Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/e17813-1845-4ff2-b95a-833ee9cb3980/1/aaN1Qn5xjEIJMdhSHXNcsvHXN84.roa
File:                     aaN1Qn5xjEIJMdhSHXNcsvHXN84.roa (raw, json)
Hash identifier:          SX27c8/0wfmzPnQt08w0ppx8WZVSTmUYcQpFOXOsbTk=
Subject key identifier:   69:A3:75:42:7E:71:8C:42:09:31:D8:52:1D:73:5C:B2:F1:D7:37:CE
Certificate issuer:       /CN=1ef8791dc3aa6fea328a5e1390ce26e982df372d
Certificate serial:       019743E5B8AA0D3B67B993F1DF8F3A636BD4
Authority key identifier: 1E:F8:79:1D:C3:AA:6F:EA:32:8A:5E:13:90:CE:26:E9:82:DF:37:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hvh5HcOqb-oyil4TkM4m6YLfNy0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/e17813-1845-4ff2-b95a-833ee9cb3980/1/aaN1Qn5xjEIJMdhSHXNcsvHXN84.roa
Signing time:             Fri 06 Jun 2025 06:20:17 +0000
ROA not before:           Fri 06 Jun 2025 06:20:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60633
IP address blocks:        193.5.178.0/24 maxlen: 24
                          2001:67c:1818::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/e17813-1845-4ff2-b95a-833ee9cb3980/1/Hvh5HcOqb-oyil4TkM4m6YLfNy0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/e17813-1845-4ff2-b95a-833ee9cb3980/1/Hvh5HcOqb-oyil4TkM4m6YLfNy0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hvh5HcOqb-oyil4TkM4m6YLfNy0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 17:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:43:e5:b8:aa:0d:3b:67:b9:93:f1:df:8f:3a:63:6b:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ef8791dc3aa6fea328a5e1390ce26e982df372d
        Validity
            Not Before: Jun  6 06:20:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69a375427e718c420931d8521d735cb2f1d737ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a0:20:fe:8b:cc:46:d6:8a:ff:40:bb:8c:bf:
                    68:65:ac:8f:84:c9:1a:e7:25:34:fc:73:83:86:e1:
                    6c:e7:1e:62:e6:b4:62:05:2a:ac:b4:71:1f:bd:58:
                    57:98:50:c1:9e:fb:a4:f9:d9:5b:e0:f8:27:eb:2f:
                    6e:d6:1e:e9:4d:af:19:3e:6b:94:9c:bb:f4:17:be:
                    c0:e9:5b:15:7d:3a:ac:c7:0f:86:3b:9e:20:a1:e3:
                    77:78:d2:b8:86:58:2d:6b:31:f9:c7:8a:96:b7:f6:
                    07:83:ca:aa:c3:5e:80:f1:b6:50:d5:60:25:c3:cc:
                    04:81:c4:d9:73:c7:47:96:e2:b9:68:69:66:63:4c:
                    12:dc:12:c5:3e:0f:e4:9e:1b:1f:a9:40:a6:e7:16:
                    ef:80:b7:75:18:56:92:ac:8b:0b:95:b7:5c:ff:a9:
                    8a:28:5c:0a:34:9d:23:55:f3:c8:0d:3a:99:9a:06:
                    81:5f:da:c4:de:19:5b:61:1e:43:84:2c:6c:ff:14:
                    f0:2f:13:80:5c:ad:fa:b7:70:1a:2d:89:a8:d3:9a:
                    2d:23:2a:84:94:46:90:8f:14:1e:bb:85:8f:ff:83:
                    32:ff:8e:78:c4:a2:fd:bc:f1:a4:c5:c1:04:3e:8c:
                    c3:59:9d:69:6d:10:49:a3:c6:66:5b:4b:08:48:8a:
                    55:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:A3:75:42:7E:71:8C:42:09:31:D8:52:1D:73:5C:B2:F1:D7:37:CE
            X509v3 Authority Key Identifier:
                keyid:1E:F8:79:1D:C3:AA:6F:EA:32:8A:5E:13:90:CE:26:E9:82:DF:37:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hvh5HcOqb-oyil4TkM4m6YLfNy0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/e17813-1845-4ff2-b95a-833ee9cb3980/1/aaN1Qn5xjEIJMdhSHXNcsvHXN84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/e17813-1845-4ff2-b95a-833ee9cb3980/1/Hvh5HcOqb-oyil4TkM4m6YLfNy0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.178.0/24
                IPv6:
                  2001:67c:1818::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:b4:ae:a2:d7:60:cb:43:d2:04:aa:8f:39:93:81:59:ff:91:
         98:6c:a3:e4:d4:51:79:ed:17:87:12:58:bb:b0:68:05:4a:b9:
         1e:cd:00:5a:83:31:af:27:bd:52:12:c4:fb:d0:83:7d:74:c6:
         92:d8:04:b6:49:9e:ca:1a:c0:4d:bf:be:bb:49:f5:fc:d7:2e:
         21:f8:d8:3b:bb:a8:5b:be:7b:5c:89:9c:94:d2:e0:1c:02:0a:
         11:a5:25:45:f4:44:94:7e:78:07:14:22:c0:8f:84:0e:03:6d:
         bf:db:9c:e5:22:ff:7e:01:32:8c:f0:c7:97:c7:9c:31:11:68:
         76:1e:47:87:df:50:39:48:32:47:20:05:2e:b1:34:cd:16:f5:
         4e:09:57:6e:24:fa:5e:36:1b:71:6e:cd:99:33:85:76:5a:b9:
         51:27:30:73:a1:fa:d6:61:38:ad:72:18:86:de:3c:7e:56:24:
         17:28:a6:8e:3d:d7:89:91:fc:5e:db:6c:ab:9c:57:82:9e:8f:
         6a:98:3f:8d:19:51:99:7f:fe:97:29:0b:d3:0e:1f:d6:91:00:
         bf:b2:b5:ab:d6:f0:59:5c:3d:10:f8:b4:89:36:68:99:af:7e:
         d2:ae:f8:ba:04:9b:9f:74:88:e0:b4:f7:a0:86:f4:c4:2a:ca:
         95:40:5c:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZdD5biqDTtnuZPx3486Y2vUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZjg3OTFkYzNhYTZmZWEzMjhhNWUxMzkwY2UyNmU5ODJk
ZjM3MmQwHhcNMjUwNjA2MDYyMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWEzNzU0MjdlNzE4YzQyMDkzMWQ4NTIxZDczNWNiMmYxZDczN2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKAg/ovMRtaK/0C7jL9oZayPhMka
5yU0/HODhuFs5x5i5rRiBSqstHEfvVhXmFDBnvuk+dlb4Pgn6y9u1h7pTa8ZPmuU
nLv0F77A6VsVfTqsxw+GO54goeN3eNK4hlgtazH5x4qWt/YHg8qqw16A8bZQ1WAl
w8wEgcTZc8dHluK5aGlmY0wS3BLFPg/knhsfqUCm5xbvgLd1GFaSrIsLlbdc/6mK
KFwKNJ0jVfPIDTqZmgaBX9rE3hlbYR5DhCxs/xTwLxOAXK36t3AaLYmo05otIyqE
lEaQjxQeu4WP/4My/454xKL9vPGkxcEEPozDWZ1pbRBJo8ZmW0sISIpVOwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGmjdUJ+cYxCCTHYUh1zXLLx1zfOMB8GA1UdIwQY
MBaAFB74eR3Dqm/qMopeE5DOJumC3zctMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHZoNUhjT3FiLW95aWw0VGtNNG02WUxmTnkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lMTc4MTMtMTg0NS00ZmYyLWI5NWEt
ODMzZWU5Y2IzOTgwLzEvYWFOMVFuNXhqRUlKTWRoU0hYTmNzdkhYTjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lMTc4MTMtMTg0NS00ZmYyLWI5NWEtODMzZWU5Y2IzOTgw
LzEvSHZoNUhjT3FiLW95aWw0VGtNNG02WUxmTnkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwQWyMA8E
AgACMAkDBwAgAQZ8GBgwDQYJKoZIhvcNAQELBQADggEBAAi0rqLXYMtD0gSqjzmT
gVn/kZhso+TUUXntF4cSWLuwaAVKuR7NAFqDMa8nvVISxPvQg310xpLYBLZJnsoa
wE2/vrtJ9fzXLiH42Du7qFu+e1yJnJTS4BwCChGlJUX0RJR+eAcUIsCPhA4Dbb/b
nOUi/34BMozwx5fHnDERaHYeR4ffUDlIMkcgBS6xNM0W9U4JV24k+l42G3FuzZkz
hXZauVEnMHOh+tZhOK1yGIbePH5WJBcopo4914mR/F7bbKucV4Kej2qYP40ZUZl/
/pcpC9MOH9aRAL+ytavW8FlcPRD4tIk2aJmvftKu+LoEm590iOC096CG9MQqypVA
XLc=
-----END CERTIFICATE-----