Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/C_l7gY4HKMAH6m-SKmgQfr13Qes.roa
File:                     C_l7gY4HKMAH6m-SKmgQfr13Qes.roa (raw, json)
Hash identifier:          pRZ/nLpDPpbsV4pq3dfe7vuh4pYoUDOFa7B5tX5SH6o=
Subject key identifier:   0B:F9:7B:81:8E:07:28:C0:07:EA:6F:92:2A:68:10:7E:BD:77:41:EB
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       0194266B704B57A539FDCFEAD71523916550
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/C_l7gY4HKMAH6m-SKmgQfr13Qes.roa
Signing time:             Thu 02 Jan 2025 09:49:22 +0000
ROA not before:           Thu 02 Jan 2025 09:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208324
IP address blocks:        194.127.108.0/24 maxlen: 24
                          194.127.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:70:4b:57:a5:39:fd:cf:ea:d7:15:23:91:65:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Jan  2 09:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bf97b818e0728c007ea6f922a68107ebd7741eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:2b:4b:71:03:6a:68:29:7d:68:ab:a4:64:9f:
                    47:15:c7:84:44:3f:3c:71:b2:75:8f:d9:02:8c:c1:
                    b0:44:25:dd:06:9b:1a:35:6c:f1:c0:a6:d1:ac:aa:
                    ce:71:6a:cd:0e:0d:30:de:37:f8:7f:00:fa:74:36:
                    47:a2:4f:72:fa:86:da:63:c6:46:5d:8f:8e:82:30:
                    f9:64:a5:37:90:be:63:0f:89:62:8b:12:bb:b4:82:
                    e4:7d:d9:db:c8:62:d0:8f:35:4e:7f:3a:5d:25:4f:
                    1f:b3:8a:82:74:d1:04:55:32:d5:13:28:d8:aa:51:
                    b2:c0:cf:a3:27:7b:84:a9:ed:07:f3:2a:1f:9c:e6:
                    45:50:c9:02:b8:32:2b:79:57:7c:40:53:67:39:1d:
                    6c:f4:b2:60:f5:77:f6:c9:c7:8e:77:22:76:51:f7:
                    f1:2b:0d:42:57:d0:6b:11:bb:a4:f8:50:b0:c2:50:
                    ea:e1:ea:24:b2:5c:99:0f:10:bd:dd:e6:d2:40:47:
                    e1:32:95:2f:db:44:aa:a4:74:ff:06:fd:71:af:e1:
                    71:89:68:ff:68:60:39:3c:96:00:36:3d:d2:4c:88:
                    98:aa:7b:e5:46:77:41:f5:53:ee:a9:31:2b:01:e2:
                    68:3d:66:31:f0:c1:d9:da:f4:d5:e3:06:83:e8:ca:
                    c6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:F9:7B:81:8E:07:28:C0:07:EA:6F:92:2A:68:10:7E:BD:77:41:EB
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/C_l7gY4HKMAH6m-SKmgQfr13Qes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.108.0/24
                  194.127.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:2a:59:b2:bb:3e:7d:07:b9:e8:1b:3a:da:46:39:bf:59:c0:
         51:bd:69:83:ab:0a:bd:1b:f9:0f:5e:06:9f:44:3c:6a:98:68:
         27:7e:7e:c4:e3:5c:43:27:14:a6:50:8f:3e:ff:6d:7e:3a:96:
         65:db:5d:9e:66:67:6c:3e:f3:8b:98:2b:b7:ef:fb:1c:75:2e:
         e6:ad:c2:dd:9f:f0:99:1c:e4:3e:dc:58:f0:79:1e:96:8c:24:
         ef:e7:59:fc:4d:af:4a:d2:e9:74:48:2e:75:d1:b0:36:fe:44:
         8b:48:c9:91:b3:bb:6d:6e:69:c9:a4:97:fe:81:3f:06:b1:bb:
         05:e8:64:cc:cb:74:1f:86:13:57:45:6a:60:30:91:ee:1d:84:
         50:e9:cf:e0:b2:ea:85:94:e7:23:42:ec:7c:ab:60:22:0a:a3:
         bb:2d:b8:8e:cb:31:2f:55:04:de:b8:c2:96:5a:f0:bd:ba:f0:
         fc:0c:96:f0:87:de:c5:45:11:61:d9:9e:57:2e:62:f4:94:9b:
         ac:92:0f:a6:cc:2b:9f:5f:a0:e3:3b:97:88:5c:8a:9f:a8:c3:
         5f:eb:06:be:21:70:19:c2:87:ed:83:15:8b:11:eb:95:fc:14:
         5a:ce:17:ee:e4:09:0a:0b:a3:b9:03:cf:a0:38:bd:21:34:cb:
         56:a2:09:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma3BLV6U5/c/q1xUjkWVQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjUwMTAyMDk0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmY5N2I4MThlMDcyOGMwMDdlYTZmOTIyYTY4MTA3ZWJkNzc0MWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ytLcQNqaCl9aKukZJ9HFceERD88
cbJ1j9kCjMGwRCXdBpsaNWzxwKbRrKrOcWrNDg0w3jf4fwD6dDZHok9y+obaY8ZG
XY+OgjD5ZKU3kL5jD4liixK7tILkfdnbyGLQjzVOfzpdJU8fs4qCdNEEVTLVEyjY
qlGywM+jJ3uEqe0H8yofnOZFUMkCuDIreVd8QFNnOR1s9LJg9Xf2yceOdyJ2Uffx
Kw1CV9BrEbuk+FCwwlDq4eokslyZDxC93ebSQEfhMpUv20SqpHT/Bv1xr+FxiWj/
aGA5PJYANj3STIiYqnvlRndB9VPuqTErAeJoPWYx8MHZ2vTV4waD6MrGgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAv5e4GOByjAB+pvkipoEH69d0HrMB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvQ19sN2dZNEhLTUFINm0tU0ttZ1FmcjEzUWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwn9sAwQA
wn9uMA0GCSqGSIb3DQEBCwUAA4IBAQAsKlmyuz59B7noGzraRjm/WcBRvWmDqwq9
G/kPXgafRDxqmGgnfn7E41xDJxSmUI8+/21+OpZl212eZmdsPvOLmCu37/scdS7m
rcLdn/CZHOQ+3FjweR6WjCTv51n8Ta9K0ul0SC510bA2/kSLSMmRs7ttbmnJpJf+
gT8GsbsF6GTMy3QfhhNXRWpgMJHuHYRQ6c/gsuqFlOcjQux8q2AiCqO7LbiOyzEv
VQTeuMKWWvC9uvD8DJbwh97FRRFh2Z5XLmL0lJuskg+mzCufX6DjO5eIXIqfqMNf
6wa+IXAZwoftgxWLEeuV/BRazhfu5AkKC6O5A8+gOL0hNMtWoglT
-----END CERTIFICATE-----