Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/Dej3rpN5o4fJCx8gNyjHlFtwC8A.roa
File:                     Dej3rpN5o4fJCx8gNyjHlFtwC8A.roa (raw, json)
Hash identifier:          l6+wtWbeAdLo9rQRBz0cuQMfo+AoLGZP/XIMdTDMP0U=
Subject key identifier:   0D:E8:F7:AE:93:79:A3:87:C9:0B:1F:20:37:28:C7:94:5B:70:0B:C0
Certificate issuer:       /CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
Certificate serial:       018CC424AC35BB0D7868FD5744842B9509A8
Authority key identifier: 90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/Dej3rpN5o4fJCx8gNyjHlFtwC8A.roa
Signing time:             Mon 01 Jan 2024 08:29:46 +0000
ROA not before:           Mon 01 Jan 2024 08:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49558
IP address blocks:        195.178.16.0/24 maxlen: 24
                          194.242.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ac:35:bb:0d:78:68:fd:57:44:84:2b:95:09:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
        Validity
            Not Before: Jan  1 08:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0de8f7ae9379a387c90b1f203728c7945b700bc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ef:f1:18:07:af:a9:6d:65:9b:06:ad:c1:f8:
                    33:b3:90:6c:33:bd:07:ea:aa:1d:b7:db:d6:c6:32:
                    69:69:5f:75:51:96:dc:8d:f2:04:dd:61:bc:b2:e1:
                    d5:64:81:5c:37:24:6c:1f:8a:2f:86:c8:e6:72:1b:
                    e9:9f:bd:34:42:af:39:a6:61:02:3a:c9:cb:bc:07:
                    86:74:69:ef:83:7f:ce:4a:55:15:81:fd:0b:71:36:
                    77:1b:15:90:a1:f5:11:87:39:9e:b1:51:87:87:35:
                    e7:df:af:d0:e5:75:45:fe:64:65:85:eb:c2:70:17:
                    d2:e0:b9:b5:bf:9e:db:a3:6a:b0:b4:4f:a7:ee:f4:
                    c0:b9:02:a5:f0:c2:8d:2d:1f:55:85:1e:61:27:35:
                    3b:67:d2:a5:99:ed:a1:45:03:6c:41:c3:fe:88:b1:
                    2b:e4:07:1e:b2:02:9b:19:56:6b:f9:fb:bc:18:a9:
                    02:0d:2f:2e:92:7a:21:b9:84:cb:29:0a:d1:78:00:
                    97:b0:0d:16:6e:92:54:09:23:95:94:ce:57:69:c3:
                    3c:08:63:fc:22:d8:4f:a9:bd:14:23:00:8d:85:c3:
                    e3:d2:11:bd:22:ef:ab:24:91:08:11:e1:5a:8d:8a:
                    7b:3c:48:11:bf:e8:fb:3a:6d:dd:a9:11:bb:16:2c:
                    0a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:E8:F7:AE:93:79:A3:87:C9:0B:1F:20:37:28:C7:94:5B:70:0B:C0
            X509v3 Authority Key Identifier:
                keyid:90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/Dej3rpN5o4fJCx8gNyjHlFtwC8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.127.0/24
                  195.178.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:fd:2e:7d:2e:79:33:45:97:7f:5c:28:89:c0:06:42:1e:d3:
         bf:45:d1:f2:a0:03:34:79:5d:f6:37:90:1f:13:9a:13:7b:2c:
         81:88:e3:63:8b:a2:cb:7e:db:6c:87:ef:10:b2:68:4a:58:5e:
         3d:79:4c:a2:d9:a1:b5:7c:00:28:a6:19:b4:9e:68:25:e3:cc:
         b1:53:db:1b:10:a2:42:6b:84:ba:21:29:63:bc:a6:9c:ba:a4:
         af:5f:0c:f3:29:68:6b:cc:c2:b5:34:26:d2:10:ea:ac:e5:a4:
         a5:b0:f1:6a:28:65:b7:37:f0:ba:74:f5:da:a6:03:01:61:e3:
         ee:c4:0b:cb:0e:68:5c:d5:2c:3f:29:82:0d:2f:1b:dd:b6:3f:
         c9:f6:4c:6a:1d:68:0a:40:52:9a:53:fc:53:ac:8d:e8:6c:0d:
         c8:28:44:30:62:a1:02:5a:ba:c0:9c:b7:87:a8:66:14:ad:b9:
         0f:6c:d7:0a:35:c3:42:d9:ff:e4:53:d3:da:e4:57:74:c9:8e:
         95:65:0c:b2:32:02:c3:f1:4a:2a:f0:51:ed:c0:da:89:05:f3:
         6c:72:4e:d2:0e:03:88:22:5d:e3:c2:04:7e:c2:28:c9:b5:4e:
         81:94:42:86:24:4a:d9:b1:e0:74:fa:18:48:85:91:39:41:41:
         a8:90:2c:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJKw1uw14aP1XRIQrlQmoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwODE0ZGQzOWRkMzkyNWNmZjg4YmYzNGQ0MzA3ZmQ2YzYy
MTY1ZWIwHhcNMjQwMTAxMDgyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGU4ZjdhZTkzNzlhMzg3YzkwYjFmMjAzNzI4Yzc5NDViNzAwYmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAye/xGAevqW1lmwatwfgzs5BsM70H
6qodt9vWxjJpaV91UZbcjfIE3WG8suHVZIFcNyRsH4ovhsjmchvpn700Qq85pmEC
OsnLvAeGdGnvg3/OSlUVgf0LcTZ3GxWQofURhzmesVGHhzXn36/Q5XVF/mRlhevC
cBfS4Lm1v57bo2qwtE+n7vTAuQKl8MKNLR9VhR5hJzU7Z9Klme2hRQNsQcP+iLEr
5AcesgKbGVZr+fu8GKkCDS8uknohuYTLKQrReACXsA0WbpJUCSOVlM5XacM8CGP8
IthPqb0UIwCNhcPj0hG9Iu+rJJEIEeFajYp7PEgRv+j7Om3dqRG7FiwKKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA3o966TeaOHyQsfIDcox5RbcAvAMB8GA1UdIwQY
MBaAFJCBTdOd05Jc/4i/NNQwf9bGIWXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjkt
OTQwYWU0NTRjYjg1LzEvRGVqM3JwTjVvNGZKQ3g4Z055akhsRnR3QzhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjktOTQwYWU0NTRjYjg1
LzEva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwvJ/AwQA
w7IQMA0GCSqGSIb3DQEBCwUAA4IBAQCn/S59LnkzRZd/XCiJwAZCHtO/RdHyoAM0
eV32N5AfE5oTeyyBiONji6LLfttsh+8QsmhKWF49eUyi2aG1fAAophm0nmgl48yx
U9sbEKJCa4S6ISljvKacuqSvXwzzKWhrzMK1NCbSEOqs5aSlsPFqKGW3N/C6dPXa
pgMBYePuxAvLDmhc1Sw/KYINLxvdtj/J9kxqHWgKQFKaU/xTrI3obA3IKEQwYqEC
WrrAnLeHqGYUrbkPbNcKNcNC2f/kU9Pa5Fd0yY6VZQyyMgLD8Uoq8FHtwNqJBfNs
ck7SDgOIIl3jwgR+wijJtU6BlEKGJErZseB0+hhIhZE5QUGokCy0
-----END CERTIFICATE-----