Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/r0u4_NYx4UoVDgzk-tTL9OkUBns.roa
File:                     r0u4_NYx4UoVDgzk-tTL9OkUBns.roa (raw, json)
Hash identifier:          CXaQZS1fA+Qbat6iaGPBe50MQOOgGZfe2Nv6tiyIU2E=
Subject key identifier:   AF:4B:B8:FC:D6:31:E1:4A:15:0E:0C:E4:FA:D4:CB:F4:E9:14:06:7B
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019765B3494F72635416A052FCAF7CFA5DC7
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/r0u4_NYx4UoVDgzk-tTL9OkUBns.roa
Signing time:             Thu 12 Jun 2025 19:52:17 +0000
ROA not before:           Thu 12 Jun 2025 19:52:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59550
IP address blocks:        104.249.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 01:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:65:b3:49:4f:72:63:54:16:a0:52:fc:af:7c:fa:5d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jun 12 19:52:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af4bb8fcd631e14a150e0ce4fad4cbf4e914067b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:06:85:41:33:82:ef:5f:ad:fa:2a:88:75:64:
                    14:8c:5d:88:7f:f4:e7:49:a7:a3:b7:54:0c:70:8f:
                    ea:36:fa:47:b0:ad:a0:0e:80:3d:a9:e4:6d:35:54:
                    11:7c:99:eb:44:20:b2:12:27:41:33:81:dc:15:15:
                    9e:4a:ea:14:14:17:40:60:3a:6c:68:1f:f7:b7:f8:
                    54:e9:95:eb:3d:3d:58:80:dd:4b:63:31:f0:8b:31:
                    16:d4:d7:11:46:65:f1:ef:53:13:2b:4a:5e:61:c5:
                    0f:4f:db:7e:e9:60:fa:6b:e2:68:44:69:7c:50:b2:
                    8c:2e:33:01:a2:88:9b:2e:eb:e0:b5:2c:22:a6:51:
                    99:c6:2a:b4:f2:ea:a6:62:04:b2:17:b1:ef:de:b1:
                    d4:91:c0:8f:6b:98:de:0c:36:fe:dc:76:e8:3a:3d:
                    6e:df:a0:fa:58:4c:7d:52:37:20:ef:f8:d1:38:fe:
                    75:84:3f:0e:cc:a1:6a:53:9d:9a:c3:a4:74:9e:d5:
                    64:78:9f:3b:f9:86:81:14:77:bf:66:85:44:45:b6:
                    76:6a:6c:be:8c:44:a7:84:aa:a6:72:98:47:f9:9d:
                    0c:91:f1:44:d4:b1:ba:63:37:a7:73:11:2d:0f:60:
                    2b:ac:6b:02:63:b1:22:54:c7:25:87:71:ce:10:be:
                    79:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:4B:B8:FC:D6:31:E1:4A:15:0E:0C:E4:FA:D4:CB:F4:E9:14:06:7B
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/r0u4_NYx4UoVDgzk-tTL9OkUBns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.249.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:00:4a:a8:f6:9b:ed:b2:1e:a1:05:0f:30:43:0f:9a:9e:80:
         b4:94:25:14:96:36:a1:6c:fb:8c:bb:15:ef:29:a4:ff:24:83:
         e0:de:2f:cf:be:02:ee:09:72:59:6a:e5:fd:b6:47:07:21:cf:
         98:99:16:52:ce:d2:2a:c1:3c:5b:b8:c9:ae:dc:35:17:10:29:
         4a:d5:e7:de:58:00:b6:c7:db:76:61:e5:d6:77:69:c6:44:92:
         24:18:40:53:dd:ce:a9:5b:db:97:ca:61:0d:39:62:07:ec:37:
         53:ba:44:ec:13:fe:de:ec:26:ad:11:5b:18:5f:ce:d7:6a:80:
         1a:c2:8c:26:36:21:7b:53:77:b5:75:98:29:58:74:10:52:09:
         18:48:a0:8c:3d:97:1c:b0:c8:01:2a:f4:6c:1e:45:07:0c:88:
         6b:cf:3c:6b:f7:d3:0c:9f:8d:a6:59:d3:c7:07:b9:fc:ee:30:
         b1:cf:22:77:70:62:9d:40:cf:62:87:c3:59:34:19:f2:42:d7:
         1a:b2:93:39:20:93:40:41:aa:b6:6f:c7:0c:ef:53:ae:d1:7b:
         9f:03:20:b7:73:5d:98:38:fe:18:d4:2d:0e:4b:ff:c7:ec:ab:
         3b:fa:20:b3:7e:11:b8:3d:24:5b:3a:4d:0a:b7:d5:7a:9d:51:
         72:6d:6c:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdls0lPcmNUFqBS/K98+l3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwNjEyMTk1MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjRiYjhmY2Q2MzFlMTRhMTUwZTBjZTRmYWQ0Y2JmNGU5MTQwNjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3waFQTOC71+t+iqIdWQUjF2If/Tn
Saejt1QMcI/qNvpHsK2gDoA9qeRtNVQRfJnrRCCyEidBM4HcFRWeSuoUFBdAYDps
aB/3t/hU6ZXrPT1YgN1LYzHwizEW1NcRRmXx71MTK0peYcUPT9t+6WD6a+JoRGl8
ULKMLjMBooibLuvgtSwiplGZxiq08uqmYgSyF7Hv3rHUkcCPa5jeDDb+3HboOj1u
36D6WEx9Ujcg7/jROP51hD8OzKFqU52aw6R0ntVkeJ87+YaBFHe/ZoVERbZ2amy+
jESnhKqmcphH+Z0MkfFE1LG6YzencxEtD2ArrGsCY7EiVMclh3HOEL55nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9LuPzWMeFKFQ4M5PrUy/TpFAZ7MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvcjB1NF9OWXg0VW9WRGd6ay10VEw5T2tVQm5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaPkQMA0G
CSqGSIb3DQEBCwUAA4IBAQAXAEqo9pvtsh6hBQ8wQw+anoC0lCUUljahbPuMuxXv
KaT/JIPg3i/PvgLuCXJZauX9tkcHIc+YmRZSztIqwTxbuMmu3DUXEClK1efeWAC2
x9t2YeXWd2nGRJIkGEBT3c6pW9uXymENOWIH7DdTukTsE/7e7CatEVsYX87XaoAa
wowmNiF7U3e1dZgpWHQQUgkYSKCMPZccsMgBKvRsHkUHDIhrzzxr99MMn42mWdPH
B7n87jCxzyJ3cGKdQM9ih8NZNBnyQtcaspM5IJNAQaq2b8cM71Ou0XufAyC3c12Y
OP4Y1C0OS//H7Ks7+iCzfhG4PSRbOk0Kt9V6nVFybWz3
-----END CERTIFICATE-----