Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/DRGQu6VcNUxgbC-i_8UH42qgDUM.roa
File:                     DRGQu6VcNUxgbC-i_8UH42qgDUM.roa (raw, json)
Hash identifier:          Tkt8CjSKbVkubPBErWJwsPegnkm3xx4+YfHW6WMiPHA=
Subject key identifier:   0D:11:90:BB:A5:5C:35:4C:60:6C:2F:A2:FF:C5:07:E3:6A:A0:0D:43
Certificate issuer:       /CN=4317dd15b62bdd7112599b81423360eee7a01296
Certificate serial:       0194266BC476084A64C368BD9914A7329042
Authority key identifier: 43:17:DD:15:B6:2B:DD:71:12:59:9B:81:42:33:60:EE:E7:A0:12:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QxfdFbYr3XESWZuBQjNg7uegEpY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/DRGQu6VcNUxgbC-i_8UH42qgDUM.roa
Signing time:             Thu 02 Jan 2025 09:49:44 +0000
ROA not before:           Thu 02 Jan 2025 09:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208697
IP address blocks:        194.29.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/QxfdFbYr3XESWZuBQjNg7uegEpY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/QxfdFbYr3XESWZuBQjNg7uegEpY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QxfdFbYr3XESWZuBQjNg7uegEpY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c4:76:08:4a:64:c3:68:bd:99:14:a7:32:90:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4317dd15b62bdd7112599b81423360eee7a01296
        Validity
            Not Before: Jan  2 09:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d1190bba55c354c606c2fa2ffc507e36aa00d43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7d:54:a6:94:0a:c0:37:34:86:f2:11:07:2a:
                    52:62:b3:57:6b:2f:b7:25:eb:a4:5e:51:4d:3b:a0:
                    d5:ca:e6:d7:31:64:ef:96:ea:c4:ef:7e:dc:1f:36:
                    63:4a:94:69:84:c0:f3:12:60:0a:91:d8:c3:4b:d2:
                    7c:bb:ee:67:92:74:8d:59:0f:89:3d:cc:80:41:e5:
                    23:5a:6a:59:55:71:8a:72:2d:19:00:c6:e4:d6:6f:
                    2c:c4:a9:49:74:5d:f0:a9:0e:51:22:55:22:94:e3:
                    cb:91:13:42:9b:c9:75:38:f5:67:c1:ab:ad:be:06:
                    24:78:06:38:17:6c:4b:a7:14:27:f3:4c:6a:ac:ef:
                    de:e7:4c:db:25:c4:3a:ef:e7:ef:af:84:b1:48:5b:
                    9a:4c:c2:56:cb:94:0a:6c:56:01:a9:23:0e:ad:a3:
                    2c:3a:10:45:99:54:24:7b:fd:ac:be:07:31:d5:c4:
                    80:22:09:da:c3:f5:34:3e:35:24:9f:25:72:d2:37:
                    1e:b6:98:92:98:b2:5f:ad:bc:89:1e:21:22:61:b3:
                    91:4c:03:41:60:6a:5d:65:ae:91:82:f6:13:ef:7b:
                    4d:d1:08:7b:9b:1c:c8:11:1a:4f:88:b1:84:c5:ec:
                    48:45:71:6c:c4:21:d6:b0:44:2d:3f:c6:5a:3c:47:
                    f4:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:11:90:BB:A5:5C:35:4C:60:6C:2F:A2:FF:C5:07:E3:6A:A0:0D:43
            X509v3 Authority Key Identifier:
                keyid:43:17:DD:15:B6:2B:DD:71:12:59:9B:81:42:33:60:EE:E7:A0:12:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QxfdFbYr3XESWZuBQjNg7uegEpY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/DRGQu6VcNUxgbC-i_8UH42qgDUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/654b89-37c1-4061-90b3-6b95500da23b/1/QxfdFbYr3XESWZuBQjNg7uegEpY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.29.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:de:f1:77:9e:40:1e:5f:5d:a4:ce:60:66:c8:52:37:92:9f:
         7e:fc:0b:33:0c:d6:60:5c:12:0a:b5:f3:df:ef:3e:2e:5d:03:
         87:a7:d8:01:c9:54:1c:81:4e:09:5d:17:d6:39:6d:3a:3b:4a:
         b3:be:c4:67:93:f9:99:6c:37:95:28:15:76:53:ea:a4:2a:74:
         16:07:68:67:dd:32:e1:ee:4e:d9:d6:b7:04:e4:8c:a1:e1:66:
         0d:a2:6a:5b:92:5b:8b:5a:5b:12:52:e6:18:de:9c:c7:8b:1f:
         0b:c6:f5:8f:65:86:32:9d:47:8d:16:0a:51:e2:3d:a2:48:a7:
         6b:6d:3b:6b:02:ee:78:c7:93:26:4b:66:a1:87:85:25:8f:32:
         b2:14:46:23:4b:61:5d:2f:2f:96:36:aa:dd:10:ca:e9:32:03:
         4f:bf:a9:22:2b:da:76:06:c5:dd:58:e2:ab:8c:2c:42:de:07:
         37:d5:2a:4b:2c:5f:6a:b2:fe:1c:c8:3d:b7:2f:d7:58:41:d5:
         19:77:ab:0c:fd:2c:58:a2:97:11:53:c7:8f:ce:11:c9:c2:fc:
         98:b9:0f:06:0e:00:7c:3c:e6:55:9f:1e:f7:eb:89:43:68:ee:
         44:25:bb:5b:9b:bf:1a:3c:14:46:00:13:6b:65:71:65:45:48:
         42:97:67:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8R2CEpkw2i9mRSnMpBCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMTdkZDE1YjYyYmRkNzExMjU5OWI4MTQyMzM2MGVlZTdh
MDEyOTYwHhcNMjUwMTAyMDk0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDExOTBiYmE1NWMzNTRjNjA2YzJmYTJmZmM1MDdlMzZhYTAwZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy31UppQKwDc0hvIRBypSYrNXay+3
JeukXlFNO6DVyubXMWTvlurE737cHzZjSpRphMDzEmAKkdjDS9J8u+5nknSNWQ+J
PcyAQeUjWmpZVXGKci0ZAMbk1m8sxKlJdF3wqQ5RIlUilOPLkRNCm8l1OPVnwaut
vgYkeAY4F2xLpxQn80xqrO/e50zbJcQ67+fvr4SxSFuaTMJWy5QKbFYBqSMOraMs
OhBFmVQke/2svgcx1cSAIgnaw/U0PjUknyVy0jcetpiSmLJfrbyJHiEiYbORTANB
YGpdZa6RgvYT73tN0Qh7mxzIERpPiLGExexIRXFsxCHWsEQtP8ZaPEf0RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0RkLulXDVMYGwvov/FB+NqoA1DMB8GA1UdIwQY
MBaAFEMX3RW2K91xElmbgUIzYO7noBKWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXhmZEZiWXIzWEVTV1p1QlFqTmc3dWVnRXBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi82NTRiODktMzdjMS00MDYxLTkwYjMt
NmI5NTUwMGRhMjNiLzEvRFJHUXU2VmNOVXhnYkMtaV84VUg0MnFnRFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi82NTRiODktMzdjMS00MDYxLTkwYjMtNmI5NTUwMGRhMjNi
LzEvUXhmZEZiWXIzWEVTV1p1QlFqTmc3dWVnRXBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh1HMA0G
CSqGSIb3DQEBCwUAA4IBAQCu3vF3nkAeX12kzmBmyFI3kp9+/AszDNZgXBIKtfPf
7z4uXQOHp9gByVQcgU4JXRfWOW06O0qzvsRnk/mZbDeVKBV2U+qkKnQWB2hn3TLh
7k7Z1rcE5Iyh4WYNompbkluLWlsSUuYY3pzHix8LxvWPZYYynUeNFgpR4j2iSKdr
bTtrAu54x5MmS2ahh4UljzKyFEYjS2FdLy+WNqrdEMrpMgNPv6kiK9p2BsXdWOKr
jCxC3gc31SpLLF9qsv4cyD23L9dYQdUZd6sM/SxYopcRU8ePzhHJwvyYuQ8GDgB8
POZVnx7364lDaO5EJbtbm78aPBRGABNrZXFlRUhCl2fJ
-----END CERTIFICATE-----