Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/568PBTNOog5zQd02Gzfw8j53pp0.roa
File:                     568PBTNOog5zQd02Gzfw8j53pp0.roa (raw, json)
Hash identifier:          9zEg7rD8+zhtCTeBHh1OB7HwhHMIZEI66k67FO3erWc=
Subject key identifier:   E7:AF:0F:05:33:4E:A2:0E:73:41:DD:36:1B:37:F0:F2:3E:77:A6:9D
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       01977BFA1BF2399C0796CC4970C59554B26C
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/568PBTNOog5zQd02Gzfw8j53pp0.roa
Signing time:             Tue 17 Jun 2025 03:41:18 +0000
ROA not before:           Tue 17 Jun 2025 03:41:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42689
IP address blocks:        84.55.12.0/24 maxlen: 24
                          84.55.13.0/24 maxlen: 24
                          84.55.20.0/24 maxlen: 24
                          95.173.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 05:48:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7b:fa:1b:f2:39:9c:07:96:cc:49:70:c5:95:54:b2:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Jun 17 03:41:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7af0f05334ea20e7341dd361b37f0f23e77a69d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:47:b8:ab:a5:2c:19:77:bb:c5:f7:b5:94:86:
                    9a:83:45:4a:19:1c:ff:81:f2:a2:d6:8f:35:15:f9:
                    4a:ab:7e:8a:92:a8:5e:0e:e7:29:94:08:f6:b3:16:
                    6f:e1:37:fc:64:80:07:75:67:0d:d4:d2:3d:5d:0d:
                    d1:5e:4b:7d:2c:45:57:d5:ba:13:d8:9c:4c:41:23:
                    13:f0:b0:44:21:b3:15:07:c2:41:9f:25:b8:71:b7:
                    2b:78:f4:12:51:56:a9:05:b8:f3:33:d4:fd:a5:a2:
                    7f:2f:93:a2:18:e0:51:83:2c:13:7b:96:bc:f6:a7:
                    c3:c6:89:3d:2c:89:75:35:cc:bc:0e:d6:ea:15:02:
                    11:66:c1:6e:5a:b7:51:e7:1b:45:3a:ea:e1:f4:a5:
                    92:ac:2a:93:26:a7:f3:47:a9:35:5e:e4:dd:5d:1e:
                    58:da:f2:14:4d:59:04:b0:f0:43:fd:b3:9d:6b:99:
                    50:68:93:d2:96:e6:7c:30:6a:3b:bc:4f:b9:78:32:
                    a5:cf:64:4b:fc:5a:27:b3:d9:1c:b9:fd:1f:f2:a0:
                    49:dd:07:33:35:ca:be:b7:49:ca:c7:5b:cd:d9:7e:
                    63:65:da:03:32:45:5e:b8:57:f4:69:ab:63:4b:1d:
                    6c:87:7d:ef:83:47:ab:b4:46:db:c8:c6:e0:20:1c:
                    e6:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:AF:0F:05:33:4E:A2:0E:73:41:DD:36:1B:37:F0:F2:3E:77:A6:9D
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/568PBTNOog5zQd02Gzfw8j53pp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.55.12.0/23
                  84.55.20.0/24
                  95.173.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:80:50:94:4f:b4:1a:8b:14:8b:d8:d7:94:61:68:43:15:e0:
         c1:fc:3d:36:2d:30:5a:10:cd:bc:32:95:f6:c0:f0:ce:5f:0c:
         3d:e6:ff:22:2c:a1:68:bb:5a:32:73:03:1e:90:0f:ec:73:0f:
         82:b3:77:0d:98:51:e1:3d:86:fa:7f:2d:1a:25:d7:cf:96:a0:
         cc:d9:63:13:bc:b3:a6:28:c6:a4:61:d5:6b:59:bb:98:e2:9e:
         a8:a2:18:ce:bd:6e:b0:da:86:9b:6b:ae:33:6d:70:11:b0:f9:
         3a:cc:d3:f5:59:9c:99:1c:bb:3c:29:5d:8a:73:91:d1:e4:cb:
         3d:d4:52:e0:0d:77:70:c1:16:09:43:d5:47:32:eb:ec:1d:0d:
         22:09:0e:5d:82:ce:bc:2a:79:eb:d9:36:99:34:80:e5:ab:7b:
         5b:f2:4e:b9:bb:bf:a7:c7:a4:ff:dc:4c:c9:77:de:fd:6f:7b:
         a0:f8:85:7c:7e:b7:0f:4c:03:6d:aa:89:fa:dd:ba:91:05:62:
         bf:f9:a2:0e:b3:71:95:8d:f1:df:49:ec:89:34:4c:88:7b:14:
         75:8f:cc:dc:17:40:e3:2f:bd:b6:22:49:79:fc:eb:e7:23:27:
         99:79:28:86:7a:39:cc:64:c2:a3:c9:42:cb:84:12:7d:8d:80:
         73:28:d8:9c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZd7+hvyOZwHlsxJcMWVVLJsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwNjE3MDM0MTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2FmMGYwNTMzNGVhMjBlNzM0MWRkMzYxYjM3ZjBmMjNlNzdhNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Ue4q6UsGXe7xfe1lIaag0VKGRz/
gfKi1o81FflKq36KkqheDucplAj2sxZv4Tf8ZIAHdWcN1NI9XQ3RXkt9LEVX1boT
2JxMQSMT8LBEIbMVB8JBnyW4cbcrePQSUVapBbjzM9T9paJ/L5OiGOBRgywTe5a8
9qfDxok9LIl1Ncy8DtbqFQIRZsFuWrdR5xtFOurh9KWSrCqTJqfzR6k1XuTdXR5Y
2vIUTVkEsPBD/bOda5lQaJPSluZ8MGo7vE+5eDKlz2RL/Fons9kcuf0f8qBJ3Qcz
Ncq+t0nKx1vN2X5jZdoDMkVeuFf0aatjSx1sh33vg0ertEbbyMbgIBzmHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOevDwUzTqIOc0HdNhs38PI+d6adMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvNTY4UEJUTk9vZzV6UWQwMkd6Znc4ajUzcHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBVDcMAwQA
VDcUAwQAX604MA0GCSqGSIb3DQEBCwUAA4IBAQAegFCUT7QaixSL2NeUYWhDFeDB
/D02LTBaEM28MpX2wPDOXww95v8iLKFou1oycwMekA/scw+Cs3cNmFHhPYb6fy0a
JdfPlqDM2WMTvLOmKMakYdVrWbuY4p6oohjOvW6w2oaba64zbXARsPk6zNP1WZyZ
HLs8KV2Kc5HR5Ms91FLgDXdwwRYJQ9VHMuvsHQ0iCQ5dgs68Knnr2TaZNIDlq3tb
8k65u7+nx6T/3EzJd979b3ug+IV8frcPTANtqon63bqRBWK/+aIOs3GVjfHfSeyJ
NEyIexR1j8zcF0DjL722Ikl5/OvnIyeZeSiGejnMZMKjyULLhBJ9jYBzKNic
-----END CERTIFICATE-----