Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/Tu7NZ30dtxbwVPsJlvyacbPc_5I.roa
File:                     Tu7NZ30dtxbwVPsJlvyacbPc_5I.roa (raw, json)
Hash identifier:          9Gb+XvdJENFB5jV+1uMyQTyodhdB8qO4zxB8LVDUs/I=
Subject key identifier:   4E:EE:CD:67:7D:1D:B7:16:F0:54:FB:09:96:FC:9A:71:B3:DC:FF:92
Certificate issuer:       /CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
Certificate serial:       0190641D49223E6B157241F71E44621804BC
Authority key identifier: 60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/Tu7NZ30dtxbwVPsJlvyacbPc_5I.roa
Signing time:             Sat 29 Jun 2024 13:09:19 +0000
ROA not before:           Sat 29 Jun 2024 13:09:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59441
IP address blocks:        109.95.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:64:1d:49:22:3e:6b:15:72:41:f7:1e:44:62:18:04:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
        Validity
            Not Before: Jun 29 13:09:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4eeecd677d1db716f054fb0996fc9a71b3dcff92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9b:ba:93:21:fe:90:63:e6:4e:4f:6a:ab:fb:
                    fe:2c:c7:56:c0:b5:bc:e3:83:17:71:09:19:05:91:
                    52:bf:a6:03:5b:f2:ea:bb:bb:a7:1b:a5:1a:57:d1:
                    f0:5e:64:ab:9f:1d:3f:63:17:04:5e:fc:96:3e:cb:
                    0b:4b:96:95:7a:76:b1:75:51:c6:52:db:b1:cd:8b:
                    d4:cf:e3:39:42:81:24:29:70:59:2a:87:dc:e6:4c:
                    60:84:6b:c6:77:a9:f7:c0:ee:75:78:8b:fa:c2:f2:
                    0e:5a:ee:90:8a:2d:25:39:10:84:bf:5e:c1:73:97:
                    9a:c8:57:ff:dc:50:97:c0:6c:5e:04:c5:b9:d0:fb:
                    38:27:08:95:e1:32:45:14:39:3c:85:a2:27:3b:73:
                    ba:b3:70:af:25:d4:f4:02:05:15:23:fc:52:ba:18:
                    1c:57:66:26:1a:fb:55:09:cd:15:98:e7:fa:20:de:
                    c2:42:e9:fe:74:5d:83:cb:f9:f7:4d:e1:9f:05:95:
                    64:7c:84:eb:d1:9b:27:94:94:cb:ec:c6:4a:5a:8b:
                    bd:3b:a6:8f:20:14:fe:55:9f:e2:3b:91:70:f6:e2:
                    f3:4f:80:78:b2:92:8e:48:db:ba:3b:c4:cb:c1:bb:
                    da:d4:62:a7:03:ff:5f:59:c1:0c:24:04:8a:bd:42:
                    24:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:EE:CD:67:7D:1D:B7:16:F0:54:FB:09:96:FC:9A:71:B3:DC:FF:92
            X509v3 Authority Key Identifier:
                keyid:60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/Tu7NZ30dtxbwVPsJlvyacbPc_5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:99:6f:ac:3e:df:fd:77:28:b0:a5:b7:78:3c:40:13:24:97:
         9c:29:d8:2e:f7:7b:79:9f:54:03:03:98:e4:f0:c5:8d:87:29:
         02:1a:a8:be:d4:c4:08:9b:7c:d6:66:c0:cc:a5:ac:e9:80:00:
         bd:f3:73:c1:33:8a:d7:b0:3e:80:ce:1a:ff:b6:63:f9:21:a4:
         61:5d:75:51:72:6e:4c:5b:e6:a8:b7:a7:c6:18:a5:2d:35:ef:
         d9:c8:3f:82:7d:00:9b:80:ec:64:1d:fc:84:55:d3:ff:2a:bd:
         a8:23:b5:13:80:0e:78:65:51:7f:cf:f5:ec:17:b9:93:62:ca:
         54:23:17:e1:b1:0d:7d:cd:f9:58:b3:1e:5a:ed:10:ce:92:ac:
         46:48:f5:43:f6:d9:ff:32:0b:66:a8:31:9e:8b:24:f0:2d:e4:
         bd:fc:2f:bd:31:3a:27:9b:a3:c7:38:2c:0f:b7:e5:67:31:78:
         d8:e7:5d:0f:53:99:34:49:a3:13:e8:4d:fb:64:57:b8:0c:cd:
         6e:a4:55:4f:39:d3:ed:7a:ea:7a:54:95:07:d4:8c:63:11:82:
         11:3f:10:3e:fe:96:eb:55:5f:23:ae:37:90:87:cc:8a:55:02:
         69:97:3b:06:03:ce:fc:aa:ee:bc:42:e7:a9:91:91:32:67:2b:
         70:42:8a:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBkHUkiPmsVckH3HkRiGAS8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZWJkNGY3YWMzZDI0OTIwZGUxYzFmZjExODVkOTUwN2U5
YWQwNzgwHhcNMjQwNjI5MTMwOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWVlY2Q2NzdkMWRiNzE2ZjA1NGZiMDk5NmZjOWE3MWIzZGNmZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZu6kyH+kGPmTk9qq/v+LMdWwLW8
44MXcQkZBZFSv6YDW/Lqu7unG6UaV9HwXmSrnx0/YxcEXvyWPssLS5aVenaxdVHG
UtuxzYvUz+M5QoEkKXBZKofc5kxghGvGd6n3wO51eIv6wvIOWu6Qii0lORCEv17B
c5eayFf/3FCXwGxeBMW50Ps4JwiV4TJFFDk8haInO3O6s3CvJdT0AgUVI/xSuhgc
V2YmGvtVCc0VmOf6IN7CQun+dF2Dy/n3TeGfBZVkfITr0ZsnlJTL7MZKWou9O6aP
IBT+VZ/iO5Fw9uLzT4B4spKOSNu6O8TLwbva1GKnA/9fWcEMJASKvUIkVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7uzWd9HbcW8FT7CZb8mnGz3P+SMB8GA1UdIwQY
MBaAFGDr1PesPSSSDeHB/xGF2VB+mtB4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgt
ODdkM2IwMjNkOTE5LzEvVHU3TlozMGR0eGJ3VlBzSmx2eWFjYlBjXzVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgtODdkM2IwMjNkOTE5
LzEvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV9CMA0G
CSqGSIb3DQEBCwUAA4IBAQDDmW+sPt/9dyiwpbd4PEATJJecKdgu93t5n1QDA5jk
8MWNhykCGqi+1MQIm3zWZsDMpazpgAC983PBM4rXsD6Azhr/tmP5IaRhXXVRcm5M
W+aot6fGGKUtNe/ZyD+CfQCbgOxkHfyEVdP/Kr2oI7UTgA54ZVF/z/XsF7mTYspU
IxfhsQ19zflYsx5a7RDOkqxGSPVD9tn/MgtmqDGeiyTwLeS9/C+9MTonm6PHOCwP
t+VnMXjY510PU5k0SaMT6E37ZFe4DM1upFVPOdPteup6VJUH1IxjEYIRPxA+/pbr
VV8jrjeQh8yKVQJplzsGA878qu68QuepkZEyZytwQoqT
-----END CERTIFICATE-----