Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/Acw3PJE7CHHcC5gSYM6tyaON4MI.roa
File:                     Acw3PJE7CHHcC5gSYM6tyaON4MI.roa (raw, json)
Hash identifier:          ldcfDgYuZiFXsjzG/JbzKXzx1776yXe41MCt202duWs=
Subject key identifier:   01:CC:37:3C:91:3B:08:71:DC:0B:98:12:60:CE:AD:C9:A3:8D:E0:C2
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       018CC3491DC48CD6EDF0BAA4F672D4971652
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/Acw3PJE7CHHcC5gSYM6tyaON4MI.roa
Signing time:             Mon 01 Jan 2024 04:29:58 +0000
ROA not before:           Mon 01 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206471
IP address blocks:        194.127.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1d:c4:8c:d6:ed:f0:ba:a4:f6:72:d4:97:16:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Jan  1 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01cc373c913b0871dc0b981260ceadc9a38de0c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:1a:5f:b5:9a:ba:3c:e5:f2:42:67:41:19:1e:
                    6b:61:d5:17:a3:56:a5:79:2c:fe:04:b4:ce:7c:16:
                    96:9a:bd:23:0f:6a:3a:1f:3c:4d:c6:3f:2d:43:de:
                    cd:fd:fc:ac:29:b5:80:64:ec:9f:13:60:00:e2:33:
                    6e:0d:c2:50:e6:8a:9c:73:02:8b:ef:39:d9:3f:f1:
                    f9:46:4a:94:58:0e:da:d7:fd:a0:40:23:1d:98:6c:
                    13:47:fb:5a:bf:da:e8:88:6b:3a:9b:60:b1:4a:2e:
                    e5:05:b6:39:16:6b:e6:f9:5c:b9:60:8a:74:b6:3e:
                    17:5a:87:24:4d:b1:47:4a:27:c2:ed:01:5d:6f:c0:
                    7a:39:b9:4b:83:6f:aa:e9:62:3c:44:5b:ef:2d:40:
                    b5:26:0a:26:d1:05:57:7f:2f:f7:cd:2e:e1:d7:c2:
                    d9:0a:43:b5:83:20:03:bf:2b:dc:12:f9:3f:6c:8f:
                    1e:43:90:e6:b1:1f:d3:4a:da:98:54:ec:4f:58:8e:
                    3d:0a:dc:72:c8:55:21:33:c2:93:2d:14:b6:e9:14:
                    d4:bb:59:bc:05:65:3f:15:29:b3:d0:ff:18:3f:01:
                    45:01:4c:c6:c0:d2:7e:68:3c:3f:d3:c2:88:fe:b2:
                    81:e3:5e:d7:5c:e9:68:4f:0c:b2:d5:7e:c5:0f:d4:
                    e3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:CC:37:3C:91:3B:08:71:DC:0B:98:12:60:CE:AD:C9:A3:8D:E0:C2
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/Acw3PJE7CHHcC5gSYM6tyaON4MI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:1b:16:8a:f2:45:a4:25:54:42:b0:20:53:d9:c0:a5:d8:3e:
         1b:42:5b:8c:39:2e:fd:01:94:e1:28:27:26:90:1f:ac:e5:93:
         4b:39:a4:86:9e:c2:b5:ee:b0:ba:89:11:2f:09:bb:e9:f9:13:
         02:cc:ec:c2:35:a1:ed:c4:c6:94:4a:7c:3a:18:76:e9:27:e4:
         cc:7d:b9:65:22:b3:da:77:27:91:03:6d:ca:b5:e3:53:48:15:
         2b:16:76:59:e7:9a:41:eb:e4:67:a2:a1:4c:fa:88:09:58:af:
         2b:88:b4:84:15:96:c9:a4:8d:f2:25:ab:f9:4d:fe:d7:66:51:
         53:d8:c7:84:ac:63:96:52:e2:c0:0e:69:9e:02:3e:e8:ee:33:
         7b:17:a2:15:86:b1:94:96:4e:b7:dc:b2:c8:61:7b:b6:f5:9e:
         fe:eb:34:94:67:11:8d:58:88:49:be:06:21:2f:ed:d4:98:cc:
         77:8f:01:2e:b6:af:cb:db:6b:29:5f:00:59:f1:a0:ef:5a:e1:
         75:dc:9b:86:54:68:a3:e6:41:e5:d7:bc:10:52:b7:d1:90:36:
         5d:2c:73:76:7b:cd:d9:11:78:08:c8:70:b0:c1:7e:3d:9e:bb:
         f7:93:12:2f:d1:1c:6e:b7:df:1d:7b:08:4c:ed:dc:0b:06:f6:
         0c:eb:46:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSR3EjNbt8Lqk9nLUlxZSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjQwMTAxMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWNjMzczYzkxM2IwODcxZGMwYjk4MTI2MGNlYWRjOWEzOGRlMGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihpftZq6POXyQmdBGR5rYdUXo1al
eSz+BLTOfBaWmr0jD2o6HzxNxj8tQ97N/fysKbWAZOyfE2AA4jNuDcJQ5oqccwKL
7znZP/H5RkqUWA7a1/2gQCMdmGwTR/tav9roiGs6m2CxSi7lBbY5Fmvm+Vy5YIp0
tj4XWockTbFHSifC7QFdb8B6OblLg2+q6WI8RFvvLUC1Jgom0QVXfy/3zS7h18LZ
CkO1gyADvyvcEvk/bI8eQ5DmsR/TStqYVOxPWI49CtxyyFUhM8KTLRS26RTUu1m8
BWU/FSmz0P8YPwFFAUzGwNJ+aDw/08KI/rKB417XXOloTwyy1X7FD9TjtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHMNzyROwhx3AuYEmDOrcmjjeDCMB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvQWN3M1BKRTdDSEhjQzVnU1lNNnR5YU9ONE1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn9tMA0G
CSqGSIb3DQEBCwUAA4IBAQCYGxaK8kWkJVRCsCBT2cCl2D4bQluMOS79AZThKCcm
kB+s5ZNLOaSGnsK17rC6iREvCbvp+RMCzOzCNaHtxMaUSnw6GHbpJ+TMfbllIrPa
dyeRA23KteNTSBUrFnZZ55pB6+RnoqFM+ogJWK8riLSEFZbJpI3yJav5Tf7XZlFT
2MeErGOWUuLADmmeAj7o7jN7F6IVhrGUlk633LLIYXu29Z7+6zSUZxGNWIhJvgYh
L+3UmMx3jwEutq/L22spXwBZ8aDvWuF13JuGVGij5kHl17wQUrfRkDZdLHN2e83Z
EXgIyHCwwX49nrv3kxIv0Rxut98dewhM7dwLBvYM60aS
-----END CERTIFICATE-----