Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/60Vz-M29o_Jd5zVK7ZG4HULycM8.roa
File:                     60Vz-M29o_Jd5zVK7ZG4HULycM8.roa (raw, json)
Hash identifier:          6YUgneC6mPzRS38bAB5ZZGgzLeZRJk6A0KbCUGYLnb4=
Subject key identifier:   EB:45:73:F8:CD:BD:A3:F2:5D:E7:35:4A:ED:91:B8:1D:42:F2:70:CF
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422205580E6D96C464DE3F49D65AA48DB
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/60Vz-M29o_Jd5zVK7ZG4HULycM8.roa
Signing time:             Wed 01 Jan 2025 13:48:51 +0000
ROA not before:           Wed 01 Jan 2025 13:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215071
IP address blocks:        193.8.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:55:80:e6:d9:6c:46:4d:e3:f4:9d:65:aa:48:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb4573f8cdbda3f25de7354aed91b81d42f270cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:91:da:b7:95:32:1f:d2:6c:4c:70:8c:91:12:
                    57:9e:59:fd:16:f7:c5:9d:86:2f:84:7e:70:c9:dd:
                    5b:5f:c7:3b:84:4f:4c:cd:2c:06:b6:cc:26:5d:2b:
                    08:9f:27:06:95:9e:85:7e:04:f8:9a:25:6a:62:fb:
                    f4:ae:d5:5f:22:79:66:0a:4e:7d:57:ec:88:18:03:
                    cf:d8:55:ed:ed:85:71:c7:a2:6a:07:6c:10:b8:63:
                    17:1c:91:9f:a7:17:66:21:14:a9:2a:13:14:c4:e1:
                    9b:3d:d6:4a:54:75:7e:e0:19:81:de:c4:ef:e6:a6:
                    f9:55:ff:7d:bb:91:35:15:f6:23:01:ac:52:56:2e:
                    8f:9b:8e:1f:25:ec:37:ed:d5:c6:d2:62:06:cb:06:
                    ac:af:bd:b7:28:5b:75:5e:79:70:4f:b1:7e:b9:49:
                    e5:af:bc:5f:70:79:a9:07:42:90:3d:e9:09:d3:6f:
                    ef:57:f2:4d:5e:88:0a:18:30:6e:58:47:1b:3e:59:
                    08:cd:f6:72:c5:ae:05:dc:75:6f:f0:9e:c2:09:68:
                    7d:09:fc:80:c8:7d:bb:f5:4e:0d:05:96:18:73:25:
                    36:16:5b:06:83:80:7c:f0:59:3c:62:0b:e9:f5:a9:
                    1c:f7:b2:ca:44:8b:ea:b6:bd:52:a6:83:c7:15:ad:
                    93:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:45:73:F8:CD:BD:A3:F2:5D:E7:35:4A:ED:91:B8:1D:42:F2:70:CF
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/60Vz-M29o_Jd5zVK7ZG4HULycM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:0e:88:27:b5:a2:a4:69:a5:79:4d:28:f8:e3:d4:bc:18:a4:
         30:ba:5a:4b:02:02:fb:ef:66:59:84:99:b7:40:ea:fa:94:79:
         0b:3a:0b:9e:49:9f:16:33:ae:2e:72:0c:30:fa:96:22:28:d2:
         03:39:b1:b2:44:04:79:b4:2f:a1:a9:60:73:38:4d:2f:c9:53:
         16:2e:49:8b:9a:00:29:39:32:d7:64:b2:27:48:fc:97:47:8b:
         06:0b:76:45:9c:2b:c2:cc:00:73:14:2f:0c:e7:0a:d9:91:28:
         81:d2:14:ce:c6:91:e6:1c:a1:db:33:3f:2c:26:96:fc:20:cc:
         9c:cd:7c:9a:34:7c:81:75:51:ed:7a:b8:46:eb:34:9d:42:0e:
         42:4d:2c:ea:56:98:82:0c:4d:e0:78:a5:ad:f5:28:10:ec:24:
         6a:31:5f:19:8d:81:09:18:97:53:86:59:48:74:de:6e:3e:fd:
         35:b7:d3:3b:ec:f1:96:9c:b4:b3:25:6f:49:79:98:65:1c:07:
         2b:6f:0a:ac:31:b4:3d:cf:10:21:ff:00:fd:a2:c7:1b:e4:55:
         cd:99:b9:3e:8b:3c:c9:9d:6d:d4:3a:d3:f9:4c:5c:85:9b:3e:
         8f:21:26:dc:e7:26:ca:b6:d6:f9:89:45:7c:e6:9f:29:1b:8d:
         43:40:69:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIFWA5tlsRk3j9J1lqkjbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjQ1NzNmOGNkYmRhM2YyNWRlNzM1NGFlZDkxYjgxZDQyZjI3MGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJHat5UyH9JsTHCMkRJXnln9FvfF
nYYvhH5wyd1bX8c7hE9MzSwGtswmXSsInycGlZ6FfgT4miVqYvv0rtVfInlmCk59
V+yIGAPP2FXt7YVxx6JqB2wQuGMXHJGfpxdmIRSpKhMUxOGbPdZKVHV+4BmB3sTv
5qb5Vf99u5E1FfYjAaxSVi6Pm44fJew37dXG0mIGywasr723KFt1XnlwT7F+uUnl
r7xfcHmpB0KQPekJ02/vV/JNXogKGDBuWEcbPlkIzfZyxa4F3HVv8J7CCWh9CfyA
yH279U4NBZYYcyU2FlsGg4B88Fk8Ygvp9akc97LKRIvqtr1SpoPHFa2TXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtFc/jNvaPyXec1Su2RuB1C8nDPMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNjBWei1NMjlvX0pkNXpWSzdaRzRIVUx5Y004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhxMA0G
CSqGSIb3DQEBCwUAA4IBAQCLDogntaKkaaV5TSj449S8GKQwulpLAgL772ZZhJm3
QOr6lHkLOgueSZ8WM64ucgww+pYiKNIDObGyRAR5tC+hqWBzOE0vyVMWLkmLmgAp
OTLXZLInSPyXR4sGC3ZFnCvCzABzFC8M5wrZkSiB0hTOxpHmHKHbMz8sJpb8IMyc
zXyaNHyBdVHterhG6zSdQg5CTSzqVpiCDE3geKWt9SgQ7CRqMV8ZjYEJGJdThllI
dN5uPv01t9M77PGWnLSzJW9JeZhlHAcrbwqsMbQ9zxAh/wD9oscb5FXNmbk+izzJ
nW3UOtP5TFyFmz6PISbc5ybKttb5iUV85p8pG41DQGkc
-----END CERTIFICATE-----