Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/o6kwVJbhhUn6d-svh2ryiQ8YtVc.roa
File:                     o6kwVJbhhUn6d-svh2ryiQ8YtVc.roa (raw, json)
Hash identifier:          TPdQ7mfcrlYdvFpH+kBV/HWEq31FBN8NorvcPEm65TY=
Subject key identifier:   A3:A9:30:54:96:E1:85:49:FA:77:EB:2F:87:6A:F2:89:0F:18:B5:57
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018FE970FF77BED0981F1E711F9662A9293C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/o6kwVJbhhUn6d-svh2ryiQ8YtVc.roa
Signing time:             Wed 05 Jun 2024 17:27:27 +0000
ROA not before:           Wed 05 Jun 2024 17:27:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208769
IP address blocks:        92.60.32.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e9:70:ff:77:be:d0:98:1f:1e:71:1f:96:62:a9:29:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun  5 17:27:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3a9305496e18549fa77eb2f876af2890f18b557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:cc:97:31:be:59:d2:2f:e8:c3:c6:5f:74:02:
                    9a:23:a3:54:07:ba:b8:70:0d:4c:0c:31:79:45:e5:
                    13:dc:48:4f:9e:f1:6e:a8:9b:8e:93:e8:18:de:b7:
                    81:3c:a8:e8:23:5f:7e:2c:a8:1b:98:7f:d2:55:9a:
                    e7:b4:41:8d:d9:7a:b6:2f:fc:5c:fb:ce:a2:aa:b1:
                    61:02:bd:fb:6b:36:16:99:cc:b5:fd:89:d4:0b:fe:
                    6a:9c:c8:b8:d0:f5:a3:94:8b:23:86:18:7a:0c:74:
                    da:5e:ea:3a:9a:7b:ff:07:8f:89:d8:fd:b5:42:a7:
                    2d:50:f7:50:c6:df:6f:1c:b5:c0:a3:36:94:21:58:
                    2c:91:d7:40:99:ab:43:08:a4:b7:e9:27:21:18:28:
                    bd:a3:92:3a:48:b6:05:a1:3d:06:62:b2:32:a2:85:
                    b7:63:31:9f:3f:77:fe:1e:4f:3e:16:81:e8:06:fc:
                    1b:9d:bc:a4:85:71:ff:52:15:99:bb:e7:52:da:d4:
                    c4:4f:88:7b:55:7b:f6:79:f3:93:69:2e:b8:f0:43:
                    39:b3:16:fd:49:46:de:a5:fc:ac:0e:25:fa:a3:4f:
                    4b:88:ed:b8:c5:f5:5f:25:90:80:f8:99:cd:2d:ec:
                    a9:75:9c:28:7a:05:b3:8c:9b:eb:c0:eb:72:7e:cb:
                    44:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:A9:30:54:96:E1:85:49:FA:77:EB:2F:87:6A:F2:89:0F:18:B5:57
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/o6kwVJbhhUn6d-svh2ryiQ8YtVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:85:b4:3f:9c:54:43:e6:ca:4e:0d:87:e7:f6:22:a2:3a:33:
         52:e4:e1:cc:bd:4b:c4:fb:53:dd:36:5f:86:85:fa:9f:e7:e8:
         2d:e2:d9:86:f0:12:18:b7:37:5c:41:3f:27:26:f2:89:08:9c:
         60:f5:e8:a2:2e:43:4f:1a:1a:69:22:4b:88:d5:55:2f:1a:48:
         63:82:06:6f:b1:93:4a:db:1d:04:0e:bd:e0:01:56:5b:3f:d9:
         a3:e0:13:c0:cf:e3:98:ff:52:31:a2:6f:b3:47:a7:58:57:b3:
         05:0b:13:ad:0b:1d:da:f0:ca:bf:28:c5:ee:4f:bd:bf:54:e4:
         3d:54:e6:74:3f:1d:51:7b:36:e5:9a:39:e0:b7:57:b1:52:b1:
         95:44:f0:b2:39:33:be:35:56:67:28:33:9f:00:de:8b:f1:77:
         74:59:08:f2:1e:0e:9b:04:1c:8b:e4:e3:c1:46:45:43:5f:72:
         78:98:ed:b1:3a:a9:f9:dd:d8:44:8f:29:b3:ee:aa:9a:53:28:
         58:bd:2b:de:16:5c:93:2a:33:a5:42:9b:1c:dc:f6:f2:7d:75:
         7c:6a:70:e2:6d:b5:7a:1d:16:de:60:47:87:38:a0:ab:04:8d:
         e5:c5:e2:43:53:6a:0e:9d:74:a1:23:1b:af:15:f6:d5:9b:ff:
         f7:15:55:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/pcP93vtCYHx5xH5ZiqSk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNjA1MTcyNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2E5MzA1NDk2ZTE4NTQ5ZmE3N2ViMmY4NzZhZjI4OTBmMThiNTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2syXMb5Z0i/ow8ZfdAKaI6NUB7q4
cA1MDDF5ReUT3EhPnvFuqJuOk+gY3reBPKjoI19+LKgbmH/SVZrntEGN2Xq2L/xc
+86iqrFhAr37azYWmcy1/YnUC/5qnMi40PWjlIsjhhh6DHTaXuo6mnv/B4+J2P21
QqctUPdQxt9vHLXAozaUIVgskddAmatDCKS36SchGCi9o5I6SLYFoT0GYrIyooW3
YzGfP3f+Hk8+FoHoBvwbnbykhXH/UhWZu+dS2tTET4h7VXv2efOTaS648EM5sxb9
SUbepfysDiX6o09LiO24xfVfJZCA+JnNLeypdZwoegWzjJvrwOtyfstE3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOpMFSW4YVJ+nfrL4dq8okPGLVXMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbzZrd1ZKYmhoVW42ZC1zdmgycnlpUThZdFZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXDwgMA0G
CSqGSIb3DQEBCwUAA4IBAQA0hbQ/nFRD5spODYfn9iKiOjNS5OHMvUvE+1PdNl+G
hfqf5+gt4tmG8BIYtzdcQT8nJvKJCJxg9eiiLkNPGhppIkuI1VUvGkhjggZvsZNK
2x0EDr3gAVZbP9mj4BPAz+OY/1Ixom+zR6dYV7MFCxOtCx3a8Mq/KMXuT72/VOQ9
VOZ0Px1Rezblmjngt1exUrGVRPCyOTO+NVZnKDOfAN6L8Xd0WQjyHg6bBByL5OPB
RkVDX3J4mO2xOqn53dhEjymz7qqaUyhYvSveFlyTKjOlQpsc3PbyfXV8anDibbV6
HRbeYEeHOKCrBI3lxeJDU2oOnXShIxuvFfbVm//3FVVQ
-----END CERTIFICATE-----