Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/OwhCX0yQo070ad7ZlKSR6Xq8148.roa
File:                     OwhCX0yQo070ad7ZlKSR6Xq8148.roa (raw, json)
Hash identifier:          1gKErjonv3WLAvRQja2D0Yt5J15TsZKHtH8vv8xklRk=
Subject key identifier:   3B:08:42:5F:4C:90:A3:4E:F4:69:DE:D9:94:A4:91:E9:7A:BC:D7:8F
Certificate issuer:       /CN=5a43e9e267956e7f262c17f0089f0f60ba7abefb
Certificate serial:       01923D352F6BFA5BB972D2A42E454DB068BA
Authority key identifier: 5A:43:E9:E2:67:95:6E:7F:26:2C:17:F0:08:9F:0F:60:BA:7A:BE:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/OwhCX0yQo070ad7ZlKSR6Xq8148.roa
Signing time:             Sun 29 Sep 2024 09:55:48 +0000
ROA not before:           Sun 29 Sep 2024 09:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209342
IP address blocks:        86.60.49.0/24 maxlen: 24
                          86.60.50.0/24 maxlen: 24
                          86.60.51.0/24 maxlen: 24
                          86.60.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/WkPp4meVbn8mLBfwCJ8PYLp6vvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/WkPp4meVbn8mLBfwCJ8PYLp6vvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:3d:35:2f:6b:fa:5b:b9:72:d2:a4:2e:45:4d:b0:68:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a43e9e267956e7f262c17f0089f0f60ba7abefb
        Validity
            Not Before: Sep 29 09:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b08425f4c90a34ef469ded994a491e97abcd78f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f8:a7:91:88:71:c7:3d:e4:2a:e1:33:c5:87:
                    6b:76:36:ab:35:2c:18:b0:ab:34:e7:06:a1:ff:78:
                    b5:60:4b:b5:04:53:f6:1b:99:36:80:25:26:80:bb:
                    72:77:6f:c6:16:24:00:91:4a:5b:b4:cd:d6:b8:e3:
                    f4:f9:c4:d7:53:a7:36:ee:5b:06:e4:bc:18:c4:d6:
                    d0:6e:96:91:41:f4:a2:7f:01:9d:f6:88:19:28:19:
                    ca:db:f0:14:7b:94:ec:38:5d:a1:91:2f:65:5e:03:
                    44:26:31:f2:22:1c:b1:3c:87:c6:ce:2d:7c:7e:d4:
                    86:1e:b3:ce:df:1c:08:09:67:a8:18:6c:69:5f:eb:
                    d9:67:21:48:99:65:37:c7:a3:86:f4:7f:67:3b:81:
                    d2:a1:5b:28:6a:f0:cc:11:7f:3e:3b:a9:1b:c4:cb:
                    cc:09:e5:b6:d1:cf:55:3d:7f:05:b8:4d:63:c8:f7:
                    44:d4:8e:92:9e:6f:d8:ff:3c:70:08:bd:cd:87:4c:
                    35:11:42:83:ca:cc:03:43:ae:63:0d:22:1f:f0:a6:
                    23:f5:e5:f3:8a:8e:0a:ce:a0:08:88:3b:66:d8:1c:
                    39:de:5e:40:11:93:e0:ea:b2:51:39:e2:9c:d4:2a:
                    01:a9:cf:f7:d3:8e:25:de:43:bf:12:d0:6c:20:a3:
                    f7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:08:42:5F:4C:90:A3:4E:F4:69:DE:D9:94:A4:91:E9:7A:BC:D7:8F
            X509v3 Authority Key Identifier:
                keyid:5A:43:E9:E2:67:95:6E:7F:26:2C:17:F0:08:9F:0F:60:BA:7A:BE:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkPp4meVbn8mLBfwCJ8PYLp6vvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/OwhCX0yQo070ad7ZlKSR6Xq8148.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/06444c-9d9b-4c6b-950b-79c8987a8b1c/1/WkPp4meVbn8mLBfwCJ8PYLp6vvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.60.49.0-86.60.51.255
                  86.60.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:1c:a9:c4:ea:d6:e8:e7:7d:ac:77:a9:f5:1a:b5:91:4e:98:
         96:1a:f6:a7:49:42:ce:fe:47:6b:ee:9e:35:76:e7:77:2b:47:
         1f:8a:ec:00:9f:39:dd:1b:b3:bc:fd:ee:34:fc:ac:9e:ec:bf:
         d1:b3:d8:ab:ef:cc:02:55:01:99:81:b6:a6:2f:12:7c:48:ff:
         12:f1:fa:78:0e:01:22:72:cf:aa:4a:b3:ef:e1:fc:e8:c9:ab:
         72:b5:45:1c:ec:a7:be:c8:4b:46:69:64:95:79:fe:99:28:ea:
         8b:04:33:ee:cd:bb:0a:6c:da:66:2d:35:43:92:6d:af:3d:8c:
         0f:ba:bb:24:e3:27:60:92:c2:6d:1b:90:94:e8:5f:cd:de:ec:
         7c:60:62:94:50:a8:fb:db:05:79:ed:14:4b:56:0b:0e:3e:33:
         83:40:1c:50:b9:17:a7:a1:4d:b7:8b:67:bf:fe:87:d4:c4:dd:
         3c:b6:e7:46:9a:18:91:63:f4:e7:05:c4:e5:84:8f:3b:9f:0a:
         ae:f2:2a:9d:95:7f:a5:36:97:87:e0:d2:80:a3:d2:26:01:12:
         82:b1:9d:3c:ef:a2:d8:fb:fc:96:f1:e6:a1:f3:ae:62:96:a9:
         aa:95:28:cb:f1:df:db:2a:2b:9d:bd:9d:27:f9:62:c6:2b:b6:
         27:71:72:7c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZI9NS9r+lu5ctKkLkVNsGi6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNDNlOWUyNjc5NTZlN2YyNjJjMTdmMDA4OWYwZjYwYmE3
YWJlZmIwHhcNMjQwOTI5MDk1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjA4NDI1ZjRjOTBhMzRlZjQ2OWRlZDk5NGE0OTFlOTdhYmNkNzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvinkYhxxz3kKuEzxYdrdjarNSwY
sKs05wah/3i1YEu1BFP2G5k2gCUmgLtyd2/GFiQAkUpbtM3WuOP0+cTXU6c27lsG
5LwYxNbQbpaRQfSifwGd9ogZKBnK2/AUe5TsOF2hkS9lXgNEJjHyIhyxPIfGzi18
ftSGHrPO3xwICWeoGGxpX+vZZyFImWU3x6OG9H9nO4HSoVsoavDMEX8+O6kbxMvM
CeW20c9VPX8FuE1jyPdE1I6Snm/Y/zxwCL3Nh0w1EUKDyswDQ65jDSIf8KYj9eXz
io4KzqAIiDtm2Bw53l5AEZPg6rJROeKc1CoBqc/3044l3kO/EtBsIKP3lwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDsIQl9MkKNO9Gne2ZSkkel6vNePMB8GA1UdIwQY
MBaAFFpD6eJnlW5/JiwX8AifD2C6er77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2tQcDRtZVZibjhtTEJmd0NKOFBZTHA2dnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8wNjQ0NGMtOWQ5Yi00YzZiLTk1MGIt
NzljODk4N2E4YjFjLzEvT3doQ1gweVFvMDcwYWQ3WmxLU1I2WHE4MTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8wNjQ0NGMtOWQ5Yi00YzZiLTk1MGItNzljODk4N2E4YjFj
LzEvV2tQcDRtZVZibjhtTEJmd0NKOFBZTHA2dnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABWPDED
BAJWPDADBABWPGAwDQYJKoZIhvcNAQELBQADggEBAA4cqcTq1ujnfax3qfUatZFO
mJYa9qdJQs7+R2vunjV253crRx+K7ACfOd0bs7z97jT8rJ7sv9Gz2KvvzAJVAZmB
tqYvEnxI/xLx+ngOASJyz6pKs+/h/OjJq3K1RRzsp77IS0ZpZJV5/pko6osEM+7N
uwps2mYtNUOSba89jA+6uyTjJ2CSwm0bkJToX83e7HxgYpRQqPvbBXntFEtWCw4+
M4NAHFC5F6ehTbeLZ7/+h9TE3Ty250aaGJFj9OcFxOWEjzufCq7yKp2Vf6U2l4fg
0oCj0iYBEoKxnTzvotj7/Jbx5qHzrmKWqaqVKMvx39sqK529nSf5YsYrtidxcnw=
-----END CERTIFICATE-----