Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/ILLTBrzYQfi94tNdmyyRDwWKwJs.roa
File:                     ILLTBrzYQfi94tNdmyyRDwWKwJs.roa (raw, json)
Hash identifier:          wZ1FRDtmCkAL4NGOes98cjzjnraHNS0+N0rgG5Q11tg=
Subject key identifier:   20:B2:D3:06:BC:D8:41:F8:BD:E2:D3:5D:9B:2C:91:0F:05:8A:C0:9B
Certificate issuer:       /CN=0dd441c3ffae829842249e944b03851081f4d9e0
Certificate serial:       01932B892BBB0BE403886823294F1733600D
Authority key identifier: 0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/ILLTBrzYQfi94tNdmyyRDwWKwJs.roa
Signing time:             Thu 14 Nov 2024 16:37:09 +0000
ROA not before:           Thu 14 Nov 2024 16:37:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49127
IP address blocks:        185.82.73.0/24 maxlen: 24
                          193.23.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2b:89:2b:bb:0b:e4:03:88:68:23:29:4f:17:33:60:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd441c3ffae829842249e944b03851081f4d9e0
        Validity
            Not Before: Nov 14 16:37:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20b2d306bcd841f8bde2d35d9b2c910f058ac09b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:21:e2:2e:e0:6e:9a:e6:73:b3:0b:74:16:a2:
                    de:38:48:ed:39:9f:2c:09:59:d6:65:0f:47:9c:16:
                    72:b9:aa:ae:8e:f2:fa:ec:83:78:ca:4a:ac:4f:8a:
                    39:0b:bb:c5:20:b2:5f:68:53:c5:00:66:fd:1d:bf:
                    3b:71:ea:1f:f9:ed:50:c0:db:8e:41:de:14:82:2e:
                    4f:2c:59:e6:bd:39:cd:45:15:1a:7c:82:73:00:f8:
                    7d:67:d2:68:37:8e:e1:be:79:19:1a:78:b5:b3:11:
                    8b:17:b6:bb:d6:a7:7b:3f:dc:d9:28:b5:9e:d4:b6:
                    ff:32:a6:7f:28:11:fc:a3:cf:31:71:b1:06:fc:2d:
                    ed:c0:fa:a1:a5:70:9b:9f:09:9a:2e:a7:68:74:6f:
                    1f:d3:a8:48:9c:55:b0:e2:39:bc:5a:c2:b8:0f:be:
                    f3:cb:6e:f9:7a:30:55:61:2b:81:e5:ad:4d:4e:ab:
                    53:02:72:ae:f9:80:ad:04:2e:e1:7a:36:49:fa:8e:
                    72:cd:78:28:13:f8:be:47:61:60:47:7c:54:41:75:
                    26:c4:ca:5c:34:73:ac:67:68:a6:41:18:c1:3a:87:
                    d7:49:fd:7b:6b:53:42:37:24:24:28:6f:29:5e:a3:
                    fb:43:b4:21:15:a1:22:04:5e:69:96:8b:d9:02:40:
                    0e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:B2:D3:06:BC:D8:41:F8:BD:E2:D3:5D:9B:2C:91:0F:05:8A:C0:9B
            X509v3 Authority Key Identifier:
                keyid:0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/ILLTBrzYQfi94tNdmyyRDwWKwJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.73.0/24
                  193.23.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:75:7a:3f:71:2a:f0:96:35:9d:b3:d5:71:5a:88:31:ca:34:
         59:94:4f:e7:06:82:0c:62:5c:54:21:f1:5d:a3:b0:1b:2c:c0:
         85:a8:00:00:18:4f:10:66:01:b0:8e:87:2a:22:36:76:cd:eb:
         13:6a:02:4c:a2:51:f0:e0:38:d0:3f:f7:53:31:a5:72:5b:88:
         7f:81:c7:0d:06:2a:42:4e:ba:07:2f:5b:93:a7:6c:a3:4d:37:
         99:e7:a8:03:6e:34:08:8b:ab:d1:72:7e:1a:71:11:70:1f:43:
         7f:29:25:87:30:66:8a:11:9e:dc:fe:91:20:5b:89:bc:45:7a:
         49:c4:7a:67:ca:51:25:1a:ac:dc:be:b2:2e:99:6d:63:8f:01:
         df:14:b2:8f:af:02:0d:08:8c:b9:c6:b0:7e:f4:7f:ad:9e:38:
         27:c9:a1:5b:d8:be:25:67:c2:64:40:30:ac:2c:5c:cf:dd:3f:
         80:0a:76:69:ba:63:30:6d:5c:7b:b1:58:31:11:42:aa:93:41:
         19:6c:32:2a:5a:e5:4e:26:2f:c3:dd:b3:39:6a:80:01:9b:ab:
         37:e2:aa:5a:5e:42:af:0c:af:4f:08:ac:69:c1:b7:96:3f:69:
         56:db:df:59:cf:4e:3f:b8:bd:09:10:6d:51:79:05:98:53:b3:
         dc:d1:40:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMriSu7C+QDiGgjKU8XM2ANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDQ0MWMzZmZhZTgyOTg0MjI0OWU5NDRiMDM4NTEwODFm
NGQ5ZTAwHhcNMjQxMTE0MTYzNzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGIyZDMwNmJjZDg0MWY4YmRlMmQzNWQ5YjJjOTEwZjA1OGFjMDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iHiLuBumuZzswt0FqLeOEjtOZ8s
CVnWZQ9HnBZyuaqujvL67IN4ykqsT4o5C7vFILJfaFPFAGb9Hb87ceof+e1QwNuO
Qd4Ugi5PLFnmvTnNRRUafIJzAPh9Z9JoN47hvnkZGni1sxGLF7a71qd7P9zZKLWe
1Lb/MqZ/KBH8o88xcbEG/C3twPqhpXCbnwmaLqdodG8f06hInFWw4jm8WsK4D77z
y275ejBVYSuB5a1NTqtTAnKu+YCtBC7hejZJ+o5yzXgoE/i+R2FgR3xUQXUmxMpc
NHOsZ2imQRjBOofXSf17a1NCNyQkKG8pXqP7Q7QhFaEiBF5plovZAkAOSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCCy0wa82EH4veLTXZsskQ8FisCbMB8GA1UdIwQY
MBaAFA3UQcP/roKYQiSelEsDhRCB9NngMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMt
ZTljOTEzMjgzNmZmLzEvSUxMVEJyellRZmk5NHROZG15eVJEd1dLd0pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMtZTljOTEzMjgzNmZm
LzEvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVJJAwQA
wRd2MA0GCSqGSIb3DQEBCwUAA4IBAQBedXo/cSrwljWds9VxWogxyjRZlE/nBoIM
YlxUIfFdo7AbLMCFqAAAGE8QZgGwjocqIjZ2zesTagJMolHw4DjQP/dTMaVyW4h/
gccNBipCTroHL1uTp2yjTTeZ56gDbjQIi6vRcn4acRFwH0N/KSWHMGaKEZ7c/pEg
W4m8RXpJxHpnylElGqzcvrIumW1jjwHfFLKPrwINCIy5xrB+9H+tnjgnyaFb2L4l
Z8JkQDCsLFzP3T+ACnZpumMwbVx7sVgxEUKqk0EZbDIqWuVOJi/D3bM5aoABm6s3
4qpaXkKvDK9PCKxpwbeWP2lW299Zz04/uL0JEG1ReQWYU7Pc0UC5
-----END CERTIFICATE-----