Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/aNo1lorx6tVQ1LtbDZZYpwG98bI.roa
File:                     aNo1lorx6tVQ1LtbDZZYpwG98bI.roa (raw, json)
Hash identifier:          M/dPr78yQy8Oq7tst5W5cmGPYp+8hAOwwdyPVs5Qgpw=
Subject key identifier:   68:DA:35:96:8A:F1:EA:D5:50:D4:BB:5B:0D:96:58:A7:01:BD:F1:B2
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       019670E4952D7EBD7F7EDFD4DA0C16A0F712
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/aNo1lorx6tVQ1LtbDZZYpwG98bI.roa
Signing time:             Sat 26 Apr 2025 06:59:10 +0000
ROA not before:           Sat 26 Apr 2025 06:59:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197537
IP address blocks:        144.56.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:70:e4:95:2d:7e:bd:7f:7e:df:d4:da:0c:16:a0:f7:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Apr 26 06:59:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68da35968af1ead550d4bb5b0d9658a701bdf1b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:12:cb:6b:5f:b8:52:f6:7c:af:eb:59:2d:7c:
                    13:e5:da:89:0a:d2:44:4e:17:93:b7:c7:10:0b:ef:
                    77:a0:fe:f1:43:b5:9a:f7:7d:2f:3a:5a:58:9d:d5:
                    6c:66:3f:97:0c:ca:ec:fe:70:df:39:ef:8f:ba:b5:
                    69:3f:24:9b:cb:61:d6:3e:95:c1:7f:9d:29:88:a0:
                    2c:05:01:8a:83:2f:57:30:61:bd:02:28:c5:20:44:
                    43:d4:70:a1:b4:14:82:ba:51:72:66:19:36:6e:7c:
                    b9:b0:f5:d3:2c:10:37:c6:c9:2b:dc:82:9e:0b:0c:
                    9a:54:a9:2e:6b:7f:df:df:60:65:d1:83:2a:52:57:
                    bf:17:77:11:04:27:d3:53:cb:9d:39:20:fa:91:b3:
                    0e:82:a1:74:f0:d9:ff:18:28:b1:94:0c:cf:47:16:
                    b1:aa:79:1d:3b:45:13:13:86:e5:1e:ce:9b:4c:58:
                    89:65:f6:9d:6d:54:83:ee:9a:70:41:d3:be:5f:30:
                    09:ad:63:fe:1f:51:1b:87:96:97:cd:47:00:55:ca:
                    f1:e3:5e:e5:99:e2:f8:2a:a3:ab:43:f1:ec:6c:94:
                    22:8f:60:f3:1b:61:a8:c1:ab:d4:aa:a3:ff:79:74:
                    3f:03:54:ca:0d:24:4e:ac:e4:a1:63:80:35:35:14:
                    89:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DA:35:96:8A:F1:EA:D5:50:D4:BB:5B:0D:96:58:A7:01:BD:F1:B2
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/aNo1lorx6tVQ1LtbDZZYpwG98bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:da:57:27:12:fd:80:c0:a0:a3:3a:d2:4e:1b:10:f1:14:45:
         1b:7f:ed:7a:95:05:23:53:70:75:aa:1d:a7:89:32:90:6b:d4:
         62:e1:b3:75:72:67:34:03:f0:49:78:bf:c9:c8:95:be:74:70:
         91:cf:1e:1c:58:cb:7a:7e:c9:b1:37:9f:74:7e:92:a2:25:0c:
         e3:84:cf:cc:76:49:aa:a6:f2:ba:3a:8b:3f:cb:1d:5a:f6:96:
         2b:62:31:82:79:5a:a4:48:64:f2:62:99:aa:cd:62:5b:eb:fd:
         27:d1:fc:d7:e1:ce:f7:2d:eb:8b:ef:b3:b3:3f:74:0b:82:5c:
         f3:cf:7e:96:fe:7d:95:22:5f:c7:06:60:c9:24:a2:d0:5a:b1:
         f0:c7:98:c1:aa:f9:33:07:a2:4f:1c:3b:d9:4e:a0:ac:a2:18:
         84:39:f4:6b:e0:46:17:6f:70:86:96:b7:a9:a2:24:69:ed:b1:
         c2:59:38:04:5a:0f:65:3f:41:cf:9c:4f:ae:c3:2f:7a:2e:05:
         6b:4f:41:02:51:bd:49:6b:d6:f1:ba:01:b3:c9:16:11:05:b2:
         09:4d:eb:3d:c7:8f:e9:75:c3:ac:1b:b0:7a:0d:e0:73:f2:8d:
         ed:42:41:ca:a3:c6:c8:a8:ff:70:5d:96:41:c3:ac:2c:f4:0e:
         3e:6f:83:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZw5JUtfr1/ft/U2gwWoPcSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUwNDI2MDY1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRhMzU5NjhhZjFlYWQ1NTBkNGJiNWIwZDk2NThhNzAxYmRmMWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hLLa1+4UvZ8r+tZLXwT5dqJCtJE
TheTt8cQC+93oP7xQ7Wa930vOlpYndVsZj+XDMrs/nDfOe+PurVpPySby2HWPpXB
f50piKAsBQGKgy9XMGG9AijFIERD1HChtBSCulFyZhk2bny5sPXTLBA3xskr3IKe
CwyaVKkua3/f32Bl0YMqUle/F3cRBCfTU8udOSD6kbMOgqF08Nn/GCixlAzPRxax
qnkdO0UTE4blHs6bTFiJZfadbVSD7ppwQdO+XzAJrWP+H1Ebh5aXzUcAVcrx417l
meL4KqOrQ/HsbJQij2DzG2GowavUqqP/eXQ/A1TKDSROrOShY4A1NRSJoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjaNZaK8erVUNS7Ww2WWKcBvfGyMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvYU5vMWxvcng2dFZRMUx0YkRaWllwd0c5OGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDgVMA0G
CSqGSIb3DQEBCwUAA4IBAQAA2lcnEv2AwKCjOtJOGxDxFEUbf+16lQUjU3B1qh2n
iTKQa9Ri4bN1cmc0A/BJeL/JyJW+dHCRzx4cWMt6fsmxN590fpKiJQzjhM/Mdkmq
pvK6Oos/yx1a9pYrYjGCeVqkSGTyYpmqzWJb6/0n0fzX4c73LeuL77OzP3QLglzz
z36W/n2VIl/HBmDJJKLQWrHwx5jBqvkzB6JPHDvZTqCsohiEOfRr4EYXb3CGlrep
oiRp7bHCWTgEWg9lP0HPnE+uwy96LgVrT0ECUb1Ja9bxugGzyRYRBbIJTes9x4/p
dcOsG7B6DeBz8o3tQkHKo8bIqP9wXZZBw6ws9A4+b4MG
-----END CERTIFICATE-----