Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/nN14ybWzIvQiHRDqtTsLv6RL6MQ.roa
File:                     nN14ybWzIvQiHRDqtTsLv6RL6MQ.roa (raw, json)
Hash identifier:          dTL413bt+UUDMC8PnoBeSRaaCwqZujhseKRGe3kky/c=
Subject key identifier:   9C:DD:78:C9:B5:B3:22:F4:22:1D:10:EA:B5:3B:0B:BF:A4:4B:E8:C4
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       01975A5BC10A8687B5ECEA8E922ACCC96B57
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/nN14ybWzIvQiHRDqtTsLv6RL6MQ.roa
Signing time:             Tue 10 Jun 2025 15:00:52 +0000
ROA not before:           Tue 10 Jun 2025 15:00:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9229
IP address blocks:        144.56.50.0/24 maxlen: 24
                          144.56.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5a:5b:c1:0a:86:87:b5:ec:ea:8e:92:2a:cc:c9:6b:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Jun 10 15:00:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cdd78c9b5b322f4221d10eab53b0bbfa44be8c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:9b:8b:d1:11:39:df:07:4b:af:ac:d6:53:91:
                    9c:c6:f6:80:01:79:8d:8a:8b:ec:5e:9f:41:0d:47:
                    ee:8a:01:bd:69:fe:d6:fe:72:00:5f:a2:a9:6c:b7:
                    d5:f0:c9:80:ea:00:9b:3e:91:3b:b1:b2:a1:6c:8b:
                    5f:6f:d9:4f:12:2c:62:94:07:b0:f6:cf:f0:18:01:
                    4a:7d:a0:14:e5:f2:10:a7:5a:eb:71:ad:44:57:96:
                    d8:00:0d:2c:cf:78:eb:78:60:5a:5e:37:b9:b0:72:
                    f1:6b:e6:0a:ca:3c:ab:6c:f1:92:8c:96:d9:a6:31:
                    dd:47:62:b8:6c:d8:60:29:4e:bf:17:d6:be:84:cf:
                    2e:a6:1b:80:22:86:e2:a8:e6:3c:e1:49:2c:a8:b6:
                    13:a8:f0:de:c7:c1:4c:97:02:03:ff:e6:71:e9:ff:
                    5e:1b:1a:5f:54:fd:da:bb:e2:bf:ce:ad:25:51:89:
                    a9:e6:58:1a:e4:3e:04:03:5c:01:ec:42:5c:40:c9:
                    1d:bd:8a:06:bb:d3:a2:4b:c7:bf:a9:c6:aa:c0:51:
                    2b:55:f5:72:e1:c3:8a:9c:cb:95:b4:ce:76:f2:26:
                    a2:37:0a:7d:06:10:02:90:bf:20:a0:08:93:36:4c:
                    a4:23:4d:a8:18:6f:69:87:af:87:21:0c:d8:d2:ae:
                    63:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:DD:78:C9:B5:B3:22:F4:22:1D:10:EA:B5:3B:0B:BF:A4:4B:E8:C4
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/nN14ybWzIvQiHRDqtTsLv6RL6MQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:43:d5:dc:99:f1:3b:7a:5f:fa:4a:e7:c9:35:31:3f:a8:84:
         af:c3:83:50:88:ee:1d:26:fa:1e:03:35:5b:da:a5:87:0e:e5:
         da:d2:55:ad:72:8d:50:1a:90:cc:2c:25:a1:03:6b:a5:4e:aa:
         84:24:08:cf:49:d4:39:76:d1:ae:56:61:da:c4:6e:f2:03:a2:
         01:92:04:51:28:fc:fa:19:98:9e:a9:91:df:54:8c:f7:b8:80:
         00:15:87:59:bd:de:e4:1b:34:f5:51:c5:7f:1b:c9:6b:84:68:
         05:b0:d1:0c:0d:34:c8:07:c4:4b:b9:a8:df:12:ef:ff:8b:f9:
         19:a8:58:d4:cb:d0:82:02:35:7a:54:39:dd:7c:35:34:e3:88:
         78:c5:ea:1d:ac:8d:c7:6b:25:e2:23:ea:6b:5f:20:f9:20:86:
         ae:11:85:d8:41:49:fc:9a:c3:46:33:3b:50:7b:98:b9:60:e2:
         5f:0d:04:ac:21:01:47:0a:a6:86:f1:5a:7a:75:27:97:d2:72:
         c1:6b:92:2f:1d:6e:b7:b5:1d:87:8f:86:84:f8:ed:6f:59:0e:
         30:d1:5e:86:57:16:5f:59:49:05:18:6a:99:65:56:8a:68:0c:
         54:72:d9:81:0c:f5:aa:72:c6:bd:6d:2c:9f:d9:ab:64:6f:f6:
         f8:4b:c8:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdaW8EKhoe17OqOkirMyWtXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUwNjEwMTUwMDUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2RkNzhjOWI1YjMyMmY0MjIxZDEwZWFiNTNiMGJiZmE0NGJlOGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpuL0RE53wdLr6zWU5GcxvaAAXmN
iovsXp9BDUfuigG9af7W/nIAX6KpbLfV8MmA6gCbPpE7sbKhbItfb9lPEixilAew
9s/wGAFKfaAU5fIQp1rrca1EV5bYAA0sz3jreGBaXje5sHLxa+YKyjyrbPGSjJbZ
pjHdR2K4bNhgKU6/F9a+hM8uphuAIobiqOY84UksqLYTqPDex8FMlwID/+Zx6f9e
GxpfVP3au+K/zq0lUYmp5lga5D4EA1wB7EJcQMkdvYoGu9OiS8e/qcaqwFErVfVy
4cOKnMuVtM528iaiNwp9BhACkL8goAiTNkykI02oGG9ph6+HIQzY0q5jeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzdeMm1syL0Ih0Q6rU7C7+kS+jEMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvbk4xNHliV3pJdlFpSFJEcXRUc0x2NlJMNk1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkDgyMA0G
CSqGSIb3DQEBCwUAA4IBAQACQ9XcmfE7el/6SufJNTE/qISvw4NQiO4dJvoeAzVb
2qWHDuXa0lWtco1QGpDMLCWhA2ulTqqEJAjPSdQ5dtGuVmHaxG7yA6IBkgRRKPz6
GZieqZHfVIz3uIAAFYdZvd7kGzT1UcV/G8lrhGgFsNEMDTTIB8RLuajfEu//i/kZ
qFjUy9CCAjV6VDndfDU044h4xeodrI3HayXiI+prXyD5IIauEYXYQUn8msNGMztQ
e5i5YOJfDQSsIQFHCqaG8Vp6dSeX0nLBa5IvHW63tR2Hj4aE+O1vWQ4w0V6GVxZf
WUkFGGqZZVaKaAxUctmBDPWqcsa9bSyf2atkb/b4S8gB
-----END CERTIFICATE-----