Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/Ddo-rGp8Y15i3TXkElUp4jMgMBU.roa
File:                     Ddo-rGp8Y15i3TXkElUp4jMgMBU.roa (raw, json)
Hash identifier:          M7bR5rbg9GLuguhMNH1R1xL91r/ucZoK94UNG2CQXSU=
Subject key identifier:   0D:DA:3E:AC:6A:7C:63:5E:62:DD:35:E4:12:55:29:E2:33:20:30:15
Certificate issuer:       /CN=68bd10f1b14bbb2767ffdcaec4b4172880ba461a
Certificate serial:       018CC50021031AD0F3B5A8C1AD901835FE06
Authority key identifier: 68:BD:10:F1:B1:4B:BB:27:67:FF:DC:AE:C4:B4:17:28:80:BA:46:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aL0Q8bFLuydn_9yuxLQXKIC6Rho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/Ddo-rGp8Y15i3TXkElUp4jMgMBU.roa
Signing time:             Mon 01 Jan 2024 12:29:29 +0000
ROA not before:           Mon 01 Jan 2024 12:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60721
IP address blocks:        193.107.40.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/aL0Q8bFLuydn_9yuxLQXKIC6Rho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/aL0Q8bFLuydn_9yuxLQXKIC6Rho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aL0Q8bFLuydn_9yuxLQXKIC6Rho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:21:03:1a:d0:f3:b5:a8:c1:ad:90:18:35:fe:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68bd10f1b14bbb2767ffdcaec4b4172880ba461a
        Validity
            Not Before: Jan  1 12:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dda3eac6a7c635e62dd35e4125529e233203015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9e:96:af:9a:df:b8:43:b0:d1:23:1d:64:34:
                    71:d0:c8:82:c0:51:a4:af:ba:99:10:c5:76:bb:ad:
                    73:e5:2d:d5:fa:c6:1b:c5:41:55:e8:80:92:f0:5b:
                    d2:c7:33:09:29:8e:57:e0:1d:11:34:49:d6:04:0e:
                    88:a5:56:0e:63:a0:f4:b9:20:13:5e:74:8f:af:50:
                    a6:93:d5:40:01:26:fb:67:8b:fe:0e:13:e9:a0:88:
                    bd:c5:9d:49:dd:e9:1a:9f:f9:f8:27:00:d9:c2:00:
                    53:e0:e5:18:65:e7:a1:e6:e5:fc:a9:a0:19:c8:d0:
                    34:73:1c:02:ac:74:59:5e:ff:fa:ac:74:eb:38:c7:
                    a0:2a:04:0f:77:1f:13:c7:25:d6:24:47:f7:d1:01:
                    f1:11:d5:b9:62:92:cb:21:a4:9b:c3:b1:d5:99:26:
                    3c:a1:1f:0b:88:14:ae:ac:bc:87:98:05:30:7f:31:
                    97:05:82:1a:c5:5a:13:99:58:fa:57:d8:ab:36:ac:
                    71:19:7a:31:3f:84:fe:b0:07:0e:a2:47:e9:71:da:
                    4e:c0:d2:d0:14:d3:2b:8a:a5:b1:7c:0b:8a:a7:c1:
                    ec:1e:49:6f:86:a5:6e:79:9a:e8:9a:c1:13:f6:a0:
                    2c:24:0a:19:64:ba:d0:68:70:3e:d3:28:95:f9:4e:
                    ff:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:DA:3E:AC:6A:7C:63:5E:62:DD:35:E4:12:55:29:E2:33:20:30:15
            X509v3 Authority Key Identifier:
                keyid:68:BD:10:F1:B1:4B:BB:27:67:FF:DC:AE:C4:B4:17:28:80:BA:46:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aL0Q8bFLuydn_9yuxLQXKIC6Rho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/Ddo-rGp8Y15i3TXkElUp4jMgMBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/aL0Q8bFLuydn_9yuxLQXKIC6Rho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:56:f0:1c:99:f3:dd:f6:32:ee:b4:90:41:71:e7:16:9b:7a:
         be:5f:39:6f:37:49:b0:e6:97:43:35:a5:4d:13:e5:1e:86:f5:
         df:db:84:14:2e:8d:27:e0:5f:8f:da:f5:84:57:03:1e:6a:43:
         9c:1a:fb:0a:35:ec:d8:26:42:19:c8:b3:eb:16:00:cb:5a:12:
         f4:21:39:47:8e:af:d3:30:89:a7:93:39:17:1c:25:fe:12:c7:
         d3:a2:fb:6b:04:01:60:a9:38:9d:62:c9:16:62:5f:6c:3f:47:
         b6:2e:c0:8e:3d:f9:4a:27:ef:63:45:ef:6e:3b:ec:11:33:4e:
         75:89:ba:60:d8:57:1b:55:b1:47:90:96:2b:ed:14:a0:fe:42:
         64:0a:4c:66:00:00:a6:76:01:35:c3:e2:25:bb:8c:71:ab:40:
         b4:45:d4:38:fb:8d:23:fe:07:cb:f2:33:d9:33:21:2a:60:7a:
         ca:ab:0d:db:54:e9:d2:69:f1:99:82:cc:17:72:8c:5f:ca:43:
         db:fb:2f:72:36:bd:a9:d2:d0:51:36:2b:72:73:20:7c:d0:04:
         67:82:30:be:e2:2d:c6:a6:16:ba:4b:2b:62:17:45:fe:84:19:
         ce:7f:c5:49:ae:38:fc:f0:52:71:3a:13:0c:10:58:b2:51:b5:
         e6:99:00:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFACEDGtDztajBrZAYNf4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YmQxMGYxYjE0YmJiMjc2N2ZmZGNhZWM0YjQxNzI4ODBi
YTQ2MWEwHhcNMjQwMTAxMTIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGRhM2VhYzZhN2M2MzVlNjJkZDM1ZTQxMjU1MjllMjMzMjAzMDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZ6Wr5rfuEOw0SMdZDRx0MiCwFGk
r7qZEMV2u61z5S3V+sYbxUFV6ICS8FvSxzMJKY5X4B0RNEnWBA6IpVYOY6D0uSAT
XnSPr1Cmk9VAASb7Z4v+DhPpoIi9xZ1J3ekan/n4JwDZwgBT4OUYZeeh5uX8qaAZ
yNA0cxwCrHRZXv/6rHTrOMegKgQPdx8TxyXWJEf30QHxEdW5YpLLIaSbw7HVmSY8
oR8LiBSurLyHmAUwfzGXBYIaxVoTmVj6V9irNqxxGXoxP4T+sAcOokfpcdpOwNLQ
FNMriqWxfAuKp8HsHklvhqVueZromsET9qAsJAoZZLrQaHA+0yiV+U7/OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3aPqxqfGNeYt015BJVKeIzIDAVMB8GA1UdIwQY
MBaAFGi9EPGxS7snZ//crsS0FyiAukYaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUwwUThiRkx1eWRuXzl5dXhMUVhLSUM2UmhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hZGU4NTYtODk2MC00YTI5LTg5NTYt
OWZlN2Q5MjhkOWJlLzEvRGRvLXJHcDhZMTVpM1RYa0VsVXA0ak1nTUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hZGU4NTYtODk2MC00YTI5LTg5NTYtOWZlN2Q5MjhkOWJl
LzEvYUwwUThiRkx1eWRuXzl5dXhMUVhLSUM2UmhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWsoMA0G
CSqGSIb3DQEBCwUAA4IBAQAfVvAcmfPd9jLutJBBcecWm3q+XzlvN0mw5pdDNaVN
E+UehvXf24QULo0n4F+P2vWEVwMeakOcGvsKNezYJkIZyLPrFgDLWhL0ITlHjq/T
MImnkzkXHCX+EsfTovtrBAFgqTidYskWYl9sP0e2LsCOPflKJ+9jRe9uO+wRM051
ibpg2FcbVbFHkJYr7RSg/kJkCkxmAACmdgE1w+Ilu4xxq0C0RdQ4+40j/gfL8jPZ
MyEqYHrKqw3bVOnSafGZgswXcoxfykPb+y9yNr2p0tBRNitycyB80ARngjC+4i3G
pha6SytiF0X+hBnOf8VJrjj88FJxOhMMEFiyUbXmmQB6
-----END CERTIFICATE-----