Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/56433a-0a70-4eae-9f9d-8cfbdb799284/1/DcLiQElXlJqhxZAEMXJfSMfCTsg.roa
File:                     DcLiQElXlJqhxZAEMXJfSMfCTsg.roa (raw, json)
Hash identifier:          78jukWR7MK8upxPaiCwbAXJxNBwlQ+kyDLW7+MRxaD8=
Subject key identifier:   0D:C2:E2:40:49:57:94:9A:A1:C5:90:04:31:72:5F:48:C7:C2:4E:C8
Certificate issuer:       /CN=d21a5940722b207b29d95a6c81be0d2bf4d410cc
Certificate serial:       018DF1BD6BC8762D92A2E7E7CA685DF59977
Authority key identifier: D2:1A:59:40:72:2B:20:7B:29:D9:5A:6C:81:BE:0D:2B:F4:D4:10:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0hpZQHIrIHsp2Vpsgb4NK_TUEMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/56433a-0a70-4eae-9f9d-8cfbdb799284/1/DcLiQElXlJqhxZAEMXJfSMfCTsg.roa
Signing time:             Wed 28 Feb 2024 22:02:19 +0000
ROA not before:           Wed 28 Feb 2024 22:02:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215867
IP address blocks:        195.211.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/56433a-0a70-4eae-9f9d-8cfbdb799284/1/0hpZQHIrIHsp2Vpsgb4NK_TUEMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/56433a-0a70-4eae-9f9d-8cfbdb799284/1/0hpZQHIrIHsp2Vpsgb4NK_TUEMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0hpZQHIrIHsp2Vpsgb4NK_TUEMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f1:bd:6b:c8:76:2d:92:a2:e7:e7:ca:68:5d:f5:99:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d21a5940722b207b29d95a6c81be0d2bf4d410cc
        Validity
            Not Before: Feb 28 22:02:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dc2e2404957949aa1c5900431725f48c7c24ec8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:05:80:af:76:a8:54:d8:4a:f4:38:3f:20:2d:
                    01:6d:76:7c:87:90:a9:de:09:a5:01:ca:c6:94:73:
                    d9:8b:c1:b3:6f:43:66:b7:6d:ef:f9:dd:c5:38:10:
                    23:9e:0a:40:7e:60:3e:22:c6:fa:13:12:80:e0:26:
                    4e:cc:35:6c:53:15:c6:38:d9:ba:a3:05:89:04:1a:
                    89:20:31:a4:8d:d1:49:de:56:f2:2d:fb:4d:d8:b1:
                    80:69:74:2e:01:09:10:df:29:fb:b4:98:9a:e0:38:
                    18:22:fa:7d:de:ac:de:b9:9b:93:b0:5e:a7:ad:1f:
                    59:bc:13:93:82:ee:28:6d:c5:3b:38:1d:6c:a2:ad:
                    a6:6c:74:7a:21:c3:4a:e7:62:fc:45:f2:db:a9:d2:
                    dc:c6:69:e3:b6:5a:6c:3a:c9:3f:ec:b1:20:ee:33:
                    9b:8a:38:35:1d:09:2e:09:75:6d:8d:67:6d:df:89:
                    30:bf:a9:2c:7c:56:d4:92:c2:70:fc:59:23:0d:66:
                    20:0c:b6:e0:b7:21:a5:52:18:6c:53:4a:6c:7f:ea:
                    d2:68:6f:3b:74:17:37:b2:4f:a8:95:d4:96:ab:89:
                    04:d8:3e:b0:d8:6b:ca:1d:77:2f:b1:3a:3c:dd:fd:
                    0b:4b:42:fc:c2:03:a9:88:ee:21:c9:77:2d:0d:5e:
                    ea:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:C2:E2:40:49:57:94:9A:A1:C5:90:04:31:72:5F:48:C7:C2:4E:C8
            X509v3 Authority Key Identifier:
                keyid:D2:1A:59:40:72:2B:20:7B:29:D9:5A:6C:81:BE:0D:2B:F4:D4:10:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0hpZQHIrIHsp2Vpsgb4NK_TUEMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/56433a-0a70-4eae-9f9d-8cfbdb799284/1/DcLiQElXlJqhxZAEMXJfSMfCTsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/56433a-0a70-4eae-9f9d-8cfbdb799284/1/0hpZQHIrIHsp2Vpsgb4NK_TUEMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:7e:72:a2:d0:5b:38:61:0b:fa:e0:99:93:25:94:56:2d:79:
         b4:5c:32:95:20:a9:4b:52:ab:5c:35:f5:cf:0d:92:ee:97:86:
         13:eb:94:c0:3a:6b:81:50:ab:0d:b7:65:d6:0f:0e:f8:ab:e1:
         fb:87:d2:89:5e:b0:6f:bb:a3:66:19:fa:ff:7a:43:05:9f:7a:
         39:fe:fd:b2:3e:0f:cf:be:5b:07:ce:92:16:14:60:29:e6:51:
         28:27:97:36:05:89:9a:9f:63:ae:cc:7e:6e:a4:0f:33:d0:60:
         9d:96:d9:24:eb:5b:fb:17:0b:fe:cc:69:af:a0:55:89:30:44:
         77:d1:30:aa:5b:a7:03:53:d3:93:26:93:e2:8c:98:44:de:27:
         1c:29:f2:c5:3f:7f:7a:c1:e4:f1:3e:90:5b:82:fd:ba:ec:69:
         bb:37:71:6c:90:1e:ef:0b:20:c2:d9:ac:96:6e:42:b4:f2:8f:
         4e:cb:47:65:f8:f5:d3:d1:ae:29:b9:a2:3c:69:53:6c:78:f6:
         8a:dc:ed:7a:e9:a6:3a:fd:3b:e6:fc:37:b7:4d:0c:6c:35:68:
         7b:aa:1b:9c:cc:7c:c8:86:d9:79:87:5d:07:74:5b:ba:a6:2f:
         d7:f2:23:43:d1:a6:b3:cd:df:ad:ec:64:8f:b8:2f:a7:bd:6d:
         14:9b:e2:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3xvWvIdi2Soufnymhd9Zl3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMWE1OTQwNzIyYjIwN2IyOWQ5NWE2YzgxYmUwZDJiZjRk
NDEwY2MwHhcNMjQwMjI4MjIwMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGMyZTI0MDQ5NTc5NDlhYTFjNTkwMDQzMTcyNWY0OGM3YzI0ZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQWAr3aoVNhK9Dg/IC0BbXZ8h5Cp
3gmlAcrGlHPZi8Gzb0Nmt23v+d3FOBAjngpAfmA+Isb6ExKA4CZOzDVsUxXGONm6
owWJBBqJIDGkjdFJ3lbyLftN2LGAaXQuAQkQ3yn7tJia4DgYIvp93qzeuZuTsF6n
rR9ZvBOTgu4obcU7OB1soq2mbHR6IcNK52L8RfLbqdLcxmnjtlpsOsk/7LEg7jOb
ijg1HQkuCXVtjWdt34kwv6ksfFbUksJw/FkjDWYgDLbgtyGlUhhsU0psf+rSaG87
dBc3sk+oldSWq4kE2D6w2GvKHXcvsTo83f0LS0L8wgOpiO4hyXctDV7qAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3C4kBJV5SaocWQBDFyX0jHwk7IMB8GA1UdIwQY
MBaAFNIaWUByKyB7KdlabIG+DSv01BDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhwWlFISXJJSHNwMlZwc2diNE5LX1RVRU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC81NjQzM2EtMGE3MC00ZWFlLTlmOWQt
OGNmYmRiNzk5Mjg0LzEvRGNMaVFFbFhsSnFoeFpBRU1YSmZTTWZDVHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC81NjQzM2EtMGE3MC00ZWFlLTlmOWQtOGNmYmRiNzk5Mjg0
LzEvMGhwWlFISXJJSHNwMlZwc2diNE5LX1RVRU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9N9MA0G
CSqGSIb3DQEBCwUAA4IBAQAefnKi0Fs4YQv64JmTJZRWLXm0XDKVIKlLUqtcNfXP
DZLul4YT65TAOmuBUKsNt2XWDw74q+H7h9KJXrBvu6NmGfr/ekMFn3o5/v2yPg/P
vlsHzpIWFGAp5lEoJ5c2BYman2OuzH5upA8z0GCdltkk61v7Fwv+zGmvoFWJMER3
0TCqW6cDU9OTJpPijJhE3iccKfLFP396weTxPpBbgv267Gm7N3FskB7vCyDC2ayW
bkK08o9Oy0dl+PXT0a4puaI8aVNsePaK3O166aY6/Tvm/De3TQxsNWh7qhuczHzI
htl5h10HdFu6pi/X8iND0aazzd+t7GSPuC+nvW0Um+LM
-----END CERTIFICATE-----