Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0b2524-fc7b-4ecf-a813-4a5f92e5bde2/1/DoBOspS47tAWWoVyrzdkFKGZhBQ.roa
File:                     DoBOspS47tAWWoVyrzdkFKGZhBQ.roa (raw, json)
Hash identifier:          6Ll4h+7/jZyYNrKd5O1SokixDtBGBityeWJu60S8EwM=
Subject key identifier:   0E:80:4E:B2:94:B8:EE:D0:16:5A:85:72:AF:37:64:14:A1:99:84:14
Certificate issuer:       /CN=5543437ee9c5a8c84f8d3483dc5e0fa4ba89cc3d
Certificate serial:       018CC79365BD2AEA1170FC74EBC2134F7BDC
Authority key identifier: 55:43:43:7E:E9:C5:A8:C8:4F:8D:34:83:DC:5E:0F:A4:BA:89:CC:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VUNDfunFqMhPjTSD3F4PpLqJzD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0b2524-fc7b-4ecf-a813-4a5f92e5bde2/1/DoBOspS47tAWWoVyrzdkFKGZhBQ.roa
Signing time:             Tue 02 Jan 2024 00:29:35 +0000
ROA not before:           Tue 02 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210125
IP address blocks:        79.174.24.0/22 maxlen: 24
                          2a0d:ab40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0b2524-fc7b-4ecf-a813-4a5f92e5bde2/1/VUNDfunFqMhPjTSD3F4PpLqJzD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0b2524-fc7b-4ecf-a813-4a5f92e5bde2/1/VUNDfunFqMhPjTSD3F4PpLqJzD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VUNDfunFqMhPjTSD3F4PpLqJzD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:65:bd:2a:ea:11:70:fc:74:eb:c2:13:4f:7b:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5543437ee9c5a8c84f8d3483dc5e0fa4ba89cc3d
        Validity
            Not Before: Jan  2 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e804eb294b8eed0165a8572af376414a1998414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:63:cd:ed:d9:a3:e2:1b:f5:36:9f:24:74:a0:
                    45:14:94:99:b4:d3:d4:f9:d0:87:26:03:53:6a:e4:
                    12:24:51:2c:86:ba:1f:e2:bf:49:9a:28:dd:cf:bd:
                    26:d9:55:ab:cb:a7:fb:03:6f:66:e4:de:4d:91:d6:
                    90:43:2b:fc:d4:80:a2:ef:59:26:c4:a2:a7:8c:24:
                    2f:aa:95:fe:1a:6a:da:9f:5c:12:6a:9e:f8:62:a3:
                    09:25:0c:83:8f:87:19:05:fb:77:ef:8b:cd:81:20:
                    b2:ec:99:6f:c5:58:0c:a9:69:25:44:54:73:0b:b7:
                    ab:58:86:ef:e6:69:25:0a:07:ce:55:48:e9:42:86:
                    7e:3e:2d:fe:73:fa:f7:b3:cd:01:ec:ce:7b:f4:50:
                    56:85:26:22:e0:05:25:28:15:85:22:c1:3e:da:3c:
                    a4:ea:9b:b7:e6:61:ec:2b:87:ac:36:2e:70:79:ff:
                    1a:28:d0:fe:35:b7:2c:f6:88:13:fb:07:74:d8:86:
                    35:85:92:09:23:b8:6f:b8:b1:ce:c0:e7:91:9d:e9:
                    9b:ff:eb:58:10:76:57:25:de:87:c1:6e:a7:74:9b:
                    d6:db:95:78:7c:ea:c8:2e:e6:71:34:da:30:f9:17:
                    d3:40:12:dc:5f:cc:3b:54:88:5d:5a:27:dc:89:94:
                    2c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:80:4E:B2:94:B8:EE:D0:16:5A:85:72:AF:37:64:14:A1:99:84:14
            X509v3 Authority Key Identifier:
                keyid:55:43:43:7E:E9:C5:A8:C8:4F:8D:34:83:DC:5E:0F:A4:BA:89:CC:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VUNDfunFqMhPjTSD3F4PpLqJzD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0b2524-fc7b-4ecf-a813-4a5f92e5bde2/1/DoBOspS47tAWWoVyrzdkFKGZhBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0b2524-fc7b-4ecf-a813-4a5f92e5bde2/1/VUNDfunFqMhPjTSD3F4PpLqJzD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.24.0/22
                IPv6:
                  2a0d:ab40::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:34:95:d7:79:10:32:73:14:9e:2d:8d:70:8a:9a:c4:2b:3e:
         d0:bc:6b:d2:de:71:ab:e1:97:08:fb:07:c4:f5:a0:e9:a6:3f:
         97:8a:94:67:fb:d0:3e:d4:b7:cf:d2:a7:54:7e:7e:2d:c8:ce:
         49:36:aa:5a:7c:62:e6:f4:14:dd:82:02:7f:5f:3e:01:e8:f3:
         3f:de:3b:ea:5c:7c:35:3c:ee:d7:3f:c7:4d:e8:e2:79:5e:ae:
         9c:97:a2:9a:62:bd:56:cd:e8:7e:b8:f7:bd:36:5b:39:d2:70:
         e3:06:f3:1e:51:ca:d1:04:3e:2d:96:fd:ad:e8:84:23:76:da:
         b5:c1:61:2c:16:59:e3:b9:7f:bd:98:83:3f:4c:4e:d7:43:46:
         2f:ec:b9:ed:93:93:6e:f7:4e:37:b3:63:c8:3f:a2:29:5a:51:
         c2:24:de:1d:5a:a0:93:ac:b8:53:68:57:c4:7a:3e:48:08:b0:
         89:82:85:26:27:50:30:14:0a:33:cf:ca:d2:d1:94:cc:85:b8:
         5b:89:c4:8e:9b:77:68:fb:c4:5c:bb:83:56:1c:14:d2:5d:67:
         f9:29:9b:08:e7:3a:bc:1f:ba:75:bc:da:42:d0:66:0a:14:6e:
         c1:74:30:20:c0:59:84:90:18:55:39:b2:7e:6e:49:3c:86:87:
         bb:a5:fe:27
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk2W9KuoRcPx068ITT3vcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NDM0MzdlZTljNWE4Yzg0ZjhkMzQ4M2RjNWUwZmE0YmE4
OWNjM2QwHhcNMjQwMTAyMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTgwNGViMjk0YjhlZWQwMTY1YTg1NzJhZjM3NjQxNGExOTk4NDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGPN7dmj4hv1Np8kdKBFFJSZtNPU
+dCHJgNTauQSJFEshrof4r9Jmijdz70m2VWry6f7A29m5N5NkdaQQyv81ICi71km
xKKnjCQvqpX+Gmran1wSap74YqMJJQyDj4cZBft374vNgSCy7JlvxVgMqWklRFRz
C7erWIbv5mklCgfOVUjpQoZ+Pi3+c/r3s80B7M579FBWhSYi4AUlKBWFIsE+2jyk
6pu35mHsK4esNi5wef8aKND+Nbcs9ogT+wd02IY1hZIJI7hvuLHOwOeRnemb/+tY
EHZXJd6HwW6ndJvW25V4fOrILuZxNNow+RfTQBLcX8w7VIhdWifciZQsewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA6ATrKUuO7QFlqFcq83ZBShmYQUMB8GA1UdIwQY
MBaAFFVDQ37pxajIT400g9xeD6S6icw9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlVORGZ1bkZxTWhQalRTRDNGNFBwTHFKekQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wYjI1MjQtZmM3Yi00ZWNmLWE4MTMt
NGE1ZjkyZTViZGUyLzEvRG9CT3NwUzQ3dEFXV29WeXJ6ZGtGS0daaEJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wYjI1MjQtZmM3Yi00ZWNmLWE4MTMtNGE1ZjkyZTViZGUy
LzEvVlVORGZ1bkZxTWhQalRTRDNGNFBwTHFKekQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCT64YMA0E
AgACMAcDBQAqDatAMA0GCSqGSIb3DQEBCwUAA4IBAQAjNJXXeRAycxSeLY1wiprE
Kz7QvGvS3nGr4ZcI+wfE9aDppj+XipRn+9A+1LfP0qdUfn4tyM5JNqpafGLm9BTd
ggJ/Xz4B6PM/3jvqXHw1PO7XP8dN6OJ5Xq6cl6KaYr1Wzeh+uPe9Nls50nDjBvMe
UcrRBD4tlv2t6IQjdtq1wWEsFlnjuX+9mIM/TE7XQ0Yv7Lntk5Nu9043s2PIP6Ip
WlHCJN4dWqCTrLhTaFfEej5ICLCJgoUmJ1AwFAozz8rS0ZTMhbhbicSOm3do+8Rc
u4NWHBTSXWf5KZsI5zq8H7p1vNpC0GYKFG7BdDAgwFmEkBhVObJ+bkk8hoe7pf4n
-----END CERTIFICATE-----