Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/DoACWELv4MFBa6rvnPAqne7rx-s.roa
File:                     DoACWELv4MFBa6rvnPAqne7rx-s.roa (raw, json)
Hash identifier:          lxlzes7CbVevZLmhi43EgcsaG0439YhI/daaSNlg+Vw=
Subject key identifier:   0E:80:02:58:42:EF:E0:C1:41:6B:AA:EF:9C:F0:2A:9D:EE:EB:C7:EB
Certificate issuer:       /CN=1027a8a61299b80a3e71d1a981427ec00b849d17
Certificate serial:       01958167848D98319AB5E911CC646E2192BF
Authority key identifier: 10:27:A8:A6:12:99:B8:0A:3E:71:D1:A9:81:42:7E:C0:0B:84:9D:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ECeophKZuAo-cdGpgUJ-wAuEnRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/DoACWELv4MFBa6rvnPAqne7rx-s.roa
Signing time:             Mon 10 Mar 2025 18:53:19 +0000
ROA not before:           Mon 10 Mar 2025 18:53:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34766
IP address blocks:        193.202.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/ECeophKZuAo-cdGpgUJ-wAuEnRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/ECeophKZuAo-cdGpgUJ-wAuEnRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ECeophKZuAo-cdGpgUJ-wAuEnRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:81:67:84:8d:98:31:9a:b5:e9:11:cc:64:6e:21:92:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1027a8a61299b80a3e71d1a981427ec00b849d17
        Validity
            Not Before: Mar 10 18:53:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e80025842efe0c1416baaef9cf02a9deeebc7eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d5:ff:e1:7d:0d:b2:8d:1f:f7:26:ff:11:f7:
                    b3:b6:0c:97:f7:f5:01:4f:39:6d:c3:3d:3f:08:41:
                    65:df:ef:5a:3a:a1:58:c1:01:71:66:aa:4b:eb:23:
                    e5:40:6a:ed:2a:de:c4:2e:97:07:19:25:6b:b0:e8:
                    a9:8a:56:1a:bc:1a:2e:88:50:ce:3d:f0:41:c7:02:
                    64:89:89:73:89:ec:cd:14:1f:f6:79:e9:3d:49:d6:
                    9b:31:e1:75:61:36:93:30:10:26:24:3a:68:b7:fc:
                    86:43:45:b5:81:a4:c5:ff:aa:85:9e:78:23:c0:c2:
                    d0:88:30:e7:6a:62:9b:71:73:9a:be:ed:07:d8:94:
                    97:6f:be:a3:57:13:d6:1d:d2:79:0e:63:81:e6:11:
                    36:eb:47:81:be:94:58:e4:50:67:07:3a:e4:a4:b2:
                    20:f6:6a:b8:6e:17:53:05:65:02:55:57:95:4f:38:
                    ce:72:9c:35:1c:ea:17:b4:a0:4e:d0:22:00:06:3c:
                    2d:d7:ad:6f:ae:11:b0:7d:f5:6d:55:e6:96:5e:38:
                    bb:79:5d:e8:be:a0:fb:d0:95:9c:a0:0f:f6:07:2c:
                    08:82:bd:ea:75:3c:5f:67:57:b1:1f:18:09:bb:6e:
                    4d:21:75:41:eb:4b:a1:23:20:30:30:53:fb:c1:a0:
                    a6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:80:02:58:42:EF:E0:C1:41:6B:AA:EF:9C:F0:2A:9D:EE:EB:C7:EB
            X509v3 Authority Key Identifier:
                keyid:10:27:A8:A6:12:99:B8:0A:3E:71:D1:A9:81:42:7E:C0:0B:84:9D:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ECeophKZuAo-cdGpgUJ-wAuEnRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/DoACWELv4MFBa6rvnPAqne7rx-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/ECeophKZuAo-cdGpgUJ-wAuEnRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:67:41:e2:60:ce:55:71:b5:3c:c9:85:bb:af:20:3b:4c:75:
         1a:b1:a5:c7:d2:06:e2:50:0f:64:a8:9f:fd:15:e1:57:62:0f:
         89:f4:d3:ff:99:2d:22:ae:4c:a4:2d:d4:ce:35:ac:3e:9a:aa:
         8f:d1:85:d6:1e:b1:b3:5e:6f:a6:f6:1f:12:5a:36:17:c9:d4:
         9e:b2:23:c3:84:97:17:b6:ce:12:94:ae:89:4b:75:aa:cc:6a:
         f9:30:e3:c3:7b:0a:d4:2f:b1:19:65:01:ec:06:1c:e3:51:63:
         ae:17:c5:c9:2a:f4:46:14:ff:49:d1:18:3c:3e:2c:8b:17:84:
         14:88:e5:b2:37:54:dd:21:e5:f1:3e:de:e5:90:a8:18:27:27:
         01:f7:a3:38:92:89:0e:d8:07:f8:0b:f1:37:34:1c:9c:aa:d7:
         fe:61:0a:f7:ff:97:4c:0f:75:fd:3d:2f:d8:ca:83:9d:d9:f7:
         1e:71:ca:55:a4:c9:a1:80:fc:ef:13:5c:00:2d:1c:bf:ed:6d:
         99:cc:64:4c:61:07:19:a5:dc:cf:56:0e:36:24:1f:50:25:ec:
         8b:4a:23:af:75:b5:90:d5:f9:7b:92:ad:e3:a5:03:2d:02:b2:
         9e:d8:a2:55:c5:07:55:cc:c7:4b:06:8c:68:50:bd:ee:2d:d3:
         30:3a:38:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWBZ4SNmDGatekRzGRuIZK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMjdhOGE2MTI5OWI4MGEzZTcxZDFhOTgxNDI3ZWMwMGI4
NDlkMTcwHhcNMjUwMzEwMTg1MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTgwMDI1ODQyZWZlMGMxNDE2YmFhZWY5Y2YwMmE5ZGVlZWJjN2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtX/4X0Nso0f9yb/EfeztgyX9/UB
Tzltwz0/CEFl3+9aOqFYwQFxZqpL6yPlQGrtKt7ELpcHGSVrsOipilYavBouiFDO
PfBBxwJkiYlziezNFB/2eek9SdabMeF1YTaTMBAmJDpot/yGQ0W1gaTF/6qFnngj
wMLQiDDnamKbcXOavu0H2JSXb76jVxPWHdJ5DmOB5hE260eBvpRY5FBnBzrkpLIg
9mq4bhdTBWUCVVeVTzjOcpw1HOoXtKBO0CIABjwt161vrhGwffVtVeaWXji7eV3o
vqD70JWcoA/2BywIgr3qdTxfZ1exHxgJu25NIXVB60uhIyAwMFP7waCm0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6AAlhC7+DBQWuq75zwKp3u68frMB8GA1UdIwQY
MBaAFBAnqKYSmbgKPnHRqYFCfsALhJ0XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUNlb3BoS1p1QW8tY2RHcGdVSi13QXVFblJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9iYTlkMTMtOGNhNi00NTc3LWE1OWMt
OWRkOTk3ZWVmNGVmLzEvRG9BQ1dFTHY0TUZCYTZydm5QQXFuZTdyeC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9iYTlkMTMtOGNhNi00NTc3LWE1OWMtOWRkOTk3ZWVmNGVm
LzEvRUNlb3BoS1p1QW8tY2RHcGdVSi13QXVFblJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcpYMA0G
CSqGSIb3DQEBCwUAA4IBAQCnZ0HiYM5VcbU8yYW7ryA7THUasaXH0gbiUA9kqJ/9
FeFXYg+J9NP/mS0irkykLdTONaw+mqqP0YXWHrGzXm+m9h8SWjYXydSesiPDhJcX
ts4SlK6JS3WqzGr5MOPDewrUL7EZZQHsBhzjUWOuF8XJKvRGFP9J0Rg8PiyLF4QU
iOWyN1TdIeXxPt7lkKgYJycB96M4kokO2Af4C/E3NBycqtf+YQr3/5dMD3X9PS/Y
yoOd2fceccpVpMmhgPzvE1wALRy/7W2ZzGRMYQcZpdzPVg42JB9QJeyLSiOvdbWQ
1fl7kq3jpQMtArKe2KJVxQdVzMdLBoxoUL3uLdMwOjjy
-----END CERTIFICATE-----