Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/067e3d-2858-482e-99dc-c07e715c81c9/1/FzOWVnk6UyMtU7jUCjfT7xK7jUs.roa
File:                     FzOWVnk6UyMtU7jUCjfT7xK7jUs.roa (raw, json)
Hash identifier:          AAnWtLc0XNLDmh8MKuv5G+x9dydvMeajmyOK9NO07jQ=
Subject key identifier:   17:33:96:56:79:3A:53:23:2D:53:B8:D4:0A:37:D3:EF:12:BB:8D:4B
Certificate issuer:       /CN=55fe50ccfcef0e87cc19f82cc092bb9b79a3e3af
Certificate serial:       019421B1FEF53B4E9DEBB140F8EE2F5456B2
Authority key identifier: 55:FE:50:CC:FC:EF:0E:87:CC:19:F8:2C:C0:92:BB:9B:79:A3:E3:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vf5QzPzvDofMGfgswJK7m3mj468.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/067e3d-2858-482e-99dc-c07e715c81c9/1/FzOWVnk6UyMtU7jUCjfT7xK7jUs.roa
Signing time:             Wed 01 Jan 2025 11:48:20 +0000
ROA not before:           Wed 01 Jan 2025 11:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51098
IP address blocks:        194.116.136.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/067e3d-2858-482e-99dc-c07e715c81c9/1/Vf5QzPzvDofMGfgswJK7m3mj468.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/067e3d-2858-482e-99dc-c07e715c81c9/1/Vf5QzPzvDofMGfgswJK7m3mj468.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vf5QzPzvDofMGfgswJK7m3mj468.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:fe:f5:3b:4e:9d:eb:b1:40:f8:ee:2f:54:56:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fe50ccfcef0e87cc19f82cc092bb9b79a3e3af
        Validity
            Not Before: Jan  1 11:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17339656793a53232d53b8d40a37d3ef12bb8d4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ec:f0:12:07:7e:44:5b:b7:34:4e:22:6e:47:
                    03:22:5d:6a:27:23:02:d8:5b:84:af:53:79:8f:39:
                    0f:27:07:0a:b2:54:7d:93:c6:03:6d:98:e4:4e:c9:
                    77:97:d9:e0:82:76:98:d5:c1:38:a1:eb:88:13:80:
                    c6:c1:c2:53:2e:29:f7:15:50:a7:c0:62:d5:ef:ab:
                    c4:21:fd:6c:ea:46:b5:94:17:63:b6:33:d1:dd:fe:
                    a3:eb:c8:2a:24:c3:04:07:98:c8:8a:1d:cb:96:41:
                    12:90:f6:c0:bf:96:5a:b6:88:8b:31:5b:f0:f2:a3:
                    42:3c:0b:b9:5e:df:92:bd:de:64:db:d9:86:99:ae:
                    e6:f3:37:da:45:a6:aa:86:55:14:25:fa:66:96:e0:
                    a4:42:05:c7:ca:1e:44:dc:a4:3c:ec:b9:96:b8:6f:
                    86:7d:d0:c9:3b:69:43:ed:04:dc:55:a0:5f:ab:08:
                    82:55:c6:92:f8:7a:4f:51:b1:ac:1e:5e:2e:66:5f:
                    7b:33:ec:49:4a:c1:2e:53:f3:95:95:b9:69:c0:36:
                    1c:86:cb:da:57:f8:ec:84:d1:80:23:d3:68:82:ad:
                    d0:2e:4f:f1:6e:22:e9:e4:06:bf:eb:23:11:73:fc:
                    53:9b:ea:b8:42:d8:d3:3d:c5:11:4d:eb:1c:5a:69:
                    80:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:33:96:56:79:3A:53:23:2D:53:B8:D4:0A:37:D3:EF:12:BB:8D:4B
            X509v3 Authority Key Identifier:
                keyid:55:FE:50:CC:FC:EF:0E:87:CC:19:F8:2C:C0:92:BB:9B:79:A3:E3:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vf5QzPzvDofMGfgswJK7m3mj468.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/067e3d-2858-482e-99dc-c07e715c81c9/1/FzOWVnk6UyMtU7jUCjfT7xK7jUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/067e3d-2858-482e-99dc-c07e715c81c9/1/Vf5QzPzvDofMGfgswJK7m3mj468.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:e1:41:1d:46:99:dd:a0:e6:3d:d2:f5:a4:32:52:e7:f0:31:
         f1:b8:5c:77:1f:3a:cd:e0:e0:4a:69:af:14:0b:24:a7:b9:ad:
         0f:18:5e:4e:e8:39:6c:4d:7e:3e:55:13:f9:50:0a:36:1f:37:
         87:15:d5:39:2f:34:f3:29:5b:d3:90:37:5b:8c:30:92:9c:ee:
         bc:a7:89:77:f5:4a:b8:33:7c:e3:9d:8f:87:8e:7a:81:94:dd:
         30:13:04:15:42:84:5e:04:e9:79:43:42:24:f2:87:5b:8b:4f:
         91:f0:32:f9:32:bd:01:5e:b7:97:74:73:0f:ca:e5:6e:62:25:
         4d:40:4b:32:1e:6e:f1:6a:9f:45:1b:55:de:64:49:90:11:fc:
         7d:a6:e4:17:fc:b6:2d:74:af:aa:4b:67:77:75:78:a3:3f:56:
         4e:4c:fc:c2:c8:39:96:b0:0c:fd:1f:77:f0:d9:03:8c:20:5a:
         40:9b:ea:35:39:5d:40:66:0e:2d:7f:08:de:ac:a9:78:2c:5e:
         43:da:d3:94:c6:eb:31:f7:a8:29:14:e5:24:d5:97:9a:7f:19:
         a0:0c:c0:b1:c3:4c:dd:48:29:f9:8b:c7:64:bf:dd:c8:45:6f:
         5f:8f:83:c5:83:86:34:f0:4d:12:ff:14:b6:24:5a:a3:84:3d:
         37:ad:28:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsf71O06d67FA+O4vVFayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmU1MGNjZmNlZjBlODdjYzE5ZjgyY2MwOTJiYjliNzlh
M2UzYWYwHhcNMjUwMTAxMTE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzMzOTY1Njc5M2E1MzIzMmQ1M2I4ZDQwYTM3ZDNlZjEyYmI4ZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOzwEgd+RFu3NE4ibkcDIl1qJyMC
2FuEr1N5jzkPJwcKslR9k8YDbZjkTsl3l9nggnaY1cE4oeuIE4DGwcJTLin3FVCn
wGLV76vEIf1s6ka1lBdjtjPR3f6j68gqJMMEB5jIih3LlkESkPbAv5ZatoiLMVvw
8qNCPAu5Xt+Svd5k29mGma7m8zfaRaaqhlUUJfpmluCkQgXHyh5E3KQ87LmWuG+G
fdDJO2lD7QTcVaBfqwiCVcaS+HpPUbGsHl4uZl97M+xJSsEuU/OVlblpwDYchsva
V/jshNGAI9Nogq3QLk/xbiLp5Aa/6yMRc/xTm+q4QtjTPcURTescWmmAUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBczllZ5OlMjLVO41Ao30+8Su41LMB8GA1UdIwQY
MBaAFFX+UMz87w6HzBn4LMCSu5t5o+OvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmY1UXpQenZEb2ZNR2Znc3dKSzdtM21qNDY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8wNjdlM2QtMjg1OC00ODJlLTk5ZGMt
YzA3ZTcxNWM4MWM5LzEvRnpPV1ZuazZVeU10VTdqVUNqZlQ3eEs3alVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8wNjdlM2QtMjg1OC00ODJlLTk5ZGMtYzA3ZTcxNWM4MWM5
LzEvVmY1UXpQenZEb2ZNR2Znc3dKSzdtM21qNDY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnSIMA0G
CSqGSIb3DQEBCwUAA4IBAQAn4UEdRpndoOY90vWkMlLn8DHxuFx3HzrN4OBKaa8U
CySnua0PGF5O6DlsTX4+VRP5UAo2HzeHFdU5LzTzKVvTkDdbjDCSnO68p4l39Uq4
M3zjnY+HjnqBlN0wEwQVQoReBOl5Q0Ik8odbi0+R8DL5Mr0BXreXdHMPyuVuYiVN
QEsyHm7xap9FG1XeZEmQEfx9puQX/LYtdK+qS2d3dXijP1ZOTPzCyDmWsAz9H3fw
2QOMIFpAm+o1OV1AZg4tfwjerKl4LF5D2tOUxusx96gpFOUk1ZeafxmgDMCxw0zd
SCn5i8dkv93IRW9fj4PFg4Y08E0S/xS2JFqjhD03rSg2
-----END CERTIFICATE-----