Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/6csp2LeD7vly2n1j-VpIEsucAhQ.roa
File:                     6csp2LeD7vly2n1j-VpIEsucAhQ.roa (raw, json)
Hash identifier:          WR+qcQQTkccFoOguSbUEIuw7HhStcNOST97gvk9zp7k=
Subject key identifier:   E9:CB:29:D8:B7:83:EE:F9:72:DA:7D:63:F9:5A:48:12:CB:9C:02:14
Certificate issuer:       /CN=32d5c9c85ffb7463945e8126570b7e2851b3fb7a
Certificate serial:       019426D95EABE8D5A42D392ECBF9B68FD091
Authority key identifier: 32:D5:C9:C8:5F:FB:74:63:94:5E:81:26:57:0B:7E:28:51:B3:FB:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MtXJyF_7dGOUXoEmVwt-KFGz-3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/6csp2LeD7vly2n1j-VpIEsucAhQ.roa
Signing time:             Thu 02 Jan 2025 11:49:27 +0000
ROA not before:           Thu 02 Jan 2025 11:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        185.123.60.0/24 maxlen: 24
                          2a06:ab00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/MtXJyF_7dGOUXoEmVwt-KFGz-3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/MtXJyF_7dGOUXoEmVwt-KFGz-3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MtXJyF_7dGOUXoEmVwt-KFGz-3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:5e:ab:e8:d5:a4:2d:39:2e:cb:f9:b6:8f:d0:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32d5c9c85ffb7463945e8126570b7e2851b3fb7a
        Validity
            Not Before: Jan  2 11:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9cb29d8b783eef972da7d63f95a4812cb9c0214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:72:d3:50:4b:15:5d:78:bb:72:31:fa:f2:11:
                    a4:ee:e8:a5:e2:85:ba:07:84:4b:41:2a:a1:4b:28:
                    2b:7c:49:7e:8b:f6:17:d7:5c:5f:8a:60:15:f1:53:
                    36:42:63:7f:8a:3c:88:cd:e7:5c:1e:ee:35:bd:e9:
                    7b:82:83:da:ea:8a:ca:63:e7:f6:ce:dc:0e:da:e0:
                    33:85:bf:c1:f5:05:d1:8f:94:f3:f7:da:15:ad:f5:
                    91:10:c7:69:cd:3a:dc:b9:98:fb:7d:8a:95:e4:19:
                    86:62:4a:7e:ae:3a:0f:62:eb:c1:99:c6:e2:e5:26:
                    b1:f2:b1:8d:8d:25:d6:c7:5b:16:76:b9:99:4c:6d:
                    1e:8b:92:30:44:28:24:f2:bb:90:89:73:52:60:6a:
                    96:33:34:0b:a1:12:2d:b9:bf:73:6a:a0:48:08:fb:
                    3f:f3:27:9c:14:54:59:30:87:f9:6f:d3:5e:32:7e:
                    27:44:28:a0:2b:0f:4a:38:f8:c8:f1:32:31:8e:8f:
                    c5:11:22:82:64:3d:9e:34:eb:ac:98:c7:a9:9f:4a:
                    7e:4b:75:00:43:d6:3a:2d:d5:44:e4:b9:0f:d3:5e:
                    34:c0:8b:94:02:ce:f3:a0:50:ae:35:f1:22:97:1f:
                    01:e5:53:a0:5a:d2:e6:c9:e2:59:f7:9a:14:7a:b0:
                    bf:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:CB:29:D8:B7:83:EE:F9:72:DA:7D:63:F9:5A:48:12:CB:9C:02:14
            X509v3 Authority Key Identifier:
                keyid:32:D5:C9:C8:5F:FB:74:63:94:5E:81:26:57:0B:7E:28:51:B3:FB:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MtXJyF_7dGOUXoEmVwt-KFGz-3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/6csp2LeD7vly2n1j-VpIEsucAhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ad0351-006f-47aa-ab19-19c05f4f4a7b/1/MtXJyF_7dGOUXoEmVwt-KFGz-3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.60.0/24
                IPv6:
                  2a06:ab00::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:02:aa:0a:51:4b:7f:c3:a2:bb:30:5a:27:d8:47:48:5e:da:
         65:97:e5:07:99:7a:2a:67:23:4c:62:b3:d9:e9:32:a2:6d:4b:
         78:b9:35:ea:c0:7e:b8:0a:d6:06:51:03:e7:c0:d4:ac:1f:b1:
         28:d6:d5:02:e0:56:16:37:79:5a:ee:be:72:69:2f:ad:2f:3b:
         6a:7e:08:67:5b:d8:2a:18:e6:df:0f:fe:88:38:fe:28:b5:4b:
         19:2a:0d:93:02:33:8d:a9:97:4a:cf:88:67:73:04:38:04:96:
         27:3f:5f:99:a0:f9:06:fe:df:2e:8c:d9:f7:bf:23:12:0e:6a:
         29:c2:61:4a:aa:0c:06:32:68:49:6d:d3:2f:48:b8:26:a9:54:
         7b:22:0d:b6:21:dd:2a:6f:5c:89:e4:17:18:9a:16:a3:98:60:
         01:a5:08:f6:58:39:11:a8:5e:a5:44:05:6e:b8:c9:28:45:81:
         83:27:ac:a6:67:34:7e:a2:50:48:b8:8a:45:32:96:f3:70:36:
         3f:56:02:a4:89:03:6a:1e:77:63:a9:7e:80:51:66:d9:c3:5a:
         23:25:af:63:63:a4:ca:d6:f5:05:7f:a3:c3:9b:f2:bb:08:27:
         b7:45:9d:1d:c9:79:d9:8d:1a:85:24:ba:39:98:98:5e:12:cf:
         21:f8:b0:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2V6r6NWkLTkuy/m2j9CRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZDVjOWM4NWZmYjc0NjM5NDVlODEyNjU3MGI3ZTI4NTFi
M2ZiN2EwHhcNMjUwMTAyMTE0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWNiMjlkOGI3ODNlZWY5NzJkYTdkNjNmOTVhNDgxMmNiOWMwMjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3LTUEsVXXi7cjH68hGk7uil4oW6
B4RLQSqhSygrfEl+i/YX11xfimAV8VM2QmN/ijyIzedcHu41vel7goPa6orKY+f2
ztwO2uAzhb/B9QXRj5Tz99oVrfWREMdpzTrcuZj7fYqV5BmGYkp+rjoPYuvBmcbi
5Sax8rGNjSXWx1sWdrmZTG0ei5IwRCgk8ruQiXNSYGqWMzQLoRItub9zaqBICPs/
8yecFFRZMIf5b9NeMn4nRCigKw9KOPjI8TIxjo/FESKCZD2eNOusmMepn0p+S3UA
Q9Y6LdVE5LkP0140wIuUAs7zoFCuNfEilx8B5VOgWtLmyeJZ95oUerC/vwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOnLKdi3g+75ctp9Y/laSBLLnAIUMB8GA1UdIwQY
MBaAFDLVychf+3RjlF6BJlcLfihRs/t6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXRYSnlGXzdkR09VWG9FbVZ3dC1LRkd6LTNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9hZDAzNTEtMDA2Zi00N2FhLWFiMTkt
MTljMDVmNGY0YTdiLzEvNmNzcDJMZUQ3dmx5Mm4xai1WcElFc3VjQWhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9hZDAzNTEtMDA2Zi00N2FhLWFiMTktMTljMDVmNGY0YTdi
LzEvTXRYSnlGXzdkR09VWG9FbVZ3dC1LRkd6LTNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXs8MA0E
AgACMAcDBQAqBqsAMA0GCSqGSIb3DQEBCwUAA4IBAQAYAqoKUUt/w6K7MFon2EdI
Xtpll+UHmXoqZyNMYrPZ6TKibUt4uTXqwH64CtYGUQPnwNSsH7Eo1tUC4FYWN3la
7r5yaS+tLztqfghnW9gqGObfD/6IOP4otUsZKg2TAjONqZdKz4hncwQ4BJYnP1+Z
oPkG/t8ujNn3vyMSDmopwmFKqgwGMmhJbdMvSLgmqVR7Ig22Id0qb1yJ5BcYmhaj
mGABpQj2WDkRqF6lRAVuuMkoRYGDJ6ymZzR+olBIuIpFMpbzcDY/VgKkiQNqHndj
qX6AUWbZw1ojJa9jY6TK1vUFf6PDm/K7CCe3RZ0dyXnZjRqFJLo5mJheEs8h+LDv
-----END CERTIFICATE-----