Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/28OO9taqdWuX45D1xybj01oToFM.roa
File:                     28OO9taqdWuX45D1xybj01oToFM.roa (raw, json)
Hash identifier:          NxqGPafne14RJjajYnYOjLNt1wR9c5mCTzWiNCVcxIc=
Subject key identifier:   DB:C3:8E:F6:D6:AA:75:6B:97:E3:90:F5:C7:26:E3:D3:5A:13:A0:53
Certificate issuer:       /CN=32d5c9c85ffb7463945e8126570b7e2851b3fb7a
Certificate serial:       018CC3B713956EB43713C170C90CC9C906B1
Authority key identifier: 32:D5:C9:C8:5F:FB:74:63:94:5E:81:26:57:0B:7E:28:51:B3:FB:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MtXJyF_7dGOUXoEmVwt-KFGz-3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/28OO9taqdWuX45D1xybj01oToFM.roa
Signing time:             Mon 01 Jan 2024 06:30:04 +0000
ROA not before:           Mon 01 Jan 2024 06:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        185.123.60.0/24 maxlen: 24
                          2a06:ab00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/MtXJyF_7dGOUXoEmVwt-KFGz-3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/MtXJyF_7dGOUXoEmVwt-KFGz-3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MtXJyF_7dGOUXoEmVwt-KFGz-3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 12:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:13:95:6e:b4:37:13:c1:70:c9:0c:c9:c9:06:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32d5c9c85ffb7463945e8126570b7e2851b3fb7a
        Validity
            Not Before: Jan  1 06:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbc38ef6d6aa756b97e390f5c726e3d35a13a053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a9:7e:57:9f:41:ea:ba:7f:84:d3:64:ec:7c:
                    87:c0:43:8b:fc:47:39:62:19:da:35:22:08:71:9d:
                    e0:02:37:80:5a:a2:43:12:59:f1:f0:e1:5c:a5:81:
                    2a:3b:29:89:8a:03:8a:7d:20:9d:ba:3d:84:db:6e:
                    d1:4a:a3:e0:e1:35:e9:18:41:b6:62:84:2a:2e:bb:
                    b3:50:9e:9d:b1:27:95:eb:bf:7d:c0:ec:03:39:de:
                    11:f5:9d:b0:85:43:91:e2:5e:fb:d5:e8:0a:cd:fb:
                    d2:f2:b5:e4:b7:f2:df:ee:81:5b:4f:95:c6:c3:a0:
                    22:34:22:13:e2:6e:67:82:ef:f2:7e:c1:65:0b:1a:
                    22:77:12:a8:dc:cd:7c:a7:b9:9e:f9:7b:95:c6:74:
                    f5:65:42:7f:f1:6b:62:2e:03:8c:85:1d:54:7e:06:
                    9c:40:f6:6e:cf:a9:9b:95:bf:3c:a2:d7:ab:f0:58:
                    22:f0:23:dc:0d:4a:bc:b4:e8:0e:e4:3a:0a:b2:db:
                    9c:75:92:e2:86:15:96:79:d4:7c:22:a5:b1:6f:fc:
                    d7:f2:29:0c:1e:7b:fc:bf:9f:e3:b7:1a:c2:34:6b:
                    98:27:f0:d9:9b:9d:63:36:48:99:80:03:22:35:38:
                    99:93:99:27:5f:d5:d4:8e:29:b3:74:ce:fa:2b:48:
                    01:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C3:8E:F6:D6:AA:75:6B:97:E3:90:F5:C7:26:E3:D3:5A:13:A0:53
            X509v3 Authority Key Identifier:
                keyid:32:D5:C9:C8:5F:FB:74:63:94:5E:81:26:57:0B:7E:28:51:B3:FB:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MtXJyF_7dGOUXoEmVwt-KFGz-3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/28OO9taqdWuX45D1xybj01oToFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/MtXJyF_7dGOUXoEmVwt-KFGz-3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.60.0/24
                IPv6:
                  2a06:ab00::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:8d:2f:8b:39:48:08:39:fa:d0:36:e8:cb:64:5c:93:68:4e:
         62:92:6c:0e:7b:37:a9:3c:da:68:79:21:2d:7d:b2:06:52:8d:
         cb:0d:6c:48:52:71:29:fe:99:ba:dd:4f:83:51:42:1d:aa:f0:
         8c:a4:e0:51:8e:f6:6d:0c:b9:c9:dc:e9:c5:08:b1:a2:9c:e8:
         6f:28:f6:e4:8a:ed:70:64:96:2c:63:1b:9d:2a:ae:b0:b5:dc:
         9b:d3:40:93:f1:5b:12:e7:e7:55:11:30:a6:21:ee:22:ca:20:
         49:86:da:db:38:d0:76:34:0f:57:7d:ad:7f:e0:e8:89:74:56:
         91:6d:bd:75:85:e3:3f:f7:09:0c:3a:16:b1:98:4c:d7:69:8c:
         9c:e5:a3:f4:fc:31:5e:fa:e1:ba:39:fe:51:f5:ae:d1:17:07:
         72:21:b7:b9:0d:e3:06:17:68:95:a3:d3:91:68:a2:34:b4:8f:
         65:09:8a:1c:75:c0:3f:cc:dd:86:40:e8:0e:21:ec:c9:b7:a5:
         a2:b2:f7:ae:43:8f:11:10:a9:b2:e3:e1:20:86:ee:a5:a1:82:
         d9:d6:f6:a6:cf:29:19:39:64:f7:5f:f7:9b:f2:b7:38:47:fa:
         43:55:4a:33:fd:77:39:1d:84:9c:05:d0:58:62:9b:a8:df:8b:
         2b:4f:2a:78
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtxOVbrQ3E8FwyQzJyQaxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZDVjOWM4NWZmYjc0NjM5NDVlODEyNjU3MGI3ZTI4NTFi
M2ZiN2EwHhcNMjQwMTAxMDYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmMzOGVmNmQ2YWE3NTZiOTdlMzkwZjVjNzI2ZTNkMzVhMTNhMDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjql+V59B6rp/hNNk7HyHwEOL/Ec5
YhnaNSIIcZ3gAjeAWqJDElnx8OFcpYEqOymJigOKfSCduj2E227RSqPg4TXpGEG2
YoQqLruzUJ6dsSeV6799wOwDOd4R9Z2whUOR4l771egKzfvS8rXkt/Lf7oFbT5XG
w6AiNCIT4m5ngu/yfsFlCxoidxKo3M18p7me+XuVxnT1ZUJ/8WtiLgOMhR1Ufgac
QPZuz6mblb88oter8Fgi8CPcDUq8tOgO5DoKstucdZLihhWWedR8IqWxb/zX8ikM
Hnv8v5/jtxrCNGuYJ/DZm51jNkiZgAMiNTiZk5knX9XUjimzdM76K0gBtQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNvDjvbWqnVrl+OQ9ccm49NaE6BTMB8GA1UdIwQY
MBaAFDLVychf+3RjlF6BJlcLfihRs/t6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXRYSnlGXzdkR09VWG9FbVZ3dC1LRkd6LTNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9hZDAzNTEtMDA2Zi00N2FhLWFiMTkt
MTljMDVmNGY0YTdiLzEvMjhPTzl0YXFkV3VYNDVEMXh5YmowMW9Ub0ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9hZDAzNTEtMDA2Zi00N2FhLWFiMTktMTljMDVmNGY0YTdi
LzEvTXRYSnlGXzdkR09VWG9FbVZ3dC1LRkd6LTNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXs8MA0E
AgACMAcDBQAqBqsAMA0GCSqGSIb3DQEBCwUAA4IBAQA7jS+LOUgIOfrQNujLZFyT
aE5ikmwOezepPNpoeSEtfbIGUo3LDWxIUnEp/pm63U+DUUIdqvCMpOBRjvZtDLnJ
3OnFCLGinOhvKPbkiu1wZJYsYxudKq6wtdyb00CT8VsS5+dVETCmIe4iyiBJhtrb
ONB2NA9Xfa1/4OiJdFaRbb11heM/9wkMOhaxmEzXaYyc5aP0/DFe+uG6Of5R9a7R
FwdyIbe5DeMGF2iVo9ORaKI0tI9lCYocdcA/zN2GQOgOIezJt6WisveuQ48REKmy
4+Eghu6loYLZ1vamzykZOWT3X/eb8rc4R/pDVUoz/Xc5HYScBdBYYpuo34srTyp4
-----END CERTIFICATE-----