Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/GnpXllFnavAmEq5NxCew5FbUJHI.roa
File:                     GnpXllFnavAmEq5NxCew5FbUJHI.roa (raw, json)
Hash identifier:          UrAOMyeUWJbJMwCGhOZ8xTwTpTiZsyt257TfGcy1E8E=
Subject key identifier:   1A:7A:57:96:51:67:6A:F0:26:12:AE:4D:C4:27:B0:E4:56:D4:24:72
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       0194252229E2DDEF18C16665D58410B13B7D
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/GnpXllFnavAmEq5NxCew5FbUJHI.roa
Signing time:             Thu 02 Jan 2025 03:49:43 +0000
ROA not before:           Thu 02 Jan 2025 03:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        84.55.14.0/24 maxlen: 24
                          84.55.15.0/24 maxlen: 24
                          84.55.16.0/24 maxlen: 24
                          84.55.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 13:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:29:e2:dd:ef:18:c1:66:65:d5:84:10:b1:3b:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Jan  2 03:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a7a579651676af02612ae4dc427b0e456d42472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c7:c3:f5:bf:4e:4e:f8:65:93:02:01:59:3d:
                    e2:6c:47:83:a5:d3:81:73:86:be:68:3c:b4:c9:f6:
                    81:52:e5:e4:32:39:e8:59:bd:9b:db:d8:05:12:ea:
                    b3:c6:15:8c:62:4b:cc:b3:77:91:5c:5f:d3:aa:11:
                    8a:00:e3:7b:df:80:92:06:bb:5a:31:87:33:3f:5c:
                    86:a1:41:a6:0b:8a:8f:e3:af:73:bf:11:8e:ee:78:
                    ad:0e:5b:a4:49:00:32:76:85:3e:b7:b9:58:c3:f0:
                    6f:31:09:16:e4:6c:24:6b:e3:6c:a3:9d:34:d8:47:
                    21:fb:63:3d:40:54:9e:54:2f:00:32:65:6a:ce:86:
                    7a:af:62:48:1b:c8:29:99:c9:2e:c7:27:b7:7d:d2:
                    67:9f:16:24:df:c3:2d:1d:c7:2d:e8:22:2b:36:d3:
                    64:91:3a:8a:89:34:ad:aa:56:f6:10:ee:c6:6e:98:
                    8a:c2:11:4d:57:39:fa:f3:b5:2d:8a:2c:20:92:8a:
                    6a:e8:07:35:75:af:5c:34:22:8e:93:0c:4f:c2:5e:
                    d4:0a:28:a4:e2:9a:46:c9:84:f5:ba:a9:6f:8d:f7:
                    98:bf:92:30:0a:b3:e0:4a:f0:ec:50:cf:cf:6f:30:
                    dd:85:19:f3:c5:99:fe:cb:b3:15:05:07:b0:73:ff:
                    43:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:7A:57:96:51:67:6A:F0:26:12:AE:4D:C4:27:B0:E4:56:D4:24:72
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/GnpXllFnavAmEq5NxCew5FbUJHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.55.14.0-84.55.16.255
                  84.55.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:46:bb:4f:80:d3:06:fc:35:2d:aa:fb:36:c8:e8:35:18:36:
         97:b6:f6:e7:f8:a7:e2:5e:9c:0e:45:a0:06:e4:cb:21:31:57:
         b2:02:29:d5:cd:d2:b4:91:ed:75:58:8f:b9:ca:1c:2a:8b:32:
         75:fc:f8:f0:cf:13:3a:19:f3:60:9c:de:98:24:42:fb:46:9a:
         7e:b1:c4:eb:8c:ab:7c:ef:09:9d:0e:4c:2c:4f:17:30:bd:b1:
         90:46:f8:97:ef:84:fa:17:10:f2:13:e9:d6:33:a4:1a:3f:30:
         28:45:02:09:74:14:00:d2:7b:8b:33:4b:10:7b:a1:d6:1f:6e:
         8d:46:f6:f7:2d:de:b0:ec:ab:e3:15:92:44:47:ed:7d:c9:c7:
         08:07:19:37:d8:d2:cb:7c:aa:6d:1f:47:68:7a:67:ee:76:08:
         6e:86:88:bb:79:eb:71:11:4e:eb:46:00:75:5f:e1:25:5e:57:
         5d:f5:0b:f4:ca:9f:89:3a:75:f5:40:c2:48:50:15:91:16:82:
         0b:41:fd:cb:ee:b8:24:06:ec:ef:3e:d8:85:02:f7:b4:7d:28:
         bc:20:49:d7:30:e0:ab:72:da:b1:40:f8:4f:d5:4d:46:8f:cd:
         35:26:49:bd:19:3e:fb:b6:a6:7d:3d:0b:67:8d:b9:39:b5:84:
         e3:dd:0a:e1
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQlIini3e8YwWZl1YQQsTt9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwMTAyMDM0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTdhNTc5NjUxNjc2YWYwMjYxMmFlNGRjNDI3YjBlNDU2ZDQyNDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8fD9b9OTvhlkwIBWT3ibEeDpdOB
c4a+aDy0yfaBUuXkMjnoWb2b29gFEuqzxhWMYkvMs3eRXF/TqhGKAON734CSBrta
MYczP1yGoUGmC4qP469zvxGO7nitDlukSQAydoU+t7lYw/BvMQkW5Gwka+Nso500
2Ech+2M9QFSeVC8AMmVqzoZ6r2JIG8gpmckuxye3fdJnnxYk38MtHcct6CIrNtNk
kTqKiTStqlb2EO7GbpiKwhFNVzn687Utiiwgkopq6Ac1da9cNCKOkwxPwl7UCiik
4ppGyYT1uqlvjfeYv5IwCrPgSvDsUM/PbzDdhRnzxZn+y7MVBQewc/9DRQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBp6V5ZRZ2rwJhKuTcQnsORW1CRyMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvR25wWGxsRm5hdkFtRXE1TnhDZXc1RmJVSkhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAFUNw4D
BABUNxADBABUNxUwDQYJKoZIhvcNAQELBQADggEBAC5Gu0+A0wb8NS2q+zbI6DUY
Npe29uf4p+JenA5FoAbkyyExV7ICKdXN0rSR7XVYj7nKHCqLMnX8+PDPEzoZ82Cc
3pgkQvtGmn6xxOuMq3zvCZ0OTCxPFzC9sZBG+JfvhPoXEPIT6dYzpBo/MChFAgl0
FADSe4szSxB7odYfbo1G9vct3rDsq+MVkkRH7X3JxwgHGTfY0st8qm0fR2h6Z+52
CG6GiLt563ERTutGAHVf4SVeV131C/TKn4k6dfVAwkhQFZEWggtB/cvuuCQG7O8+
2IUC97R9KLwgSdcw4Kty2rFA+E/VTUaPzTUmSb0ZPvu2pn09C2eNuTm1hOPdCuE=
-----END CERTIFICATE-----