Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60672.roa
File:                     AS60672.roa (raw, json)
Hash identifier:          j+uCx9q+WHlG2I1yutpGaxAIeM4Tu0sQXsHrrAFPU1c=
Subject key identifier:   B9:86:0C:4A:06:AC:7D:E9:2B:B3:11:7D:1D:12:99:9D:CD:5C:91:C1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2D0B98B1351CD1C07B863BE556E6C0F51F1F5EFD
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60672.roa
Signing time:             Thu 25 Apr 2024 11:17:31 +0000
ROA not before:           Thu 25 Apr 2024 11:12:31 +0000
ROA not after:            Thu 24 Apr 2025 11:17:31 +0000
asID:                     60672
IP address blocks:        147.79.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:0b:98:b1:35:1c:d1:c0:7b:86:3b:e5:56:e6:c0:f5:1f:1f:5e:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 25 11:12:31 2024 GMT
            Not After : Apr 24 11:17:31 2025 GMT
        Subject: CN=B9860C4A06AC7DE92BB3117D1D12999DCD5C91C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:db:99:40:e9:f4:1c:c3:7b:89:5f:d9:a4:01:
                    48:e5:31:4a:02:ba:2d:97:97:31:9f:40:ff:b2:df:
                    63:c1:c2:9e:fa:f3:d7:78:66:ad:3c:0d:b3:f7:e4:
                    b0:94:97:fb:40:0b:b6:eb:69:5e:4d:cc:a8:ec:81:
                    05:30:f7:6a:ef:a5:05:b9:89:38:37:0f:9a:76:63:
                    b4:c8:67:55:3c:a5:73:6a:ce:b0:0a:c8:ba:3a:3b:
                    70:c4:33:d5:7c:68:dd:b1:51:f4:34:23:38:8b:ac:
                    32:d1:d6:20:93:7d:43:fc:0b:75:6a:98:75:ca:ac:
                    46:c5:59:65:f7:34:aa:66:a5:45:d8:98:9a:8c:dc:
                    44:ae:05:6f:75:d4:3d:1e:fc:41:ef:5c:fe:db:f7:
                    86:46:55:54:63:7b:fa:81:d3:9f:c4:93:ea:07:93:
                    73:23:4b:28:11:90:7e:3e:91:0e:83:40:83:d0:06:
                    a6:d0:ec:68:79:83:5f:8b:67:ac:2d:21:2b:48:57:
                    86:eb:fb:bb:d6:be:2d:2a:42:31:b3:8a:ec:36:6c:
                    22:9c:3c:51:45:ee:b4:27:eb:59:43:0c:d9:ae:b2:
                    0d:36:17:d3:f1:ce:12:de:aa:87:46:df:fe:b0:5f:
                    d7:aa:30:04:42:d6:72:b3:5f:59:f3:d7:19:f8:47:
                    a9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:86:0C:4A:06:AC:7D:E9:2B:B3:11:7D:1D:12:99:9D:CD:5C:91:C1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:ad:96:36:6b:95:39:a8:56:b6:43:b8:c9:05:99:99:53:8f:
         4f:43:5a:76:08:43:94:00:c6:9b:7a:56:15:33:2f:50:a3:19:
         8d:9e:95:1f:e2:77:8e:13:e0:59:a5:ba:20:54:8e:a2:e5:e9:
         3f:c7:05:da:d1:41:c9:ca:56:68:74:9a:b8:d7:d2:7c:fb:94:
         39:64:2e:2c:06:9c:c4:10:4b:af:66:6c:52:82:12:fa:6b:5f:
         1f:9e:75:78:c9:b6:99:5e:dc:4e:34:06:8b:85:3d:bc:f7:eb:
         44:d9:47:e9:0a:af:88:fa:6e:dd:29:eb:ec:72:0d:02:25:b2:
         a1:af:1c:1a:e6:ff:f6:9e:e2:87:05:4d:1e:2b:09:2b:82:29:
         d3:d0:72:c0:19:0b:93:42:60:46:53:7b:0a:47:ff:8c:81:0c:
         49:30:9f:37:b8:ff:e6:2d:1e:c7:e7:c9:05:db:44:96:12:43:
         b0:39:9b:45:54:1d:a5:d5:3f:79:2f:d8:2c:c6:2a:9c:d0:64:
         45:c4:36:c5:3d:63:8e:40:a3:1e:7d:36:74:1f:df:6e:f2:cc:
         51:bc:f4:0e:64:8e:c8:a5:3d:1f:ad:cb:0a:7f:4e:9c:61:d4:
         2b:98:12:df:08:04:eb:b7:95:2e:ce:26:ec:47:61:09:f2:40:
         98:95:5d:6d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIULQuYsTUc0cB7hjvlVubA9R8fXv0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MjUxMTEyMzFaFw0yNTA0MjQxMTE3MzFaMDMxMTAvBgNV
BAMTKEI5ODYwQzRBMDZBQzdERTkyQkIzMTE3RDFEMTI5OTlEQ0Q1QzkxQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr25lA6fQcw3uJX9mkAUjlMUoC
ui2XlzGfQP+y32PBwp7689d4Zq08DbP35LCUl/tAC7braV5NzKjsgQUw92rvpQW5
iTg3D5p2Y7TIZ1U8pXNqzrAKyLo6O3DEM9V8aN2xUfQ0IziLrDLR1iCTfUP8C3Vq
mHXKrEbFWWX3NKpmpUXYmJqM3ESuBW911D0e/EHvXP7b94ZGVVRje/qB05/Ek+oH
k3MjSygRkH4+kQ6DQIPQBqbQ7Gh5g1+LZ6wtIStIV4br+7vWvi0qQjGziuw2bCKc
PFFF7rQn61lDDNmusg02F9PxzhLeqodG3/6wX9eqMARC1nKzX1nz1xn4R6kxAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUuYYMSgasfekrsxF9HRKZnc1ckcEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjA2NzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTTzkw
DQYJKoZIhvcNAQELBQADggEBAKitljZrlTmoVrZDuMkFmZlTj09DWnYIQ5QAxpt6
VhUzL1CjGY2elR/id44T4FmluiBUjqLl6T/HBdrRQcnKVmh0mrjX0nz7lDlkLiwG
nMQQS69mbFKCEvprXx+edXjJtple3E40BouFPbz360TZR+kKr4j6bt0p6+xyDQIl
sqGvHBrm//ae4ocFTR4rCSuCKdPQcsAZC5NCYEZTewpH/4yBDEkwnze4/+YtHsfn
yQXbRJYSQ7A5m0VUHaXVP3kv2CzGKpzQZEXENsU9Y45Aox59NnQf327yzFG89A5k
jsilPR+tywp/Tpxh1CuYEt8IBOu3lS7OJuxHYQnyQJiVXW0=
-----END CERTIFICATE-----