Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/pHZpiMb5Vq0up-6CeO0nMIW4Mwo.roa
File:                     pHZpiMb5Vq0up-6CeO0nMIW4Mwo.roa (raw, json)
Hash identifier:          ErsQAE7yFJ1utzq5R5esTRBd9mERh0Hyf1eb2KuKw/U=
Subject key identifier:   A4:76:69:88:C6:F9:56:AD:2E:A7:EE:82:78:ED:27:30:85:B8:33:0A
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       0194B9AC08A288A877F1E1A34B5172DF1E6A
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/pHZpiMb5Vq0up-6CeO0nMIW4Mwo.roa
Signing time:             Fri 31 Jan 2025 00:04:06 +0000
ROA not before:           Fri 31 Jan 2025 00:04:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        83.147.248.0/22 maxlen: 22
                          91.186.200.0/23 maxlen: 24
                          91.186.202.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b9:ac:08:a2:88:a8:77:f1:e1:a3:4b:51:72:df:1e:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Jan 31 00:04:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4766988c6f956ad2ea7ee8278ed273085b8330a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ce:de:4f:eb:a8:ec:85:a3:6e:f7:8c:ba:58:
                    06:eb:cd:86:8a:e1:f3:76:93:56:cc:17:0c:b0:44:
                    73:a4:5e:5b:0f:e1:39:ce:25:6a:be:c5:35:58:ac:
                    1b:85:fb:67:10:b7:d3:28:6a:0f:b8:2d:32:51:38:
                    54:cf:e3:66:b6:4f:62:c1:c6:ef:b7:2b:4a:45:56:
                    0f:05:d3:b0:2e:de:64:4b:89:a2:47:8e:55:67:a5:
                    53:98:b1:d5:e2:3b:7d:35:c7:35:c2:04:e6:6b:9b:
                    5c:fd:5d:22:50:d3:19:6b:1f:71:9f:98:20:40:98:
                    2b:09:f8:71:5e:34:94:ef:27:67:1f:74:ec:0f:db:
                    5b:38:9e:46:16:77:3e:e9:ab:68:f0:e5:a8:63:b5:
                    c0:7c:1b:23:f2:bb:1d:b9:ec:f5:91:fe:a9:b9:74:
                    17:78:4a:ea:5a:db:7a:27:0b:64:1b:d3:b0:cc:8e:
                    57:1f:21:6e:6e:e0:9c:9c:9f:01:18:c1:d0:f3:f4:
                    6c:fa:6d:2e:77:59:1c:66:6c:b5:6b:06:95:35:4b:
                    26:77:34:9a:a1:d7:01:1c:07:9e:f2:51:9d:e6:ef:
                    b9:5f:0f:85:ef:07:17:af:04:b3:a8:27:ea:0d:1f:
                    35:6e:9d:f4:1f:64:18:55:59:a4:f8:70:e4:f6:00:
                    ee:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:76:69:88:C6:F9:56:AD:2E:A7:EE:82:78:ED:27:30:85:B8:33:0A
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/pHZpiMb5Vq0up-6CeO0nMIW4Mwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.248.0/22
                  91.186.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:3c:a8:c2:bc:b8:98:44:50:b4:fc:6c:57:3e:af:e2:aa:72:
         99:5e:51:8c:b6:37:f1:9a:2f:8e:0e:4a:46:6f:54:52:38:ad:
         db:a4:2e:5f:05:e3:4b:69:a0:16:b3:b2:2b:77:a8:ba:b6:cd:
         ae:95:61:e1:79:aa:ec:c6:75:ce:47:e4:ee:56:18:3e:2c:ad:
         16:3a:3d:23:b6:b8:31:3a:11:b0:ad:60:5e:67:df:a8:62:7b:
         e8:3d:ad:86:68:f3:6f:72:31:4c:6e:db:71:09:46:b2:e3:4c:
         28:95:82:7c:da:3f:33:a2:d2:90:a2:b1:40:21:3e:65:b6:32:
         16:ec:e1:68:3d:fb:ca:c7:38:7f:d4:04:97:d5:b7:bc:f0:86:
         2e:41:36:9d:f0:2e:47:60:b0:21:ea:d2:73:51:3f:f6:fc:ed:
         1b:c7:a3:79:02:bb:f6:a2:02:a3:a7:54:36:c8:d6:0f:c6:ad:
         2f:44:3b:10:ba:74:c0:c1:59:91:12:c2:7a:1e:3f:ac:aa:f7:
         d7:c5:5a:d9:ae:0b:34:fa:3f:dd:8f:cc:bd:87:c6:e2:5b:2a:
         1f:7a:75:90:be:ea:6c:c4:1a:ba:93:3b:0f:03:91:ce:f3:d8:
         ba:c2:d4:7c:cb:cf:67:b8:94:66:42:10:1d:ac:e2:03:2d:cc:
         2c:d3:db:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZS5rAiiiKh38eGjS1Fy3x5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjUwMTMxMDAwNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDc2Njk4OGM2Zjk1NmFkMmVhN2VlODI3OGVkMjczMDg1YjgzMzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus7eT+uo7IWjbveMulgG682GiuHz
dpNWzBcMsERzpF5bD+E5ziVqvsU1WKwbhftnELfTKGoPuC0yUThUz+Nmtk9iwcbv
tytKRVYPBdOwLt5kS4miR45VZ6VTmLHV4jt9Ncc1wgTma5tc/V0iUNMZax9xn5gg
QJgrCfhxXjSU7ydnH3TsD9tbOJ5GFnc+6ato8OWoY7XAfBsj8rsduez1kf6puXQX
eErqWtt6JwtkG9OwzI5XHyFubuCcnJ8BGMHQ8/Rs+m0ud1kcZmy1awaVNUsmdzSa
odcBHAee8lGd5u+5Xw+F7wcXrwSzqCfqDR81bp30H2QYVVmk+HDk9gDuwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKR2aYjG+VatLqfugnjtJzCFuDMKMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvcEhacGlNYjVWcTB1cC02Q2VPMG5NSVc0TXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCU5P4AwQC
W7rIMA0GCSqGSIb3DQEBCwUAA4IBAQAxPKjCvLiYRFC0/GxXPq/iqnKZXlGMtjfx
mi+ODkpGb1RSOK3bpC5fBeNLaaAWs7Ird6i6ts2ulWHhearsxnXOR+TuVhg+LK0W
Oj0jtrgxOhGwrWBeZ9+oYnvoPa2GaPNvcjFMbttxCUay40wolYJ82j8zotKQorFA
IT5ltjIW7OFoPfvKxzh/1ASX1be88IYuQTad8C5HYLAh6tJzUT/2/O0bx6N5Arv2
ogKjp1Q2yNYPxq0vRDsQunTAwVmREsJ6Hj+sqvfXxVrZrgs0+j/dj8y9h8biWyof
enWQvupsxBq6kzsPA5HO89i6wtR8y89nuJRmQhAdrOIDLcws09tc
-----END CERTIFICATE-----