Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/aUwME-OEW2tfuy8IUz8xO9RJ9VA.roa
File:                     aUwME-OEW2tfuy8IUz8xO9RJ9VA.roa (raw, json)
Hash identifier:          TJpr115B55iHu7xXQQMd6VR9p+/zOYhE8FX2JwI2PiU=
Subject key identifier:   69:4C:0C:13:E3:84:5B:6B:5F:BB:2F:08:53:3F:31:3B:D4:49:F5:50
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019425222B364949BC6AAA0855B4B9EB43AD
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/aUwME-OEW2tfuy8IUz8xO9RJ9VA.roa
Signing time:             Thu 02 Jan 2025 03:49:43 +0000
ROA not before:           Thu 02 Jan 2025 03:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42689
IP address blocks:        84.55.12.0/24 maxlen: 24
                          84.55.13.0/24 maxlen: 24
                          84.55.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:2b:36:49:49:bc:6a:aa:08:55:b4:b9:eb:43:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Jan  2 03:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=694c0c13e3845b6b5fbb2f08533f313bd449f550
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:cc:69:72:4d:83:e7:9d:18:d1:2d:42:f2:eb:
                    5a:bb:0b:2b:eb:76:e4:53:3e:b4:2a:f8:60:01:7a:
                    93:be:36:90:c9:47:f2:b8:ab:3e:5c:25:b9:40:aa:
                    0e:45:ad:47:74:fa:90:0e:04:48:c5:59:4c:92:f9:
                    fd:68:5d:94:7c:0e:49:2a:15:07:1f:9e:0e:0b:1c:
                    c5:27:74:27:2d:51:2b:5c:16:99:21:56:35:7f:f3:
                    ee:0c:5b:ed:e2:2d:b0:18:dd:bc:57:d9:9c:3c:89:
                    5b:2e:1c:99:e9:92:3b:56:43:e6:be:92:03:8a:9d:
                    57:22:f5:0b:e2:06:87:00:f4:90:43:5b:57:80:60:
                    02:95:c9:c6:64:52:59:71:0f:6c:96:02:98:ae:c6:
                    d4:fb:67:87:b3:24:9d:5b:f3:5b:de:51:a0:fa:a2:
                    58:31:c1:f2:41:32:ca:22:8d:33:6b:b0:e7:75:45:
                    b2:5e:66:08:a5:de:37:fd:5d:f0:57:40:03:2d:18:
                    c2:59:cb:38:0a:3a:7e:f6:57:7e:2e:de:ff:dc:ba:
                    e3:4f:7d:ee:8a:ed:ab:c0:bf:14:7c:a1:58:44:bf:
                    ea:cb:18:85:35:f3:94:f8:36:72:73:2b:68:9e:77:
                    a4:5c:2c:12:89:8a:34:0e:ac:1b:7f:7f:8c:c6:ef:
                    ab:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:4C:0C:13:E3:84:5B:6B:5F:BB:2F:08:53:3F:31:3B:D4:49:F5:50
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/aUwME-OEW2tfuy8IUz8xO9RJ9VA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.55.12.0/23
                  84.55.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:81:17:0e:8e:e5:6b:46:d4:6b:8c:96:6d:85:5d:fb:c1:75:
         2f:7d:a6:58:5b:4f:a4:87:a2:98:94:65:c3:5a:7e:c8:6b:62:
         23:91:01:1e:2b:77:e6:5c:00:23:6d:2b:8a:f3:51:ec:67:9b:
         65:61:29:c7:c4:99:16:32:73:bc:7f:49:25:0e:d1:2b:bc:f9:
         52:3e:ec:01:aa:69:a4:e7:aa:40:69:9e:19:b0:d8:85:07:e7:
         53:cb:4b:65:50:0c:13:d1:8c:ce:1d:8e:27:e2:a4:ba:5b:2a:
         01:36:ef:7e:c7:63:f5:0a:79:8a:d8:a3:40:cc:9f:c2:59:94:
         ef:e3:7b:6e:70:00:60:ba:07:e4:a4:fa:c9:34:23:76:36:ae:
         bc:0d:07:87:c4:2e:c8:dd:97:30:3a:6f:de:be:4f:7b:5c:e6:
         90:0c:0d:2b:7d:ab:65:a2:41:c8:a7:45:2d:48:8c:76:1b:91:
         94:ad:70:0c:08:fd:72:4e:84:93:83:8f:8f:d5:8e:8e:8f:a8:
         bb:d0:f4:54:97:a3:9a:61:72:82:91:30:87:b2:48:3f:90:56:
         b6:1f:07:4f:35:0b:a3:d7:3c:08:1f:6a:6a:be:27:21:10:ba:
         c8:ea:86:75:a2:99:93:7b:ae:63:e7:f8:52:1a:35:2e:24:ef:
         90:76:bc:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIis2SUm8aqoIVbS560OtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwMTAyMDM0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTRjMGMxM2UzODQ1YjZiNWZiYjJmMDg1MzNmMzEzYmQ0NDlmNTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMxpck2D550Y0S1C8utauwsr63bk
Uz60KvhgAXqTvjaQyUfyuKs+XCW5QKoORa1HdPqQDgRIxVlMkvn9aF2UfA5JKhUH
H54OCxzFJ3QnLVErXBaZIVY1f/PuDFvt4i2wGN28V9mcPIlbLhyZ6ZI7VkPmvpID
ip1XIvUL4gaHAPSQQ1tXgGAClcnGZFJZcQ9slgKYrsbU+2eHsySdW/Nb3lGg+qJY
McHyQTLKIo0za7DndUWyXmYIpd43/V3wV0ADLRjCWcs4Cjp+9ld+Lt7/3LrjT33u
iu2rwL8UfKFYRL/qyxiFNfOU+DZycytonnekXCwSiYo0Dqwbf3+Mxu+rTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGlMDBPjhFtrX7svCFM/MTvUSfVQMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvYVV3TUUtT0VXMnRmdXk4SVV6OHhPOVJKOVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVDcMAwQA
VDcUMA0GCSqGSIb3DQEBCwUAA4IBAQCYgRcOjuVrRtRrjJZthV37wXUvfaZYW0+k
h6KYlGXDWn7Ia2IjkQEeK3fmXAAjbSuK81HsZ5tlYSnHxJkWMnO8f0klDtErvPlS
PuwBqmmk56pAaZ4ZsNiFB+dTy0tlUAwT0YzOHY4n4qS6WyoBNu9+x2P1CnmK2KNA
zJ/CWZTv43tucABgugfkpPrJNCN2Nq68DQeHxC7I3ZcwOm/evk97XOaQDA0rfatl
okHIp0UtSIx2G5GUrXAMCP1yToSTg4+P1Y6Oj6i70PRUl6OaYXKCkTCHskg/kFa2
HwdPNQuj1zwIH2pqvichELrI6oZ1opmTe65j5/hSGjUuJO+Qdrwu
-----END CERTIFICATE-----