Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/N1nl601Hr6wJILJL_hgwD9Q0g2I.roa
File:                     N1nl601Hr6wJILJL_hgwD9Q0g2I.roa (raw, json)
Hash identifier:          pIuSTy4n0CatQtYZ3CMUWwjxxWlZD8T/OaYfEUfURDo=
Subject key identifier:   37:59:E5:EB:4D:47:AF:AC:09:20:B2:4B:FE:18:30:0F:D4:34:83:62
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       0194B9AC0D742DBB7A8BB25E0F0216620AE5
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/N1nl601Hr6wJILJL_hgwD9Q0g2I.roa
Signing time:             Fri 31 Jan 2025 00:04:07 +0000
ROA not before:           Fri 31 Jan 2025 00:04:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211373
IP address blocks:        178.253.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b9:ac:0d:74:2d:bb:7a:8b:b2:5e:0f:02:16:62:0a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Jan 31 00:04:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3759e5eb4d47afac0920b24bfe18300fd4348362
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7f:9c:44:f0:bf:9d:c0:67:4e:17:0b:03:dc:
                    1d:96:96:6e:6e:cd:a6:5f:ac:1b:bf:e6:e9:fc:8e:
                    aa:9e:ea:9e:3f:bf:f4:b7:9d:ec:10:e5:b6:b5:d7:
                    7f:30:79:ca:10:0f:c5:c5:b9:88:dd:a4:71:5d:df:
                    5b:bc:e7:81:03:6a:0b:fa:9f:58:fb:3b:2e:72:58:
                    68:46:6b:41:b7:71:12:0a:bc:ac:31:ca:e5:16:00:
                    3f:e1:f4:6a:d7:42:35:7c:89:0a:b0:97:e0:f0:5a:
                    99:87:4d:c8:e0:89:04:2a:d3:d2:3f:32:04:84:ed:
                    4b:31:25:a5:9e:ae:14:a5:c2:7e:ef:78:7c:8b:48:
                    e6:3d:f9:7b:51:56:93:e8:6d:ac:a0:d5:61:78:dd:
                    0d:fb:06:89:25:38:46:21:9e:aa:e8:0d:73:c3:24:
                    c4:88:b2:3e:f3:a6:82:e4:c7:89:73:09:e3:a2:1a:
                    b2:b8:0c:55:59:07:7c:e1:d1:03:b0:22:c9:e2:e0:
                    66:cd:52:d3:e2:dc:4c:cc:8e:68:05:43:c3:2a:d3:
                    6d:bf:cf:12:da:20:14:be:35:39:73:38:3c:d4:39:
                    d2:6f:c6:87:92:aa:42:ff:22:b0:2a:29:58:92:91:
                    cc:54:21:dc:e1:d1:74:93:4c:24:c5:42:f7:65:67:
                    80:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:59:E5:EB:4D:47:AF:AC:09:20:B2:4B:FE:18:30:0F:D4:34:83:62
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/N1nl601Hr6wJILJL_hgwD9Q0g2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:36:79:f1:92:ca:03:47:bc:93:c7:4c:93:e4:79:97:e2:3b:
         dd:76:24:a3:78:3d:cd:74:e0:1f:70:3c:07:6f:a1:72:3c:d9:
         ac:a7:69:f2:e3:39:c4:0d:bf:b4:44:28:f0:10:c2:94:06:b5:
         be:45:87:92:7f:db:98:10:94:6e:a4:28:00:b7:ab:a3:aa:e6:
         4d:f4:67:73:9b:35:10:98:83:3b:49:e0:7c:e0:e7:49:0e:55:
         4a:a3:7c:b3:a6:d0:7f:36:36:d9:64:f1:fb:c0:a3:86:93:ec:
         2d:1f:c8:43:52:4e:73:f3:2f:69:ba:c4:e1:0e:d1:fc:98:04:
         d4:70:3f:54:99:96:9b:1c:1a:40:a4:d9:4f:05:6c:42:f8:89:
         ad:29:7a:de:e1:76:24:ee:61:ce:0d:fe:3c:68:be:fa:b2:33:
         44:70:0c:b2:a4:cd:f3:27:0e:43:4a:3c:fc:60:8b:3e:39:62:
         46:6f:ad:9b:ca:c2:b1:64:dc:6b:2d:cb:b1:22:7f:01:7b:19:
         7a:c7:83:46:f5:bd:97:58:67:a9:a1:d0:c0:c9:d6:70:21:88:
         78:ae:13:0d:b2:3a:cf:35:b4:c6:ee:89:a3:78:e8:9b:e0:42:
         89:2f:17:b4:46:a9:4f:d7:8a:18:05:4f:48:ff:41:f6:57:f7:
         50:f3:04:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS5rA10Lbt6i7JeDwIWYgrlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUwMTMxMDAwNDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzU5ZTVlYjRkNDdhZmFjMDkyMGIyNGJmZTE4MzAwZmQ0MzQ4MzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAln+cRPC/ncBnThcLA9wdlpZubs2m
X6wbv+bp/I6qnuqeP7/0t53sEOW2tdd/MHnKEA/FxbmI3aRxXd9bvOeBA2oL+p9Y
+zsuclhoRmtBt3ESCrysMcrlFgA/4fRq10I1fIkKsJfg8FqZh03I4IkEKtPSPzIE
hO1LMSWlnq4UpcJ+73h8i0jmPfl7UVaT6G2soNVheN0N+waJJThGIZ6q6A1zwyTE
iLI+86aC5MeJcwnjohqyuAxVWQd84dEDsCLJ4uBmzVLT4txMzI5oBUPDKtNtv88S
2iAUvjU5czg81DnSb8aHkqpC/yKwKilYkpHMVCHc4dF0k0wkxUL3ZWeANwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdZ5etNR6+sCSCyS/4YMA/UNINiMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvTjFubDYwMUhyNndKSUxKTF9oZ3dEOVEwZzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv0hMA0G
CSqGSIb3DQEBCwUAA4IBAQAXNnnxksoDR7yTx0yT5HmX4jvddiSjeD3NdOAfcDwH
b6FyPNmsp2ny4znEDb+0RCjwEMKUBrW+RYeSf9uYEJRupCgAt6ujquZN9GdzmzUQ
mIM7SeB84OdJDlVKo3yzptB/NjbZZPH7wKOGk+wtH8hDUk5z8y9pusThDtH8mATU
cD9UmZabHBpApNlPBWxC+ImtKXre4XYk7mHODf48aL76sjNEcAyypM3zJw5DSjz8
YIs+OWJGb62bysKxZNxrLcuxIn8Bexl6x4NG9b2XWGepodDAydZwIYh4rhMNsjrP
NbTG7omjeOib4EKJLxe0RqlP14oYBU9I/0H2V/dQ8wQg
-----END CERTIFICATE-----