Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/1nnAsF_X5LfrkXzPCD6govZ1YrY.roa
File:                     1nnAsF_X5LfrkXzPCD6govZ1YrY.roa (raw, json)
Hash identifier:          EXCtrwxOha0FCmP698dUJ0iUjdlA32zelEheOOj8WrY=
Subject key identifier:   D6:79:C0:B0:5F:D7:E4:B7:EB:91:7C:CF:08:3E:A0:A2:F6:75:62:B6
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       019424455A03BD5DD1D9189F7EEF67D55D3C
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/1nnAsF_X5LfrkXzPCD6govZ1YrY.roa
Signing time:             Wed 01 Jan 2025 23:48:32 +0000
ROA not before:           Wed 01 Jan 2025 23:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49887
IP address blocks:        84.44.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5a:03:bd:5d:d1:d9:18:9f:7e:ef:67:d5:5d:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 23:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d679c0b05fd7e4b7eb917ccf083ea0a2f67562b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a7:08:f6:84:2f:48:84:72:ed:f8:21:df:00:
                    c8:c4:5b:54:e3:b1:d6:2b:89:83:88:9a:e1:fc:90:
                    5b:23:7a:7d:56:cb:cb:05:5f:30:4e:ed:d9:cd:d5:
                    55:90:28:54:36:c8:6b:57:de:47:de:70:ae:db:fe:
                    a4:79:c1:76:01:3d:23:40:e2:e2:a4:8e:d6:20:b6:
                    de:89:99:c8:91:c5:94:d0:9b:00:1f:52:ae:9a:ee:
                    44:02:b9:52:ae:27:ad:ba:26:f2:0e:3a:a6:3b:f5:
                    91:1e:f2:a9:4e:08:cf:bb:62:9b:9a:2f:76:9b:05:
                    62:48:9e:1c:b0:cb:1a:18:a7:29:3a:e3:28:3c:79:
                    f8:40:33:b4:3b:26:f9:b4:7d:08:78:ae:38:76:4b:
                    0f:a3:88:9a:c5:99:28:3a:1f:df:58:53:83:1f:ed:
                    f5:ac:ab:04:c5:03:a9:76:d6:63:33:23:59:db:d7:
                    3e:f4:35:72:4b:68:2a:85:02:2b:dc:be:29:c0:31:
                    a0:c8:76:c9:0e:33:82:8d:9d:2d:16:30:f8:2a:7c:
                    29:67:f2:dc:85:4e:ed:09:8f:ad:e6:c9:6a:ea:d8:
                    84:fb:1b:08:4a:71:56:f0:ec:43:36:31:25:0c:c9:
                    d2:85:f4:28:e8:58:78:ac:19:74:5f:48:14:a3:17:
                    c9:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:79:C0:B0:5F:D7:E4:B7:EB:91:7C:CF:08:3E:A0:A2:F6:75:62:B6
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/1nnAsF_X5LfrkXzPCD6govZ1YrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.44.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:6b:3a:c1:44:bc:f2:11:6b:43:84:ce:2c:0b:a4:14:c4:fe:
         81:1f:11:10:fe:fb:3d:b4:98:c4:ea:4f:61:b9:6f:20:2d:b3:
         38:f8:d6:6b:bc:5b:ca:d5:43:88:ac:8a:1d:3f:62:77:84:ab:
         ac:03:2f:6f:21:4d:34:55:b2:18:6c:b6:62:2f:ca:19:89:1f:
         d4:a6:d0:58:aa:6e:cb:3e:ea:e1:6c:18:cb:69:53:29:56:fd:
         00:60:b8:e4:83:bc:64:c6:54:4d:6b:48:3f:59:c8:19:9d:16:
         63:eb:3a:8f:bf:a8:e2:45:16:1f:22:ab:28:80:2f:76:42:fb:
         b4:ee:04:94:53:30:c4:e5:0e:16:02:23:fa:fd:ff:0b:c7:a8:
         4a:cd:8b:2c:aa:ec:dc:b3:ca:9d:64:c4:b8:9a:81:e6:08:9d:
         ee:c8:aa:44:d2:0c:19:a5:8a:7c:bc:71:0f:b7:2a:ec:d1:98:
         ad:3c:27:78:47:ab:7e:be:02:04:de:e1:08:fc:57:1d:e0:0d:
         24:28:0e:59:95:1e:3f:b4:e9:27:37:c9:78:d5:94:d2:bf:f4:
         fd:12:0f:e8:df:da:5a:b2:ca:a0:0c:af:dc:c9:22:77:59:44:
         36:11:49:f2:f5:18:42:97:88:45:3f:8e:19:f7:c3:ae:dc:ee:
         99:9f:72:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRVoDvV3R2Riffu9n1V08MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjUwMTAxMjM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjc5YzBiMDVmZDdlNGI3ZWI5MTdjY2YwODNlYTBhMmY2NzU2MmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoacI9oQvSIRy7fgh3wDIxFtU47HW
K4mDiJrh/JBbI3p9VsvLBV8wTu3ZzdVVkChUNshrV95H3nCu2/6kecF2AT0jQOLi
pI7WILbeiZnIkcWU0JsAH1Kumu5EArlSrietuibyDjqmO/WRHvKpTgjPu2Kbmi92
mwViSJ4csMsaGKcpOuMoPHn4QDO0Oyb5tH0IeK44dksPo4iaxZkoOh/fWFODH+31
rKsExQOpdtZjMyNZ29c+9DVyS2gqhQIr3L4pwDGgyHbJDjOCjZ0tFjD4KnwpZ/Lc
hU7tCY+t5slq6tiE+xsISnFW8OxDNjElDMnShfQo6Fh4rBl0X0gUoxfJLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZ5wLBf1+S365F8zwg+oKL2dWK2MB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvMW5uQXNGX1g1TGZya1h6UENENmdvdloxWXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCwQMA0G
CSqGSIb3DQEBCwUAA4IBAQC9azrBRLzyEWtDhM4sC6QUxP6BHxEQ/vs9tJjE6k9h
uW8gLbM4+NZrvFvK1UOIrIodP2J3hKusAy9vIU00VbIYbLZiL8oZiR/UptBYqm7L
PurhbBjLaVMpVv0AYLjkg7xkxlRNa0g/WcgZnRZj6zqPv6jiRRYfIqsogC92Qvu0
7gSUUzDE5Q4WAiP6/f8Lx6hKzYssquzcs8qdZMS4moHmCJ3uyKpE0gwZpYp8vHEP
tyrs0ZitPCd4R6t+vgIE3uEI/Fcd4A0kKA5ZlR4/tOknN8l41ZTSv/T9Eg/o39pa
ssqgDK/cySJ3WUQ2EUny9RhCl4hFP44Z98Ou3O6Zn3KK
-----END CERTIFICATE-----