Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/H-JBm7JYRujvMJ9syXmluW8ISPk.roa
File:                     H-JBm7JYRujvMJ9syXmluW8ISPk.roa (raw, json)
Hash identifier:          b29SM4ZyoKk4dXmAnwmNQuIG+EoC3+gWKhDJ399dNKI=
Subject key identifier:   1F:E2:41:9B:B2:58:46:E8:EF:30:9F:6C:C9:79:A5:B9:6F:08:48:F9
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       018CC3491E9C2CA1F5318AB462D865F74F99
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/H-JBm7JYRujvMJ9syXmluW8ISPk.roa
Signing time:             Mon 01 Jan 2024 04:29:58 +0000
ROA not before:           Mon 01 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210021
IP address blocks:        194.127.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1e:9c:2c:a1:f5:31:8a:b4:62:d8:65:f7:4f:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Jan  1 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fe2419bb25846e8ef309f6cc979a5b96f0848f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6e:fb:90:2c:79:a5:c0:10:b4:44:ab:23:9f:
                    9b:79:6f:e1:91:a1:5b:91:ed:c2:f8:3d:3c:5c:a1:
                    11:6c:5a:de:d8:b9:27:b5:0d:ca:2e:03:77:9e:b4:
                    20:93:bf:8c:24:c9:64:43:29:24:dc:e6:cc:82:72:
                    11:6e:4d:a6:4d:65:d8:60:19:3f:c3:b8:18:ca:cb:
                    fd:8e:3e:ba:ae:07:19:35:ab:d7:67:64:f6:10:ac:
                    b4:67:30:77:17:26:a7:fa:eb:9d:da:89:66:b4:13:
                    fb:4f:c2:86:03:57:dd:4b:8a:a8:db:f7:d3:79:a8:
                    e3:b1:bd:e8:c4:d8:94:c8:f5:86:45:00:d3:85:f7:
                    fa:37:b6:fa:bb:80:db:b5:fe:4c:63:01:4d:1d:72:
                    89:9c:40:3e:70:1e:13:ff:01:13:34:fb:76:e7:f0:
                    f9:53:58:39:4b:6f:ae:7e:c1:b5:9b:aa:d0:4e:1a:
                    00:43:cc:d8:be:73:f8:be:77:b9:c2:2f:27:77:95:
                    75:57:a7:83:ba:0d:a6:30:27:0d:43:22:ad:f3:eb:
                    09:e8:ff:6d:64:22:f3:2b:61:78:cd:6a:16:55:f6:
                    b7:07:c9:e3:5b:93:53:5a:93:86:b1:ce:86:f4:71:
                    90:da:f2:68:93:cb:59:f1:bb:f4:58:d3:5d:a7:ce:
                    4f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E2:41:9B:B2:58:46:E8:EF:30:9F:6C:C9:79:A5:B9:6F:08:48:F9
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/H-JBm7JYRujvMJ9syXmluW8ISPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:1f:ba:29:4e:39:41:02:d8:6f:ce:45:91:6c:ba:4c:7e:ce:
         99:81:fe:39:ab:38:52:c7:60:95:a8:bb:74:88:39:60:db:2c:
         9c:a3:c2:62:d7:b8:08:05:dd:68:53:99:ac:4d:c9:32:23:27:
         16:04:a9:df:77:3d:66:9f:8f:7b:ce:64:97:80:cf:18:67:b5:
         a6:f1:22:0b:53:e6:f0:8d:5f:15:36:e6:7d:d4:dc:d1:dc:8e:
         a1:73:2f:9c:92:72:a7:1c:9c:ad:9c:99:c5:0f:77:5f:8d:64:
         7e:74:20:0c:f7:c6:8d:15:db:c2:41:9e:83:c6:ff:b4:5e:24:
         93:9b:eb:e2:c4:97:3d:6d:8a:3c:67:c0:b8:29:6f:8d:5e:d7:
         a1:55:af:cb:fe:74:f0:c6:71:78:bc:21:7c:88:c2:35:2d:cd:
         d8:a1:da:8b:0c:04:7b:0e:d7:0f:b7:28:e7:5c:7b:14:3b:f7:
         3a:59:02:ab:bc:6d:93:6d:44:87:14:2f:21:49:33:f8:d8:17:
         71:28:bb:2e:86:77:fa:f4:e9:81:6d:7c:ba:a6:c7:59:02:66:
         6a:2a:19:3e:04:12:95:51:fe:82:65:78:97:86:63:48:83:a0:
         50:ef:6d:e8:5b:74:4b:08:e2:67:74:66:94:2d:ad:26:4e:20:
         1a:60:54:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSR6cLKH1MYq0Ythl90+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjQwMTAxMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmUyNDE5YmIyNTg0NmU4ZWYzMDlmNmNjOTc5YTViOTZmMDg0OGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk277kCx5pcAQtESrI5+beW/hkaFb
ke3C+D08XKERbFre2LkntQ3KLgN3nrQgk7+MJMlkQykk3ObMgnIRbk2mTWXYYBk/
w7gYysv9jj66rgcZNavXZ2T2EKy0ZzB3Fyan+uud2olmtBP7T8KGA1fdS4qo2/fT
eajjsb3oxNiUyPWGRQDThff6N7b6u4Dbtf5MYwFNHXKJnEA+cB4T/wETNPt25/D5
U1g5S2+ufsG1m6rQThoAQ8zYvnP4vne5wi8nd5V1V6eDug2mMCcNQyKt8+sJ6P9t
ZCLzK2F4zWoWVfa3B8njW5NTWpOGsc6G9HGQ2vJok8tZ8bv0WNNdp85PJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/iQZuyWEbo7zCfbMl5pblvCEj5MB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvSC1KQm03SllSdWp2TUo5c3lYbWx1VzhJU1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn9vMA0G
CSqGSIb3DQEBCwUAA4IBAQCnH7opTjlBAthvzkWRbLpMfs6Zgf45qzhSx2CVqLt0
iDlg2yyco8Ji17gIBd1oU5msTckyIycWBKnfdz1mn497zmSXgM8YZ7Wm8SILU+bw
jV8VNuZ91NzR3I6hcy+cknKnHJytnJnFD3dfjWR+dCAM98aNFdvCQZ6Dxv+0XiST
m+vixJc9bYo8Z8C4KW+NXtehVa/L/nTwxnF4vCF8iMI1Lc3YodqLDAR7DtcPtyjn
XHsUO/c6WQKrvG2TbUSHFC8hSTP42BdxKLsuhnf69OmBbXy6psdZAmZqKhk+BBKV
Uf6CZXiXhmNIg6BQ723oW3RLCOJndGaULa0mTiAaYFQo
-----END CERTIFICATE-----