Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/15E544iqbijbzQkYAdS47aYrD9A.roa
File:                     15E544iqbijbzQkYAdS47aYrD9A.roa (raw, json)
Hash identifier:          UqW9jr3a9GHG7Uy8FuE2NGM92ysT2U6k57t/AfdIbps=
Subject key identifier:   D7:91:39:E3:88:AA:6E:28:DB:CD:09:18:01:D4:B8:ED:A6:2B:0F:D0
Certificate issuer:       /CN=44e888a76e99851b01fb86cec537d4d8e610de16
Certificate serial:       019427B593104C549E233D3B4B48ED336862
Authority key identifier: 44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/15E544iqbijbzQkYAdS47aYrD9A.roa
Signing time:             Thu 02 Jan 2025 15:49:58 +0000
ROA not before:           Thu 02 Jan 2025 15:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60996
IP address blocks:        128.0.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:93:10:4c:54:9e:23:3d:3b:4b:48:ed:33:68:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44e888a76e99851b01fb86cec537d4d8e610de16
        Validity
            Not Before: Jan  2 15:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d79139e388aa6e28dbcd091801d4b8eda62b0fd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:45:12:bf:c6:98:13:e0:62:f5:1b:b7:c1:65:
                    c8:74:66:22:07:98:4a:8f:68:41:42:2b:f0:4f:69:
                    9b:ef:92:f9:eb:5b:36:f0:dd:d5:c3:ed:9a:da:2d:
                    dc:ce:0f:d6:99:44:95:2f:82:a0:4c:06:57:7c:29:
                    d3:f6:4f:16:f5:df:52:ec:c8:5a:d6:65:8d:cc:2e:
                    36:84:31:8e:65:e2:43:c2:6d:e5:bc:f4:e8:59:d4:
                    98:11:d3:80:fe:7e:87:10:13:3d:b1:1d:78:af:21:
                    d5:26:f2:12:3e:d7:e8:2c:04:cf:5a:9d:e9:60:9c:
                    b9:16:35:3d:e3:3d:13:41:6e:7b:0c:44:d4:17:78:
                    f4:a4:1f:9b:3c:8e:3d:ca:c4:78:6d:a9:72:85:68:
                    70:ef:f6:20:c2:6e:c6:c9:d9:f6:a6:39:54:4e:ce:
                    65:17:d0:bb:f3:21:7f:aa:a6:b2:99:82:e6:c5:b3:
                    cf:cb:00:30:55:6b:3d:14:8b:0c:91:a6:75:0d:3e:
                    ec:08:ae:e1:54:9d:e6:04:ea:ce:14:07:fd:20:f5:
                    27:41:c9:e2:06:10:f9:6b:93:ed:f6:a9:70:10:50:
                    17:1d:72:1d:09:e8:10:3a:e1:6e:3b:f6:66:1c:5f:
                    02:f0:0f:8d:b0:f2:9d:e2:e8:15:58:da:04:9f:8a:
                    c2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:91:39:E3:88:AA:6E:28:DB:CD:09:18:01:D4:B8:ED:A6:2B:0F:D0
            X509v3 Authority Key Identifier:
                keyid:44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/15E544iqbijbzQkYAdS47aYrD9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:fe:a6:e0:f1:37:3b:32:ae:43:db:79:d7:cc:92:09:b2:11:
         67:60:4d:47:84:a5:03:60:09:d4:6b:8d:03:fa:f8:19:ff:8c:
         78:5c:1f:30:fa:11:d9:21:37:e8:b9:20:5b:87:ff:3e:ae:3a:
         63:68:05:67:07:c7:af:9c:91:11:59:4a:ed:e6:48:27:07:b4:
         74:fb:86:61:a8:28:f1:0a:b4:43:ca:3c:71:68:6f:d4:7f:37:
         27:68:a6:1f:fd:38:55:65:75:9e:78:00:24:69:2c:01:68:3b:
         6e:bf:98:9f:a5:88:d4:86:a1:26:44:45:f9:d2:d9:30:6e:de:
         7e:24:3d:98:64:12:01:cc:25:1e:c3:b4:24:a7:53:e7:4d:b1:
         39:47:51:19:a0:6c:dd:c7:6d:26:f0:40:82:4f:8d:d1:76:18:
         ef:a8:c1:06:6d:ed:b4:98:26:0f:70:2e:70:c4:59:a9:39:2e:
         da:75:70:11:02:f5:ff:87:4b:48:67:5d:f0:28:73:41:4d:00:
         1f:23:34:93:64:cb:90:73:98:08:dc:19:3e:3d:dd:4c:9d:85:
         97:68:b3:71:06:8e:87:39:09:4e:ce:13:92:cf:a2:07:b1:a2:
         5f:f9:18:ad:01:51:d2:21:cd:1c:2c:f2:c2:bf:57:14:cf:4e:
         a5:cf:b4:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntZMQTFSeIz07S0jtM2hiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZTg4OGE3NmU5OTg1MWIwMWZiODZjZWM1MzdkNGQ4ZTYx
MGRlMTYwHhcNMjUwMTAyMTU0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzkxMzllMzg4YWE2ZTI4ZGJjZDA5MTgwMWQ0YjhlZGE2MmIwZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0USv8aYE+Bi9Ru3wWXIdGYiB5hK
j2hBQivwT2mb75L561s28N3Vw+2a2i3czg/WmUSVL4KgTAZXfCnT9k8W9d9S7Mha
1mWNzC42hDGOZeJDwm3lvPToWdSYEdOA/n6HEBM9sR14ryHVJvISPtfoLATPWp3p
YJy5FjU94z0TQW57DETUF3j0pB+bPI49ysR4balyhWhw7/Ygwm7Gydn2pjlUTs5l
F9C78yF/qqaymYLmxbPPywAwVWs9FIsMkaZ1DT7sCK7hVJ3mBOrOFAf9IPUnQcni
BhD5a5Pt9qlwEFAXHXIdCegQOuFuO/ZmHF8C8A+NsPKd4ugVWNoEn4rCuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNeROeOIqm4o280JGAHUuO2mKw/QMB8GA1UdIwQY
MBaAFEToiKdumYUbAfuGzsU31NjmEN4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUt
YmMwZGJhOTMyYjM1LzEvMTVFNTQ0aXFiaWpielFrWUFkUzQ3YVlyRDlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUtYmMwZGJhOTMyYjM1
LzEvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgAA4MA0G
CSqGSIb3DQEBCwUAA4IBAQCY/qbg8Tc7Mq5D23nXzJIJshFnYE1HhKUDYAnUa40D
+vgZ/4x4XB8w+hHZITfouSBbh/8+rjpjaAVnB8evnJERWUrt5kgnB7R0+4ZhqCjx
CrRDyjxxaG/UfzcnaKYf/ThVZXWeeAAkaSwBaDtuv5ifpYjUhqEmREX50tkwbt5+
JD2YZBIBzCUew7Qkp1PnTbE5R1EZoGzdx20m8ECCT43RdhjvqMEGbe20mCYPcC5w
xFmpOS7adXARAvX/h0tIZ13wKHNBTQAfIzSTZMuQc5gI3Bk+Pd1MnYWXaLNxBo6H
OQlOzhOSz6IHsaJf+RitAVHSIc0cLPLCv1cUz06lz7Su
-----END CERTIFICATE-----