Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rrDJXH30hwm0wp8ez3xZK3KYf3Y.roa
File:                     rrDJXH30hwm0wp8ez3xZK3KYf3Y.roa (raw, json)
Hash identifier:          GvOhxnkuPmzELuRoIyUMequPfJJWdNEbG39WODcXAu8=
Subject key identifier:   AE:B0:C9:5C:7D:F4:87:09:B4:C2:9F:1E:CF:7C:59:2B:72:98:7F:76
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018E3243C3ED117EC4FCA6EDA28E88F7BA3B
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rrDJXH30hwm0wp8ez3xZK3KYf3Y.roa
Signing time:             Tue 12 Mar 2024 10:44:45 +0000
ROA not before:           Tue 12 Mar 2024 10:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204957
IP address blocks:        194.32.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:43:c3:ed:11:7e:c4:fc:a6:ed:a2:8e:88:f7:ba:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Mar 12 10:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aeb0c95c7df48709b4c29f1ecf7c592b72987f76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:1f:0d:00:40:cd:78:37:db:93:e2:2a:01:fd:
                    09:9b:8b:9a:55:c6:90:07:cf:ff:75:90:3a:fc:af:
                    b8:a5:10:d3:37:53:8c:74:d7:13:4a:33:d8:97:4a:
                    a0:9c:ae:dd:83:60:e4:32:0b:ec:4f:2e:63:bb:b2:
                    7e:ec:80:65:a0:bc:0d:b4:2e:ff:2d:71:88:56:c6:
                    c8:bb:b8:41:23:6b:a3:66:99:24:16:8d:0e:33:05:
                    7d:61:ea:b8:61:2a:cc:66:3c:41:0b:31:2f:87:e3:
                    66:39:73:e1:53:d9:d7:1c:f6:8f:0d:e5:a7:12:90:
                    08:7f:7d:bc:c6:47:e9:c1:ad:00:8a:78:4d:e7:ae:
                    12:ac:24:61:ef:4a:1f:64:bd:bf:b8:33:8e:e6:17:
                    aa:cb:4c:31:77:01:87:cb:75:72:b7:69:ee:4b:46:
                    ca:ff:4f:de:ba:85:cb:30:fd:93:bd:b5:4d:1b:0c:
                    dc:c5:ae:5e:b2:97:b8:f6:f6:4a:65:08:fb:f0:1a:
                    50:20:f4:d0:10:ae:b0:c7:72:93:54:e1:07:24:64:
                    c6:c9:ba:2a:04:1b:83:ab:f7:4e:00:c9:5e:68:64:
                    02:22:0f:7c:ae:80:f7:07:06:15:e7:d8:01:c4:1e:
                    c4:f1:dd:47:e1:c9:92:a2:4b:83:36:f6:66:66:98:
                    6e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B0:C9:5C:7D:F4:87:09:B4:C2:9F:1E:CF:7C:59:2B:72:98:7F:76
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/rrDJXH30hwm0wp8ez3xZK3KYf3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:6c:4a:80:a4:0a:79:70:c4:b6:a2:8d:8f:21:06:d9:49:ea:
         ad:95:06:9f:d2:23:2b:42:06:fa:a5:06:83:e6:0e:18:57:da:
         9a:9c:75:23:fd:d7:52:58:5b:92:37:f1:a1:5e:5e:5a:32:42:
         f3:4f:fe:63:e9:27:cb:5d:8e:6b:20:7b:09:17:3b:79:cf:9a:
         94:1e:76:4e:9e:8d:7a:3d:e5:a9:64:66:3a:7a:ec:b9:89:97:
         d6:a8:b6:c3:f9:27:b6:26:cc:ef:3e:d4:d6:cd:bb:3d:b6:c7:
         29:19:ec:c8:93:d8:bc:02:e4:59:2a:32:25:fb:27:c8:86:a9:
         8a:12:4a:fc:26:bd:7f:52:35:b0:f5:c3:78:bb:62:2d:f1:d6:
         74:b3:68:fe:15:37:ef:31:d1:36:91:4a:b7:7a:89:d5:cc:5d:
         fc:fe:2e:35:f3:46:ff:26:ba:b0:1c:d7:89:0d:b8:05:f9:3d:
         ad:b8:b1:8e:d7:fb:b1:71:da:22:62:5e:92:fe:9b:ca:14:3f:
         41:82:4b:db:28:aa:8b:4e:8a:d7:ce:ce:be:37:77:eb:d8:9a:
         69:e0:e0:0f:f5:71:e6:4c:88:3e:32:43:10:21:ff:4c:11:0a:
         02:99:cc:71:15:d7:b8:89:a9:f8:3b:c6:14:f7:7c:d5:59:24:
         83:56:ff:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4yQ8PtEX7E/Kbtoo6I97o7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMzEyMTA0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWIwYzk1YzdkZjQ4NzA5YjRjMjlmMWVjZjdjNTkyYjcyOTg3Zjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApB8NAEDNeDfbk+IqAf0Jm4uaVcaQ
B8//dZA6/K+4pRDTN1OMdNcTSjPYl0qgnK7dg2DkMgvsTy5ju7J+7IBloLwNtC7/
LXGIVsbIu7hBI2ujZpkkFo0OMwV9Yeq4YSrMZjxBCzEvh+NmOXPhU9nXHPaPDeWn
EpAIf328xkfpwa0AinhN564SrCRh70ofZL2/uDOO5heqy0wxdwGHy3Vyt2nuS0bK
/0/euoXLMP2TvbVNGwzcxa5espe49vZKZQj78BpQIPTQEK6wx3KTVOEHJGTGyboq
BBuDq/dOAMleaGQCIg98roD3BwYV59gBxB7E8d1H4cmSokuDNvZmZphurwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6wyVx99IcJtMKfHs98WStymH92MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvcnJESlhIMzBod20wd3A4ZXozeFpLM0tZZjNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiBoMA0G
CSqGSIb3DQEBCwUAA4IBAQBsbEqApAp5cMS2oo2PIQbZSeqtlQaf0iMrQgb6pQaD
5g4YV9qanHUj/ddSWFuSN/GhXl5aMkLzT/5j6SfLXY5rIHsJFzt5z5qUHnZOno16
PeWpZGY6euy5iZfWqLbD+Se2JszvPtTWzbs9tscpGezIk9i8AuRZKjIl+yfIhqmK
Ekr8Jr1/UjWw9cN4u2It8dZ0s2j+FTfvMdE2kUq3eonVzF38/i4180b/JrqwHNeJ
DbgF+T2tuLGO1/uxcdoiYl6S/pvKFD9BgkvbKKqLTorXzs6+N3fr2Jpp4OAP9XHm
TIg+MkMQIf9MEQoCmcxxFde4ian4O8YU93zVWSSDVv/g
-----END CERTIFICATE-----