Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/dmHMJaRnXcooVoAGEmQNVEEkj-c.roa
File:                     dmHMJaRnXcooVoAGEmQNVEEkj-c.roa (raw, json)
Hash identifier:          lSIVb2yGgPGT4Lw+8aYfejS0fIyMOajul31WaxiAuMo=
Subject key identifier:   76:61:CC:25:A4:67:5D:CA:28:56:80:06:12:64:0D:54:41:24:8F:E7
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       018EEBE4D3B243B0F9726546DD00CB2F125E
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/dmHMJaRnXcooVoAGEmQNVEEkj-c.roa
Signing time:             Wed 17 Apr 2024 11:50:25 +0000
ROA not before:           Wed 17 Apr 2024 11:50:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210421
IP address blocks:        193.26.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:eb:e4:d3:b2:43:b0:f9:72:65:46:dd:00:cb:2f:12:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Apr 17 11:50:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7661cc25a4675dca2856800612640d5441248fe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:92:ee:d8:e6:39:07:4f:f7:68:99:52:9e:5f:
                    32:82:eb:a1:4f:c2:d2:c8:e8:64:3a:2b:94:40:17:
                    c4:c0:af:2d:0c:96:cb:39:93:d2:c1:52:00:a6:40:
                    55:d6:f9:9e:78:aa:59:90:f7:42:66:6c:a1:bc:38:
                    d6:60:87:31:52:d3:7a:cb:c9:53:74:d0:b9:14:be:
                    26:fd:d1:e8:19:b1:fa:b9:17:cf:c1:3a:7c:50:50:
                    9d:e1:6a:74:7d:96:04:89:12:6c:ce:6d:eb:1e:cc:
                    c9:33:ea:1a:8c:93:19:e8:31:20:40:8d:37:4a:12:
                    89:5d:7f:e3:8b:82:ad:ca:c5:5d:7a:bc:25:21:12:
                    fc:d7:a8:3e:36:f2:8a:24:3b:66:73:d2:97:84:a0:
                    31:27:be:1c:4d:0c:ee:26:30:a4:9e:9b:d1:db:59:
                    df:22:fd:2e:0a:22:c8:97:4a:97:30:86:82:58:ce:
                    ae:98:23:aa:e6:14:a7:06:25:5d:a2:e1:82:a6:ea:
                    8e:1c:05:c5:a4:0b:8b:8d:f6:ac:e7:61:8f:66:1b:
                    cb:da:f3:b0:1e:c1:f5:99:a2:26:08:81:1b:cb:0c:
                    c2:6f:b4:2a:c9:54:66:2b:34:64:1d:7b:4a:43:a0:
                    b6:8f:db:47:45:8e:d0:5a:2b:ae:d5:e1:80:6e:c9:
                    85:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:61:CC:25:A4:67:5D:CA:28:56:80:06:12:64:0D:54:41:24:8F:E7
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/dmHMJaRnXcooVoAGEmQNVEEkj-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:f1:8a:eb:5b:a8:e2:5a:8f:68:71:ad:84:be:5a:6b:a8:5d:
         fb:ac:a1:59:d4:1b:ba:e8:05:a0:6b:31:ca:5f:d7:96:21:01:
         27:72:71:14:94:e9:64:91:f7:ce:57:fe:e2:c6:16:f2:d3:56:
         18:e8:6e:fa:26:bb:9e:b9:16:5a:66:30:9c:22:b2:ab:3f:66:
         10:75:25:a6:7c:94:e9:07:84:9b:2c:73:8c:eb:8d:0c:4a:74:
         f4:a5:1b:df:52:0c:44:73:40:90:b1:52:be:29:51:53:d6:1c:
         36:4c:18:83:9b:43:bb:68:b3:98:1e:ab:b0:3f:54:6d:89:b1:
         d9:b6:1e:fe:0b:71:c8:62:47:28:e7:35:4c:a8:a7:bd:f8:7a:
         be:78:ba:74:27:e4:c7:81:33:62:dc:e3:c4:31:27:e7:f5:9e:
         80:48:2a:47:d0:9d:d8:17:eb:f6:23:19:48:79:d6:53:d2:3c:
         31:a4:09:63:1b:cb:07:5d:db:ad:88:17:28:b0:79:98:d0:21:
         72:2c:a7:19:a6:6d:ba:34:b0:1d:de:a8:37:bf:8b:45:2f:71:
         d1:7c:33:94:52:b8:6c:71:9e:50:fc:58:3d:1f:c3:3e:8f:bb:
         54:fe:08:59:35:bd:96:d0:13:e1:77:cd:fc:42:88:47:b6:9f:
         58:fc:26:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7r5NOyQ7D5cmVG3QDLLxJeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjQwNDE3MTE1MDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjYxY2MyNWE0Njc1ZGNhMjg1NjgwMDYxMjY0MGQ1NDQxMjQ4ZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpLu2OY5B0/3aJlSnl8yguuhT8LS
yOhkOiuUQBfEwK8tDJbLOZPSwVIApkBV1vmeeKpZkPdCZmyhvDjWYIcxUtN6y8lT
dNC5FL4m/dHoGbH6uRfPwTp8UFCd4Wp0fZYEiRJszm3rHszJM+oajJMZ6DEgQI03
ShKJXX/ji4KtysVderwlIRL816g+NvKKJDtmc9KXhKAxJ74cTQzuJjCknpvR21nf
Iv0uCiLIl0qXMIaCWM6umCOq5hSnBiVdouGCpuqOHAXFpAuLjfas52GPZhvL2vOw
HsH1maImCIEbywzCb7QqyVRmKzRkHXtKQ6C2j9tHRY7QWiuu1eGAbsmF/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZhzCWkZ13KKFaABhJkDVRBJI/nMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvZG1ITUphUm5YY29vVm9BR0VtUU5WRUVrai1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRoDMA0G
CSqGSIb3DQEBCwUAA4IBAQBg8YrrW6jiWo9oca2EvlprqF37rKFZ1Bu66AWgazHK
X9eWIQEncnEUlOlkkffOV/7ixhby01YY6G76JrueuRZaZjCcIrKrP2YQdSWmfJTp
B4SbLHOM640MSnT0pRvfUgxEc0CQsVK+KVFT1hw2TBiDm0O7aLOYHquwP1RtibHZ
th7+C3HIYkco5zVMqKe9+Hq+eLp0J+THgTNi3OPEMSfn9Z6ASCpH0J3YF+v2IxlI
edZT0jwxpAljG8sHXdutiBcosHmY0CFyLKcZpm26NLAd3qg3v4tFL3HRfDOUUrhs
cZ5Q/Fg9H8M+j7tU/ghZNb2W0BPhd838QohHtp9Y/Ca4
-----END CERTIFICATE-----