Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/vYyERfzMQqwkNDEj2uOXG_S6t8w.roa
File:                     vYyERfzMQqwkNDEj2uOXG_S6t8w.roa (raw, json)
Hash identifier:          WXsRMU1133zUyQTKxrB9Bygige89E8eXSL5nflVhMAk=
Subject key identifier:   BD:8C:84:45:FC:CC:42:AC:24:34:31:23:DA:E3:97:1B:F4:BA:B7:CC
Certificate issuer:       /CN=06079c429a7146f1f9aa049bdb42ca95144b74da
Certificate serial:       019423D6B9880F4A6FE54A61EA2146FB6FE6
Authority key identifier: 06:07:9C:42:9A:71:46:F1:F9:AA:04:9B:DB:42:CA:95:14:4B:74:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BgecQppxRvH5qgSb20LKlRRLdNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/vYyERfzMQqwkNDEj2uOXG_S6t8w.roa
Signing time:             Wed 01 Jan 2025 21:47:42 +0000
ROA not before:           Wed 01 Jan 2025 21:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60079
IP address blocks:        94.45.224.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/BgecQppxRvH5qgSb20LKlRRLdNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/BgecQppxRvH5qgSb20LKlRRLdNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BgecQppxRvH5qgSb20LKlRRLdNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b9:88:0f:4a:6f:e5:4a:61:ea:21:46:fb:6f:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06079c429a7146f1f9aa049bdb42ca95144b74da
        Validity
            Not Before: Jan  1 21:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd8c8445fccc42ac24343123dae3971bf4bab7cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bd:d1:f0:f9:e4:4c:0f:6f:1a:11:3d:b9:e2:
                    d6:4d:97:b1:3a:ab:0d:a5:57:34:51:12:c3:84:66:
                    a5:3e:0f:c2:45:a7:2c:cb:09:b2:0a:c4:b3:1c:55:
                    2e:e2:59:8f:1e:e5:fc:c4:6b:7a:ae:a1:92:6d:2a:
                    1c:b3:fc:9a:b1:58:b0:2a:74:02:ba:01:50:26:f4:
                    43:c7:1c:59:49:58:b3:81:8d:72:01:c6:85:40:95:
                    77:bf:23:ff:ab:47:07:0e:0b:d8:d6:c3:22:c8:22:
                    c8:20:41:a4:1b:0f:db:20:98:ac:bb:1f:5f:76:bd:
                    30:51:4d:42:c6:9e:df:eb:e6:e2:2e:e1:0a:e0:34:
                    c6:74:26:90:c7:92:0c:ee:c8:c3:0b:5a:3f:f0:2d:
                    4e:f2:31:9e:65:5e:0e:89:b4:b6:c9:f6:e1:61:c9:
                    d1:6b:26:ec:ab:fd:53:f3:da:ae:20:6f:84:3e:0c:
                    1e:48:f4:cd:69:1a:c0:bb:a5:26:e6:b9:91:7b:7d:
                    f4:6d:b1:ff:de:94:5d:2e:58:56:eb:3d:92:3d:65:
                    4e:8b:e9:62:37:68:35:af:90:aa:96:33:4b:7a:3f:
                    9b:99:bb:f4:f3:84:d3:35:9f:44:15:d2:2f:89:e1:
                    b1:83:9a:3f:21:90:c8:f5:e0:b8:f3:05:7b:66:4d:
                    ce:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:8C:84:45:FC:CC:42:AC:24:34:31:23:DA:E3:97:1B:F4:BA:B7:CC
            X509v3 Authority Key Identifier:
                keyid:06:07:9C:42:9A:71:46:F1:F9:AA:04:9B:DB:42:CA:95:14:4B:74:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BgecQppxRvH5qgSb20LKlRRLdNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/vYyERfzMQqwkNDEj2uOXG_S6t8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/740589-85cd-497a-90c1-a2f9a8a51bb0/1/BgecQppxRvH5qgSb20LKlRRLdNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.45.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         84:7f:95:6c:00:f3:ff:df:a7:76:cd:d5:dc:79:33:4a:e7:e0:
         bc:81:62:ed:00:f6:dc:95:48:12:1c:1e:13:2a:1c:c3:7e:06:
         2a:a7:a6:45:53:bf:61:4c:a8:b7:38:4b:0c:77:80:af:6a:90:
         45:fd:65:c1:72:42:d8:e6:2f:82:45:2c:28:2c:4d:69:f4:27:
         cb:76:f3:f6:82:f7:10:b4:02:a2:de:88:25:17:e5:e0:48:b1:
         b4:06:0d:a5:aa:69:f4:0f:3a:55:91:3f:08:2d:9d:f5:44:26:
         7d:2d:30:99:02:45:dc:7d:99:b3:4f:15:e1:55:ee:d0:25:21:
         cf:80:68:a3:51:eb:27:e5:78:50:c0:5c:3f:e9:75:a9:81:69:
         46:c2:94:90:c8:99:b0:70:12:32:c3:3f:ac:8b:90:e1:f2:c2:
         66:51:7d:e3:59:8c:ee:70:35:8b:62:8f:a5:9b:90:6c:e8:9e:
         9c:f2:73:e9:77:ed:af:b6:f6:4a:bc:e2:c0:78:15:69:10:ca:
         31:b0:d0:3a:bf:a8:f6:1e:d6:dd:5f:20:e8:94:d9:03:da:0d:
         aa:7d:4e:73:79:a3:f6:a1:5f:61:e8:ef:4d:15:6c:13:75:2c:
         1b:5c:d8:ed:d5:26:36:1c:f6:7c:64:84:40:84:15:18:59:7d:
         1c:9f:13:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rmID0pv5Uph6iFG+2/mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MDc5YzQyOWE3MTQ2ZjFmOWFhMDQ5YmRiNDJjYTk1MTQ0
Yjc0ZGEwHhcNMjUwMTAxMjE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDhjODQ0NWZjY2M0MmFjMjQzNDMxMjNkYWUzOTcxYmY0YmFiN2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1b3R8PnkTA9vGhE9ueLWTZexOqsN
pVc0URLDhGalPg/CRacsywmyCsSzHFUu4lmPHuX8xGt6rqGSbSocs/yasViwKnQC
ugFQJvRDxxxZSVizgY1yAcaFQJV3vyP/q0cHDgvY1sMiyCLIIEGkGw/bIJisux9f
dr0wUU1Cxp7f6+biLuEK4DTGdCaQx5IM7sjDC1o/8C1O8jGeZV4OibS2yfbhYcnR
aybsq/1T89quIG+EPgweSPTNaRrAu6Um5rmRe330bbH/3pRdLlhW6z2SPWVOi+li
N2g1r5CqljNLej+bmbv084TTNZ9EFdIvieGxg5o/IZDI9eC48wV7Zk3OLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2MhEX8zEKsJDQxI9rjlxv0urfMMB8GA1UdIwQY
MBaAFAYHnEKacUbx+aoEm9tCypUUS3TaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmdlY1FwcHhSdkg1cWdTYjIwTEtsUlJMZE5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi83NDA1ODktODVjZC00OTdhLTkwYzEt
YTJmOWE4YTUxYmIwLzEvdll5RVJmek1RcXdrTkRFajJ1T1hHX1M2dDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi83NDA1ODktODVjZC00OTdhLTkwYzEtYTJmOWE4YTUxYmIw
LzEvQmdlY1FwcHhSdkg1cWdTYjIwTEtsUlJMZE5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFXi3gMA0G
CSqGSIb3DQEBCwUAA4IBAQCEf5VsAPP/36d2zdXceTNK5+C8gWLtAPbclUgSHB4T
KhzDfgYqp6ZFU79hTKi3OEsMd4CvapBF/WXBckLY5i+CRSwoLE1p9CfLdvP2gvcQ
tAKi3oglF+XgSLG0Bg2lqmn0DzpVkT8ILZ31RCZ9LTCZAkXcfZmzTxXhVe7QJSHP
gGijUesn5XhQwFw/6XWpgWlGwpSQyJmwcBIywz+si5Dh8sJmUX3jWYzucDWLYo+l
m5Bs6J6c8nPpd+2vtvZKvOLAeBVpEMoxsNA6v6j2HtbdXyDolNkD2g2qfU5zeaP2
oV9h6O9NFWwTdSwbXNjt1SY2HPZ8ZIRAhBUYWX0cnxOU
-----END CERTIFICATE-----