Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/E3UrBAInZkpcjAQ4fPb-zQzwEwg.roa
File:                     E3UrBAInZkpcjAQ4fPb-zQzwEwg.roa (raw, json)
Hash identifier:          2EVUw1vx9q4Jgfbf89KhsWHm/Xwt/iLvHeTQOp1xQII=
Subject key identifier:   13:75:2B:04:02:27:66:4A:5C:8C:04:38:7C:F6:FE:CD:0C:F0:13:08
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       019424455C61BD77187415FACEFA1362C515
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/E3UrBAInZkpcjAQ4fPb-zQzwEwg.roa
Signing time:             Wed 01 Jan 2025 23:48:32 +0000
ROA not before:           Wed 01 Jan 2025 23:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55002
IP address blocks:        62.244.244.0/24 maxlen: 24
                          213.248.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5c:61:bd:77:18:74:15:fa:ce:fa:13:62:c5:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 23:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13752b040227664a5c8c04387cf6fecd0cf01308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:cf:1b:84:bc:6d:2a:2c:82:32:d3:82:b8:57:
                    2c:25:26:fb:09:14:29:19:61:7b:47:72:17:b8:f0:
                    f9:62:25:d5:be:17:a1:ec:56:19:c6:89:80:f9:9c:
                    43:e0:37:ab:ee:1e:ad:5a:f1:07:33:a0:15:c0:2d:
                    6e:69:35:91:8f:26:a6:23:2d:3b:ec:e6:b8:d4:0a:
                    89:67:f1:e4:f6:44:49:33:dc:76:14:65:4a:ba:ff:
                    78:3d:4e:4d:47:66:e3:43:60:52:98:14:5b:53:55:
                    08:ce:26:17:f0:df:16:2a:b9:4e:6f:d1:e5:d7:07:
                    a6:da:2e:5b:ee:11:75:15:fc:50:6a:75:3f:b8:7c:
                    d4:0c:dd:5d:97:b3:b1:29:43:6f:93:61:82:64:10:
                    81:56:9c:a9:1f:7f:96:2d:25:c5:db:7e:da:ec:79:
                    d0:b9:f7:ed:78:d5:e1:3b:60:44:47:c6:09:5d:0e:
                    71:83:30:3a:87:0b:38:0e:c2:c0:f1:a6:3e:01:82:
                    f7:08:04:f1:5d:a8:65:aa:e4:da:38:62:14:3d:8d:
                    6a:44:30:94:19:25:ff:1f:66:8c:84:e2:f7:c8:32:
                    4d:ce:d8:6e:e9:fa:9f:a4:17:c8:e0:00:94:9d:e2:
                    43:4e:8a:de:7d:c6:8c:dd:70:ad:81:f8:ea:6a:89:
                    56:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:75:2B:04:02:27:66:4A:5C:8C:04:38:7C:F6:FE:CD:0C:F0:13:08
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/E3UrBAInZkpcjAQ4fPb-zQzwEwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.244.244.0/24
                  213.248.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:58:43:83:48:25:7a:33:82:d3:a3:e5:14:ad:d5:1c:3e:f0:
         a6:1a:c7:f7:8b:fa:ab:75:24:e7:9d:86:4b:d3:b9:a8:f8:f2:
         02:68:c9:e6:bf:c0:ac:4e:a9:d9:9a:d5:00:e6:50:f5:a8:16:
         51:89:53:35:45:51:44:fb:cc:64:08:38:6f:49:ee:9a:b3:39:
         d7:21:a1:98:c8:6b:71:7a:dc:c9:ff:39:c5:2d:74:38:dd:93:
         ef:8d:26:b7:b3:ad:b5:84:85:0b:d7:b2:d7:8a:ed:48:56:0f:
         8d:fa:23:8e:42:ce:99:95:4d:19:33:22:62:d1:8e:e9:b0:8d:
         04:e8:c2:50:3b:16:af:5e:09:ec:6f:d8:0a:53:27:c5:9b:d2:
         02:1d:4d:ab:16:4c:b9:a5:9c:e5:1b:8b:ee:86:d7:db:f2:5f:
         f0:9f:4e:79:ee:b2:cc:12:06:7e:2d:20:32:1f:08:47:84:9d:
         44:0b:0b:0b:d5:91:6a:83:fa:d5:06:a8:26:05:53:f6:52:65:
         e1:f3:51:74:af:5c:79:d2:44:89:22:7c:bc:68:be:98:24:4c:
         5b:44:aa:f6:99:2a:4d:00:6c:04:bd:ef:00:38:f9:69:49:b5:
         51:f1:00:e9:7d:3d:66:a8:ac:02:dd:9e:04:3f:64:8f:b9:bd:
         57:54:9a:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRVxhvXcYdBX6zvoTYsUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjUwMTAxMjM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzc1MmIwNDAyMjc2NjRhNWM4YzA0Mzg3Y2Y2ZmVjZDBjZjAxMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAws8bhLxtKiyCMtOCuFcsJSb7CRQp
GWF7R3IXuPD5YiXVvheh7FYZxomA+ZxD4Der7h6tWvEHM6AVwC1uaTWRjyamIy07
7Oa41AqJZ/Hk9kRJM9x2FGVKuv94PU5NR2bjQ2BSmBRbU1UIziYX8N8WKrlOb9Hl
1wem2i5b7hF1FfxQanU/uHzUDN1dl7OxKUNvk2GCZBCBVpypH3+WLSXF237a7HnQ
uffteNXhO2BER8YJXQ5xgzA6hws4DsLA8aY+AYL3CATxXahlquTaOGIUPY1qRDCU
GSX/H2aMhOL3yDJNzthu6fqfpBfI4ACUneJDTorefcaM3XCtgfjqaolWDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBN1KwQCJ2ZKXIwEOHz2/s0M8BMIMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvRTNVckJBSW5aa3BjakFRNGZQYi16UXp3RXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPvT0AwQA
1fiNMA0GCSqGSIb3DQEBCwUAA4IBAQDDWEODSCV6M4LTo+UUrdUcPvCmGsf3i/qr
dSTnnYZL07mo+PICaMnmv8CsTqnZmtUA5lD1qBZRiVM1RVFE+8xkCDhvSe6asznX
IaGYyGtxetzJ/znFLXQ43ZPvjSa3s621hIUL17LXiu1IVg+N+iOOQs6ZlU0ZMyJi
0Y7psI0E6MJQOxavXgnsb9gKUyfFm9ICHU2rFky5pZzlG4vuhtfb8l/wn0557rLM
EgZ+LSAyHwhHhJ1ECwsL1ZFqg/rVBqgmBVP2UmXh81F0r1x50kSJIny8aL6YJExb
RKr2mSpNAGwEve8AOPlpSbVR8QDpfT1mqKwC3Z4EP2SPub1XVJq3
-----END CERTIFICATE-----