Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/DVwka8-W9iIkHGs-FLjZdPnV5L8.roa
File:                     DVwka8-W9iIkHGs-FLjZdPnV5L8.roa (raw, json)
Hash identifier:          U0DQgzTg/LHPM0HSWqIaOWSnOUJ4NFsb/D16sUWnhjA=
Subject key identifier:   0D:5C:24:6B:CF:96:F6:22:24:1C:6B:3E:14:B8:D9:74:F9:D5:E4:BF
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019423D6BABCA684F3A114865F896F783A8B
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/DVwka8-W9iIkHGs-FLjZdPnV5L8.roa
Signing time:             Wed 01 Jan 2025 21:47:42 +0000
ROA not before:           Wed 01 Jan 2025 21:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30890
IP address blocks:        195.28.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:ba:bc:a6:84:f3:a1:14:86:5f:89:6f:78:3a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 21:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d5c246bcf96f622241c6b3e14b8d974f9d5e4bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ad:35:76:e3:88:2a:42:b3:2a:82:19:36:9a:
                    1f:49:43:1e:8d:24:43:65:63:5c:fd:fe:69:72:f1:
                    db:34:27:e7:a3:5e:c5:31:0a:51:b0:d7:7b:be:83:
                    6d:4e:ef:ba:66:33:aa:9e:f7:e2:be:7f:f9:61:dc:
                    2b:1c:66:4a:4c:c8:15:b4:ec:a1:97:49:98:db:69:
                    cb:18:5f:7c:8e:cd:f3:68:99:56:c5:d4:92:4b:e5:
                    42:f5:f0:b0:fd:57:c6:6c:31:68:1a:64:b4:4a:cf:
                    4a:4b:51:ed:9f:26:97:c1:bf:6d:79:86:b3:29:21:
                    30:04:7d:9a:8a:9f:16:dc:a4:ac:18:09:18:78:de:
                    74:fc:b2:52:d7:b3:30:6d:73:6d:49:74:54:e0:81:
                    87:4a:cc:d5:f7:c7:04:3d:ca:87:5c:b4:bb:99:b4:
                    ff:75:af:84:68:bf:c6:1c:78:7c:de:ac:1c:52:42:
                    12:90:26:88:58:3e:2e:1c:32:f3:66:a4:01:73:0a:
                    87:25:26:cf:4f:17:f2:6c:18:af:7d:69:7a:a7:95:
                    0b:52:dc:9e:0e:d8:65:a9:b4:ff:66:0f:5a:f9:53:
                    ad:a2:80:bc:a3:19:30:56:35:a2:ea:aa:f4:d3:b1:
                    cf:4b:ac:d5:88:18:90:50:54:87:18:b6:41:8a:27:
                    0a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:5C:24:6B:CF:96:F6:22:24:1C:6B:3E:14:B8:D9:74:F9:D5:E4:BF
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/DVwka8-W9iIkHGs-FLjZdPnV5L8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.28.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:99:0a:8f:ec:9c:d0:ec:8b:3b:a6:48:12:33:81:25:b7:ff:
         48:de:ec:a4:03:44:36:1c:03:35:25:f7:7d:d5:4f:7f:07:14:
         74:5f:03:2c:59:a5:bc:90:62:6c:04:da:54:ab:23:76:c9:f4:
         0f:a4:f7:2b:4a:4b:ec:bf:3b:bb:ed:54:c9:25:3f:bb:4f:1f:
         aa:fe:2b:5f:e7:b1:98:ea:25:86:72:4c:53:e0:86:4e:c0:7e:
         ed:a3:d9:f6:1d:98:f4:a2:a1:36:73:a9:92:e8:1b:81:ae:16:
         1f:e8:ad:aa:db:a7:13:1e:7c:2a:45:78:26:ca:a4:b3:3b:bb:
         d9:4c:61:d5:26:b4:0e:bf:48:92:25:a3:69:b9:8d:e2:4b:78:
         5b:93:08:3d:f6:7b:25:50:1e:cc:95:2a:75:d2:9c:54:aa:14:
         35:18:6f:64:bb:f7:04:c8:25:0b:2d:b9:14:98:8d:8d:35:e1:
         e0:1f:0d:5e:12:e2:31:dc:be:2d:56:3a:43:d2:6e:83:2c:89:
         54:ad:57:2a:8f:6d:0d:50:2d:25:35:54:7e:7b:09:0a:f8:33:
         2c:5b:6b:6b:a4:f2:e3:0d:c9:83:89:3a:25:7b:0d:21:59:f8:
         1e:2f:47:c0:67:96:94:4b:93:39:97:76:da:ac:40:9d:6d:26:
         49:23:bd:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rq8poTzoRSGX4lveDqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDVjMjQ2YmNmOTZmNjIyMjQxYzZiM2UxNGI4ZDk3NGY5ZDVlNGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6K01duOIKkKzKoIZNpofSUMejSRD
ZWNc/f5pcvHbNCfno17FMQpRsNd7voNtTu+6ZjOqnvfivn/5YdwrHGZKTMgVtOyh
l0mY22nLGF98js3zaJlWxdSSS+VC9fCw/VfGbDFoGmS0Ss9KS1HtnyaXwb9teYaz
KSEwBH2aip8W3KSsGAkYeN50/LJS17MwbXNtSXRU4IGHSszV98cEPcqHXLS7mbT/
da+EaL/GHHh83qwcUkISkCaIWD4uHDLzZqQBcwqHJSbPTxfybBivfWl6p5ULUtye
DthlqbT/Zg9a+VOtooC8oxkwVjWi6qr007HPS6zViBiQUFSHGLZBiicKywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1cJGvPlvYiJBxrPhS42XT51eS/MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvRFZ3a2E4LVc5aUlrSEdzLUZMalpkUG5WNUw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxwCMA0G
CSqGSIb3DQEBCwUAA4IBAQBwmQqP7JzQ7Is7pkgSM4Elt/9I3uykA0Q2HAM1Jfd9
1U9/BxR0XwMsWaW8kGJsBNpUqyN2yfQPpPcrSkvsvzu77VTJJT+7Tx+q/itf57GY
6iWGckxT4IZOwH7to9n2HZj0oqE2c6mS6BuBrhYf6K2q26cTHnwqRXgmyqSzO7vZ
TGHVJrQOv0iSJaNpuY3iS3hbkwg99nslUB7MlSp10pxUqhQ1GG9ku/cEyCULLbkU
mI2NNeHgHw1eEuIx3L4tVjpD0m6DLIlUrVcqj20NUC0lNVR+ewkK+DMsW2trpPLj
DcmDiTolew0hWfgeL0fAZ5aUS5M5l3barECdbSZJI72A
-----END CERTIFICATE-----