Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/60je5SoeoIIvExp08AfHAba81Gg.roa
File:                     60je5SoeoIIvExp08AfHAba81Gg.roa (raw, json)
Hash identifier:          OYL+m6W/OD3kcGFXK2Ewor0X0LhaICB75RQGsXvyc9g=
Subject key identifier:   EB:48:DE:E5:2A:1E:A0:82:2F:13:1A:74:F0:07:C7:01:B6:BC:D4:68
Certificate issuer:       /CN=5d129b0460cf9ee0500ee880a2cfa1a524e4df00
Certificate serial:       01965BFE3C426B35749A4256582DA1AD49D0
Authority key identifier: 5D:12:9B:04:60:CF:9E:E0:50:0E:E8:80:A2:CF:A1:A5:24:E4:DF:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XRKbBGDPnuBQDuiAos-hpSTk3wA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/60je5SoeoIIvExp08AfHAba81Gg.roa
Signing time:             Tue 22 Apr 2025 05:35:10 +0000
ROA not before:           Tue 22 Apr 2025 05:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214875
IP address blocks:        45.13.240.0/22 maxlen: 22
                          2a00:fd01::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/XRKbBGDPnuBQDuiAos-hpSTk3wA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/XRKbBGDPnuBQDuiAos-hpSTk3wA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XRKbBGDPnuBQDuiAos-hpSTk3wA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5b:fe:3c:42:6b:35:74:9a:42:56:58:2d:a1:ad:49:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d129b0460cf9ee0500ee880a2cfa1a524e4df00
        Validity
            Not Before: Apr 22 05:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb48dee52a1ea0822f131a74f007c701b6bcd468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d7:ca:b4:7a:3a:24:b6:e5:02:66:ee:7f:15:
                    d4:4b:f1:5b:db:f9:7d:98:5f:49:80:22:ed:16:43:
                    34:6f:54:c9:c1:a0:8b:e7:f1:1c:d4:d7:39:dd:ea:
                    fc:9c:0a:95:eb:f5:0b:0e:f2:dc:ca:0e:33:75:14:
                    9d:1b:73:3e:0a:82:c3:87:fe:39:f4:18:23:f8:b1:
                    ea:77:b9:fb:37:1d:4b:48:51:cc:85:d2:6a:f1:f3:
                    c8:86:e1:11:b1:ce:cd:96:56:78:88:4a:5e:3a:ce:
                    1e:59:ac:d2:6e:6c:73:62:50:91:ab:a4:a6:b1:2f:
                    e7:7a:94:8f:a5:11:19:51:d9:56:83:2d:98:a6:f6:
                    06:74:66:cc:42:43:65:98:ac:52:d0:a7:5e:10:a5:
                    9b:b5:d4:98:24:5f:85:5e:be:f3:11:72:62:e5:8b:
                    9e:f2:12:98:e9:f1:a2:d5:48:b4:80:da:0c:f4:78:
                    07:c4:d2:95:55:53:04:02:07:d2:02:d4:c6:b1:0c:
                    a5:0f:1a:b0:89:e5:0e:78:f7:5b:13:86:21:c5:0a:
                    1b:8b:48:03:a5:67:ae:1a:04:fa:44:0d:ff:f0:ae:
                    53:20:d3:21:e6:fa:7f:15:16:1e:75:87:78:8b:61:
                    8d:9f:67:e9:5f:a9:6e:ec:07:83:6a:ac:b8:2d:22:
                    e4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:48:DE:E5:2A:1E:A0:82:2F:13:1A:74:F0:07:C7:01:B6:BC:D4:68
            X509v3 Authority Key Identifier:
                keyid:5D:12:9B:04:60:CF:9E:E0:50:0E:E8:80:A2:CF:A1:A5:24:E4:DF:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XRKbBGDPnuBQDuiAos-hpSTk3wA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/60je5SoeoIIvExp08AfHAba81Gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/8557e0-368d-4d8e-9741-a877dd51bc49/1/XRKbBGDPnuBQDuiAos-hpSTk3wA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.240.0/22
                IPv6:
                  2a00:fd01::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:a3:f8:d8:9a:7d:11:d4:97:fc:9e:05:72:50:6a:b6:ea:c1:
         ad:d1:d9:62:f2:1f:ab:20:86:f1:48:c3:3b:62:3d:35:ba:71:
         60:c5:87:b2:90:b1:76:92:a3:4f:f8:d4:d7:fe:d3:d2:06:db:
         24:a3:f7:be:9e:3e:e9:ff:85:72:cc:f7:5e:28:f9:20:98:ac:
         f6:8d:02:28:7e:13:42:48:02:a0:3c:87:83:47:fe:af:eb:af:
         12:35:82:48:5f:8c:2b:c0:58:d6:ce:32:07:5f:d9:8a:97:92:
         9e:1e:a1:7e:35:5b:71:ca:70:3d:be:33:93:e3:52:65:77:23:
         7e:56:d3:d4:a2:f1:a5:00:9a:12:2c:cb:af:f5:ad:07:c2:8a:
         17:65:0f:3a:32:c7:34:88:6d:a6:cf:94:c4:96:1f:a9:4c:16:
         58:0c:d7:70:3d:00:4d:a3:94:ac:74:f9:a7:94:2d:19:45:20:
         38:a4:dd:3a:a8:04:e2:0c:c2:2d:4f:73:6e:d2:7c:97:f5:69:
         86:8e:84:0f:1a:96:de:d4:1d:bd:74:7d:89:fd:46:6f:a0:7d:
         ab:d6:a7:ae:bb:5a:75:93:94:58:10:49:e3:78:c3:8b:3d:5b:
         f7:f2:05:90:64:d9:c7:fc:59:17:cd:f3:24:3e:42:c0:e9:76:
         80:b0:85:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZZb/jxCazV0mkJWWC2hrUnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMTI5YjA0NjBjZjllZTA1MDBlZTg4MGEyY2ZhMWE1MjRl
NGRmMDAwHhcNMjUwNDIyMDUzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjQ4ZGVlNTJhMWVhMDgyMmYxMzFhNzRmMDA3YzcwMWI2YmNkNDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtfKtHo6JLblAmbufxXUS/Fb2/l9
mF9JgCLtFkM0b1TJwaCL5/Ec1Nc53er8nAqV6/ULDvLcyg4zdRSdG3M+CoLDh/45
9Bgj+LHqd7n7Nx1LSFHMhdJq8fPIhuERsc7NllZ4iEpeOs4eWazSbmxzYlCRq6Sm
sS/nepSPpREZUdlWgy2YpvYGdGbMQkNlmKxS0KdeEKWbtdSYJF+FXr7zEXJi5Yue
8hKY6fGi1Ui0gNoM9HgHxNKVVVMEAgfSAtTGsQylDxqwieUOePdbE4YhxQobi0gD
pWeuGgT6RA3/8K5TINMh5vp/FRYedYd4i2GNn2fpX6lu7AeDaqy4LSLk6wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOtI3uUqHqCCLxMadPAHxwG2vNRoMB8GA1UdIwQY
MBaAFF0SmwRgz57gUA7ogKLPoaUk5N8AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFJLYkJHRFBudUJRRHVpQW9zLWhwU1RrM3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi84NTU3ZTAtMzY4ZC00ZDhlLTk3NDEt
YTg3N2RkNTFiYzQ5LzEvNjBqZTVTb2VvSUl2RXhwMDhBZkhBYmE4MUdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi84NTU3ZTAtMzY4ZC00ZDhlLTk3NDEtYTg3N2RkNTFiYzQ5
LzEvWFJLYkJHRFBudUJRRHVpQW9zLWhwU1RrM3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQ3wMA0E
AgACMAcDBQAqAP0BMA0GCSqGSIb3DQEBCwUAA4IBAQBKo/jYmn0R1Jf8ngVyUGq2
6sGt0dli8h+rIIbxSMM7Yj01unFgxYeykLF2kqNP+NTX/tPSBtsko/e+nj7p/4Vy
zPdeKPkgmKz2jQIofhNCSAKgPIeDR/6v668SNYJIX4wrwFjWzjIHX9mKl5KeHqF+
NVtxynA9vjOT41JldyN+VtPUovGlAJoSLMuv9a0HwooXZQ86Msc0iG2mz5TElh+p
TBZYDNdwPQBNo5SsdPmnlC0ZRSA4pN06qATiDMItT3Nu0nyX9WmGjoQPGpbe1B29
dH2J/UZvoH2r1qeuu1p1k5RYEEnjeMOLPVv38gWQZNnH/FkXzfMkPkLA6XaAsIW3
-----END CERTIFICATE-----