Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/doNLz_Gg1EkAtDNeyKv_LFw0Ko4.roa
File:                     doNLz_Gg1EkAtDNeyKv_LFw0Ko4.roa (raw, json)
Hash identifier:          c5Br4+KluzNH8KBaWzOXwE8I5n348N/E3/7Xw+/XMWg=
Subject key identifier:   76:83:4B:CF:F1:A0:D4:49:00:B4:33:5E:C8:AB:FF:2C:5C:34:2A:8E
Certificate issuer:       /CN=b55800300fa4017f970c95d767d812fd10d0dcbc
Certificate serial:       019425FD3A895C24F30230F03D9E1A94E1FE
Authority key identifier: B5:58:00:30:0F:A4:01:7F:97:0C:95:D7:67:D8:12:FD:10:D0:DC:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/doNLz_Gg1EkAtDNeyKv_LFw0Ko4.roa
Signing time:             Thu 02 Jan 2025 07:48:59 +0000
ROA not before:           Thu 02 Jan 2025 07:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209
IP address blocks:        95.130.110.0/24 maxlen: 24
                          195.93.196.0/24 maxlen: 24
                          195.93.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:3a:89:5c:24:f3:02:30:f0:3d:9e:1a:94:e1:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55800300fa4017f970c95d767d812fd10d0dcbc
        Validity
            Not Before: Jan  2 07:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76834bcff1a0d44900b4335ec8abff2c5c342a8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c6:13:b5:85:38:82:68:e0:ba:3e:0e:c6:cd:
                    89:8e:67:1e:b7:05:2b:f6:9c:99:3e:8a:ae:54:e9:
                    5c:5c:08:c7:58:df:f6:ef:18:b3:25:52:aa:06:cd:
                    ae:d8:75:e8:37:a4:1b:84:37:ed:e4:26:4c:ce:38:
                    10:47:d3:58:b2:96:ef:25:f1:4a:63:57:c9:b4:54:
                    5e:0b:24:89:2e:37:3e:e6:8a:d8:02:27:1d:32:88:
                    8f:3b:5c:92:16:40:47:b0:0b:a5:28:06:38:10:13:
                    c7:b6:90:f4:a9:3a:eb:ac:ef:af:94:ad:7c:c4:c8:
                    e6:df:f2:d4:2b:7d:e9:83:52:d0:7d:63:38:78:ef:
                    4b:38:2a:74:23:03:bf:8e:ae:3f:89:a2:8c:90:3b:
                    82:c4:d4:a5:a4:55:05:f0:25:74:54:37:48:87:b6:
                    bb:9e:3e:32:f7:f3:d5:ee:06:f6:8e:75:4a:de:2e:
                    66:2b:17:60:9e:6e:35:9a:55:fd:74:a6:b0:8a:6c:
                    94:91:1f:6c:50:e5:b8:74:1d:09:5d:ee:7d:96:63:
                    0e:39:f7:b5:b1:e5:f4:5c:b4:b6:0e:22:a5:df:cb:
                    b0:99:e7:d2:91:a5:98:a6:5d:b4:95:1c:f8:4e:aa:
                    12:33:04:3a:e7:e9:a5:5a:77:18:2a:3a:15:fc:8f:
                    db:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:83:4B:CF:F1:A0:D4:49:00:B4:33:5E:C8:AB:FF:2C:5C:34:2A:8E
            X509v3 Authority Key Identifier:
                keyid:B5:58:00:30:0F:A4:01:7F:97:0C:95:D7:67:D8:12:FD:10:D0:DC:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/doNLz_Gg1EkAtDNeyKv_LFw0Ko4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.110.0/24
                  195.93.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c8:09:bb:73:c2:7b:70:61:f2:6e:70:7d:c3:65:77:4f:42:4a:
         ea:76:2d:50:dd:88:61:23:44:ef:45:63:4c:81:df:a3:de:fa:
         c7:60:06:83:2d:d9:f9:a0:bd:7a:f0:33:71:2f:63:78:d7:27:
         7a:3c:91:27:a8:a9:0b:9a:1e:47:bc:e0:01:bc:2f:15:1b:99:
         82:b0:02:9e:ce:97:5a:5c:72:8f:e2:fc:f8:0f:76:97:96:11:
         5d:91:0f:45:49:bb:a3:de:70:74:4f:fc:5c:b4:0f:b5:d3:53:
         c6:70:5b:f5:df:4d:84:1f:f9:e6:76:3d:b6:4f:3d:19:da:8b:
         1c:91:ed:47:97:3a:9d:7f:60:75:9a:64:a1:3e:d1:89:db:83:
         05:44:d0:00:d0:70:46:20:e6:78:cd:ed:75:e0:39:c4:e0:78:
         c7:32:b8:f9:44:e9:93:0e:d4:07:ac:ea:f9:32:7b:e4:c0:a2:
         95:01:f8:bf:ad:6f:a4:1c:aa:02:6f:28:93:b0:b7:4a:4c:c0:
         39:ff:39:41:b5:48:e2:3d:35:7f:ec:a8:d1:44:c7:80:44:51:
         63:42:6d:5e:cd:37:61:14:69:1d:80:84:44:6e:b7:21:e4:8e:
         29:74:1d:26:7e:27:fe:89:d6:6e:35:b2:47:41:4f:4b:43:a0:
         21:81:70:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/TqJXCTzAjDwPZ4alOH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTgwMDMwMGZhNDAxN2Y5NzBjOTVkNzY3ZDgxMmZkMTBk
MGRjYmMwHhcNMjUwMTAyMDc0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjgzNGJjZmYxYTBkNDQ5MDBiNDMzNWVjOGFiZmYyYzVjMzQyYThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsYTtYU4gmjguj4Oxs2JjmcetwUr
9pyZPoquVOlcXAjHWN/27xizJVKqBs2u2HXoN6QbhDft5CZMzjgQR9NYspbvJfFK
Y1fJtFReCySJLjc+5orYAicdMoiPO1ySFkBHsAulKAY4EBPHtpD0qTrrrO+vlK18
xMjm3/LUK33pg1LQfWM4eO9LOCp0IwO/jq4/iaKMkDuCxNSlpFUF8CV0VDdIh7a7
nj4y9/PV7gb2jnVK3i5mKxdgnm41mlX9dKawimyUkR9sUOW4dB0JXe59lmMOOfe1
seX0XLS2DiKl38uwmefSkaWYpl20lRz4TqoSMwQ65+mlWncYKjoV/I/bzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHaDS8/xoNRJALQzXsir/yxcNCqOMB8GA1UdIwQY
MBaAFLVYADAPpAF/lwyV12fYEv0Q0Ny8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZnQU1BLWtBWC1YREpYWFo5Z1NfUkRRM0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC84YTg0ODctOTMxYS00MmZiLWI2NjQt
YzUyZGY0YWE1MjFkLzEvZG9OTHpfR2cxRWtBdEROZXlLdl9MRncwS280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC84YTg0ODctOTMxYS00MmZiLWI2NjQtYzUyZGY0YWE1MjFk
LzEvdFZnQU1BLWtBWC1YREpYWFo5Z1NfUkRRM0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX4JuAwQB
w13EMA0GCSqGSIb3DQEBCwUAA4IBAQDICbtzwntwYfJucH3DZXdPQkrqdi1Q3Yhh
I0TvRWNMgd+j3vrHYAaDLdn5oL168DNxL2N41yd6PJEnqKkLmh5HvOABvC8VG5mC
sAKezpdaXHKP4vz4D3aXlhFdkQ9FSbuj3nB0T/xctA+101PGcFv1302EH/nmdj22
Tz0Z2oscke1Hlzqdf2B1mmShPtGJ24MFRNAA0HBGIOZ4ze114DnE4HjHMrj5ROmT
DtQHrOr5MnvkwKKVAfi/rW+kHKoCbyiTsLdKTMA5/zlBtUjiPTV/7KjRRMeARFFj
Qm1ezTdhFGkdgIREbrch5I4pdB0mfif+idZuNbJHQU9LQ6AhgXBb
-----END CERTIFICATE-----