Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/4ThwsDyEGhNF6vplh1Ehhnhe7aQ.roa
File:                     4ThwsDyEGhNF6vplh1Ehhnhe7aQ.roa (raw, json)
Hash identifier:          oAK8yGXXBfj2ex80tnZOP6I3bSGZ2GIHRiklxVlYLzI=
Subject key identifier:   E1:38:70:B0:3C:84:1A:13:45:EA:FA:65:87:51:21:86:78:5E:ED:A4
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       018CC3491D5BAA7A29308D6CAD8365786CF4
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/4ThwsDyEGhNF6vplh1Ehhnhe7aQ.roa
Signing time:             Mon 01 Jan 2024 04:29:57 +0000
ROA not before:           Mon 01 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203735
IP address blocks:        194.127.110.0/24 maxlen: 24
                          194.127.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 10:03:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1d:5b:aa:7a:29:30:8d:6c:ad:83:65:78:6c:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Jan  1 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e13870b03c841a1345eafa6587512186785eeda4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:43:a5:b4:8c:8a:ee:3c:37:b6:cf:67:a6:01:
                    f1:af:10:84:16:8b:f1:03:a0:e8:74:0a:2a:5c:f8:
                    df:75:f6:47:4b:17:2b:3b:6c:76:bf:c5:96:f7:45:
                    31:9a:13:46:f0:c1:0e:23:32:25:b8:68:c2:d7:37:
                    22:ef:d7:a8:bf:48:1d:9d:16:ce:9c:5f:02:92:75:
                    b4:0c:74:78:75:6e:7d:b4:61:89:7d:92:71:3a:cb:
                    64:16:f6:3a:f3:d7:d8:1e:c1:95:bf:73:7e:9b:ee:
                    5f:f5:e1:19:d8:53:d4:8d:2f:b3:e9:22:d5:e7:80:
                    3e:69:83:b3:93:93:80:eb:bd:2b:51:11:22:06:2e:
                    18:25:fe:c5:19:43:26:d9:51:d0:e8:67:4f:3c:7f:
                    ee:72:ea:04:fd:c6:7c:ab:69:9c:20:24:a6:c3:ac:
                    e7:ed:3f:30:b0:cb:0d:ce:3d:87:66:8d:e9:7e:ac:
                    45:9d:e8:2c:22:dc:b3:4c:48:66:b2:00:3b:c8:8c:
                    77:15:ea:68:a6:5f:f8:22:ae:a6:37:68:43:80:b7:
                    c1:d0:f3:db:01:06:0e:8b:4e:0b:51:fd:63:5a:96:
                    2d:2a:66:2a:77:15:c4:ca:48:9a:80:37:f2:4f:07:
                    e2:53:9b:3e:cb:dd:f1:b9:6d:4a:a5:82:77:d2:14:
                    d0:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:38:70:B0:3C:84:1A:13:45:EA:FA:65:87:51:21:86:78:5E:ED:A4
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/4ThwsDyEGhNF6vplh1Ehhnhe7aQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.108.0/24
                  194.127.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:e4:69:4e:5d:89:ea:7e:8e:13:57:58:34:35:c0:a5:71:74:
         05:c2:5b:91:ae:38:ac:f9:3a:62:f4:90:ef:63:4d:fc:bf:51:
         80:05:cc:98:73:37:df:62:f3:b6:c1:82:22:c0:71:cb:3a:93:
         cd:11:93:ee:d5:25:f0:e8:81:aa:6b:53:07:ee:c8:94:87:92:
         41:84:af:a4:38:cb:1b:ee:ac:a8:87:f1:87:d0:76:97:d4:9c:
         5d:2d:cc:9f:dd:0b:21:34:f2:70:35:95:63:0b:a2:f7:80:08:
         7b:65:71:06:0e:33:9b:0b:63:85:a3:d5:8c:be:51:0d:71:78:
         60:53:98:bf:30:4a:b7:cb:17:f5:fd:99:aa:1a:24:b9:ad:62:
         2e:db:22:27:05:2c:5b:b4:b7:a7:70:1b:7d:84:17:0a:87:b8:
         70:ff:2c:a3:55:37:cd:3a:df:a0:8b:13:61:d0:fb:de:74:02:
         77:97:15:9c:11:30:37:14:a6:3b:02:20:46:84:75:1c:f4:81:
         fb:8e:89:ea:78:31:0b:bd:a2:ee:1e:dd:dd:14:3f:11:74:b6:
         79:66:51:70:17:32:0c:9b:93:64:c5:8e:4e:b1:9d:75:fa:13:
         2a:d8:b5:45:bf:68:f1:f3:53:71:a4:d4:3a:de:59:58:48:20:
         84:3d:f8:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSR1bqnopMI1srYNleGz0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjQwMTAxMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTM4NzBiMDNjODQxYTEzNDVlYWZhNjU4NzUxMjE4Njc4NWVlZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0OltIyK7jw3ts9npgHxrxCEFovx
A6DodAoqXPjfdfZHSxcrO2x2v8WW90UxmhNG8MEOIzIluGjC1zci79eov0gdnRbO
nF8CknW0DHR4dW59tGGJfZJxOstkFvY689fYHsGVv3N+m+5f9eEZ2FPUjS+z6SLV
54A+aYOzk5OA670rUREiBi4YJf7FGUMm2VHQ6GdPPH/ucuoE/cZ8q2mcICSmw6zn
7T8wsMsNzj2HZo3pfqxFnegsItyzTEhmsgA7yIx3Fepopl/4Iq6mN2hDgLfB0PPb
AQYOi04LUf1jWpYtKmYqdxXEykiagDfyTwfiU5s+y93xuW1KpYJ30hTQ1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOE4cLA8hBoTRer6ZYdRIYZ4Xu2kMB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvNFRod3NEeUVHaE5GNnZwbGgxRWhobmhlN2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwn9sAwQA
wn9uMA0GCSqGSIb3DQEBCwUAA4IBAQAe5GlOXYnqfo4TV1g0NcClcXQFwluRrjis
+Tpi9JDvY038v1GABcyYczffYvO2wYIiwHHLOpPNEZPu1SXw6IGqa1MH7siUh5JB
hK+kOMsb7qyoh/GH0HaX1JxdLcyf3QshNPJwNZVjC6L3gAh7ZXEGDjObC2OFo9WM
vlENcXhgU5i/MEq3yxf1/ZmqGiS5rWIu2yInBSxbtLencBt9hBcKh7hw/yyjVTfN
Ot+gixNh0PvedAJ3lxWcETA3FKY7AiBGhHUc9IH7jonqeDELvaLuHt3dFD8RdLZ5
ZlFwFzIMm5NkxY5OsZ11+hMq2LVFv2jx81NxpNQ63llYSCCEPfj7
-----END CERTIFICATE-----