Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/DlEN3D6ABTKOQAUtaBMUB9rDXTg.roa
File:                     DlEN3D6ABTKOQAUtaBMUB9rDXTg.roa (raw, json)
Hash identifier:          7Z/Q1II+IY41ZQNrl/gNVuPJHIVrAlLxhLrLlp3uHJ8=
Subject key identifier:   0E:51:0D:DC:3E:80:05:32:8E:40:05:2D:68:13:14:07:DA:C3:5D:38
Certificate issuer:       /CN=a36d0ae5e2fbffcce08770ebc20c216b9fbf9485
Certificate serial:       0196A3D644BEDF71E247D5442D1E90481EA8
Authority key identifier: A3:6D:0A:E5:E2:FB:FF:CC:E0:87:70:EB:C2:0C:21:6B:9F:BF:94:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/DlEN3D6ABTKOQAUtaBMUB9rDXTg.roa
Signing time:             Tue 06 May 2025 04:24:10 +0000
ROA not before:           Tue 06 May 2025 04:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207240
IP address blocks:        171.25.177.0/24 maxlen: 24
                          193.104.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a3:d6:44:be:df:71:e2:47:d5:44:2d:1e:90:48:1e:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a36d0ae5e2fbffcce08770ebc20c216b9fbf9485
        Validity
            Not Before: May  6 04:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e510ddc3e8005328e40052d68131407dac35d38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b0:e1:ec:49:99:29:d5:3d:09:9e:69:b9:fc:
                    39:b6:d1:e1:02:32:94:34:6f:6a:9d:bb:45:1b:62:
                    b3:80:d4:0c:5d:0c:54:b6:1f:c9:8a:b2:81:05:25:
                    15:b8:10:9b:5d:2b:a2:33:01:21:bd:fd:36:35:a3:
                    a9:30:98:f2:26:77:8b:c3:c8:b6:e3:67:05:e4:9a:
                    06:c9:9f:eb:91:43:de:5d:ed:e5:b8:52:e8:00:5a:
                    5e:d0:b6:32:a0:c8:af:97:25:7b:c8:ef:b3:66:7d:
                    7b:a6:9d:43:a6:6b:45:e5:6b:40:ee:8f:44:ea:4d:
                    0f:cb:82:71:c5:60:1a:f9:94:39:22:a0:21:46:30:
                    3d:21:9c:f4:de:6f:2a:6a:d8:f7:ea:2a:40:13:16:
                    78:7a:7e:e5:2f:b8:5d:2f:48:89:f9:d9:89:52:4f:
                    c4:f3:23:50:b2:de:d8:60:31:01:13:b8:5b:6d:75:
                    98:3c:da:8d:4f:cb:fb:80:88:c8:98:36:0c:d6:64:
                    0e:dc:0d:7f:a5:97:4a:d6:d4:1e:48:d5:16:ea:1a:
                    4b:81:3c:71:9e:4b:73:53:90:25:ba:58:08:63:cb:
                    54:a2:ac:c5:62:fe:01:2d:fd:27:1b:97:52:28:c7:
                    8e:9d:ce:88:6e:9a:68:b6:aa:56:30:1b:ca:45:7b:
                    f9:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:51:0D:DC:3E:80:05:32:8E:40:05:2D:68:13:14:07:DA:C3:5D:38
            X509v3 Authority Key Identifier:
                keyid:A3:6D:0A:E5:E2:FB:FF:CC:E0:87:70:EB:C2:0C:21:6B:9F:BF:94:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/DlEN3D6ABTKOQAUtaBMUB9rDXTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.25.177.0/24
                  193.104.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:7c:db:f1:12:13:ff:84:c2:18:a3:10:2f:33:66:67:0a:e0:
         f3:0c:e0:16:47:0f:d7:06:bd:b6:e2:e8:7c:5b:8d:10:5f:3b:
         e0:0e:3e:78:7a:11:1b:9e:05:3a:75:cc:70:c8:48:f8:77:e1:
         af:e4:39:33:cd:20:fd:5e:31:3e:e5:f4:2f:43:dc:9d:01:7b:
         c8:fb:4f:0b:eb:c2:b1:fd:c4:a6:fe:68:d1:e4:a8:74:28:ff:
         dc:ed:09:e7:b8:f6:0b:2e:d0:62:6e:c4:32:d6:1c:b7:36:a3:
         d0:20:c1:16:c7:29:c0:f4:3d:80:55:2e:82:db:ba:8e:33:71:
         1d:6f:78:7f:4a:e0:b7:1c:77:aa:1b:03:69:40:5a:18:01:37:
         5c:0a:0f:a3:73:64:c1:94:29:2d:b4:48:90:63:33:e5:56:f8:
         a2:0f:e2:4a:d3:b0:62:64:81:23:a6:00:88:94:ea:62:5b:aa:
         a2:4e:29:9c:f5:63:34:25:b7:b1:23:bc:c7:51:4e:18:53:46:
         2d:6a:e9:17:f3:dc:8a:11:52:81:fb:56:d9:a9:2f:01:ab:9d:
         e2:75:0b:fa:fd:fc:bf:99:a1:06:0f:b4:12:a4:ba:28:34:1e:
         96:ac:20:03:82:f8:3e:31:00:40:32:78:22:ab:bc:97:1d:8c:
         8c:e3:2e:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaj1kS+33HiR9VELR6QSB6oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNmQwYWU1ZTJmYmZmY2NlMDg3NzBlYmMyMGMyMTZiOWZi
Zjk0ODUwHhcNMjUwNTA2MDQyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTUxMGRkYzNlODAwNTMyOGU0MDA1MmQ2ODEzMTQwN2RhYzM1ZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27Dh7EmZKdU9CZ5pufw5ttHhAjKU
NG9qnbtFG2KzgNQMXQxUth/JirKBBSUVuBCbXSuiMwEhvf02NaOpMJjyJneLw8i2
42cF5JoGyZ/rkUPeXe3luFLoAFpe0LYyoMivlyV7yO+zZn17pp1DpmtF5WtA7o9E
6k0Py4JxxWAa+ZQ5IqAhRjA9IZz03m8qatj36ipAExZ4en7lL7hdL0iJ+dmJUk/E
8yNQst7YYDEBE7hbbXWYPNqNT8v7gIjImDYM1mQO3A1/pZdK1tQeSNUW6hpLgTxx
nktzU5AlulgIY8tUoqzFYv4BLf0nG5dSKMeOnc6IbppotqpWMBvKRXv5lQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA5RDdw+gAUyjkAFLWgTFAfaw104MB8GA1UdIwQY
MBaAFKNtCuXi+//M4Idw68IMIWufv5SFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzIwSzVlTDdfOHpnaDNEcndnd2hhNS1fbElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC84Y2FjMGMtMzQyNi00ZjA3LWFmMjAt
Y2JiOTUxODNiMjdhLzEvRGxFTjNENkFCVEtPUUFVdGFCTVVCOXJEWFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC84Y2FjMGMtMzQyNi00ZjA3LWFmMjAtY2JiOTUxODNiMjdh
LzEvbzIwSzVlTDdfOHpnaDNEcndnd2hhNS1fbElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqxmxAwQA
wWhAMA0GCSqGSIb3DQEBCwUAA4IBAQBafNvxEhP/hMIYoxAvM2ZnCuDzDOAWRw/X
Br224uh8W40QXzvgDj54ehEbngU6dcxwyEj4d+Gv5DkzzSD9XjE+5fQvQ9ydAXvI
+08L68Kx/cSm/mjR5Kh0KP/c7QnnuPYLLtBibsQy1hy3NqPQIMEWxynA9D2AVS6C
27qOM3Edb3h/SuC3HHeqGwNpQFoYATdcCg+jc2TBlCkttEiQYzPlVviiD+JK07Bi
ZIEjpgCIlOpiW6qiTimc9WM0JbexI7zHUU4YU0YtaukX89yKEVKB+1bZqS8Bq53i
dQv6/fy/maEGD7QSpLooNB6WrCADgvg+MQBAMngiq7yXHYyM4y6q
-----END CERTIFICATE-----