Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/doYvufKMi4jm03VH6RLq3eZewAA.roa
File:                     doYvufKMi4jm03VH6RLq3eZewAA.roa (raw, json)
Hash identifier:          EhJBbYf1isS2uAf8HQUnHDQB/+isJncCcXILIMluQQ4=
Subject key identifier:   76:86:2F:B9:F2:8C:8B:88:E6:D3:75:47:E9:12:EA:DD:E6:5E:C0:00
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       0194B9AC0AC1F2B1614DA7F579FD9CE157B4
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/doYvufKMi4jm03VH6RLq3eZewAA.roa
Signing time:             Fri 31 Jan 2025 00:04:07 +0000
ROA not before:           Fri 31 Jan 2025 00:04:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        94.241.164.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b9:ac:0a:c1:f2:b1:61:4d:a7:f5:79:fd:9c:e1:57:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Jan 31 00:04:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76862fb9f28c8b88e6d37547e912eadde65ec000
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a8:f7:c2:85:6d:4d:e9:e3:c8:ff:82:2e:c9:
                    fd:e1:99:3f:53:d3:39:59:d7:54:32:ea:af:1e:67:
                    47:82:1d:ce:fd:02:f8:0b:63:15:41:5b:24:fc:c9:
                    9d:a6:93:d9:fc:c3:58:ef:5a:7e:12:9f:de:5e:ba:
                    3f:99:82:98:c6:11:3d:27:63:b1:79:d0:cc:1c:91:
                    b3:48:d2:07:7f:71:5f:c8:50:2d:8e:69:ec:75:fc:
                    4a:0a:97:ca:9c:e8:44:c0:44:8a:30:6e:f7:a9:25:
                    c1:96:b4:b2:3e:a1:fa:75:81:f0:81:14:01:16:f9:
                    80:30:40:60:2d:a9:30:29:e4:e6:a7:ec:92:01:97:
                    84:c3:99:9d:fa:88:f7:6a:df:51:a6:36:a8:a9:72:
                    98:45:d9:26:5d:eb:e1:f5:7c:42:a5:ac:bc:7c:26:
                    f3:82:f2:d8:2e:46:03:1a:5f:95:da:f0:d6:f0:24:
                    11:55:8d:40:bc:eb:ad:4c:3f:2f:0f:87:26:e6:7f:
                    10:b8:7c:ad:5b:26:76:5e:11:2e:41:26:ff:8f:f1:
                    8f:69:92:84:61:5a:e0:3a:25:c8:e3:36:62:f7:d1:
                    e4:c8:14:6f:b8:c8:af:7c:21:6c:8e:dc:a5:da:7d:
                    0a:24:56:5a:ba:75:6a:be:23:4d:98:86:7e:9d:e5:
                    ed:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:86:2F:B9:F2:8C:8B:88:E6:D3:75:47:E9:12:EA:DD:E6:5E:C0:00
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/doYvufKMi4jm03VH6RLq3eZewAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.241.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:b6:58:0f:86:5b:62:92:70:4b:eb:30:4a:f3:a3:30:d2:da:
         9c:91:5a:41:82:8f:d5:b7:58:f1:73:47:8d:8a:dd:c4:d4:ea:
         54:cf:8f:c9:46:f9:72:e6:dd:8b:2b:c4:1d:c9:c2:9e:7f:c2:
         5f:6f:1e:99:b6:c0:f7:fb:91:04:2f:bf:2b:72:14:f1:19:9e:
         32:45:ed:d9:41:92:74:ab:b8:5c:a9:d7:cf:49:26:14:ff:f7:
         b2:7e:ff:e2:4d:2b:dc:35:c2:cd:19:e0:0f:f4:dd:4b:20:ab:
         4e:12:6c:15:9e:04:76:ff:94:00:37:78:4a:f2:86:5c:8d:93:
         61:19:e5:8c:d8:43:93:c7:60:31:87:54:73:89:12:b5:78:ca:
         82:e7:c7:d4:3f:09:72:1e:f3:d5:2d:ed:9b:8b:29:be:14:14:
         67:4c:fc:df:4e:b4:b4:3f:46:c3:21:09:48:7c:db:6f:66:bf:
         bf:30:6a:76:01:0d:6b:41:af:91:5e:dc:c0:e9:40:fc:71:d6:
         56:82:b0:37:56:2c:25:17:15:d6:12:94:5c:63:1f:3a:24:d3:
         73:d1:44:68:5c:4d:58:e8:7b:da:79:5b:1e:b6:d6:56:cf:36:
         f0:f4:b9:7c:c7:e5:13:fb:b8:55:3d:de:db:a1:37:13:3b:af:
         49:4d:dc:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS5rArB8rFhTaf1ef2c4Ve0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUwMTMxMDAwNDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njg2MmZiOWYyOGM4Yjg4ZTZkMzc1NDdlOTEyZWFkZGU2NWVjMDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1aj3woVtTenjyP+CLsn94Zk/U9M5
WddUMuqvHmdHgh3O/QL4C2MVQVsk/MmdppPZ/MNY71p+Ep/eXro/mYKYxhE9J2Ox
edDMHJGzSNIHf3FfyFAtjmnsdfxKCpfKnOhEwESKMG73qSXBlrSyPqH6dYHwgRQB
FvmAMEBgLakwKeTmp+ySAZeEw5md+oj3at9RpjaoqXKYRdkmXevh9XxCpay8fCbz
gvLYLkYDGl+V2vDW8CQRVY1AvOutTD8vD4cm5n8QuHytWyZ2XhEuQSb/j/GPaZKE
YVrgOiXI4zZi99HkyBRvuMivfCFsjtyl2n0KJFZaunVqviNNmIZ+neXtnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHaGL7nyjIuI5tN1R+kS6t3mXsAAMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvZG9ZdnVmS01pNGptMDNWSDZSTHEzZVpld0FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXvGkMA0G
CSqGSIb3DQEBCwUAA4IBAQBstlgPhltiknBL6zBK86Mw0tqckVpBgo/Vt1jxc0eN
it3E1OpUz4/JRvly5t2LK8QdycKef8Jfbx6ZtsD3+5EEL78rchTxGZ4yRe3ZQZJ0
q7hcqdfPSSYU//eyfv/iTSvcNcLNGeAP9N1LIKtOEmwVngR2/5QAN3hK8oZcjZNh
GeWM2EOTx2Axh1RziRK1eMqC58fUPwlyHvPVLe2biym+FBRnTPzfTrS0P0bDIQlI
fNtvZr+/MGp2AQ1rQa+RXtzA6UD8cdZWgrA3ViwlFxXWEpRcYx86JNNz0URoXE1Y
6HvaeVsettZWzzbw9Ll8x+UT+7hVPd7boTcTO69JTdyZ
-----END CERTIFICATE-----