Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/moDabGIsdfBT-29x92m3epDrLMQ.roa
File:                     moDabGIsdfBT-29x92m3epDrLMQ.roa (raw, json)
Hash identifier:          fT8ScPlDeILt2TZncwZVd22KeWYDYfcynIu8eadViDA=
Subject key identifier:   9A:80:DA:6C:62:2C:75:F0:53:FB:6F:71:F7:69:B7:7A:90:EB:2C:C4
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       018CC3491D8FEFA03FED25B7BB5843C829A5
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/moDabGIsdfBT-29x92m3epDrLMQ.roa
Signing time:             Mon 01 Jan 2024 04:29:57 +0000
ROA not before:           Mon 01 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204798
IP address blocks:        194.127.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1d:8f:ef:a0:3f:ed:25:b7:bb:58:43:c8:29:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Jan  1 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a80da6c622c75f053fb6f71f769b77a90eb2cc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:4f:b3:12:6d:08:a6:7b:54:83:d2:e8:52:66:
                    74:0b:e9:23:c1:c1:c3:cb:86:d4:6a:4c:26:bf:fa:
                    a8:fc:be:3b:66:a3:9c:29:45:a6:e7:55:5d:19:02:
                    7a:43:6e:e0:b4:74:fe:5b:68:3e:a1:84:a4:13:fa:
                    4e:00:d6:cd:5d:ef:25:15:d2:62:d8:5f:08:61:70:
                    d0:db:72:ee:19:79:0f:a8:68:51:3c:bc:84:4d:5b:
                    65:4c:45:2d:32:30:39:d0:1f:48:ca:88:6d:bb:70:
                    61:a1:11:f1:68:43:9b:7e:90:7d:f1:48:7d:6f:a0:
                    15:2a:74:17:b8:91:c9:76:f6:05:1d:ba:e1:34:ef:
                    84:e3:4c:df:f6:80:74:32:3e:56:ad:e2:fd:74:28:
                    f6:74:f7:4d:82:f5:1c:67:10:29:18:bd:3a:46:ed:
                    79:72:ff:e6:59:d2:b3:7d:20:ef:4b:59:62:9c:14:
                    b6:f7:ae:47:d6:0d:29:3a:5d:c7:26:db:e3:b0:26:
                    5b:31:39:0d:a4:8c:05:5f:90:54:cd:ae:2e:d0:3d:
                    f9:7d:59:d0:48:16:2f:03:6a:fc:d8:b4:c5:a9:df:
                    18:f7:7f:56:12:b0:65:4f:69:75:d4:4a:c1:18:f2:
                    e0:0f:96:93:55:5e:14:ce:b3:52:42:64:b7:89:e5:
                    72:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:80:DA:6C:62:2C:75:F0:53:FB:6F:71:F7:69:B7:7A:90:EB:2C:C4
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/moDabGIsdfBT-29x92m3epDrLMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:da:3b:e4:2a:fe:6e:32:5d:e9:13:ae:70:e9:4e:c0:4d:2e:
         d5:c3:87:25:df:26:9b:24:56:4c:ef:52:a9:07:ba:32:32:20:
         7b:bf:b2:9a:47:1b:2e:bb:c2:9f:a4:81:d2:9a:cd:bf:c4:e3:
         7d:24:15:97:b0:6b:27:ec:8d:dd:b2:b5:45:02:9f:ad:c5:7e:
         0c:8f:14:2e:97:f7:48:c3:8c:cc:e2:25:5f:12:08:3b:cf:53:
         c1:46:70:9e:dd:20:fa:30:d3:52:a6:da:c1:86:54:71:f3:5b:
         82:ad:98:b3:23:25:29:7e:bd:63:0d:b3:7b:ad:24:bd:96:77:
         79:19:38:fc:f1:4a:1e:8c:31:11:ea:6d:5a:83:b5:c8:2e:17:
         c4:87:48:e3:9d:c6:d8:a5:45:4a:bc:1c:1d:ea:c5:6b:97:09:
         42:9e:9e:9c:f5:a1:37:d9:71:91:0d:5e:f5:6d:84:47:bf:03:
         30:88:80:fd:4f:fa:eb:a5:fc:3e:df:00:86:71:80:36:6e:46:
         27:df:8c:a7:85:8f:84:43:95:0b:62:25:b0:2a:9e:dd:84:c6:
         b6:f2:80:83:1a:fb:f8:2d:2b:cb:53:6b:f3:49:dc:b3:a2:f0:
         ed:f7:a6:70:97:9a:90:4d:35:09:b1:f6:e6:ef:dc:10:50:7f:
         57:8a:7a:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSR2P76A/7SW3u1hDyCmlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjQwMTAxMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTgwZGE2YzYyMmM3NWYwNTNmYjZmNzFmNzY5Yjc3YTkwZWIyY2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0+zEm0IpntUg9LoUmZ0C+kjwcHD
y4bUakwmv/qo/L47ZqOcKUWm51VdGQJ6Q27gtHT+W2g+oYSkE/pOANbNXe8lFdJi
2F8IYXDQ23LuGXkPqGhRPLyETVtlTEUtMjA50B9Iyohtu3BhoRHxaEObfpB98Uh9
b6AVKnQXuJHJdvYFHbrhNO+E40zf9oB0Mj5WreL9dCj2dPdNgvUcZxApGL06Ru15
cv/mWdKzfSDvS1linBS2965H1g0pOl3HJtvjsCZbMTkNpIwFX5BUza4u0D35fVnQ
SBYvA2r82LTFqd8Y939WErBlT2l11ErBGPLgD5aTVV4UzrNSQmS3ieVywwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqA2mxiLHXwU/tvcfdpt3qQ6yzEMB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvbW9EYWJHSXNkZkJULTI5eDkybTNlcERyTE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn9vMA0G
CSqGSIb3DQEBCwUAA4IBAQCr2jvkKv5uMl3pE65w6U7ATS7Vw4cl3yabJFZM71Kp
B7oyMiB7v7KaRxsuu8KfpIHSms2/xON9JBWXsGsn7I3dsrVFAp+txX4MjxQul/dI
w4zM4iVfEgg7z1PBRnCe3SD6MNNSptrBhlRx81uCrZizIyUpfr1jDbN7rSS9lnd5
GTj88UoejDER6m1ag7XILhfEh0jjncbYpUVKvBwd6sVrlwlCnp6c9aE32XGRDV71
bYRHvwMwiID9T/rrpfw+3wCGcYA2bkYn34ynhY+EQ5ULYiWwKp7dhMa28oCDGvv4
LSvLU2vzSdyzovDt96Zwl5qQTTUJsfbm79wQUH9XinqG
-----END CERTIFICATE-----