Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/DvLbsc5ECTtzWXwAHat2lS2CmCQ.roa
File:                     DvLbsc5ECTtzWXwAHat2lS2CmCQ.roa (raw, json)
Hash identifier:          27SjmQLahfEV8/oOJ8A2X0mKS+LdBuzCoqfA36DRon0=
Subject key identifier:   0E:F2:DB:B1:CE:44:09:3B:73:59:7C:00:1D:AB:76:95:2D:82:98:24
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       01942746F0E243AD8B085EF24B46C4A3C63C
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/DvLbsc5ECTtzWXwAHat2lS2CmCQ.roa
Signing time:             Thu 02 Jan 2025 13:49:08 +0000
ROA not before:           Thu 02 Jan 2025 13:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44225
IP address blocks:        195.244.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:f0:e2:43:ad:8b:08:5e:f2:4b:46:c4:a3:c6:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 13:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ef2dbb1ce44093b73597c001dab76952d829824
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ce:1e:63:c9:09:6b:c5:21:77:65:83:9f:42:
                    3a:82:a7:a6:25:27:2c:38:00:c7:43:d9:1e:2a:f4:
                    d7:cf:e7:e5:4b:bb:ce:7d:aa:52:df:58:7f:cc:aa:
                    e9:8d:a1:68:9b:78:6a:f3:fe:bc:8b:69:f0:ea:94:
                    8f:88:03:32:f0:af:8a:a3:b7:2e:d0:46:c2:40:96:
                    f9:f7:b0:ca:99:fd:71:0c:07:35:b1:9b:5c:cf:53:
                    c5:d1:7d:2d:37:6a:c4:ed:0b:9d:f1:5f:55:19:87:
                    0f:f9:c4:7e:63:8c:95:6d:89:68:ef:93:93:1b:86:
                    a4:72:61:bf:4e:4e:c6:50:d4:bd:42:3f:2e:02:68:
                    fb:58:fd:ae:5d:84:f4:43:87:3a:76:af:0c:45:9b:
                    ae:b5:ea:b9:26:40:46:89:88:7c:e5:0d:2e:da:fc:
                    6d:98:f8:c7:f3:fc:d8:84:9a:ba:1b:88:ae:06:cc:
                    09:5d:1c:d5:53:01:a4:90:b9:0f:21:e4:a6:53:ab:
                    69:07:4f:ba:cf:62:11:71:d2:44:65:0a:4d:a3:4f:
                    5e:de:cb:38:dd:98:32:bf:e9:42:0e:4f:75:82:f1:
                    db:c8:c6:45:b6:51:88:d3:ed:4d:c3:25:e4:c9:25:
                    34:e5:b1:04:7e:e4:64:9f:6d:73:c2:a5:1f:00:97:
                    9c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:F2:DB:B1:CE:44:09:3B:73:59:7C:00:1D:AB:76:95:2D:82:98:24
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/DvLbsc5ECTtzWXwAHat2lS2CmCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.244.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:55:90:e3:16:b6:87:a4:38:33:f7:03:f1:29:3b:9f:43:6b:
         6e:d5:13:98:6c:1a:6e:72:82:08:04:a2:e6:15:dd:17:ed:4e:
         ca:c7:30:9a:4c:a4:21:08:d0:46:48:41:c5:63:6a:d4:f3:09:
         75:47:30:1c:1a:fc:c7:84:e3:9a:d9:2a:96:bc:2f:43:46:6a:
         15:80:ca:35:6e:14:46:8b:61:4f:1e:b5:c5:d9:d8:3d:10:d9:
         82:c0:96:52:be:b9:88:90:09:f7:b8:e4:8e:de:e1:67:38:d5:
         a3:22:2d:95:2a:15:5f:ea:34:29:4a:87:56:ae:bb:ef:83:a1:
         a9:62:6c:57:0e:d5:34:75:ab:80:21:50:b6:5b:e8:9e:53:4f:
         d4:77:8a:21:0e:8e:dd:fe:e1:82:c2:9b:95:28:48:7e:93:b7:
         80:05:f1:ac:64:a8:96:26:f2:fc:1e:91:06:b0:1f:33:6c:b6:
         42:29:12:61:13:30:18:4c:54:c0:13:2a:7c:5f:2e:5e:2e:6a:
         91:bb:dc:81:ab:5c:78:fd:82:be:fa:a3:10:27:e6:f6:f7:dc:
         2d:8f:7e:2f:3c:bb:35:97:e7:8c:99:63:e4:cd:e4:c5:73:74:
         98:38:c2:74:23:ea:2d:07:b0:68:5f:b6:5d:e1:23:3f:8a:9e:
         76:b6:0c:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRvDiQ62LCF7yS0bEo8Y8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjUwMTAyMTM0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWYyZGJiMWNlNDQwOTNiNzM1OTdjMDAxZGFiNzY5NTJkODI5ODI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAic4eY8kJa8Uhd2WDn0I6gqemJScs
OADHQ9keKvTXz+flS7vOfapS31h/zKrpjaFom3hq8/68i2nw6pSPiAMy8K+Ko7cu
0EbCQJb597DKmf1xDAc1sZtcz1PF0X0tN2rE7Qud8V9VGYcP+cR+Y4yVbYlo75OT
G4akcmG/Tk7GUNS9Qj8uAmj7WP2uXYT0Q4c6dq8MRZuuteq5JkBGiYh85Q0u2vxt
mPjH8/zYhJq6G4iuBswJXRzVUwGkkLkPIeSmU6tpB0+6z2IRcdJEZQpNo09e3ss4
3Zgyv+lCDk91gvHbyMZFtlGI0+1NwyXkySU05bEEfuRkn21zwqUfAJecCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7y27HORAk7c1l8AB2rdpUtgpgkMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvRHZMYnNjNUVDVHR6V1h3QUhhdDJsUzJDbUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/R5MA0G
CSqGSIb3DQEBCwUAA4IBAQAvVZDjFraHpDgz9wPxKTufQ2tu1ROYbBpucoIIBKLm
Fd0X7U7KxzCaTKQhCNBGSEHFY2rU8wl1RzAcGvzHhOOa2SqWvC9DRmoVgMo1bhRG
i2FPHrXF2dg9ENmCwJZSvrmIkAn3uOSO3uFnONWjIi2VKhVf6jQpSodWrrvvg6Gp
YmxXDtU0dauAIVC2W+ieU0/Ud4ohDo7d/uGCwpuVKEh+k7eABfGsZKiWJvL8HpEG
sB8zbLZCKRJhEzAYTFTAEyp8Xy5eLmqRu9yBq1x4/YK++qMQJ+b299wtj34vPLs1
l+eMmWPkzeTFc3SYOMJ0I+otB7BoX7Zd4SM/ip52tgw1
-----END CERTIFICATE-----