Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/AN-DGU807Zi1GLozE0Ye6tyK7Ic.roa
File:                     AN-DGU807Zi1GLozE0Ye6tyK7Ic.roa (raw, json)
Hash identifier:          +/Pg+LZh0oTnlaPXWDZsXPiFa0OXAsSR/g5vgnMvqME=
Subject key identifier:   00:DF:83:19:4F:34:ED:98:B5:18:BA:33:13:46:1E:EA:DC:8A:EC:87
Certificate issuer:       /CN=4384f6fa6decced5578a85a51e0bd65701ea34ec
Certificate serial:       01944522D7F3A09C44F26301BD7F299F2CDC
Authority key identifier: 43:84:F6:FA:6D:EC:CE:D5:57:8A:85:A5:1E:0B:D6:57:01:EA:34:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/AN-DGU807Zi1GLozE0Ye6tyK7Ic.roa
Signing time:             Wed 08 Jan 2025 08:58:18 +0000
ROA not before:           Wed 08 Jan 2025 08:58:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41327
IP address blocks:        5.183.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:45:22:d7:f3:a0:9c:44:f2:63:01:bd:7f:29:9f:2c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4384f6fa6decced5578a85a51e0bd65701ea34ec
        Validity
            Not Before: Jan  8 08:58:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00df83194f34ed98b518ba3313461eeadc8aec87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:22:99:87:29:cc:b7:1c:98:e2:37:35:e7:93:
                    09:cc:e5:a3:0d:59:be:70:0a:14:34:9f:9e:d5:34:
                    d2:73:2c:70:8b:fa:dc:bd:64:88:86:8a:d0:f0:bc:
                    47:18:59:e1:ec:0f:24:81:62:4e:b6:c5:a5:6f:5b:
                    61:4b:25:b5:c6:8c:d6:29:4c:b3:9e:9f:b0:6c:0f:
                    ea:df:76:95:74:6c:ed:74:7c:b2:8f:f7:6f:f1:80:
                    60:02:38:fb:25:96:69:77:d7:20:ed:2f:17:1c:88:
                    f2:b3:66:dd:19:b4:92:02:33:ee:b5:7f:f7:aa:fa:
                    94:52:f7:22:4d:9b:b8:be:61:0d:95:a2:f7:71:f8:
                    b1:41:7e:cf:9e:9c:21:3c:9f:5d:9f:a9:ff:10:16:
                    13:e6:cd:47:69:2a:8e:7a:93:b7:5c:a1:d4:26:1c:
                    9e:e7:27:af:30:78:81:60:27:9c:a9:22:1f:59:ba:
                    c3:49:39:b8:33:68:ce:05:c2:da:c2:b0:28:fe:73:
                    7f:df:ec:68:a5:8d:40:ee:fe:62:9c:71:9d:c2:8a:
                    90:89:55:9f:89:22:7a:4e:86:8e:d4:95:e2:d0:c0:
                    61:fa:1c:32:0d:83:a4:a2:64:e8:17:b4:85:b3:6d:
                    54:b0:55:0f:7a:7d:02:d0:2b:05:42:b3:95:62:41:
                    56:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:DF:83:19:4F:34:ED:98:B5:18:BA:33:13:46:1E:EA:DC:8A:EC:87
            X509v3 Authority Key Identifier:
                keyid:43:84:F6:FA:6D:EC:CE:D5:57:8A:85:A5:1E:0B:D6:57:01:EA:34:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q4T2-m3sztVXioWlHgvWVwHqNOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/AN-DGU807Zi1GLozE0Ye6tyK7Ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b698bd-8dd2-40be-82a3-1b13bd4566a5/1/Q4T2-m3sztVXioWlHgvWVwHqNOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:0c:70:e1:54:53:e7:a0:c3:17:b5:f2:ac:4a:d6:03:0e:fa:
         cf:37:9c:c1:89:95:d9:d2:b5:33:39:17:34:d8:b7:bf:3f:81:
         45:02:c5:e8:f4:48:a1:89:26:04:1c:54:61:ad:da:94:ef:f4:
         c5:fa:28:bd:35:64:9a:a6:ff:32:a5:62:0a:ad:0c:0b:27:f2:
         5f:3d:e0:0b:c7:08:43:7d:55:39:7b:f2:da:aa:12:43:fd:63:
         e6:dd:4c:41:34:55:dd:01:6e:b6:e5:68:24:ce:72:1f:2f:11:
         3e:d0:ca:54:75:2c:9e:26:f2:0d:06:d3:12:45:95:6b:97:f2:
         a5:0c:9c:6d:7e:0b:1c:d6:be:4e:74:5e:54:55:d7:a3:c5:a3:
         6b:ec:07:b2:99:90:71:bb:a6:da:6f:f5:e6:7c:ad:6a:ba:2b:
         90:5d:9b:78:59:1f:f8:d9:22:4e:0b:c1:79:75:01:5f:36:d2:
         c1:85:49:37:6e:98:c5:f0:11:34:0b:ab:54:70:83:00:d0:75:
         23:27:fc:c1:f7:bb:a2:7e:c5:f0:01:81:8b:8e:7f:91:c8:c5:
         1a:aa:3a:96:b6:28:4b:a9:65:3e:92:cd:01:61:db:55:0b:d9:
         69:fb:7a:8b:12:72:0c:9c:ac:84:8b:92:6e:ca:29:2d:d6:ed:
         30:50:94:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRFItfzoJxE8mMBvX8pnyzcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzODRmNmZhNmRlY2NlZDU1NzhhODVhNTFlMGJkNjU3MDFl
YTM0ZWMwHhcNMjUwMTA4MDg1ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGRmODMxOTRmMzRlZDk4YjUxOGJhMzMxMzQ2MWVlYWRjOGFlYzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCKZhynMtxyY4jc155MJzOWjDVm+
cAoUNJ+e1TTScyxwi/rcvWSIhorQ8LxHGFnh7A8kgWJOtsWlb1thSyW1xozWKUyz
np+wbA/q33aVdGztdHyyj/dv8YBgAjj7JZZpd9cg7S8XHIjys2bdGbSSAjPutX/3
qvqUUvciTZu4vmENlaL3cfixQX7PnpwhPJ9dn6n/EBYT5s1HaSqOepO3XKHUJhye
5yevMHiBYCecqSIfWbrDSTm4M2jOBcLawrAo/nN/3+xopY1A7v5inHGdwoqQiVWf
iSJ6ToaO1JXi0MBh+hwyDYOkomToF7SFs21UsFUPen0C0CsFQrOVYkFWpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADfgxlPNO2YtRi6MxNGHurciuyHMB8GA1UdIwQY
MBaAFEOE9vpt7M7VV4qFpR4L1lcB6jTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTRUMi1tM3N6dFZYaW9XbEhndldWd0hxTk93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9iNjk4YmQtOGRkMi00MGJlLTgyYTMt
MWIxM2JkNDU2NmE1LzEvQU4tREdVODA3WmkxR0xvekUwWWU2dHlLN0ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9iNjk4YmQtOGRkMi00MGJlLTgyYTMtMWIxM2JkNDU2NmE1
LzEvUTRUMi1tM3N6dFZYaW9XbEhndldWd0hxTk93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbduMA0G
CSqGSIb3DQEBCwUAA4IBAQAWDHDhVFPnoMMXtfKsStYDDvrPN5zBiZXZ0rUzORc0
2Le/P4FFAsXo9EihiSYEHFRhrdqU7/TF+ii9NWSapv8ypWIKrQwLJ/JfPeALxwhD
fVU5e/LaqhJD/WPm3UxBNFXdAW625WgkznIfLxE+0MpUdSyeJvINBtMSRZVrl/Kl
DJxtfgsc1r5OdF5UVdejxaNr7AeymZBxu6bab/XmfK1quiuQXZt4WR/42SJOC8F5
dQFfNtLBhUk3bpjF8BE0C6tUcIMA0HUjJ/zB97uifsXwAYGLjn+RyMUaqjqWtihL
qWU+ks0BYdtVC9lp+3qLEnIMnKyEi5Juyikt1u0wUJQU
-----END CERTIFICATE-----