Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/580XNquHrCWRkqNDtKIxhX9o1Kc.roa
File:                     580XNquHrCWRkqNDtKIxhX9o1Kc.roa (raw, json)
Hash identifier:          3TWvxBabKV8iYvQkig77LGpNEqgd9QTaVPgSezpZ8n4=
Subject key identifier:   E7:CD:17:36:AB:87:AC:25:91:92:A3:43:B4:A2:31:85:7F:68:D4:A7
Certificate issuer:       /CN=668d2f64c337465ed38da5f7cc4584df87d4a744
Certificate serial:       01973596B1F2DFF457F39F41023FFB4176E3
Authority key identifier: 66:8D:2F:64:C3:37:46:5E:D3:8D:A5:F7:CC:45:84:DF:87:D4:A7:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/580XNquHrCWRkqNDtKIxhX9o1Kc.roa
Signing time:             Tue 03 Jun 2025 11:39:17 +0000
ROA not before:           Tue 03 Jun 2025 11:39:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49097
IP address blocks:        193.28.96.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:96:b1:f2:df:f4:57:f3:9f:41:02:3f:fb:41:76:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=668d2f64c337465ed38da5f7cc4584df87d4a744
        Validity
            Not Before: Jun  3 11:39:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7cd1736ab87ac259192a343b4a231857f68d4a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7d:59:a4:dd:f9:8a:99:c8:e9:29:80:6c:89:
                    49:53:30:05:cb:be:60:6a:f1:3d:90:c8:66:7a:e8:
                    d3:62:19:db:f0:67:1d:23:2b:c4:6e:05:89:bd:df:
                    61:c1:f1:01:83:ea:75:0c:a1:e2:75:c0:5d:57:70:
                    c9:de:7b:10:a5:95:db:b9:2d:e9:a1:47:04:b5:80:
                    32:aa:f0:8b:40:3d:e9:d8:ec:bb:c5:ec:bb:67:41:
                    58:e5:7b:a1:fe:d6:6a:dd:4a:4d:05:c3:ff:6c:53:
                    08:b2:56:57:78:6b:df:c5:8f:b7:6e:39:53:d2:b1:
                    27:a9:83:25:1f:e1:9d:79:96:54:36:18:44:38:07:
                    55:8c:7c:f0:45:ae:18:9a:ab:23:cb:fa:97:c4:41:
                    2f:22:f2:f5:c4:04:af:df:86:60:7c:c7:cc:d6:52:
                    d0:b8:d5:d6:66:26:3d:1f:dc:08:95:9f:51:9e:b1:
                    e6:27:86:42:a0:03:91:7e:e1:3d:80:c9:b8:4d:fb:
                    50:59:7e:61:a8:b8:a2:e4:63:37:4a:b2:e0:22:bd:
                    34:9b:c8:b5:6d:ce:81:7d:03:34:25:d3:35:1e:19:
                    ce:55:71:a3:be:b3:7a:a6:f4:d7:74:7c:17:41:94:
                    db:25:d9:3c:20:99:28:f8:d2:72:b7:cc:eb:61:cc:
                    80:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:CD:17:36:AB:87:AC:25:91:92:A3:43:B4:A2:31:85:7F:68:D4:A7
            X509v3 Authority Key Identifier:
                keyid:66:8D:2F:64:C3:37:46:5E:D3:8D:A5:F7:CC:45:84:DF:87:D4:A7:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/580XNquHrCWRkqNDtKIxhX9o1Kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/828b0f-80e8-427b-971d-38bbcfaee6ce/1/Zo0vZMM3Rl7TjaX3zEWE34fUp0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6c:a2:38:2c:3a:9c:58:66:cb:e2:f9:29:fa:af:68:ee:c8:d1:
         f6:83:55:5e:5c:fa:17:23:91:b4:9e:58:d3:6e:6c:b8:eb:f2:
         c8:d7:e9:7c:1f:8c:dc:55:57:6c:f1:dd:e0:3c:9c:81:e5:65:
         6d:c6:2a:9a:90:16:ee:22:6e:59:6c:46:89:13:a3:14:6f:0a:
         60:fb:8d:b2:16:33:92:e6:76:d0:0e:2b:4a:60:07:2c:bc:b1:
         bd:c2:d7:14:cc:74:a4:ec:4d:36:83:18:3e:47:c0:b4:c8:de:
         9f:f3:07:62:09:66:c0:64:b9:58:97:fc:e4:5f:d8:df:2f:79:
         b2:9f:b0:a1:03:6f:a8:a9:6d:4f:1d:65:46:c6:b1:0f:d6:be:
         a6:ba:34:11:90:ce:fc:17:dc:fb:9b:ce:4e:58:c3:ab:8d:27:
         82:4b:7f:3a:a4:c8:d0:a0:4f:56:4a:b9:af:7a:49:5e:db:74:
         6c:93:83:e4:62:bd:52:90:91:58:31:2f:ec:6e:ec:14:42:06:
         fd:01:6e:88:32:b8:7f:23:dc:5c:a5:17:9e:86:99:22:77:16:
         a3:3d:d1:9e:cb:1e:69:58:11:e5:b1:41:cc:42:3e:73:85:2a:
         04:fe:d2:8f:3f:c6:26:b4:77:6c:12:55:1d:60:b2:c9:b3:cf:
         30:b8:11:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc1lrHy3/RX859BAj/7QXbjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGQyZjY0YzMzNzQ2NWVkMzhkYTVmN2NjNDU4NGRmODdk
NGE3NDQwHhcNMjUwNjAzMTEzOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2NkMTczNmFiODdhYzI1OTE5MmEzNDNiNGEyMzE4NTdmNjhkNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApH1ZpN35ipnI6SmAbIlJUzAFy75g
avE9kMhmeujTYhnb8GcdIyvEbgWJvd9hwfEBg+p1DKHidcBdV3DJ3nsQpZXbuS3p
oUcEtYAyqvCLQD3p2Oy7xey7Z0FY5Xuh/tZq3UpNBcP/bFMIslZXeGvfxY+3bjlT
0rEnqYMlH+GdeZZUNhhEOAdVjHzwRa4Ymqsjy/qXxEEvIvL1xASv34ZgfMfM1lLQ
uNXWZiY9H9wIlZ9RnrHmJ4ZCoAORfuE9gMm4TftQWX5hqLii5GM3SrLgIr00m8i1
bc6BfQM0JdM1HhnOVXGjvrN6pvTXdHwXQZTbJdk8IJko+NJyt8zrYcyAMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfNFzarh6wlkZKjQ7SiMYV/aNSnMB8GA1UdIwQY
MBaAFGaNL2TDN0Ze042l98xFhN+H1KdEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm8wdlpNTTNSbDdUamFYM3pFV0UzNGZVcDBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS84MjhiMGYtODBlOC00MjdiLTk3MWQt
MzhiYmNmYWVlNmNlLzEvNTgwWE5xdUhyQ1dSa3FORHRLSXhoWDlvMUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS84MjhiMGYtODBlOC00MjdiLTk3MWQtMzhiYmNmYWVlNmNl
LzEvWm8wdlpNTTNSbDdUamFYM3pFV0UzNGZVcDBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwRxgMA0G
CSqGSIb3DQEBCwUAA4IBAQBsojgsOpxYZsvi+Sn6r2juyNH2g1VeXPoXI5G0nljT
bmy46/LI1+l8H4zcVVds8d3gPJyB5WVtxiqakBbuIm5ZbEaJE6MUbwpg+42yFjOS
5nbQDitKYAcsvLG9wtcUzHSk7E02gxg+R8C0yN6f8wdiCWbAZLlYl/zkX9jfL3my
n7ChA2+oqW1PHWVGxrEP1r6mujQRkM78F9z7m85OWMOrjSeCS386pMjQoE9WSrmv
ekle23Rsk4PkYr1SkJFYMS/sbuwUQgb9AW6IMrh/I9xcpReehpkidxajPdGeyx5p
WBHlsUHMQj5zhSoE/tKPP8YmtHdsElUdYLLJs88wuBGp
-----END CERTIFICATE-----