Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/0oyvQSskKLURMU5--71GY_qY1Rw.roa
File:                     0oyvQSskKLURMU5--71GY_qY1Rw.roa (raw, json)
Hash identifier:          FhWGFi3zT3MjfU9qoqVGUVoaCnDp7KJNtgGP2EcinAs=
Subject key identifier:   D2:8C:AF:41:2B:24:28:B5:11:31:4E:7E:FB:BD:46:63:FA:98:D5:1C
Certificate issuer:       /CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
Certificate serial:       0192209E778714CF6EB2A7C5650ACE4035C6
Authority key identifier: 60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/0oyvQSskKLURMU5--71GY_qY1Rw.roa
Signing time:             Mon 23 Sep 2024 20:41:49 +0000
ROA not before:           Mon 23 Sep 2024 20:41:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34078
IP address blocks:        109.95.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:20:9e:77:87:14:cf:6e:b2:a7:c5:65:0a:ce:40:35:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
        Validity
            Not Before: Sep 23 20:41:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d28caf412b2428b511314e7efbbd4663fa98d51c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:60:6a:07:95:d0:7a:6f:ca:57:48:cf:c0:b3:
                    8e:12:5a:33:a6:73:68:c9:88:42:cd:8f:6a:11:8c:
                    03:cf:4f:ab:0f:61:35:a9:4e:6e:9f:f2:cd:d1:52:
                    e3:95:2e:fc:c7:f0:d0:f0:50:90:8c:e4:ca:cd:86:
                    a5:27:09:e9:d8:b7:ec:6b:06:59:0c:ca:34:b1:0a:
                    43:b2:19:e6:12:bf:fb:b7:4b:3c:aa:8c:a3:8e:0b:
                    a7:f0:40:c8:93:af:20:77:95:08:52:88:0f:79:d6:
                    53:b6:fb:b1:b9:33:df:1f:5b:48:21:0b:81:04:b6:
                    a7:0f:36:7e:da:81:e6:84:fe:57:7f:df:9c:e7:2b:
                    b5:5f:9a:da:41:89:43:23:5f:a5:8c:ba:6c:c2:b8:
                    0f:4c:b2:14:66:31:62:1f:36:ba:13:7d:0c:2e:08:
                    ca:4a:35:03:b3:3c:f5:65:2f:b6:fc:0f:0d:7c:47:
                    eb:93:f8:d4:97:4f:6f:fb:c1:fb:07:8f:e6:46:1b:
                    f1:a1:77:84:fd:ca:6f:c4:2a:f1:8f:2f:04:bc:3d:
                    79:45:56:7d:46:88:97:cb:97:1c:5c:e9:8e:6b:b7:
                    53:47:41:9a:4e:cd:e7:1e:0f:32:73:53:32:27:96:
                    65:27:25:61:e2:59:41:c5:11:d1:67:28:40:97:4e:
                    e9:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8C:AF:41:2B:24:28:B5:11:31:4E:7E:FB:BD:46:63:FA:98:D5:1C
            X509v3 Authority Key Identifier:
                keyid:60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/0oyvQSskKLURMU5--71GY_qY1Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:9f:06:db:f8:54:95:6c:5c:0a:87:50:55:78:4c:ab:a0:68:
         b3:33:b5:f0:c0:7c:6b:5f:fe:0d:82:08:7c:65:ac:64:4e:6d:
         f4:13:00:ed:d8:d7:42:7b:e6:da:63:14:5f:ee:74:ab:9e:a4:
         6e:19:12:0f:5a:26:40:96:0b:2c:28:bf:4f:99:a7:96:ae:0b:
         5f:b1:0a:33:02:2d:4a:01:98:3c:80:04:72:39:a0:7b:1b:e2:
         bc:c3:fa:bc:10:27:ca:af:54:a2:92:c4:0b:3b:49:03:ea:ea:
         95:64:a1:fa:69:b1:ff:a0:1a:2f:27:b2:96:f3:8e:bf:ac:3e:
         d6:1a:41:90:71:92:94:07:c3:4e:66:8c:c9:2d:19:89:42:1d:
         c5:6c:e1:83:50:c8:8c:5c:c5:72:12:07:28:4c:0f:78:8b:2d:
         e5:0c:8e:85:65:b8:45:d8:36:09:26:7b:99:fd:f4:19:5e:81:
         b4:ff:a3:30:23:b8:b6:5f:1d:b9:a8:dc:22:96:fc:63:54:f0:
         28:4a:7d:a7:f9:c1:ca:47:49:27:47:e3:e2:fe:41:7b:5c:0b:
         40:92:f4:f0:40:7f:d4:c3:d9:e2:43:15:71:b9:52:54:70:1b:
         48:c1:b3:a4:85:71:a6:bc:ce:a5:04:c0:54:b1:85:40:79:56:
         cd:8f:92:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIgnneHFM9usqfFZQrOQDXGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZWJkNGY3YWMzZDI0OTIwZGUxYzFmZjExODVkOTUwN2U5
YWQwNzgwHhcNMjQwOTIzMjA0MTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjhjYWY0MTJiMjQyOGI1MTEzMTRlN2VmYmJkNDY2M2ZhOThkNTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2BqB5XQem/KV0jPwLOOElozpnNo
yYhCzY9qEYwDz0+rD2E1qU5un/LN0VLjlS78x/DQ8FCQjOTKzYalJwnp2LfsawZZ
DMo0sQpDshnmEr/7t0s8qoyjjgun8EDIk68gd5UIUogPedZTtvuxuTPfH1tIIQuB
BLanDzZ+2oHmhP5Xf9+c5yu1X5raQYlDI1+ljLpswrgPTLIUZjFiHza6E30MLgjK
SjUDszz1ZS+2/A8NfEfrk/jUl09v+8H7B4/mRhvxoXeE/cpvxCrxjy8EvD15RVZ9
RoiXy5ccXOmOa7dTR0GaTs3nHg8yc1MyJ5ZlJyVh4llBxRHRZyhAl07pQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKMr0ErJCi1ETFOfvu9RmP6mNUcMB8GA1UdIwQY
MBaAFGDr1PesPSSSDeHB/xGF2VB+mtB4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgt
ODdkM2IwMjNkOTE5LzEvMG95dlFTc2tLTFVSTVU1LS03MUdZX3FZMVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgtODdkM2IwMjNkOTE5
LzEvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV9CMA0G
CSqGSIb3DQEBCwUAA4IBAQA7nwbb+FSVbFwKh1BVeEyroGizM7XwwHxrX/4Nggh8
ZaxkTm30EwDt2NdCe+baYxRf7nSrnqRuGRIPWiZAlgssKL9PmaeWrgtfsQozAi1K
AZg8gARyOaB7G+K8w/q8ECfKr1SiksQLO0kD6uqVZKH6abH/oBovJ7KW846/rD7W
GkGQcZKUB8NOZozJLRmJQh3FbOGDUMiMXMVyEgcoTA94iy3lDI6FZbhF2DYJJnuZ
/fQZXoG0/6MwI7i2Xx25qNwilvxjVPAoSn2n+cHKR0knR+Pi/kF7XAtAkvTwQH/U
w9niQxVxuVJUcBtIwbOkhXGmvM6lBMBUsYVAeVbNj5J0
-----END CERTIFICATE-----