Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/DMMt9bTSJ2mOIYB587U5hasVoq4.roa
File:                     DMMt9bTSJ2mOIYB587U5hasVoq4.roa (raw, json)
Hash identifier:          FWxd0w0QHEP1eG/z7ZHR9+bGCsxqtLzDZ3AdySVTjhY=
Subject key identifier:   0C:C3:2D:F5:B4:D2:27:69:8E:21:80:79:F3:B5:39:85:AB:15:A2:AE
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067DCFFF01C629761FF34A283AD821A
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/DMMt9bTSJ2mOIYB587U5hasVoq4.roa
Signing time:             Wed 01 Jan 2025 05:47:45 +0000
ROA not before:           Wed 01 Jan 2025 05:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209494
IP address blocks:        195.65.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:dc:ff:f0:1c:62:97:61:ff:34:a2:83:ad:82:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cc32df5b4d227698e218079f3b53985ab15a2ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8a:d7:49:7b:68:16:b2:25:e5:0a:fa:51:de:
                    7a:8a:27:34:0d:42:f7:4a:ca:b0:6b:07:16:52:ee:
                    fd:33:1e:a4:49:cb:27:6a:27:a1:35:13:5d:7d:5b:
                    72:da:5d:ec:c9:e2:e3:5c:ab:c0:f2:54:b5:0f:ea:
                    a9:c5:d7:07:34:37:92:9c:97:20:9f:6d:74:23:f9:
                    5c:14:a3:91:f0:ee:3e:86:43:33:94:45:1f:8d:f8:
                    21:b9:2d:b9:24:6b:ab:e5:28:ee:3b:44:0d:ab:d6:
                    ac:bf:d8:44:c6:16:6d:6d:46:9e:f4:35:ea:ee:f9:
                    84:be:90:c3:c0:b9:86:22:33:4b:8d:f2:6f:c8:87:
                    39:cb:64:20:f0:58:67:50:51:95:41:5a:d4:68:cf:
                    7a:9f:65:4d:4e:8c:d2:02:55:9a:fa:60:89:c5:54:
                    cc:b4:29:f0:b2:d4:47:ce:bf:07:fa:f3:68:3f:d3:
                    ae:de:6b:1f:6f:6e:5e:fc:af:64:96:6b:90:9b:03:
                    be:98:39:8a:91:68:9c:42:2a:b1:9a:ae:d4:b1:eb:
                    76:29:0a:55:2c:50:8b:3d:b7:4f:eb:10:6e:34:2e:
                    38:86:19:43:22:46:cf:3c:16:06:7a:c0:f7:d6:b1:
                    6b:ca:ae:df:e7:af:6d:8b:b5:3e:aa:95:b5:37:8d:
                    cf:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:C3:2D:F5:B4:D2:27:69:8E:21:80:79:F3:B5:39:85:AB:15:A2:AE
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/DMMt9bTSJ2mOIYB587U5hasVoq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.65.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:84:80:00:79:78:25:4f:0b:56:4c:90:74:19:df:36:c0:2b:
         af:42:ec:d4:ff:ca:eb:e6:16:d0:c7:70:b6:ef:8b:02:3a:fe:
         6b:cf:d1:a9:40:ef:51:95:16:16:50:63:5e:8e:2f:26:66:e4:
         f3:1b:e3:16:94:f8:6a:2b:fe:2a:b3:7e:8c:72:55:4c:20:d5:
         56:8e:80:d1:0f:ce:d7:ca:d9:c9:66:54:5b:72:c1:c6:0a:2f:
         fa:49:ee:55:f8:e4:13:f3:b2:ca:f9:08:f4:9d:92:84:30:e0:
         3f:2c:9d:b0:96:c3:5f:09:9e:4a:58:7b:26:40:dc:b6:34:1d:
         da:81:e9:9f:d2:8e:12:24:ab:cf:ef:5a:19:e6:d8:a9:c3:6e:
         12:0c:97:07:78:c6:0a:d0:c8:96:b7:35:7e:98:f2:fb:80:80:
         96:e5:f8:0b:6e:42:7b:6f:21:b5:0d:57:3d:f4:7d:5f:cf:12:
         36:5f:aa:05:13:0d:43:ce:f3:ff:06:33:f8:34:bd:b0:08:bf:
         0b:62:8c:ec:32:0d:79:fc:67:17:a8:36:72:f1:1c:10:c8:5c:
         b1:3b:37:5f:e2:08:86:95:ce:34:eb:73:10:55:af:c1:82:c0:
         48:58:58:c8:78:79:54:f8:f2:2e:44:a4:19:0d:33:ca:ee:cc:
         89:88:92:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ9z/8Bxil2H/NKKDrYIaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2MzMmRmNWI0ZDIyNzY5OGUyMTgwNzlmM2I1Mzk4NWFiMTVhMmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIrXSXtoFrIl5Qr6Ud56iic0DUL3
SsqwawcWUu79Mx6kScsnaiehNRNdfVty2l3syeLjXKvA8lS1D+qpxdcHNDeSnJcg
n210I/lcFKOR8O4+hkMzlEUfjfghuS25JGur5SjuO0QNq9asv9hExhZtbUae9DXq
7vmEvpDDwLmGIjNLjfJvyIc5y2Qg8FhnUFGVQVrUaM96n2VNTozSAlWa+mCJxVTM
tCnwstRHzr8H+vNoP9Ou3msfb25e/K9klmuQmwO+mDmKkWicQiqxmq7Uset2KQpV
LFCLPbdP6xBuNC44hhlDIkbPPBYGesD31rFryq7f569ti7U+qpW1N43PUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzDLfW00idpjiGAefO1OYWrFaKuMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvRE1NdDliVFNKMm1PSVlCNTg3VTVoYXNWb3E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0ErMA0G
CSqGSIb3DQEBCwUAA4IBAQBVhIAAeXglTwtWTJB0Gd82wCuvQuzU/8rr5hbQx3C2
74sCOv5rz9GpQO9RlRYWUGNeji8mZuTzG+MWlPhqK/4qs36MclVMINVWjoDRD87X
ytnJZlRbcsHGCi/6Se5V+OQT87LK+Qj0nZKEMOA/LJ2wlsNfCZ5KWHsmQNy2NB3a
gemf0o4SJKvP71oZ5tipw24SDJcHeMYK0MiWtzV+mPL7gICW5fgLbkJ7byG1DVc9
9H1fzxI2X6oFEw1DzvP/BjP4NL2wCL8LYozsMg15/GcXqDZy8RwQyFyxOzdf4giG
lc4063MQVa/BgsBIWFjIeHlU+PIuRKQZDTPK7syJiJJ3
-----END CERTIFICATE-----