Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DURMlBRZg_8YzUnOsdZlqX_MPj8.roa
File:                     DURMlBRZg_8YzUnOsdZlqX_MPj8.roa (raw, json)
Hash identifier:          OyD4JLlTi972DmOPyuKIxzWIr02juXvysXHpwzArH7k=
Subject key identifier:   0D:44:4C:94:14:59:83:FF:18:CD:49:CE:B1:D6:65:A9:7F:CC:3E:3F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0195D6EED21E9C19B8762C987CC5289F149E
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DURMlBRZg_8YzUnOsdZlqX_MPj8.roa
Signing time:             Thu 27 Mar 2025 09:28:50 +0000
ROA not before:           Thu 27 Mar 2025 09:28:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        194.76.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d6:ee:d2:1e:9c:19:b8:76:2c:98:7c:c5:28:9f:14:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 27 09:28:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d444c94145983ff18cd49ceb1d665a97fcc3e3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:20:a7:17:96:5c:ba:8f:e9:1c:54:d9:c5:b3:
                    68:5e:72:62:6b:fc:a6:46:3e:e1:0e:3a:0e:18:23:
                    f9:e1:a3:47:64:ef:93:df:80:e8:bd:5e:d7:de:a2:
                    74:6f:39:9f:65:d1:f5:9a:18:a9:0b:fd:b2:c5:64:
                    cb:08:7b:4c:61:9e:79:6b:fc:c7:e8:0d:4d:ff:01:
                    87:27:cd:dd:2c:44:12:3a:82:d9:0d:0b:2d:c6:ae:
                    1c:99:16:d1:3c:69:35:a2:aa:b4:13:69:33:f4:30:
                    0e:7f:23:f7:cf:38:29:b5:0f:bd:1f:50:ea:6c:8f:
                    64:56:e5:df:89:75:30:be:ad:67:0b:0f:2d:7b:62:
                    a8:c9:40:1d:8f:d6:24:1e:d2:7d:de:6f:7e:1e:ea:
                    75:7f:bf:a9:a2:29:03:dc:c3:f5:b2:c9:66:6f:d1:
                    15:88:b0:62:3c:6a:80:ff:00:80:5f:a4:cd:d3:07:
                    6b:3e:c6:75:c6:3e:ed:8d:f1:8c:41:96:dc:5c:b8:
                    41:bf:2d:55:7a:43:46:88:5b:1b:73:49:fa:5e:0e:
                    b6:4f:d0:9a:62:b8:95:b7:fa:86:b9:16:52:ad:1b:
                    5f:20:8e:15:9c:87:f8:98:b2:b6:48:71:02:6f:d8:
                    90:7a:93:55:b7:3b:ee:9e:fc:76:cf:d8:c3:85:5e:
                    45:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:44:4C:94:14:59:83:FF:18:CD:49:CE:B1:D6:65:A9:7F:CC:3E:3F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DURMlBRZg_8YzUnOsdZlqX_MPj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:38:f2:07:e6:1c:11:33:18:ff:39:f8:b4:49:cd:ac:1e:df:
         03:29:9b:87:9e:40:43:84:2a:d9:0c:3e:33:5f:e2:71:10:60:
         a9:c3:2f:f3:6d:1a:cd:0a:38:0e:5d:3a:4d:5a:dd:72:3b:62:
         f4:c2:85:69:ad:5d:b1:24:c7:b7:d0:55:f3:ac:f6:a9:f9:9d:
         f4:e3:d8:64:fb:d5:c1:b0:41:8a:79:a3:90:ea:78:87:11:c8:
         5a:16:20:10:97:e4:d9:11:fc:76:ae:4c:ab:58:0e:0d:b2:a0:
         94:84:33:d5:84:e3:3a:c6:d1:e3:9f:d0:3d:0d:90:22:dc:fa:
         12:ec:d0:91:c2:23:cf:16:64:20:74:42:d7:25:ce:71:08:62:
         56:13:4b:ac:76:fe:a4:39:8b:2a:24:b0:46:72:95:aa:e8:3b:
         29:55:0f:32:0c:45:17:d4:de:eb:9f:9e:58:e1:d5:90:5b:5e:
         53:58:93:ae:08:f2:96:63:d6:fe:c3:69:7c:73:93:2b:fc:7b:
         83:d3:a8:17:db:2c:0c:e4:14:8c:26:d8:11:ea:1f:d8:fa:fd:
         95:89:07:2a:16:9b:77:e3:13:60:cd:39:4c:23:bb:c6:7e:7f:
         48:5f:a7:b7:60:97:f0:ea:cf:8b:83:a6:3b:63:9a:a3:d1:44:
         a9:9b:75:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXW7tIenBm4diyYfMUonxSeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMzI3MDkyODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQ0NGM5NDE0NTk4M2ZmMThjZDQ5Y2ViMWQ2NjVhOTdmY2MzZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyCnF5Zcuo/pHFTZxbNoXnJia/ym
Rj7hDjoOGCP54aNHZO+T34DovV7X3qJ0bzmfZdH1mhipC/2yxWTLCHtMYZ55a/zH
6A1N/wGHJ83dLEQSOoLZDQstxq4cmRbRPGk1oqq0E2kz9DAOfyP3zzgptQ+9H1Dq
bI9kVuXfiXUwvq1nCw8te2KoyUAdj9YkHtJ93m9+Hup1f7+poikD3MP1sslmb9EV
iLBiPGqA/wCAX6TN0wdrPsZ1xj7tjfGMQZbcXLhBvy1VekNGiFsbc0n6Xg62T9Ca
YriVt/qGuRZSrRtfII4VnIf4mLK2SHECb9iQepNVtzvunvx2z9jDhV5FRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1ETJQUWYP/GM1JzrHWZal/zD4/MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRFVSTWxCUlpnXzhZelVuT3NkWmxxWF9NUGo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkytMA0G
CSqGSIb3DQEBCwUAA4IBAQCgOPIH5hwRMxj/Ofi0Sc2sHt8DKZuHnkBDhCrZDD4z
X+JxEGCpwy/zbRrNCjgOXTpNWt1yO2L0woVprV2xJMe30FXzrPap+Z3049hk+9XB
sEGKeaOQ6niHEchaFiAQl+TZEfx2rkyrWA4NsqCUhDPVhOM6xtHjn9A9DZAi3PoS
7NCRwiPPFmQgdELXJc5xCGJWE0usdv6kOYsqJLBGcpWq6DspVQ8yDEUX1N7rn55Y
4dWQW15TWJOuCPKWY9b+w2l8c5Mr/HuD06gX2ywM5BSMJtgR6h/Y+v2ViQcqFpt3
4xNgzTlMI7vGfn9IX6e3YJfw6s+Lg6Y7Y5qj0USpm3XE
-----END CERTIFICATE-----