Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/5bf948-977b-4b0e-b8e7-0d4318ca8c55/1/Ehw1V2m2Akf2RL0LiN-Xzea8FNk.roa
File:                     Ehw1V2m2Akf2RL0LiN-Xzea8FNk.roa (raw, json)
Hash identifier:          byI+Dh4HHKVDDimoGFliszzn+aQAlsdc8qFFnkgtcN0=
Subject key identifier:   12:1C:35:57:69:B6:02:47:F6:44:BD:0B:88:DF:97:CD:E6:BC:14:D9
Certificate issuer:       /CN=dddc9ad250b85cd39949465b6681b2f1df14d6a3
Certificate serial:       018ED798EC4471BFB64A7EA388CC0532F15A
Authority key identifier: DD:DC:9A:D2:50:B8:5C:D3:99:49:46:5B:66:81:B2:F1:DF:14:D6:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3dya0lC4XNOZSUZbZoGy8d8U1qM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/5bf948-977b-4b0e-b8e7-0d4318ca8c55/1/Ehw1V2m2Akf2RL0LiN-Xzea8FNk.roa
Signing time:             Sat 13 Apr 2024 13:15:06 +0000
ROA not before:           Sat 13 Apr 2024 13:15:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20668
IP address blocks:        195.211.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/5bf948-977b-4b0e-b8e7-0d4318ca8c55/1/3dya0lC4XNOZSUZbZoGy8d8U1qM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/5bf948-977b-4b0e-b8e7-0d4318ca8c55/1/3dya0lC4XNOZSUZbZoGy8d8U1qM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3dya0lC4XNOZSUZbZoGy8d8U1qM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d7:98:ec:44:71:bf:b6:4a:7e:a3:88:cc:05:32:f1:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dddc9ad250b85cd39949465b6681b2f1df14d6a3
        Validity
            Not Before: Apr 13 13:15:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=121c355769b60247f644bd0b88df97cde6bc14d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4b:2f:57:84:b0:2b:81:6f:09:dd:d9:6f:0b:
                    e5:de:4b:aa:35:47:9e:78:91:97:01:0c:ad:90:7c:
                    12:cc:59:fd:da:d1:3c:61:30:3b:00:4d:c2:02:72:
                    0a:c3:de:54:13:6a:4b:df:fa:b5:06:32:46:13:cf:
                    20:bd:18:39:d3:82:d4:d5:21:c8:39:95:59:35:92:
                    fd:e1:af:cf:ad:8c:0e:dc:da:dd:b5:f7:d1:ea:a0:
                    9b:4d:dd:0d:c4:45:8a:97:67:32:61:63:34:58:f1:
                    5e:c9:9e:5e:fb:e9:aa:0d:63:4d:0a:cf:87:4a:11:
                    0a:be:c1:5d:57:1d:04:42:5a:14:06:cb:4c:a6:30:
                    0d:e4:ff:b1:16:f8:82:d9:5f:25:3f:6f:a9:4f:85:
                    a4:0a:00:51:77:80:f7:d6:4a:39:76:d0:f1:38:4b:
                    4f:77:2a:ca:42:bf:bd:f1:a6:d5:d5:30:5f:04:3c:
                    0e:ba:0d:cb:82:8f:e3:bf:ce:04:16:36:79:cb:4e:
                    70:c2:54:82:a6:90:83:d9:b4:19:48:29:0a:d7:37:
                    6f:5f:cb:b0:bc:d9:80:b8:3c:75:e5:1e:12:5e:dc:
                    92:58:63:8a:56:17:88:65:fd:69:04:0f:28:53:9d:
                    96:43:89:02:03:3f:46:8b:e4:f3:cd:64:8c:b4:3d:
                    25:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:1C:35:57:69:B6:02:47:F6:44:BD:0B:88:DF:97:CD:E6:BC:14:D9
            X509v3 Authority Key Identifier:
                keyid:DD:DC:9A:D2:50:B8:5C:D3:99:49:46:5B:66:81:B2:F1:DF:14:D6:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3dya0lC4XNOZSUZbZoGy8d8U1qM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/5bf948-977b-4b0e-b8e7-0d4318ca8c55/1/Ehw1V2m2Akf2RL0LiN-Xzea8FNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/5bf948-977b-4b0e-b8e7-0d4318ca8c55/1/3dya0lC4XNOZSUZbZoGy8d8U1qM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:c0:c8:c5:6f:00:82:46:a7:89:34:bf:6f:e9:09:cd:69:71:
         e0:b8:ac:a1:16:06:69:9a:5d:0e:d1:c4:20:03:aa:fa:1a:73:
         1a:43:c7:5a:d8:94:cf:76:3e:8c:40:61:df:a7:9c:55:d4:2b:
         e3:d7:25:a2:e0:81:8b:75:7a:2c:68:12:49:87:fb:41:ac:2e:
         e1:b6:f6:28:2c:2c:4e:17:79:ec:4d:12:18:4d:dc:d9:d8:f6:
         c7:13:4f:54:ec:ec:33:bb:74:e8:55:90:0a:66:6c:03:61:e1:
         bb:08:67:93:d7:d4:48:c4:e0:84:ae:11:53:26:6e:08:17:bf:
         c7:39:58:63:d9:12:56:2f:54:0e:5b:4e:9d:37:dd:80:5b:8e:
         8c:38:fe:9f:89:1e:d5:44:9a:82:02:6a:86:96:e7:3c:74:40:
         b9:02:a5:80:fc:70:a2:b7:e8:d0:b6:51:40:9e:d8:a6:2c:c3:
         97:60:30:89:27:cd:10:8f:4c:9d:57:c6:de:cc:af:4b:02:62:
         58:f1:a1:10:92:99:c4:53:2b:46:89:a3:a6:cc:19:ae:e0:95:
         73:90:04:3c:9a:6b:0b:0b:4c:de:3e:aa:a1:a1:49:85:df:a3:
         fe:07:c8:67:99:7a:ad:89:3f:44:cb:c2:06:ba:28:fb:2d:83:
         10:cf:3f:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7XmOxEcb+2Sn6jiMwFMvFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZGM5YWQyNTBiODVjZDM5OTQ5NDY1YjY2ODFiMmYxZGYx
NGQ2YTMwHhcNMjQwNDEzMTMxNTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjFjMzU1NzY5YjYwMjQ3ZjY0NGJkMGI4OGRmOTdjZGU2YmMxNGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0svV4SwK4FvCd3Zbwvl3kuqNUee
eJGXAQytkHwSzFn92tE8YTA7AE3CAnIKw95UE2pL3/q1BjJGE88gvRg504LU1SHI
OZVZNZL94a/PrYwO3NrdtffR6qCbTd0NxEWKl2cyYWM0WPFeyZ5e++mqDWNNCs+H
ShEKvsFdVx0EQloUBstMpjAN5P+xFviC2V8lP2+pT4WkCgBRd4D31ko5dtDxOEtP
dyrKQr+98abV1TBfBDwOug3Lgo/jv84EFjZ5y05wwlSCppCD2bQZSCkK1zdvX8uw
vNmAuDx15R4SXtySWGOKVheIZf1pBA8oU52WQ4kCAz9Gi+TzzWSMtD0lKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIcNVdptgJH9kS9C4jfl83mvBTZMB8GA1UdIwQY
MBaAFN3cmtJQuFzTmUlGW2aBsvHfFNajMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2R5YTBsQzRYTk9aU1VaYlpvR3k4ZDhVMXFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81YmY5NDgtOTc3Yi00YjBlLWI4ZTct
MGQ0MzE4Y2E4YzU1LzEvRWh3MVYybTJBa2YyUkwwTGlOLVh6ZWE4Rk5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81YmY5NDgtOTc3Yi00YjBlLWI4ZTctMGQ0MzE4Y2E4YzU1
LzEvM2R5YTBsQzRYTk9aU1VaYlpvR3k4ZDhVMXFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9N/MA0G
CSqGSIb3DQEBCwUAA4IBAQA9wMjFbwCCRqeJNL9v6QnNaXHguKyhFgZpml0O0cQg
A6r6GnMaQ8da2JTPdj6MQGHfp5xV1Cvj1yWi4IGLdXosaBJJh/tBrC7htvYoLCxO
F3nsTRIYTdzZ2PbHE09U7Owzu3ToVZAKZmwDYeG7CGeT19RIxOCErhFTJm4IF7/H
OVhj2RJWL1QOW06dN92AW46MOP6fiR7VRJqCAmqGluc8dEC5AqWA/HCit+jQtlFA
ntimLMOXYDCJJ80Qj0ydV8bezK9LAmJY8aEQkpnEUytGiaOmzBmu4JVzkAQ8mmsL
C0zePqqhoUmF36P+B8hnmXqtiT9Ey8IGuij7LYMQzz9g
-----END CERTIFICATE-----