Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/KwTls30WYcznTSabSq35vBeXpj0.roa
File:                     KwTls30WYcznTSabSq35vBeXpj0.roa (raw, json)
Hash identifier:          X/ekOhBXSP8fVDHGwbrzlLZCwxwJt0Lb7wF+ki+I/bA=
Subject key identifier:   2B:04:E5:B3:7D:16:61:CC:E7:4D:26:9B:4A:AD:F9:BC:17:97:A6:3D
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       0194266B6F115B1726E6D7F37B5FA89A596F
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/KwTls30WYcznTSabSq35vBeXpj0.roa
Signing time:             Thu 02 Jan 2025 09:49:22 +0000
ROA not before:           Thu 02 Jan 2025 09:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204798
IP address blocks:        194.127.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:6f:11:5b:17:26:e6:d7:f3:7b:5f:a8:9a:59:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Jan  2 09:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b04e5b37d1661cce74d269b4aadf9bc1797a63d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:be:cc:9f:59:c8:c2:cd:59:a8:cc:0b:03:a8:
                    10:24:8e:7a:6f:a5:25:3c:3b:eb:22:99:a8:e7:3f:
                    c2:d6:63:55:65:12:ad:05:3e:30:c5:89:26:35:67:
                    2e:89:c7:df:90:c2:8f:5c:76:19:3d:50:19:32:97:
                    d9:e7:c8:e5:d2:1d:23:eb:a2:f1:ce:e5:5b:2b:ee:
                    15:3b:83:25:44:15:f9:0f:4f:47:91:b5:df:4a:b3:
                    fc:7f:5d:0f:e6:49:4d:97:19:71:02:e1:60:47:2b:
                    34:a6:67:82:c1:c8:59:a1:76:d3:85:24:ca:f3:6e:
                    6f:ad:27:a2:dc:2d:6d:62:4b:fd:c9:7f:a8:64:b0:
                    86:f0:6e:15:d1:bb:4d:74:2f:eb:5c:8b:b0:56:c7:
                    a6:67:a6:2d:c1:c5:93:00:9a:cc:fa:36:7e:ba:47:
                    9c:bc:1e:24:1d:84:2d:21:69:08:58:c7:20:b0:8b:
                    8a:83:6c:e7:5c:bb:c2:c4:55:4e:2e:8c:72:47:26:
                    90:52:a4:65:ee:a6:16:be:8b:8d:8c:e7:82:c3:3a:
                    d6:5c:82:9e:7e:e9:e6:86:97:11:15:23:7e:5f:2b:
                    09:77:cd:c6:0b:fb:89:34:6c:97:95:75:50:69:14:
                    81:de:d1:dd:84:81:cd:69:31:2a:cb:98:12:03:54:
                    8a:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:04:E5:B3:7D:16:61:CC:E7:4D:26:9B:4A:AD:F9:BC:17:97:A6:3D
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/KwTls30WYcznTSabSq35vBeXpj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:4a:40:fe:5b:7b:e2:eb:61:9a:57:36:c8:f3:4d:53:a6:19:
         49:e3:41:a7:68:e1:e2:62:eb:09:30:31:48:12:18:df:1d:7e:
         2b:95:18:02:86:e3:e8:d4:e8:5f:2d:dc:62:39:7c:da:fa:47:
         72:03:4c:96:8d:41:23:95:a1:0c:67:87:77:82:99:43:fd:5b:
         3c:2c:38:2d:c0:35:f1:d1:17:94:8c:6a:a1:ea:f9:ed:7b:a9:
         31:6b:18:99:61:e2:02:2e:3c:9e:e0:e6:ff:04:5d:b2:23:7a:
         63:54:23:36:a8:7c:b1:f3:04:2f:cf:66:5b:d2:ff:c1:ac:c3:
         b6:b2:7a:1d:f0:d6:bd:9b:08:9e:63:dc:c2:1e:15:fe:6c:92:
         24:90:bc:29:aa:86:8b:bd:ec:50:18:8b:be:32:2c:0e:6e:76:
         9d:9e:75:3d:ae:38:dd:8e:0f:54:1c:7d:20:fa:a7:38:4c:d5:
         02:fe:a3:d5:da:bc:d0:6d:d7:b2:a1:f8:73:b0:68:e1:39:ba:
         5a:8b:f7:3c:24:8e:de:56:c1:05:f4:4e:e9:ec:e1:9f:62:e3:
         dc:37:ea:c6:32:97:66:85:9e:83:54:4c:3c:12:05:70:ba:bb:
         57:bd:1a:64:ee:1a:10:ea:2b:4d:6d:51:90:7a:17:93:00:59:
         dc:23:09:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma28RWxcm5tfze1+omllvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjUwMTAyMDk0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjA0ZTViMzdkMTY2MWNjZTc0ZDI2OWI0YWFkZjliYzE3OTdhNjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp77Mn1nIws1ZqMwLA6gQJI56b6Ul
PDvrIpmo5z/C1mNVZRKtBT4wxYkmNWcuicffkMKPXHYZPVAZMpfZ58jl0h0j66Lx
zuVbK+4VO4MlRBX5D09HkbXfSrP8f10P5klNlxlxAuFgRys0pmeCwchZoXbThSTK
825vrSei3C1tYkv9yX+oZLCG8G4V0btNdC/rXIuwVsemZ6YtwcWTAJrM+jZ+ukec
vB4kHYQtIWkIWMcgsIuKg2znXLvCxFVOLoxyRyaQUqRl7qYWvouNjOeCwzrWXIKe
funmhpcRFSN+XysJd83GC/uJNGyXlXVQaRSB3tHdhIHNaTEqy5gSA1SK5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsE5bN9FmHM500mm0qt+bwXl6Y9MB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvS3dUbHMzMFdZY3puVFNhYlNxMzV2QmVYcGowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn9vMA0G
CSqGSIb3DQEBCwUAA4IBAQAOSkD+W3vi62GaVzbI801TphlJ40GnaOHiYusJMDFI
EhjfHX4rlRgChuPo1OhfLdxiOXza+kdyA0yWjUEjlaEMZ4d3gplD/Vs8LDgtwDXx
0ReUjGqh6vnte6kxaxiZYeICLjye4Ob/BF2yI3pjVCM2qHyx8wQvz2Zb0v/BrMO2
snod8Na9mwieY9zCHhX+bJIkkLwpqoaLvexQGIu+MiwObnadnnU9rjjdjg9UHH0g
+qc4TNUC/qPV2rzQbdeyofhzsGjhObpai/c8JI7eVsEF9E7p7OGfYuPcN+rGMpdm
hZ6DVEw8EgVwurtXvRpk7hoQ6itNbVGQeheTAFncIwmx
-----END CERTIFICATE-----