Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/a2a6ad-b15f-4734-b59e-664a9926f333/1/DOYEy7m23OMhQT0GnljJrUQy47E.roa
File:                     DOYEy7m23OMhQT0GnljJrUQy47E.roa (raw, json)
Hash identifier:          go8qewztOxPM/eJUbvfZwLwT/UFcT9bOMhrpq63fVQk=
Subject key identifier:   0C:E6:04:CB:B9:B6:DC:E3:21:41:3D:06:9E:58:C9:AD:44:32:E3:B1
Certificate issuer:       /CN=c5450afa73f0b87a420028c2b2a48cce0fe92b0a
Certificate serial:       0194206852D774E91993AAB3B50793678C37
Authority key identifier: C5:45:0A:FA:73:F0:B8:7A:42:00:28:C2:B2:A4:8C:CE:0F:E9:2B:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xUUK-nPwuHpCACjCsqSMzg_pKwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/a2a6ad-b15f-4734-b59e-664a9926f333/1/DOYEy7m23OMhQT0GnljJrUQy47E.roa
Signing time:             Wed 01 Jan 2025 05:48:15 +0000
ROA not before:           Wed 01 Jan 2025 05:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201263
IP address blocks:        147.229.255.0/24 maxlen: 24
                          2001:67c:1223::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/a2a6ad-b15f-4734-b59e-664a9926f333/1/xUUK-nPwuHpCACjCsqSMzg_pKwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/a2a6ad-b15f-4734-b59e-664a9926f333/1/xUUK-nPwuHpCACjCsqSMzg_pKwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xUUK-nPwuHpCACjCsqSMzg_pKwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:52:d7:74:e9:19:93:aa:b3:b5:07:93:67:8c:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5450afa73f0b87a420028c2b2a48cce0fe92b0a
        Validity
            Not Before: Jan  1 05:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ce604cbb9b6dce321413d069e58c9ad4432e3b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:19:8a:4e:4d:03:82:27:f4:b3:33:aa:d9:f3:
                    8d:59:97:c2:0f:0a:24:ab:77:b4:9c:49:55:78:26:
                    65:c9:74:19:68:10:20:cc:11:1d:5f:a4:03:44:02:
                    68:5a:af:ea:7d:83:70:26:45:c1:7e:48:08:92:02:
                    42:af:2f:3e:d3:f9:74:8e:8c:2b:ee:a0:86:81:55:
                    a2:5f:94:0d:bd:66:4f:87:81:21:ca:50:d7:a2:a7:
                    f7:b3:38:59:f5:e2:7c:ea:46:c6:97:53:f7:36:f0:
                    cd:27:4d:60:cc:83:64:21:73:a4:b9:2b:24:56:a4:
                    9d:a2:15:ac:ef:df:4d:e5:da:13:98:56:f3:64:09:
                    63:4d:41:3e:9a:db:a3:15:30:61:72:c3:87:0f:b1:
                    22:b3:a4:85:9e:c8:ac:34:60:3f:cf:0c:0d:63:09:
                    0e:1b:13:12:a7:e3:28:1e:4e:4f:e8:e0:2f:5a:96:
                    0c:b8:9f:e3:06:70:5a:84:31:7e:9b:9a:c2:fc:4a:
                    a3:45:ab:f1:fd:d5:22:a3:85:7d:94:e9:8b:1e:fa:
                    71:82:d0:a8:93:56:cf:db:64:bd:76:69:4b:19:f2:
                    d4:a3:cf:cf:38:b3:1e:1b:4f:b4:01:1b:8c:8e:aa:
                    df:8c:73:5c:ab:ea:91:6e:53:92:8c:34:19:93:5f:
                    9d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:E6:04:CB:B9:B6:DC:E3:21:41:3D:06:9E:58:C9:AD:44:32:E3:B1
            X509v3 Authority Key Identifier:
                keyid:C5:45:0A:FA:73:F0:B8:7A:42:00:28:C2:B2:A4:8C:CE:0F:E9:2B:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xUUK-nPwuHpCACjCsqSMzg_pKwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a2a6ad-b15f-4734-b59e-664a9926f333/1/DOYEy7m23OMhQT0GnljJrUQy47E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a2a6ad-b15f-4734-b59e-664a9926f333/1/xUUK-nPwuHpCACjCsqSMzg_pKwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.229.255.0/24
                IPv6:
                  2001:67c:1223::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:a0:c4:1e:e4:31:15:5f:1c:9b:52:4e:93:f5:7a:6b:08:64:
         f5:d5:ee:c0:eb:76:63:7c:2e:38:d5:f2:f1:9f:8e:01:cc:34:
         c4:98:5c:0e:f4:24:5f:f1:c9:d9:6c:1d:c8:26:b9:b3:9d:40:
         0c:53:a7:f9:a8:af:fa:b6:11:b1:2e:c0:bd:c1:4d:4c:ea:b6:
         fc:8f:5c:48:d2:ca:ed:26:24:f6:5a:ba:16:66:44:5b:09:92:
         db:f1:9d:76:fc:9c:29:4b:75:b1:5a:6a:a4:97:36:36:3e:7b:
         cd:e8:53:d0:f1:3d:21:8e:73:f7:48:11:7c:f6:5f:4d:65:32:
         65:d9:5e:bc:4c:e5:56:d2:11:9a:20:c2:90:b9:e9:c7:55:59:
         0c:06:49:d4:44:0b:22:b0:35:b0:9f:1c:48:86:6a:f3:ea:12:
         af:d8:b8:da:57:bf:41:49:51:90:41:8a:3c:d6:a5:e3:e3:3a:
         f4:34:0d:ee:31:0d:f1:fa:d5:fe:a7:0a:cb:f7:da:a3:d8:f2:
         b1:df:ed:9c:65:a7:6a:ae:bd:f4:cb:73:e0:a9:f8:bc:e2:c1:
         f4:27:50:a9:c0:60:5c:b7:fa:63:18:0e:97:7c:3f:a9:ab:7d:
         b1:ab:b8:bf:fe:d4:d9:7a:55:6d:3d:96:5a:67:bf:9f:d4:ec:
         fc:17:e8:93
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQgaFLXdOkZk6qztQeTZ4w3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NDUwYWZhNzNmMGI4N2E0MjAwMjhjMmIyYTQ4Y2NlMGZl
OTJiMGEwHhcNMjUwMTAxMDU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2U2MDRjYmI5YjZkY2UzMjE0MTNkMDY5ZTU4YzlhZDQ0MzJlM2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBmKTk0Dgif0szOq2fONWZfCDwok
q3e0nElVeCZlyXQZaBAgzBEdX6QDRAJoWq/qfYNwJkXBfkgIkgJCry8+0/l0jowr
7qCGgVWiX5QNvWZPh4EhylDXoqf3szhZ9eJ86kbGl1P3NvDNJ01gzINkIXOkuSsk
VqSdohWs799N5doTmFbzZAljTUE+mtujFTBhcsOHD7Eis6SFnsisNGA/zwwNYwkO
GxMSp+MoHk5P6OAvWpYMuJ/jBnBahDF+m5rC/EqjRavx/dUio4V9lOmLHvpxgtCo
k1bP22S9dmlLGfLUo8/POLMeG0+0ARuMjqrfjHNcq+qRblOSjDQZk1+dAwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAzmBMu5ttzjIUE9Bp5Yya1EMuOxMB8GA1UdIwQY
MBaAFMVFCvpz8Lh6QgAowrKkjM4P6SsKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFVVSy1uUHd1SHBDQUNqQ3NxU016Z19wS3dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hMmE2YWQtYjE1Zi00NzM0LWI1OWUt
NjY0YTk5MjZmMzMzLzEvRE9ZRXk3bTIzT01oUVQwR25sakpyVVF5NDdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hMmE2YWQtYjE1Zi00NzM0LWI1OWUtNjY0YTk5MjZmMzMz
LzEveFVVSy1uUHd1SHBDQUNqQ3NxU016Z19wS3dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAk+X/MA8E
AgACMAkDBwAgAQZ8EiMwDQYJKoZIhvcNAQELBQADggEBAHqgxB7kMRVfHJtSTpP1
emsIZPXV7sDrdmN8LjjV8vGfjgHMNMSYXA70JF/xydlsHcgmubOdQAxTp/mor/q2
EbEuwL3BTUzqtvyPXEjSyu0mJPZauhZmRFsJktvxnXb8nClLdbFaaqSXNjY+e83o
U9DxPSGOc/dIEXz2X01lMmXZXrxM5VbSEZogwpC56cdVWQwGSdRECyKwNbCfHEiG
avPqEq/YuNpXv0FJUZBBijzWpePjOvQ0De4xDfH61f6nCsv32qPY8rHf7Zxlp2qu
vfTLc+Cp+LziwfQnUKnAYFy3+mMYDpd8P6mrfbGruL/+1Nl6VW09llpnv5/U7PwX
6JM=
-----END CERTIFICATE-----