Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/dee1ee-9384-45ab-a70a-5eae6ed58375/1/OnXC0EMmctW1l-eN0LPWNOjUqPw.roa
File:                     OnXC0EMmctW1l-eN0LPWNOjUqPw.roa (raw, json)
Hash identifier:          k0QnDPc78XQxy2Jh6N0H9Na60K6yINLRvcu8aefMv80=
Subject key identifier:   3A:75:C2:D0:43:26:72:D5:B5:97:E7:8D:D0:B3:D6:34:E8:D4:A8:FC
Certificate issuer:       /CN=0032534e8d560d73553c632bba10344a7c816614
Certificate serial:       019427B5C91E2A6DB74E2B55123B8283485F
Authority key identifier: 00:32:53:4E:8D:56:0D:73:55:3C:63:2B:BA:10:34:4A:7C:81:66:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ADJTTo1WDXNVPGMruhA0SnyBZhQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/dee1ee-9384-45ab-a70a-5eae6ed58375/1/OnXC0EMmctW1l-eN0LPWNOjUqPw.roa
Signing time:             Thu 02 Jan 2025 15:50:12 +0000
ROA not before:           Thu 02 Jan 2025 15:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24685
IP address blocks:        91.202.108.0/24 maxlen: 32
                          194.28.198.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/dee1ee-9384-45ab-a70a-5eae6ed58375/1/ADJTTo1WDXNVPGMruhA0SnyBZhQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/dee1ee-9384-45ab-a70a-5eae6ed58375/1/ADJTTo1WDXNVPGMruhA0SnyBZhQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ADJTTo1WDXNVPGMruhA0SnyBZhQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c9:1e:2a:6d:b7:4e:2b:55:12:3b:82:83:48:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0032534e8d560d73553c632bba10344a7c816614
        Validity
            Not Before: Jan  2 15:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a75c2d0432672d5b597e78dd0b3d634e8d4a8fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d6:42:f6:02:e2:c4:1d:6b:71:6e:8b:70:57:
                    34:00:ac:54:d2:e7:6f:d9:1c:6a:1d:b6:5c:74:32:
                    96:e6:4a:be:a6:c9:6d:a1:66:56:76:75:8e:17:87:
                    4c:14:4a:78:b7:2e:5b:7a:c9:e9:9d:ee:49:b7:8c:
                    4d:42:f1:df:e6:4a:f3:70:1c:59:31:c2:9a:08:40:
                    14:39:69:86:a9:d2:9f:0f:3f:f6:73:94:03:ed:33:
                    13:c3:a7:9b:cd:f8:b4:de:40:2f:00:3f:c3:45:8d:
                    0f:e1:95:f3:5e:da:82:9b:f7:03:71:e3:8a:51:1e:
                    4e:a9:41:e6:ff:7d:4f:16:fe:4d:68:f4:77:be:1e:
                    b4:9d:5c:18:f1:fd:b1:b9:3c:b1:9b:a8:02:2d:f2:
                    4e:55:8f:7c:0d:f8:03:dc:14:9a:13:9b:39:6a:92:
                    e8:cf:a8:60:d5:2a:c3:57:c8:12:d2:2f:4e:47:7d:
                    17:1c:fe:0f:1a:db:cb:a4:26:6d:7a:45:86:5b:b2:
                    2b:2b:54:af:e6:46:03:ee:ce:da:23:21:1b:f5:74:
                    54:f4:37:05:c7:8c:9b:04:55:6f:58:e9:6a:b3:87:
                    3f:56:bf:5b:4e:71:90:4f:8c:c0:1c:5a:b2:25:16:
                    a7:20:f1:d6:7e:bf:7f:eb:82:d8:3d:8a:94:75:73:
                    fc:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:75:C2:D0:43:26:72:D5:B5:97:E7:8D:D0:B3:D6:34:E8:D4:A8:FC
            X509v3 Authority Key Identifier:
                keyid:00:32:53:4E:8D:56:0D:73:55:3C:63:2B:BA:10:34:4A:7C:81:66:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ADJTTo1WDXNVPGMruhA0SnyBZhQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/dee1ee-9384-45ab-a70a-5eae6ed58375/1/OnXC0EMmctW1l-eN0LPWNOjUqPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/dee1ee-9384-45ab-a70a-5eae6ed58375/1/ADJTTo1WDXNVPGMruhA0SnyBZhQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.108.0/24
                  194.28.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:0a:bb:4a:11:68:f9:2a:45:5b:7c:65:96:63:8f:5e:9a:b0:
         99:df:e1:32:cc:ec:90:4b:4e:0b:19:cb:8d:46:42:b3:55:dd:
         52:15:01:05:e4:14:40:35:b6:33:91:f4:19:b7:e0:28:e5:e3:
         cf:12:4f:35:59:17:ee:c3:ed:32:27:24:78:97:d9:e8:c1:81:
         13:25:8a:13:07:76:45:67:7b:d9:cd:b3:69:5b:ad:33:c1:6f:
         ff:25:2b:07:15:4a:ed:c9:77:f6:3d:aa:d3:f8:cd:e7:ff:b6:
         24:59:db:f0:41:5e:dd:31:1a:12:16:fe:ec:a5:69:bd:5b:fb:
         cb:fb:62:88:72:1b:4b:5b:1d:7d:c4:b0:30:05:03:9d:d5:2b:
         20:74:6c:0a:c7:06:d4:de:ae:5e:d1:38:ae:ea:b7:07:c4:0d:
         fa:df:b1:14:be:16:68:7f:5e:df:cb:38:40:f3:50:4c:ce:e0:
         e0:db:1b:95:dd:31:58:79:e9:cb:8a:a5:fa:04:c8:91:45:05:
         9e:26:bd:4f:02:b8:9b:3e:70:23:ee:a7:b9:63:00:ed:a9:90:
         34:14:a5:d9:42:84:e1:5c:94:59:3f:7f:e9:b9:d3:8d:81:19:
         f2:f9:12:6f:07:f3:2e:62:e5:d3:fa:c5:90:49:b8:2b:9f:42:
         ae:a1:ef:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntckeKm23TitVEjuCg0hfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMzI1MzRlOGQ1NjBkNzM1NTNjNjMyYmJhMTAzNDRhN2M4
MTY2MTQwHhcNMjUwMTAyMTU1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTc1YzJkMDQzMjY3MmQ1YjU5N2U3OGRkMGIzZDYzNGU4ZDRhOGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNZC9gLixB1rcW6LcFc0AKxU0udv
2RxqHbZcdDKW5kq+psltoWZWdnWOF4dMFEp4ty5besnpne5Jt4xNQvHf5krzcBxZ
McKaCEAUOWmGqdKfDz/2c5QD7TMTw6ebzfi03kAvAD/DRY0P4ZXzXtqCm/cDceOK
UR5OqUHm/31PFv5NaPR3vh60nVwY8f2xuTyxm6gCLfJOVY98DfgD3BSaE5s5apLo
z6hg1SrDV8gS0i9OR30XHP4PGtvLpCZtekWGW7IrK1Sv5kYD7s7aIyEb9XRU9DcF
x4ybBFVvWOlqs4c/Vr9bTnGQT4zAHFqyJRanIPHWfr9/64LYPYqUdXP8RwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDp1wtBDJnLVtZfnjdCz1jTo1Kj8MB8GA1UdIwQY
MBaAFAAyU06NVg1zVTxjK7oQNEp8gWYUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQURKVFRvMVdEWE5WUEdNcnVoQTBTbnlCWmhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9kZWUxZWUtOTM4NC00NWFiLWE3MGEt
NWVhZTZlZDU4Mzc1LzEvT25YQzBFTW1jdFcxbC1lTjBMUFdOT2pVcVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9kZWUxZWUtOTM4NC00NWFiLWE3MGEtNWVhZTZlZDU4Mzc1
LzEvQURKVFRvMVdEWE5WUEdNcnVoQTBTbnlCWmhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8psAwQA
whzGMA0GCSqGSIb3DQEBCwUAA4IBAQB+CrtKEWj5KkVbfGWWY49emrCZ3+EyzOyQ
S04LGcuNRkKzVd1SFQEF5BRANbYzkfQZt+Ao5ePPEk81WRfuw+0yJyR4l9nowYET
JYoTB3ZFZ3vZzbNpW60zwW//JSsHFUrtyXf2ParT+M3n/7YkWdvwQV7dMRoSFv7s
pWm9W/vL+2KIchtLWx19xLAwBQOd1SsgdGwKxwbU3q5e0Tiu6rcHxA3637EUvhZo
f17fyzhA81BMzuDg2xuV3TFYeenLiqX6BMiRRQWeJr1PAribPnAj7qe5YwDtqZA0
FKXZQoThXJRZP3/pudONgRny+RJvB/MuYuXT+sWQSbgrn0Kuoe8e
-----END CERTIFICATE-----