Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/bPrzCbZwM8NFsEePoIsndtfYPgA.roa
File:                     bPrzCbZwM8NFsEePoIsndtfYPgA.roa (raw, json)
Hash identifier:          rf7q0cYNkLzi48ftDTk6wbYTaXUrNnWgr0o7odYNHp8=
Subject key identifier:   6C:FA:F3:09:B6:70:33:C3:45:B0:47:8F:A0:8B:27:76:D7:D8:3E:00
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       018E4E88164667BBCA24CF36049C08C27B61
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/bPrzCbZwM8NFsEePoIsndtfYPgA.roa
Signing time:             Sun 17 Mar 2024 22:28:45 +0000
ROA not before:           Sun 17 Mar 2024 22:28:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208324
IP address blocks:        194.127.108.0/24 maxlen: 24
                          194.127.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4e:88:16:46:67:bb:ca:24:cf:36:04:9c:08:c2:7b:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Mar 17 22:28:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cfaf309b67033c345b0478fa08b2776d7d83e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:85:23:0d:9a:6f:5d:ef:37:99:06:b5:7f:41:
                    e2:f0:79:16:4d:72:59:01:64:b7:dc:2b:8c:dd:63:
                    1f:c2:80:9e:72:13:6f:cf:c3:17:88:45:19:f9:b4:
                    8a:3c:42:5b:e5:80:96:2a:20:f5:d4:9b:33:ec:51:
                    8c:f5:49:b4:49:05:db:22:b6:b5:8a:32:74:fd:72:
                    24:ff:2d:35:92:0d:7e:ae:c4:8f:b4:19:3f:87:c5:
                    7a:da:50:c1:ed:6d:b4:fe:db:9f:8e:a9:6a:63:fe:
                    4a:ac:d0:4b:13:8f:e5:ab:a2:e6:8e:4c:96:b2:dc:
                    ff:6f:7c:c0:77:2f:e4:30:c9:28:db:77:90:76:6a:
                    cf:fb:93:a1:03:58:4f:97:86:4f:55:f1:81:49:0c:
                    ab:a1:5c:09:b5:94:45:75:15:f9:5e:71:3c:d9:5d:
                    f3:28:fa:92:87:3d:de:c4:9c:4d:f5:11:1a:98:92:
                    8e:70:c1:5c:9e:db:46:0d:d1:02:7e:69:53:22:3e:
                    29:38:fc:6a:80:d0:ba:1a:28:fc:d2:f4:61:6f:6c:
                    78:4c:28:ed:77:93:79:18:24:0f:ab:ed:39:94:4c:
                    cb:6b:d0:8d:e3:36:2e:8b:a2:a4:fc:53:02:88:65:
                    d4:6a:5b:a5:11:45:1b:98:38:6a:e7:06:fd:bf:dd:
                    7f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:FA:F3:09:B6:70:33:C3:45:B0:47:8F:A0:8B:27:76:D7:D8:3E:00
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/bPrzCbZwM8NFsEePoIsndtfYPgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.108.0/24
                  194.127.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:f2:80:62:25:35:fb:97:a1:a0:47:57:44:49:5a:9f:cf:81:
         28:5e:a4:37:4c:93:dc:1b:48:50:82:19:26:e6:d4:0e:10:90:
         99:94:cd:5c:aa:5e:93:91:f7:f8:38:88:04:a6:65:24:aa:0b:
         cf:ac:7a:02:7d:29:9b:15:25:04:2a:93:7a:3b:65:67:bf:7a:
         a3:3d:45:6b:48:4f:b8:d9:7b:e3:4c:0b:e5:3e:59:54:32:59:
         31:8b:9c:6f:42:5a:d9:e4:03:a1:35:bf:25:5e:51:54:0f:f8:
         8e:ef:95:65:58:da:e5:92:8f:8c:1a:ba:07:dd:bf:f6:48:de:
         e8:dd:18:6b:83:fe:c4:c7:47:24:01:a8:5f:fa:c7:33:1b:c8:
         37:cb:c9:24:e8:b9:b7:78:9c:c7:ae:d0:53:61:68:15:06:8d:
         96:38:9d:53:77:cc:e6:bd:f0:3b:6e:9b:7d:4e:71:2b:04:31:
         4e:b9:67:07:be:1f:9b:8e:c3:05:68:96:a0:f9:49:4b:85:10:
         55:19:23:dd:ec:d9:2e:38:e7:5a:55:22:72:71:af:b7:e3:dc:
         3d:07:41:fe:bf:74:0c:3e:6a:c8:62:b5:7a:ec:bb:0d:33:00:
         a0:cb:c5:02:a3:09:32:45:a0:88:e0:7a:c8:aa:2b:d6:58:f3:
         2b:23:90:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5OiBZGZ7vKJM82BJwIwnthMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjQwMzE3MjIyODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2ZhZjMwOWI2NzAzM2MzNDViMDQ3OGZhMDhiMjc3NmQ3ZDgzZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoUjDZpvXe83mQa1f0Hi8HkWTXJZ
AWS33CuM3WMfwoCechNvz8MXiEUZ+bSKPEJb5YCWKiD11Jsz7FGM9Um0SQXbIra1
ijJ0/XIk/y01kg1+rsSPtBk/h8V62lDB7W20/tufjqlqY/5KrNBLE4/lq6LmjkyW
stz/b3zAdy/kMMko23eQdmrP+5OhA1hPl4ZPVfGBSQyroVwJtZRFdRX5XnE82V3z
KPqShz3exJxN9REamJKOcMFcnttGDdECfmlTIj4pOPxqgNC6Gij80vRhb2x4TCjt
d5N5GCQPq+05lEzLa9CN4zYui6Kk/FMCiGXUalulEUUbmDhq5wb9v91/LQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGz68wm2cDPDRbBHj6CLJ3bX2D4AMB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvYlByekNiWndNOE5Gc0VlUG9Jc25kdGZZUGdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwn9sAwQA
wn9uMA0GCSqGSIb3DQEBCwUAA4IBAQAz8oBiJTX7l6GgR1dESVqfz4EoXqQ3TJPc
G0hQghkm5tQOEJCZlM1cql6Tkff4OIgEpmUkqgvPrHoCfSmbFSUEKpN6O2Vnv3qj
PUVrSE+42XvjTAvlPllUMlkxi5xvQlrZ5AOhNb8lXlFUD/iO75VlWNrlko+MGroH
3b/2SN7o3Rhrg/7Ex0ckAahf+sczG8g3y8kk6Lm3eJzHrtBTYWgVBo2WOJ1Td8zm
vfA7bpt9TnErBDFOuWcHvh+bjsMFaJag+UlLhRBVGSPd7NkuOOdaVSJyca+349w9
B0H+v3QMPmrIYrV67LsNMwCgy8UCowkyRaCI4HrIqivWWPMrI5BP
-----END CERTIFICATE-----