Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/dkDLfL12Mvt9oOTN814F8r3xyp4.roa
File:                     dkDLfL12Mvt9oOTN814F8r3xyp4.roa (raw, json)
Hash identifier:          Bf4qm+dtST2tX+x1TcvddLF9nRprjThyue/B71J9XDM=
Subject key identifier:   76:40:CB:7C:BD:76:32:FB:7D:A0:E4:CD:F3:5E:05:F2:BD:F1:CA:9E
Certificate issuer:       /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial:       01941F8C530C572106760546523248D4B575
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/dkDLfL12Mvt9oOTN814F8r3xyp4.roa
Signing time:             Wed 01 Jan 2025 01:47:57 +0000
ROA not before:           Wed 01 Jan 2025 01:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6893
IP address blocks:        185.49.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:53:0c:57:21:06:76:05:46:52:32:48:d4:b5:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
        Validity
            Not Before: Jan  1 01:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7640cb7cbd7632fb7da0e4cdf35e05f2bdf1ca9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6d:21:c2:31:13:ee:ea:41:5c:48:bd:8a:f4:
                    9f:a5:5f:28:16:0c:bd:e4:44:f6:0b:ca:56:41:7a:
                    0f:53:e2:13:83:05:ac:11:18:31:08:15:49:9d:06:
                    e2:42:e7:36:00:f4:89:b8:9a:65:fe:d3:43:1a:6d:
                    85:dd:2a:69:86:3b:50:96:8a:d5:39:5d:bb:80:b1:
                    c3:9c:f8:92:38:50:73:65:2e:25:10:3c:99:ae:4b:
                    57:b8:a1:cf:12:e0:fc:5a:ae:25:88:17:4f:c1:84:
                    31:7d:2b:00:35:e9:de:02:60:e6:a6:2a:6d:83:8c:
                    49:1d:b6:89:12:42:ab:43:cd:a1:a8:bf:a9:b8:00:
                    2f:b9:7e:af:eb:2b:db:52:d4:48:1a:6b:5e:29:54:
                    b9:a6:60:d4:ab:10:85:4f:6e:6a:f1:e6:3c:96:d4:
                    27:94:58:10:ef:7b:45:5c:08:c8:dc:6f:e4:0b:e5:
                    56:96:b9:55:8e:3c:68:c6:4c:28:3c:54:70:05:cf:
                    25:31:23:b1:9a:86:9e:0a:39:b2:13:b8:75:74:cd:
                    28:eb:48:a7:4d:05:c6:31:73:ab:db:32:f1:95:09:
                    6c:87:ab:df:08:c7:3e:89:d8:38:a4:de:e6:0c:de:
                    6d:c1:15:de:d3:ee:dc:4e:af:89:ab:a4:3b:ea:8a:
                    12:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:40:CB:7C:BD:76:32:FB:7D:A0:E4:CD:F3:5E:05:F2:BD:F1:CA:9E
            X509v3 Authority Key Identifier:
                keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/dkDLfL12Mvt9oOTN814F8r3xyp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:d8:ab:ad:75:6c:75:69:67:b4:83:75:09:6f:cd:56:b2:18:
         b6:82:aa:1a:83:4c:73:c0:75:8a:31:29:1c:a7:00:82:71:d5:
         5e:99:85:91:2f:33:48:04:5f:46:6d:d6:94:9d:ff:a5:fc:f7:
         5f:19:cb:9a:83:02:38:22:f6:b8:96:77:6e:c2:21:4a:98:f3:
         25:ec:e7:b3:5d:95:16:21:61:59:67:24:77:9c:6f:80:8d:42:
         54:9f:ab:e3:99:f3:91:7c:2b:4f:ee:6e:be:c8:17:30:5f:c0:
         79:97:cf:d3:31:8c:2a:ad:45:12:76:28:37:29:a8:25:b9:28:
         64:e0:a6:b7:22:f7:79:4f:f9:ea:4f:5a:ad:35:e9:53:66:1e:
         a5:2b:0c:29:5f:f8:00:c4:00:07:d4:45:43:27:66:e1:d8:ac:
         74:ad:8a:b0:10:d2:9e:75:ff:df:f3:b0:6b:ad:15:d9:8a:18:
         66:95:d5:87:13:a6:07:ea:8c:df:9a:71:42:27:38:ca:48:5f:
         ee:40:1a:9d:57:0f:e8:6a:fc:83:91:0d:8c:53:d8:6b:56:85:
         d1:42:60:58:9f:03:f8:5b:3c:99:9b:f6:e5:22:f4:fc:62:40:
         69:52:a8:51:3a:ab:bd:77:ff:49:5b:01:e5:03:35:d3:f0:35:
         29:4f:5d:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjFMMVyEGdgVGUjJI1LV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjUwMTAxMDE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjQwY2I3Y2JkNzYzMmZiN2RhMGU0Y2RmMzVlMDVmMmJkZjFjYTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyW0hwjET7upBXEi9ivSfpV8oFgy9
5ET2C8pWQXoPU+ITgwWsERgxCBVJnQbiQuc2APSJuJpl/tNDGm2F3SpphjtQlorV
OV27gLHDnPiSOFBzZS4lEDyZrktXuKHPEuD8Wq4liBdPwYQxfSsANeneAmDmpipt
g4xJHbaJEkKrQ82hqL+puAAvuX6v6yvbUtRIGmteKVS5pmDUqxCFT25q8eY8ltQn
lFgQ73tFXAjI3G/kC+VWlrlVjjxoxkwoPFRwBc8lMSOxmoaeCjmyE7h1dM0o60in
TQXGMXOr2zLxlQlsh6vfCMc+idg4pN7mDN5twRXe0+7cTq+Jq6Q76ooS4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZAy3y9djL7faDkzfNeBfK98cqeMB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvZGtETGZMMTJNdnQ5b09UTjgxNEY4cjN4eXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTF7MA0G
CSqGSIb3DQEBCwUAA4IBAQA/2KutdWx1aWe0g3UJb81Wshi2gqoag0xzwHWKMSkc
pwCCcdVemYWRLzNIBF9GbdaUnf+l/PdfGcuagwI4Iva4lnduwiFKmPMl7OezXZUW
IWFZZyR3nG+AjUJUn6vjmfORfCtP7m6+yBcwX8B5l8/TMYwqrUUSdig3KagluShk
4Ka3Ivd5T/nqT1qtNelTZh6lKwwpX/gAxAAH1EVDJ2bh2Kx0rYqwENKedf/f87Br
rRXZihhmldWHE6YH6ozfmnFCJzjKSF/uQBqdVw/oavyDkQ2MU9hrVoXRQmBYnwP4
WzyZm/blIvT8YkBpUqhROqu9d/9JWwHlAzXT8DUpT10j
-----END CERTIFICATE-----