Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/60hMVdAs7gCbEfLe3Z9SqrJL4rc.roa
File:                     60hMVdAs7gCbEfLe3Z9SqrJL4rc.roa (raw, json)
Hash identifier:          X1Fqxcr0zU4B6H5Hq9S9fYEtK8cWlHz5HttPuolt2qw=
Subject key identifier:   EB:48:4C:55:D0:2C:EE:00:9B:11:F2:DE:DD:9F:52:AA:B2:4B:E2:B7
Certificate issuer:       /CN=b9f74a47a6d1a0bf4c216e5fab4d91fb129df3d6
Certificate serial:       018CC4939E42D505CBD3E444D8541A70E9E2
Authority key identifier: B9:F7:4A:47:A6:D1:A0:BF:4C:21:6E:5F:AB:4D:91:FB:12:9D:F3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/60hMVdAs7gCbEfLe3Z9SqrJL4rc.roa
Signing time:             Mon 01 Jan 2024 10:30:57 +0000
ROA not before:           Mon 01 Jan 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203306
IP address blocks:        5.63.185.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9e:42:d5:05:cb:d3:e4:44:d8:54:1a:70:e9:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9f74a47a6d1a0bf4c216e5fab4d91fb129df3d6
        Validity
            Not Before: Jan  1 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb484c55d02cee009b11f2dedd9f52aab24be2b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f4:ca:d2:d6:30:08:af:e2:5e:d7:ec:02:7c:
                    09:fa:3e:53:35:46:41:f0:51:58:0e:ae:a5:a9:ef:
                    98:9e:bb:ba:4e:4d:b4:8f:fc:09:6d:52:0e:f6:c1:
                    fb:a2:fb:86:87:75:0c:41:4d:2c:4a:74:e8:52:0a:
                    f7:f6:fd:c8:7e:bf:ce:72:28:1d:cc:16:59:c8:75:
                    66:54:5e:fe:72:b9:9e:91:1c:c1:ca:28:07:74:79:
                    8d:00:fc:48:1a:2f:bc:96:04:ee:4c:24:49:3d:e2:
                    54:4f:09:f0:81:e6:ab:9a:bd:34:ab:ce:ec:bf:86:
                    29:90:3d:44:8a:81:9c:8a:39:5c:8b:d9:11:20:b6:
                    bb:e2:7e:54:50:ea:e0:b8:59:0a:e6:4c:45:d0:14:
                    44:aa:e4:68:05:97:4e:72:f3:43:b3:79:52:b3:7a:
                    ed:39:37:42:54:08:3b:4a:09:56:fd:97:9a:07:45:
                    60:6e:93:00:19:0a:ac:66:2d:95:8e:8d:ef:ce:45:
                    a9:c2:27:4b:34:42:02:a9:6d:eb:16:fe:40:bf:cc:
                    75:85:4e:d3:8e:7c:3c:e5:8a:a2:f2:73:c1:d9:7b:
                    b2:b5:39:ba:30:da:1b:3a:e6:6c:ec:3b:7d:90:8e:
                    6a:a1:b2:0c:a5:8b:3f:7e:f5:86:cd:e7:fc:80:aa:
                    af:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:48:4C:55:D0:2C:EE:00:9B:11:F2:DE:DD:9F:52:AA:B2:4B:E2:B7
            X509v3 Authority Key Identifier:
                keyid:B9:F7:4A:47:A6:D1:A0:BF:4C:21:6E:5F:AB:4D:91:FB:12:9D:F3:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/60hMVdAs7gCbEfLe3Z9SqrJL4rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:d9:df:2b:bb:cb:9a:6d:63:cc:6c:4a:51:b0:20:c0:ee:eb:
         fb:91:11:93:3a:1d:21:3a:48:3d:c0:87:60:94:93:f8:33:b8:
         2c:3a:0a:60:a2:57:c5:79:d6:51:6e:a0:20:3b:c8:1b:77:ec:
         8e:93:63:28:79:bc:c6:e5:d8:04:11:ed:fb:4b:4d:e7:a3:dd:
         84:d6:66:ab:a2:58:b8:fc:29:d3:b6:14:1d:32:56:37:1e:86:
         f9:94:d8:b1:a4:60:bc:52:b4:a8:b0:f8:84:3a:38:4b:fb:59:
         60:54:8c:a7:fc:13:57:0c:56:b3:59:de:f3:2d:41:d2:41:87:
         31:97:e8:1b:e9:fb:5e:41:c7:ac:b4:fd:28:ce:56:0b:d7:a3:
         08:57:70:1f:3d:2b:7c:ff:f0:5f:64:e8:12:65:b3:60:58:4b:
         3e:67:60:2e:78:18:9e:4b:1d:7b:47:a4:68:c6:62:69:04:de:
         b3:6e:c7:c4:e3:90:56:3a:5d:e4:23:d9:4e:4a:f1:12:72:ff:
         e5:03:3f:d0:29:3d:0e:eb:70:b9:30:da:1e:43:9e:df:80:30:
         30:e5:84:2b:f2:50:9d:9e:01:4a:c1:54:2c:8d:47:43:98:86:
         e4:65:f3:a7:83:59:be:51:c4:c9:63:43:98:5f:c8:1c:a8:c1:
         6c:e8:4e:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk55C1QXL0+RE2FQacOniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5Zjc0YTQ3YTZkMWEwYmY0YzIxNmU1ZmFiNGQ5MWZiMTI5
ZGYzZDYwHhcNMjQwMTAxMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjQ4NGM1NWQwMmNlZTAwOWIxMWYyZGVkZDlmNTJhYWIyNGJlMmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/TK0tYwCK/iXtfsAnwJ+j5TNUZB
8FFYDq6lqe+Ynru6Tk20j/wJbVIO9sH7ovuGh3UMQU0sSnToUgr39v3Ifr/Ocigd
zBZZyHVmVF7+crmekRzByigHdHmNAPxIGi+8lgTuTCRJPeJUTwnwgearmr00q87s
v4YpkD1EioGcijlci9kRILa74n5UUOrguFkK5kxF0BREquRoBZdOcvNDs3lSs3rt
OTdCVAg7SglW/ZeaB0VgbpMAGQqsZi2Vjo3vzkWpwidLNEICqW3rFv5Av8x1hU7T
jnw85Yqi8nPB2XuytTm6MNobOuZs7Dt9kI5qobIMpYs/fvWGzef8gKqv9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtITFXQLO4AmxHy3t2fUqqyS+K3MB8GA1UdIwQY
MBaAFLn3Skem0aC/TCFuX6tNkfsSnfPWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZkS1I2YlJvTDlNSVc1ZnEwMlIteEtkODlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yNGEwYmQtMDgzOC00Yzk1LTljY2Qt
MzBmNjA4YWRlNDhkLzEvNjBoTVZkQXM3Z0NiRWZMZTNaOVNxckpMNHJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yNGEwYmQtMDgzOC00Yzk1LTljY2QtMzBmNjA4YWRlNDhk
LzEvdWZkS1I2YlJvTDlNSVc1ZnEwMlIteEtkODlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT+5MA0G
CSqGSIb3DQEBCwUAA4IBAQAC2d8ru8uabWPMbEpRsCDA7uv7kRGTOh0hOkg9wIdg
lJP4M7gsOgpgolfFedZRbqAgO8gbd+yOk2MoebzG5dgEEe37S03no92E1maroli4
/CnTthQdMlY3Hob5lNixpGC8UrSosPiEOjhL+1lgVIyn/BNXDFazWd7zLUHSQYcx
l+gb6fteQcestP0ozlYL16MIV3AfPSt8//BfZOgSZbNgWEs+Z2AueBieSx17R6Ro
xmJpBN6zbsfE45BWOl3kI9lOSvEScv/lAz/QKT0O63C5MNoeQ57fgDAw5YQr8lCd
ngFKwVQsjUdDmIbkZfOng1m+UcTJY0OYX8gcqMFs6E6Q
-----END CERTIFICATE-----