Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YKI1QxSsRCvMI42z7gKMRoDEuho.roa
File:                     YKI1QxSsRCvMI42z7gKMRoDEuho.roa (raw, json)
Hash identifier:          WYNYodUvJC3YWBcxN+4I4LLLEMPhhJhkLJzrQ0VkxhI=
Subject key identifier:   60:A2:35:43:14:AC:44:2B:CC:23:8D:B3:EE:02:8C:46:80:C4:BA:1A
Certificate issuer:       /CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
Certificate serial:       01941FFAB9E8C076F7297B78698B914F490E
Authority key identifier: 60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YKI1QxSsRCvMI42z7gKMRoDEuho.roa
Signing time:             Wed 01 Jan 2025 03:48:32 +0000
ROA not before:           Wed 01 Jan 2025 03:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210392
IP address blocks:        109.95.66.0/24 maxlen: 24
                          109.95.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b9:e8:c0:76:f7:29:7b:78:69:8b:91:4f:49:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
        Validity
            Not Before: Jan  1 03:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60a2354314ac442bcc238db3ee028c4680c4ba1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:75:44:a6:9e:a1:4a:43:2b:ff:3a:a6:e8:e6:
                    cc:e6:72:60:68:c3:f2:41:d7:7d:4a:4b:c0:96:e2:
                    d0:d4:12:f9:63:ed:a4:59:a4:25:f3:06:8e:5e:ae:
                    9f:9d:a6:7e:d4:e2:ad:32:6a:a5:29:e3:6c:a1:15:
                    91:2a:8f:37:7c:66:59:01:00:ca:00:05:10:8d:6e:
                    96:33:05:5c:2d:f3:04:a6:e2:f0:1c:71:bb:d9:68:
                    a4:3c:45:e5:a9:d2:0e:af:bd:bb:a7:32:d0:93:84:
                    04:65:3f:d8:10:3e:c5:c7:3f:89:70:f5:af:4c:72:
                    e0:a0:b7:fa:aa:47:f2:42:d5:1a:de:b5:4c:d7:d5:
                    97:f5:f4:a4:bd:a4:08:bc:93:7d:ac:04:d1:fc:fe:
                    e7:a3:20:c4:99:a9:9e:b1:db:87:3e:04:fb:77:b4:
                    5a:30:64:6a:11:e6:d2:97:f9:80:f2:db:e2:72:fe:
                    de:73:07:f7:06:99:0d:81:3f:17:c5:ee:24:27:31:
                    85:47:98:79:7d:04:90:a1:4c:af:29:8b:bb:67:0b:
                    ee:b3:d0:3d:90:ac:ff:e2:cb:16:ba:f2:9f:7a:e1:
                    c4:3f:15:e3:63:21:45:bc:00:d6:6b:f8:9e:80:12:
                    ed:61:26:e4:3c:27:93:ae:05:43:6a:c6:20:3c:2b:
                    b0:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:A2:35:43:14:AC:44:2B:CC:23:8D:B3:EE:02:8C:46:80:C4:BA:1A
            X509v3 Authority Key Identifier:
                keyid:60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YKI1QxSsRCvMI42z7gKMRoDEuho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:eb:92:98:df:9f:14:84:6e:dc:7f:8a:21:dc:53:5b:ad:39:
         2a:0d:76:44:8c:45:06:4f:6d:87:cb:eb:3a:3e:9e:eb:6b:d7:
         e7:e4:06:ca:ea:d7:bb:68:57:73:63:8a:5b:f9:58:24:ed:a9:
         d1:f6:14:8e:a2:15:82:5d:48:8d:81:ce:5d:01:85:47:66:61:
         a5:64:9f:a4:ef:69:59:b8:4a:0f:25:49:3d:88:35:dd:5f:9a:
         c9:ba:4e:7c:6f:14:7c:13:4d:9d:06:c8:86:50:9c:c9:27:45:
         43:8b:6f:9d:41:71:d4:58:04:de:42:37:d0:17:52:2b:0c:5c:
         96:53:c2:fb:81:93:dc:41:7f:35:54:a2:63:d5:a5:3e:1b:b1:
         d4:44:f3:ed:3d:f1:e9:59:9b:2f:f6:8c:39:49:3d:5e:38:4e:
         b7:fe:f2:fd:37:bb:12:56:79:65:6c:13:a7:a4:30:3f:ae:a1:
         94:2e:0a:a4:1b:3c:19:54:0f:26:02:c5:6f:6a:6f:05:c6:46:
         d9:a2:04:30:f5:4e:cf:79:76:77:7a:27:de:bb:71:09:fc:6e:
         65:47:99:0f:8f:35:72:61:fb:87:97:a4:ef:6a:22:99:f8:d7:
         58:a5:80:1d:d9:a8:ab:1f:c7:92:58:39:2d:d6:fd:92:66:85:
         47:d3:f2:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+rnowHb3KXt4aYuRT0kOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZWJkNGY3YWMzZDI0OTIwZGUxYzFmZjExODVkOTUwN2U5
YWQwNzgwHhcNMjUwMTAxMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGEyMzU0MzE0YWM0NDJiY2MyMzhkYjNlZTAyOGM0NjgwYzRiYTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3VEpp6hSkMr/zqm6ObM5nJgaMPy
Qdd9SkvAluLQ1BL5Y+2kWaQl8waOXq6fnaZ+1OKtMmqlKeNsoRWRKo83fGZZAQDK
AAUQjW6WMwVcLfMEpuLwHHG72WikPEXlqdIOr727pzLQk4QEZT/YED7Fxz+JcPWv
THLgoLf6qkfyQtUa3rVM19WX9fSkvaQIvJN9rATR/P7noyDEmamesduHPgT7d7Ra
MGRqEebSl/mA8tvicv7ecwf3BpkNgT8Xxe4kJzGFR5h5fQSQoUyvKYu7Zwvus9A9
kKz/4ssWuvKfeuHEPxXjYyFFvADWa/iegBLtYSbkPCeTrgVDasYgPCuwswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCiNUMUrEQrzCONs+4CjEaAxLoaMB8GA1UdIwQY
MBaAFGDr1PesPSSSDeHB/xGF2VB+mtB4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgt
ODdkM2IwMjNkOTE5LzEvWUtJMVF4U3NSQ3ZNSTQyejdnS01Sb0RFdWhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgtODdkM2IwMjNkOTE5
LzEvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbV9CMA0G
CSqGSIb3DQEBCwUAA4IBAQC665KY358UhG7cf4oh3FNbrTkqDXZEjEUGT22Hy+s6
Pp7ra9fn5AbK6te7aFdzY4pb+Vgk7anR9hSOohWCXUiNgc5dAYVHZmGlZJ+k72lZ
uEoPJUk9iDXdX5rJuk58bxR8E02dBsiGUJzJJ0VDi2+dQXHUWATeQjfQF1IrDFyW
U8L7gZPcQX81VKJj1aU+G7HURPPtPfHpWZsv9ow5ST1eOE63/vL9N7sSVnllbBOn
pDA/rqGULgqkGzwZVA8mAsVvam8FxkbZogQw9U7PeXZ3eifeu3EJ/G5lR5kPjzVy
YfuHl6TvaiKZ+NdYpYAd2airH8eSWDkt1v2SZoVH0/LS
-----END CERTIFICATE-----