Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/DapHF4_ML4zHS1eSSpKXu6earDU.roa
File:                     DapHF4_ML4zHS1eSSpKXu6earDU.roa (raw, json)
Hash identifier:          VRZxFZEzLMzQ017sges9Sj2H9YBysCUi/ugt8yTZW+k=
Subject key identifier:   0D:AA:47:17:8F:CC:2F:8C:C7:4B:57:92:4A:92:97:BB:A7:9A:AC:35
Certificate issuer:       /CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
Certificate serial:       0194258F73DDD334AD761363EB4F78C0A3C6
Authority key identifier: E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/DapHF4_ML4zHS1eSSpKXu6earDU.roa
Signing time:             Thu 02 Jan 2025 05:49:05 +0000
ROA not before:           Thu 02 Jan 2025 05:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199414
IP address blocks:        146.19.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:73:dd:d3:34:ad:76:13:63:eb:4f:78:c0:a3:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
        Validity
            Not Before: Jan  2 05:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0daa47178fcc2f8cc74b57924a9297bba79aac35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:5a:5e:75:16:b3:3d:4e:39:5c:66:f9:97:aa:
                    dc:51:9d:74:ac:db:1a:8a:b4:75:45:bf:d2:3a:e5:
                    70:00:5b:59:31:1f:08:a3:00:35:23:5c:e8:e4:9c:
                    88:e7:52:c9:90:11:d2:67:9b:28:4b:1a:73:e3:d7:
                    ef:ec:f4:26:7a:e0:ce:e3:08:ba:3a:97:ac:00:f2:
                    79:5d:75:5f:04:cf:cf:03:49:4d:23:af:15:bb:7e:
                    16:e7:74:f1:d2:b6:7e:91:f5:c8:b5:3f:2e:89:8e:
                    8c:37:e9:69:17:d9:c4:ea:72:17:42:1a:54:b0:da:
                    33:bd:89:d7:ce:19:46:77:ae:4f:ef:42:df:4f:80:
                    f8:02:a4:97:5d:f0:2f:08:c1:89:62:ec:ee:36:57:
                    e2:ad:db:6c:50:9c:b7:03:48:3b:49:02:99:79:7b:
                    91:19:ad:67:25:df:1a:53:a3:d4:da:0f:0c:be:08:
                    be:1b:15:79:e4:ba:d4:77:a8:ab:5b:ea:e9:24:9b:
                    2a:50:40:5e:14:8a:72:ef:fb:74:ec:7a:8f:e9:62:
                    b7:2b:0b:96:a5:e0:35:86:ec:1c:d9:df:ff:be:5e:
                    09:fc:7f:24:cc:c7:a6:6f:cd:d8:dd:3e:72:2a:03:
                    ea:49:ac:33:24:f3:9e:22:ee:a0:ab:b8:c6:1b:df:
                    a8:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:AA:47:17:8F:CC:2F:8C:C7:4B:57:92:4A:92:97:BB:A7:9A:AC:35
            X509v3 Authority Key Identifier:
                keyid:E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/DapHF4_ML4zHS1eSSpKXu6earDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:ad:a4:7b:3a:cf:47:0f:24:86:f3:2a:c7:6e:2a:76:5c:ed:
         9e:93:5e:2b:eb:48:9c:f3:ca:14:00:56:d6:76:58:89:c6:36:
         86:b4:7d:10:21:ab:8c:12:60:56:7e:69:eb:18:76:ec:a8:0e:
         a1:68:70:d2:ea:b6:bf:16:20:70:9c:f8:29:64:53:69:a0:4a:
         a6:ad:a7:6b:e7:d6:05:70:02:ef:9c:bc:89:5b:a3:01:04:6b:
         79:06:45:8b:4c:09:fd:f8:8e:d2:25:e9:73:e3:b8:a7:12:e5:
         a3:5d:ca:f0:6b:6a:9a:db:b9:7c:c2:a1:9c:7a:fc:0b:1c:73:
         e3:45:f7:75:3c:1c:d2:f0:66:ba:d2:90:f3:d1:2f:ed:e3:6f:
         32:28:b4:3d:1d:8f:65:5c:14:00:68:4b:4f:73:7a:3a:c1:e7:
         4f:63:7b:4d:fb:1f:95:8e:be:32:79:cd:3a:ea:0a:30:95:88:
         f8:38:ee:86:cb:6a:32:73:d6:5e:f9:cf:39:a4:2b:20:ce:3d:
         86:d5:58:49:13:bc:32:ad:6d:41:bd:ad:89:98:6a:c3:04:0e:
         9f:96:93:41:58:3d:53:e1:72:54:3e:64:bf:90:fd:e9:9b:04:
         23:6d:77:f8:8c:83:aa:d0:65:75:cf:ec:87:c9:fa:aa:bc:23:
         e9:e5:0d:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj3Pd0zStdhNj6094wKPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NjA3NmYyN2UxM2QxODAwZTc3ZDE2ZTRiNjBiMjNiNmY1
OGM4MjAwHhcNMjUwMTAyMDU0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGFhNDcxNzhmY2MyZjhjYzc0YjU3OTI0YTkyOTdiYmE3OWFhYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVpedRazPU45XGb5l6rcUZ10rNsa
irR1Rb/SOuVwAFtZMR8IowA1I1zo5JyI51LJkBHSZ5soSxpz49fv7PQmeuDO4wi6
OpesAPJ5XXVfBM/PA0lNI68Vu34W53Tx0rZ+kfXItT8uiY6MN+lpF9nE6nIXQhpU
sNozvYnXzhlGd65P70LfT4D4AqSXXfAvCMGJYuzuNlfirdtsUJy3A0g7SQKZeXuR
Ga1nJd8aU6PU2g8Mvgi+GxV55LrUd6irW+rpJJsqUEBeFIpy7/t07HqP6WK3KwuW
peA1huwc2d//vl4J/H8kzMemb83Y3T5yKgPqSawzJPOeIu6gq7jGG9+ocQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2qRxePzC+Mx0tXkkqSl7unmqw1MB8GA1UdIwQY
MBaAFOVgdvJ+E9GADnfRbktgsjtvWMggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgt
NThjZjg5ODg4ZTJhLzEvRGFwSEY0X01MNHpIUzFlU1NwS1h1NmVhckRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgtNThjZjg5ODg4ZTJh
LzEvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMwMA0G
CSqGSIb3DQEBCwUAA4IBAQCtraR7Os9HDySG8yrHbip2XO2ek14r60ic88oUAFbW
dliJxjaGtH0QIauMEmBWfmnrGHbsqA6haHDS6ra/FiBwnPgpZFNpoEqmradr59YF
cALvnLyJW6MBBGt5BkWLTAn9+I7SJelz47inEuWjXcrwa2qa27l8wqGcevwLHHPj
Rfd1PBzS8Ga60pDz0S/t428yKLQ9HY9lXBQAaEtPc3o6wedPY3tN+x+Vjr4yec06
6gowlYj4OO6Gy2oyc9Ze+c85pCsgzj2G1VhJE7wyrW1Bva2JmGrDBA6flpNBWD1T
4XJUPmS/kP3pmwQjbXf4jIOq0GV1z+yHyfqqvCPp5Q1M
-----END CERTIFICATE-----