Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/fb2aa1-004b-49c4-aa41-c9de22b916ca/1/Doygi0v5odmYc4FmMvyqyUfgO9U.roa
File:                     Doygi0v5odmYc4FmMvyqyUfgO9U.roa (raw, json)
Hash identifier:          dqsdYvQOuEjkO2MVnlkYSjdKfYD2idJQ3foV/lO77PI=
Subject key identifier:   0E:8C:A0:8B:4B:F9:A1:D9:98:73:81:66:32:FC:AA:C9:47:E0:3B:D5
Certificate issuer:       /CN=eaa5abe9f7304383198ba1ffa592790ecf2c3ceb
Certificate serial:       0191EA66914B67EF7E44240295AFE1554AC5
Authority key identifier: EA:A5:AB:E9:F7:30:43:83:19:8B:A1:FF:A5:92:79:0E:CF:2C:3C:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qWr6fcwQ4MZi6H_pZJ5Ds8sPOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/fb2aa1-004b-49c4-aa41-c9de22b916ca/1/Doygi0v5odmYc4FmMvyqyUfgO9U.roa
Signing time:             Fri 13 Sep 2024 08:01:16 +0000
ROA not before:           Fri 13 Sep 2024 08:01:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60475
IP address blocks:        45.90.240.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/fb2aa1-004b-49c4-aa41-c9de22b916ca/1/6qWr6fcwQ4MZi6H_pZJ5Ds8sPOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/fb2aa1-004b-49c4-aa41-c9de22b916ca/1/6qWr6fcwQ4MZi6H_pZJ5Ds8sPOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qWr6fcwQ4MZi6H_pZJ5Ds8sPOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ea:66:91:4b:67:ef:7e:44:24:02:95:af:e1:55:4a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaa5abe9f7304383198ba1ffa592790ecf2c3ceb
        Validity
            Not Before: Sep 13 08:01:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e8ca08b4bf9a1d99873816632fcaac947e03bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:af:99:9b:7c:f9:65:27:77:bb:58:25:4b:5a:
                    31:c0:a7:53:ee:6f:ed:e4:b0:4c:69:61:65:7d:d7:
                    ef:6a:b6:0f:ab:90:e2:74:be:d0:cb:00:7f:04:fb:
                    67:3b:34:eb:b0:b3:1a:95:12:e9:1f:ca:3b:9e:89:
                    00:d5:9b:66:5c:64:89:68:34:12:30:3a:76:f4:ac:
                    2c:1a:3b:d4:4c:c2:10:38:55:0a:a9:6e:71:a9:44:
                    d3:a6:b4:25:45:3d:68:a1:ff:c9:96:a8:6f:b9:f5:
                    cb:8e:55:53:d8:8c:ef:b8:cc:e1:ff:dc:d0:43:99:
                    bb:a4:c3:48:8c:21:ff:9f:08:3a:a5:aa:1b:3b:e8:
                    9a:61:af:a6:4b:d5:f2:40:a9:bc:4a:7b:d3:04:0b:
                    f2:f0:97:f8:31:88:77:45:76:56:c8:99:b1:33:22:
                    8e:71:25:ea:3a:ca:fa:ce:57:6a:c5:4d:3f:b2:a9:
                    f7:0c:7d:7e:f1:02:ac:45:f1:75:56:a0:21:35:6b:
                    33:51:00:5f:9f:0b:c0:57:ab:6b:c1:8d:fb:72:c8:
                    9d:1d:fa:57:03:c2:69:2f:81:a4:e8:b0:86:65:43:
                    66:d9:24:fb:b2:5b:78:99:6a:75:06:1c:b2:19:14:
                    75:82:bb:77:7d:17:a6:cf:06:ec:6d:cd:96:3b:d0:
                    a5:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:8C:A0:8B:4B:F9:A1:D9:98:73:81:66:32:FC:AA:C9:47:E0:3B:D5
            X509v3 Authority Key Identifier:
                keyid:EA:A5:AB:E9:F7:30:43:83:19:8B:A1:FF:A5:92:79:0E:CF:2C:3C:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qWr6fcwQ4MZi6H_pZJ5Ds8sPOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/fb2aa1-004b-49c4-aa41-c9de22b916ca/1/Doygi0v5odmYc4FmMvyqyUfgO9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/fb2aa1-004b-49c4-aa41-c9de22b916ca/1/6qWr6fcwQ4MZi6H_pZJ5Ds8sPOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:77:cf:29:e0:ed:30:45:b9:74:10:e9:2e:42:40:72:a4:da:
         7b:20:71:ee:ee:65:59:b5:b8:8f:6d:86:69:94:d4:c3:3d:4d:
         0a:b6:f0:36:fb:fe:69:29:47:d0:ad:8d:f0:f9:8e:b2:04:44:
         fc:7f:0a:70:6b:d5:80:90:82:ac:b4:bb:34:70:7a:e1:10:37:
         6a:63:13:3d:32:20:d7:34:07:96:3d:e5:1b:c6:d4:ad:59:f7:
         43:dc:5d:e0:07:19:3c:28:a1:8c:93:ae:47:93:74:2f:1e:ca:
         52:eb:ee:51:57:1b:a6:11:61:bf:b4:6c:38:bb:77:a8:45:11:
         43:00:4b:4e:58:ff:83:0c:39:f3:dc:0d:16:83:7e:6c:d0:b5:
         87:cd:0b:4d:8f:e2:8e:6e:b6:a4:42:c0:40:25:b3:03:77:9a:
         27:ee:4a:ef:56:b7:af:3b:b6:23:cf:00:22:50:90:a6:96:ae:
         ed:87:15:27:a6:df:49:d7:44:51:12:a4:c5:0e:e7:fa:25:4b:
         87:a8:d7:fb:2a:06:df:6f:cf:fd:77:b2:a1:8c:12:6c:c8:13:
         8f:f3:42:29:0f:4e:45:be:88:1d:85:f7:cf:b2:0f:bc:5b:8b:
         0e:29:db:93:4a:71:ca:d2:20:78:f1:b3:7f:3b:53:95:f6:41:
         9f:4a:49:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHqZpFLZ+9+RCQCla/hVUrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYTVhYmU5ZjczMDQzODMxOThiYTFmZmE1OTI3OTBlY2Yy
YzNjZWIwHhcNMjQwOTEzMDgwMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZThjYTA4YjRiZjlhMWQ5OTg3MzgxNjYzMmZjYWFjOTQ3ZTAzYmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAna+Zm3z5ZSd3u1glS1oxwKdT7m/t
5LBMaWFlfdfvarYPq5DidL7QywB/BPtnOzTrsLMalRLpH8o7nokA1ZtmXGSJaDQS
MDp29KwsGjvUTMIQOFUKqW5xqUTTprQlRT1oof/JlqhvufXLjlVT2IzvuMzh/9zQ
Q5m7pMNIjCH/nwg6paobO+iaYa+mS9XyQKm8SnvTBAvy8Jf4MYh3RXZWyJmxMyKO
cSXqOsr6zldqxU0/sqn3DH1+8QKsRfF1VqAhNWszUQBfnwvAV6trwY37csidHfpX
A8JpL4Gk6LCGZUNm2ST7slt4mWp1BhyyGRR1grt3fRemzwbsbc2WO9CltQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6MoItL+aHZmHOBZjL8qslH4DvVMB8GA1UdIwQY
MBaAFOqlq+n3MEODGYuh/6WSeQ7PLDzrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFXcjZmY3dRNE1aaTZIX3BaSjVEczhzUE9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9mYjJhYTEtMDA0Yi00OWM0LWFhNDEt
YzlkZTIyYjkxNmNhLzEvRG95Z2kwdjVvZG1ZYzRGbU12eXF5VWZnTzlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9mYjJhYTEtMDA0Yi00OWM0LWFhNDEtYzlkZTIyYjkxNmNh
LzEvNnFXcjZmY3dRNE1aaTZIX3BaSjVEczhzUE9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVrwMA0G
CSqGSIb3DQEBCwUAA4IBAQCAd88p4O0wRbl0EOkuQkBypNp7IHHu7mVZtbiPbYZp
lNTDPU0KtvA2+/5pKUfQrY3w+Y6yBET8fwpwa9WAkIKstLs0cHrhEDdqYxM9MiDX
NAeWPeUbxtStWfdD3F3gBxk8KKGMk65Hk3QvHspS6+5RVxumEWG/tGw4u3eoRRFD
AEtOWP+DDDnz3A0Wg35s0LWHzQtNj+KObrakQsBAJbMDd5on7krvVrevO7YjzwAi
UJCmlq7thxUnpt9J10RREqTFDuf6JUuHqNf7Kgbfb8/9d7KhjBJsyBOP80IpD05F
vogdhffPsg+8W4sOKduTSnHK0iB48bN/O1OV9kGfSklZ
-----END CERTIFICATE-----