Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/DtWqKYrRCyGx6dsd9f2L7CKfIRc.roa
File:                     DtWqKYrRCyGx6dsd9f2L7CKfIRc.roa (raw, json)
Hash identifier:          O7NemdIlDZpd4quz6YecLMnjW1CyD/u06cKhcBOTRro=
Subject key identifier:   0E:D5:AA:29:8A:D1:0B:21:B1:E9:DB:1D:F5:FD:8B:EC:22:9F:21:17
Certificate issuer:       /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial:       019505705491F6DBA45A1F4E579B0C08AE1F
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/DtWqKYrRCyGx6dsd9f2L7CKfIRc.roa
Signing time:             Fri 14 Feb 2025 17:10:02 +0000
ROA not before:           Fri 14 Feb 2025 17:10:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214794
IP address blocks:        193.26.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 20:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:05:70:54:91:f6:db:a4:5a:1f:4e:57:9b:0c:08:ae:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
        Validity
            Not Before: Feb 14 17:10:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ed5aa298ad10b21b1e9db1df5fd8bec229f2117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:78:aa:b8:71:0b:f9:2a:95:93:2e:cf:a9:a0:
                    3a:3f:e1:a3:79:d7:19:c7:04:e8:f3:bd:b1:5d:76:
                    05:d2:d9:06:4e:12:56:12:8d:66:b1:03:5d:96:8f:
                    18:0a:8f:e3:84:7f:60:1d:fa:ed:53:f4:95:39:9f:
                    e2:31:f2:71:c1:d6:1c:15:fd:20:99:ff:d5:e4:0a:
                    33:e4:ab:10:83:8a:84:ae:77:5f:25:a4:7b:cc:43:
                    2b:48:23:eb:07:44:2b:d3:cd:e7:20:cc:2e:86:a1:
                    92:e7:d7:b0:70:3b:d7:e1:d0:ee:ca:8c:4f:f0:f8:
                    33:fe:80:78:67:95:b3:16:3d:7d:a3:d3:d4:c7:15:
                    a0:91:58:b9:f5:6d:06:3b:de:34:00:76:9f:50:e7:
                    0a:2c:27:30:ae:e7:21:61:f9:c5:d6:c9:c7:12:dc:
                    84:cb:37:8a:83:92:c4:87:8e:6a:07:04:59:22:3c:
                    5f:dd:0c:ea:6f:dd:ec:13:19:6c:fe:76:f3:46:08:
                    ee:f1:df:da:b1:b7:15:eb:cd:17:95:70:7a:91:09:
                    1e:e1:8a:bb:79:a2:44:2d:b0:21:4a:47:27:91:f7:
                    93:c1:69:3d:8d:a0:0b:9e:27:c7:08:b7:7c:3e:32:
                    c4:18:52:09:93:39:22:2e:71:79:41:c5:2a:bf:00:
                    00:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:D5:AA:29:8A:D1:0B:21:B1:E9:DB:1D:F5:FD:8B:EC:22:9F:21:17
            X509v3 Authority Key Identifier:
                keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/DtWqKYrRCyGx6dsd9f2L7CKfIRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:6c:20:c4:45:1d:53:65:1c:72:68:6c:2a:19:f5:34:73:da:
         3c:0a:e5:6b:8f:d9:6f:53:65:65:39:93:be:3b:bb:32:52:38:
         b8:bd:91:c9:f1:65:c9:f9:0b:b8:2a:7f:80:37:32:f9:52:50:
         e3:d4:75:da:07:9b:50:2c:ed:74:6e:15:77:b1:2a:0c:ed:ae:
         04:e8:e6:d9:59:44:1e:f4:16:15:e8:89:f9:8f:25:37:6f:fb:
         58:b5:38:92:a9:51:61:d0:98:a1:75:f9:23:5a:69:9c:74:d2:
         07:1e:81:95:3e:3f:ed:dd:cc:c1:ff:80:1e:66:2b:2d:6d:10:
         a2:d7:5e:e3:4c:27:ae:7a:4f:ff:1a:42:4c:30:68:e3:fe:8a:
         58:f3:80:5d:79:83:a4:28:7e:52:f3:73:1d:31:b5:e7:21:2e:
         7c:d7:e8:2c:cd:d4:72:55:cd:ec:e7:a8:04:a1:de:97:df:fd:
         6f:9a:2d:f8:58:13:50:43:1a:ec:d5:0a:44:e3:d5:72:e9:92:
         56:a0:d8:38:a9:3b:75:d8:44:bf:af:03:48:47:ad:d2:89:83:
         55:d7:60:46:2d:a9:5a:8b:76:7b:b8:09:bf:84:f2:50:e9:fd:
         5d:de:e2:9e:0d:07:38:0e:1b:79:e1:88:b1:76:a1:f7:1c:79:
         9e:08:b3:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUFcFSR9tukWh9OV5sMCK4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjUwMjE0MTcxMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWQ1YWEyOThhZDEwYjIxYjFlOWRiMWRmNWZkOGJlYzIyOWYyMTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkniquHEL+SqVky7PqaA6P+GjedcZ
xwTo872xXXYF0tkGThJWEo1msQNdlo8YCo/jhH9gHfrtU/SVOZ/iMfJxwdYcFf0g
mf/V5Aoz5KsQg4qErndfJaR7zEMrSCPrB0Qr083nIMwuhqGS59ewcDvX4dDuyoxP
8Pgz/oB4Z5WzFj19o9PUxxWgkVi59W0GO940AHafUOcKLCcwruchYfnF1snHEtyE
yzeKg5LEh45qBwRZIjxf3Qzqb93sExls/nbzRgju8d/asbcV680XlXB6kQke4Yq7
eaJELbAhSkcnkfeTwWk9jaALnifHCLd8PjLEGFIJkzkiLnF5QcUqvwAASQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7VqimK0QshsenbHfX9i+winyEXMB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvRHRXcUtZclJDeUd4NmRzZDlmMkw3Q0tmSVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRp/MA0G
CSqGSIb3DQEBCwUAA4IBAQAubCDERR1TZRxyaGwqGfU0c9o8CuVrj9lvU2VlOZO+
O7syUji4vZHJ8WXJ+Qu4Kn+ANzL5UlDj1HXaB5tQLO10bhV3sSoM7a4E6ObZWUQe
9BYV6In5jyU3b/tYtTiSqVFh0JihdfkjWmmcdNIHHoGVPj/t3czB/4AeZistbRCi
117jTCeuek//GkJMMGjj/opY84BdeYOkKH5S83MdMbXnIS581+gszdRyVc3s56gE
od6X3/1vmi34WBNQQxrs1QpE49Vy6ZJWoNg4qTt12ES/rwNIR63SiYNV12BGLala
i3Z7uAm/hPJQ6f1d3uKeDQc4Dht54YixdqH3HHmeCLOc
-----END CERTIFICATE-----