Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/qjLDoZZ2r8Ejj-B1h-p33wShS3I.roa
File:                     qjLDoZZ2r8Ejj-B1h-p33wShS3I.roa (raw, json)
Hash identifier:          xORdIInsPZCisZI4VA2gawexPnESY6xnP15CmInP8bw=
Subject key identifier:   AA:32:C3:A1:96:76:AF:C1:23:8F:E0:75:87:EA:77:DF:04:A1:4B:72
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       0195AED8AACC8240A417D08A3F76F6F6D560
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/qjLDoZZ2r8Ejj-B1h-p33wShS3I.roa
Signing time:             Wed 19 Mar 2025 14:39:49 +0000
ROA not before:           Wed 19 Mar 2025 14:39:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215287
IP address blocks:        84.55.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ae:d8:aa:cc:82:40:a4:17:d0:8a:3f:76:f6:f6:d5:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Mar 19 14:39:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa32c3a19676afc1238fe07587ea77df04a14b72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d8:a3:00:7c:16:ee:2c:92:2e:52:cd:76:4f:
                    dc:63:07:79:48:53:b0:c3:67:9e:7a:1f:3c:da:34:
                    94:1e:10:19:c0:73:2f:46:b6:9d:07:31:72:2c:1f:
                    24:0d:7f:4a:b7:ee:5d:86:2e:c8:2b:a8:b6:31:d1:
                    08:03:0b:6e:fa:bb:a0:f8:52:08:bc:51:17:81:ad:
                    bc:c7:06:20:7a:09:7e:2a:aa:91:f8:7d:0b:97:8b:
                    8a:28:88:eb:00:68:48:75:15:08:37:cb:1e:1a:7e:
                    a8:b0:67:ca:4b:f5:7f:c1:b6:5c:65:ec:08:5d:4e:
                    a4:7d:75:50:9b:76:75:14:f4:75:3a:5c:7b:75:5a:
                    27:85:d0:0a:80:f8:10:0c:1c:22:53:10:05:00:4b:
                    b4:5f:69:b8:a7:88:23:51:54:51:ef:94:7d:3f:c9:
                    bc:22:50:99:58:82:91:05:26:06:2d:af:2d:2c:d5:
                    d1:aa:87:e5:d5:84:5e:50:2a:c5:97:9c:e4:e8:df:
                    9c:12:12:bc:76:3c:88:5c:06:ed:2b:c9:d4:65:dc:
                    9e:f9:6e:3e:e7:59:5e:14:55:c4:81:62:1c:34:41:
                    87:b5:a1:6b:84:c0:63:f5:64:af:bd:38:80:17:5a:
                    70:8d:ae:be:cf:5a:8b:c8:42:86:35:74:36:9e:46:
                    0e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:32:C3:A1:96:76:AF:C1:23:8F:E0:75:87:EA:77:DF:04:A1:4B:72
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/qjLDoZZ2r8Ejj-B1h-p33wShS3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.55.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:44:73:4a:b0:25:e9:f5:79:19:da:40:63:a3:37:35:b2:19:
         d2:80:b7:bb:50:cc:33:5a:e8:c6:2e:fe:26:9c:1a:a3:75:cb:
         b8:4d:07:89:f5:e9:f3:81:ec:22:58:23:c8:27:37:54:f9:d0:
         8b:09:e2:50:82:ae:90:d5:4f:4f:9b:86:a2:59:2e:78:d3:57:
         02:8e:13:f1:47:18:66:b8:43:c8:cc:84:22:b0:b3:7c:0d:e9:
         0a:01:b5:24:9e:b0:c2:d2:67:fd:9a:bd:43:f9:30:8c:0b:35:
         03:8f:70:a7:a0:0f:c6:23:dd:23:d2:ae:6b:d0:63:cb:b1:4d:
         b0:ef:d0:21:54:6a:53:04:55:50:77:37:f4:b8:cb:63:33:d1:
         c2:a1:ee:8c:07:6b:d6:12:37:6d:3d:eb:a0:6a:c3:63:b7:ea:
         87:46:17:57:87:b1:d7:60:60:ea:6c:37:86:0a:0e:0c:f9:f5:
         17:ec:ec:73:40:06:3f:2f:f5:d1:b2:78:b2:4d:23:8c:34:c0:
         a7:16:63:e8:49:3d:f7:ee:6c:3f:46:fb:88:04:da:f6:61:b4:
         09:25:bd:2d:c1:09:ca:c3:05:fd:f0:02:72:af:fd:e7:e4:2d:
         df:df:23:de:d4:f8:12:a1:87:a2:26:6f:96:00:ea:a4:f5:12:
         1b:da:63:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWu2KrMgkCkF9CKP3b29tVgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwMzE5MTQzOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTMyYzNhMTk2NzZhZmMxMjM4ZmUwNzU4N2VhNzdkZjA0YTE0YjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNijAHwW7iySLlLNdk/cYwd5SFOw
w2eeeh882jSUHhAZwHMvRradBzFyLB8kDX9Kt+5dhi7IK6i2MdEIAwtu+rug+FII
vFEXga28xwYgegl+KqqR+H0Ll4uKKIjrAGhIdRUIN8seGn6osGfKS/V/wbZcZewI
XU6kfXVQm3Z1FPR1Olx7dVonhdAKgPgQDBwiUxAFAEu0X2m4p4gjUVRR75R9P8m8
IlCZWIKRBSYGLa8tLNXRqofl1YReUCrFl5zk6N+cEhK8djyIXAbtK8nUZdye+W4+
51leFFXEgWIcNEGHtaFrhMBj9WSvvTiAF1pwja6+z1qLyEKGNXQ2nkYOSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoyw6GWdq/BI4/gdYfqd98EoUtyMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvcWpMRG9aWjJyOEVqai1CMWgtcDMzd1NoUzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVDcLMA0G
CSqGSIb3DQEBCwUAA4IBAQBSRHNKsCXp9XkZ2kBjozc1shnSgLe7UMwzWujGLv4m
nBqjdcu4TQeJ9enzgewiWCPIJzdU+dCLCeJQgq6Q1U9Pm4aiWS5401cCjhPxRxhm
uEPIzIQisLN8DekKAbUknrDC0mf9mr1D+TCMCzUDj3CnoA/GI90j0q5r0GPLsU2w
79AhVGpTBFVQdzf0uMtjM9HCoe6MB2vWEjdtPeugasNjt+qHRhdXh7HXYGDqbDeG
Cg4M+fUX7OxzQAY/L/XRsniyTSOMNMCnFmPoST337mw/RvuIBNr2YbQJJb0twQnK
wwX98AJyr/3n5C3f3yPe1PgSoYeiJm+WAOqk9RIb2mP4
-----END CERTIFICATE-----