0e:
         89:38:3e:a8:bf:82:2b:d2:1e:6e:d3:89:08:f9:df:7a:85:02:
         c9:ee:c0:cf:a2:6a:6d:d8:74:f9:74:7c:fd:e5:3b:00:46:37:
         a1:0d:c6:43:2a:5b:70:e3:29:99:96:72:39:ab:47:57:52:8a:
         d8:25:3e:64:e0:af:e7:30:a9:6d:ea:a5:bc:57:aa:35:b2:12:
         6f:a3:34:38:8a:8b:a0:ab:b2:e8:43:69:26:89:cc:1e:94:d2:
         78:c1:49:dc:17:4d:63:ff:e4:06:53:21:6e:9e:25:00:51:a2:
         6a:38:bd:1f:04:3f:14:20:86:4a:fb:87:2f:85:66:a6:98:6e:
         ba:16:e8:80:3d:1e:e7:9a:77:b6:d1:8e:d1:2f:6e:19:6f:aa:
         85:1b:62:b8:b7:f8:ad:b3:84:0e:1d:1b:20:ab:44:68:c4:d6:
         79:92:4a:e7:e0:82:02:e3:81:75:af:e0:e9:4a:45:aa:93:57:
         ba:29:8a:b0:5c:17:6a:a6:9c:9e:ca:79:1f:42:7d:4b:0a:f7:
         f6:49:51:ef:d1:de:86:43:f8:5b:fb:a1:d9:8a:bc:05:65:8a:
         b6:35:c5:22:b8:9b:9d:4b:15:a4:33:90:59:95:30:7d:93:a9:
         ca:de:a9:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4ydqTVgLU7UVi5IafBcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTVlYzVmNTI2NjhiZTUwYjQ1MThiNjg3Y2Y4YmQ5NTkz
MGFlMzkwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2RjMzhhOTE2NmJiOTVjNjZlNDdjZDhhMGE2NmY2NjkwMWE2YjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsqDQXPDXNRiJfoOInn5CAJyfepo
TmE3k6cvJYMfBUHBdoqjlZ/GG1FH9pHI29XqgFx96ZcR1UXmpmj6YdiJmWGnYpzd
aw8pK/HwSCegvTakMs5Jv9RwWxKgAAQtXL0JkAbaWrmN8JJkk+kPJlRAFU4K71OJ
sa7rQk/cyVW5V5qtiU63/d6bwPyHbKpuv94TyZCmXypHCHn1Kpfn87TIFpdIiBTZ
1Vlku7yXRLO8I2N8wLNl7TDgEMocYatQZVYMbSw8Nze7qwOc67SDgsliN3C0B5YX
AKMA9dn4oXsnobBRCBNJ/eJLFA1rPt4EG2L0wFJRjjmKm8/lROHTkzzktQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPcOKkWa7lcZuR82KCmb2aQGmsgMB8GA1UdIwQY
MBaAFASl7F9SZovlC0UYtofPi9lZMK45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktYc1gxSm1pLVVMUlJpMmg4LUwyVmt3cmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wMGUzM2UtZmQ3NC00NTgzLTk4NGUt
YzZiODRjYzU4NjEwLzEvczl3NHFSWnJ1VnhtNUh6WW9LWnZacEFhYXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wMGUzM2UtZmQ3NC00NTgzLTk4NGUtYzZiODRjYzU4NjEw
LzEvQktYc1gxSm1pLVVMUlJpMmg4LUwyVmt3cmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTwUMA0G
CSqGSIb3DQEBCwUAA4IBAQAb8PiUnqfAdV00zDLfXHZBxQ6JOD6ov4Ir0h5u04kI
+d96hQLJ7sDPompt2HT5dHz95TsARjehDcZDKltw4ymZlnI5q0dXUorYJT5k4K/n
MKlt6qW8V6o1shJvozQ4iougq7LoQ2kmicwelNJ4wUncF01j/+QGUyFuniUAUaJq
OL0fBD8UIIZK+4cvhWammG66FuiAPR7nmne20Y7RL24Zb6qFG2K4t/its4QOHRsg
q0RoxNZ5kkrn4IIC44F1r+DpSkWqk1e6KYqwXBdqppyeynkfQn1LCvf2SVHv0d6G
Q/hb+6HZirwFZYq2NcUiuJudSxWkM5BZlTB9k6nK3qmV
-----END CERTIFICATE-----