Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/lOXttIBfThT0VgY7ljjG4tEpJ7Y.roa
File:                     lOXttIBfThT0VgY7ljjG4tEpJ7Y.roa (raw, json)
Hash identifier:          fiZK9BjaPjO7qpd4ZBMfJGJpGVtukLbE3FtVCjB2QWI=
Subject key identifier:   94:E5:ED:B4:80:5F:4E:14:F4:56:06:3B:96:38:C6:E2:D1:29:27:B6
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01955AD0117BC9291FDA79D659D36627493C
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/lOXttIBfThT0VgY7ljjG4tEpJ7Y.roa
Signing time:             Mon 03 Mar 2025 07:02:20 +0000
ROA not before:           Mon 03 Mar 2025 07:02:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212388
IP address blocks:        176.57.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5a:d0:11:7b:c9:29:1f:da:79:d6:59:d3:66:27:49:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Mar  3 07:02:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94e5edb4805f4e14f456063b9638c6e2d12927b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:54:79:45:18:cb:14:91:cc:52:a4:26:8d:53:
                    27:7d:2c:8a:14:8e:2c:78:4e:82:7b:ed:49:6f:f3:
                    e4:38:b8:11:50:6b:09:e1:5d:18:98:ee:72:58:13:
                    64:a0:5f:37:36:cf:0a:14:d9:ed:f9:bc:9d:70:a1:
                    63:ef:e0:dd:72:da:11:96:57:28:c2:25:40:41:02:
                    3e:ef:70:ea:2a:30:52:fc:20:78:75:e8:ce:ed:cd:
                    3f:2e:05:5f:da:be:eb:30:96:08:dd:9c:48:26:44:
                    37:be:74:60:1b:a0:be:70:ed:0e:bd:7e:fc:62:25:
                    93:d6:dd:75:2e:22:e0:26:6f:ba:fe:b6:e4:8a:97:
                    07:62:2c:ab:98:cc:a3:f9:d0:36:ca:6d:77:1b:73:
                    ff:20:db:05:ed:08:e4:39:16:48:66:80:8f:cf:28:
                    95:a1:e8:5a:7d:19:60:ee:42:fe:42:63:e3:21:be:
                    47:b9:1a:83:8f:ae:23:18:8f:f9:6c:24:32:40:20:
                    81:a5:ce:5f:b4:b0:d9:e5:7f:f6:c8:5c:64:8c:68:
                    8f:c1:a1:44:a6:9f:ed:e9:bf:50:4f:16:47:9e:4d:
                    87:fa:8d:2c:b2:c5:f6:b0:ef:b5:74:01:30:39:5f:
                    fb:f9:66:40:a4:21:86:07:e2:9b:e8:95:54:15:6e:
                    20:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:E5:ED:B4:80:5F:4E:14:F4:56:06:3B:96:38:C6:E2:D1:29:27:B6
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/lOXttIBfThT0VgY7ljjG4tEpJ7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:50:a7:bc:a2:44:06:53:df:15:45:15:69:d4:74:42:b0:bb:
         32:a0:9e:5a:88:d3:e7:3d:9b:4a:d2:a1:45:89:61:86:58:a9:
         27:ab:98:c2:ff:5f:87:60:de:20:0c:2b:b3:f8:ec:29:1b:29:
         8a:07:b1:d5:72:3f:fa:d8:82:9c:f8:aa:91:5a:3f:45:f0:95:
         2e:11:b3:75:f7:c8:a3:81:a0:90:cb:ed:77:a5:1d:5c:26:2d:
         0e:cb:c5:e8:36:28:2c:8a:18:b0:9f:73:a3:9d:c5:76:59:ca:
         44:3c:21:18:0a:12:e5:4d:68:a5:f4:f3:81:61:44:7d:db:5f:
         62:fa:18:24:a3:51:44:95:ce:cf:ae:bf:c0:58:0e:4c:c2:a2:
         b8:21:48:45:ed:e9:a4:71:ba:38:2a:3c:99:d5:6d:bf:ed:c8:
         09:f4:1e:82:06:6f:ec:6a:bb:e9:b7:a4:2c:1e:da:fe:63:ad:
         82:ad:2c:a2:29:c5:ad:3e:1c:5e:85:82:d9:f3:b1:42:54:e5:
         8a:6f:d8:69:cb:94:1e:c3:d3:a9:5c:20:52:d7:a6:70:77:71:
         dc:10:9d:6f:f6:ff:f6:ec:7a:50:19:8b:2e:fb:1f:16:57:d4:
         82:19:19:ca:b1:f9:8b:4c:d0:01:96:65:d5:27:bc:4c:01:ff:
         a0:47:ca:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVa0BF7ySkf2nnWWdNmJ0k8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjUwMzAzMDcwMjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGU1ZWRiNDgwNWY0ZTE0ZjQ1NjA2M2I5NjM4YzZlMmQxMjkyN2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlR5RRjLFJHMUqQmjVMnfSyKFI4s
eE6Ce+1Jb/PkOLgRUGsJ4V0YmO5yWBNkoF83Ns8KFNnt+bydcKFj7+DdctoRllco
wiVAQQI+73DqKjBS/CB4dejO7c0/LgVf2r7rMJYI3ZxIJkQ3vnRgG6C+cO0OvX78
YiWT1t11LiLgJm+6/rbkipcHYiyrmMyj+dA2ym13G3P/INsF7QjkORZIZoCPzyiV
oehafRlg7kL+QmPjIb5HuRqDj64jGI/5bCQyQCCBpc5ftLDZ5X/2yFxkjGiPwaFE
pp/t6b9QTxZHnk2H+o0sssX2sO+1dAEwOV/7+WZApCGGB+Kb6JVUFW4g5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTl7bSAX04U9FYGO5Y4xuLRKSe2MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvbE9YdHRJQmZUaFQwVmdZN2xqakc0dEVwSjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDk5MA0G
CSqGSIb3DQEBCwUAA4IBAQAAUKe8okQGU98VRRVp1HRCsLsyoJ5aiNPnPZtK0qFF
iWGGWKknq5jC/1+HYN4gDCuz+OwpGymKB7HVcj/62IKc+KqRWj9F8JUuEbN198ij
gaCQy+13pR1cJi0Oy8XoNigsihiwn3OjncV2WcpEPCEYChLlTWil9POBYUR9219i
+hgko1FElc7Prr/AWA5MwqK4IUhF7emkcbo4KjyZ1W2/7cgJ9B6CBm/sarvpt6Qs
Htr+Y62CrSyiKcWtPhxehYLZ87FCVOWKb9hpy5Qew9OpXCBS16Zwd3HcEJ1v9v/2
7HpQGYsu+x8WV9SCGRnKsfmLTNABlmXVJ7xMAf+gR8r8
-----END CERTIFICATE-----