Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/DDq525mddfr-xwBo8-T-YcAlqlM.roa
File:                     DDq525mddfr-xwBo8-T-YcAlqlM.roa (raw, json)
Hash identifier:          vbBu7r+JS7z7+nPsGEJDbq+t4cp8fYea0z6mgr+ClXE=
Subject key identifier:   0C:3A:B9:DB:99:9D:75:FA:FE:C7:00:68:F3:E4:FE:61:C0:25:AA:53
Certificate issuer:       /CN=a20cc67154b403145d139469886127ab629eb928
Certificate serial:       01942522000F77364ABCBFEBF3343373CF2C
Authority key identifier: A2:0C:C6:71:54:B4:03:14:5D:13:94:69:88:61:27:AB:62:9E:B9:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogzGcVS0AxRdE5RpiGEnq2KeuSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/DDq525mddfr-xwBo8-T-YcAlqlM.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216306
IP address blocks:        91.208.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/ogzGcVS0AxRdE5RpiGEnq2KeuSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/ogzGcVS0AxRdE5RpiGEnq2KeuSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogzGcVS0AxRdE5RpiGEnq2KeuSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:00:0f:77:36:4a:bc:bf:eb:f3:34:33:73:cf:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a20cc67154b403145d139469886127ab629eb928
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c3ab9db999d75fafec70068f3e4fe61c025aa53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:93:ce:50:ff:24:55:19:91:7b:fd:dc:e9:f4:
                    c2:48:ca:19:b5:57:e4:28:42:f7:da:13:64:ba:07:
                    dd:5e:de:26:9d:c9:d8:1d:d4:06:f2:2d:4f:7a:35:
                    ba:4b:b8:55:23:c1:73:db:1b:8d:bd:f2:b4:26:05:
                    47:57:51:e6:9e:13:d4:dd:4f:be:01:67:b9:a6:c1:
                    12:52:61:6f:2e:5d:20:ce:27:2f:c4:05:40:65:8f:
                    6b:e6:cb:f4:6d:28:2a:c3:dc:de:85:87:79:93:44:
                    81:fd:e2:3d:4e:8a:3d:96:83:5b:15:ce:54:ea:23:
                    b4:ca:41:03:5d:6d:db:d0:60:a9:cd:87:6a:00:c2:
                    ab:3e:65:8e:45:c8:06:c3:48:44:a3:2e:2f:d4:55:
                    c3:31:c8:15:b1:1a:32:e0:57:81:af:65:0d:61:60:
                    1d:eb:b6:c9:39:b1:88:bc:5d:aa:17:b0:e2:f4:69:
                    1d:82:b4:07:3d:92:7b:ba:06:a3:2b:50:02:e4:62:
                    35:02:c5:04:90:a5:a7:0c:84:0b:66:55:42:19:ae:
                    01:00:68:29:b2:89:09:d6:30:01:a5:92:d9:5f:49:
                    40:16:23:aa:f6:c7:97:45:8c:48:58:59:42:7f:3b:
                    1d:87:db:b7:45:67:62:3c:31:e2:30:45:b5:69:88:
                    80:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:3A:B9:DB:99:9D:75:FA:FE:C7:00:68:F3:E4:FE:61:C0:25:AA:53
            X509v3 Authority Key Identifier:
                keyid:A2:0C:C6:71:54:B4:03:14:5D:13:94:69:88:61:27:AB:62:9E:B9:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogzGcVS0AxRdE5RpiGEnq2KeuSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/DDq525mddfr-xwBo8-T-YcAlqlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dd8878-2941-4c15-b204-8fc33737ceab/1/ogzGcVS0AxRdE5RpiGEnq2KeuSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:37:05:5e:f0:8d:4c:f2:fa:bd:b4:0f:d1:b4:f7:1a:7d:39:
         17:cc:27:07:8e:30:70:84:fe:0b:d2:75:53:55:d6:39:e9:83:
         20:30:5d:25:a4:36:5f:be:0b:d8:e9:9c:ad:87:d6:34:ab:fc:
         b5:c6:62:3c:eb:9c:14:87:92:78:24:36:a5:31:a1:f7:a9:d2:
         10:d8:56:6e:a7:ea:47:7a:b6:5d:a5:7b:9a:3f:7b:69:a5:58:
         bf:a5:28:34:4e:b9:41:33:ad:d0:88:6f:dd:96:fd:8a:40:48:
         91:8e:a3:78:2a:9e:1a:65:d5:b0:b0:ad:29:e5:d7:a5:64:cb:
         b1:06:45:88:de:ab:5e:55:7f:61:75:26:0c:bb:91:80:2f:8b:
         35:b3:54:2e:06:3a:20:41:84:56:f5:da:62:37:8c:70:20:2b:
         b7:7c:9a:5e:42:ea:29:b0:23:06:8e:5c:0a:22:16:41:d8:0b:
         16:c0:bf:53:af:f5:77:7f:91:a8:f6:f0:3a:dd:85:0e:b0:51:
         33:54:c8:ab:2c:e6:40:7b:bc:ab:cf:38:30:f8:19:4f:57:04:
         d0:86:90:7a:1a:68:23:28:ed:16:04:45:e6:db:b5:65:de:ea:
         60:9f:6e:21:8d:37:5f:6a:14:1d:e5:ff:46:b8:13:91:5d:f8:
         31:4b:ee:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIgAPdzZKvL/r8zQzc88sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMGNjNjcxNTRiNDAzMTQ1ZDEzOTQ2OTg4NjEyN2FiNjI5
ZWI5MjgwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzNhYjlkYjk5OWQ3NWZhZmVjNzAwNjhmM2U0ZmU2MWMwMjVhYTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJPOUP8kVRmRe/3c6fTCSMoZtVfk
KEL32hNkugfdXt4mncnYHdQG8i1PejW6S7hVI8Fz2xuNvfK0JgVHV1HmnhPU3U++
AWe5psESUmFvLl0gzicvxAVAZY9r5sv0bSgqw9zehYd5k0SB/eI9Too9loNbFc5U
6iO0ykEDXW3b0GCpzYdqAMKrPmWORcgGw0hEoy4v1FXDMcgVsRoy4FeBr2UNYWAd
67bJObGIvF2qF7Di9GkdgrQHPZJ7ugajK1AC5GI1AsUEkKWnDIQLZlVCGa4BAGgp
sokJ1jABpZLZX0lAFiOq9seXRYxIWFlCfzsdh9u3RWdiPDHiMEW1aYiAWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAw6uduZnXX6/scAaPPk/mHAJapTMB8GA1UdIwQY
MBaAFKIMxnFUtAMUXROUaYhhJ6tinrkoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2d6R2NWUzBBeFJkRTVScGlHRW5xMktldVNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kZDg4NzgtMjk0MS00YzE1LWIyMDQt
OGZjMzM3MzdjZWFiLzEvRERxNTI1bWRkZnIteHdCbzgtVC1ZY0FscWxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kZDg4NzgtMjk0MS00YzE1LWIyMDQtOGZjMzM3MzdjZWFi
LzEvb2d6R2NWUzBBeFJkRTVScGlHRW5xMktldVNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9B2MA0G
CSqGSIb3DQEBCwUAA4IBAQAQNwVe8I1M8vq9tA/RtPcafTkXzCcHjjBwhP4L0nVT
VdY56YMgMF0lpDZfvgvY6Zyth9Y0q/y1xmI865wUh5J4JDalMaH3qdIQ2FZup+pH
erZdpXuaP3tppVi/pSg0TrlBM63QiG/dlv2KQEiRjqN4Kp4aZdWwsK0p5delZMux
BkWI3qteVX9hdSYMu5GAL4s1s1QuBjogQYRW9dpiN4xwICu3fJpeQuopsCMGjlwK
IhZB2AsWwL9Tr/V3f5Go9vA63YUOsFEzVMirLOZAe7yrzzgw+BlPVwTQhpB6Gmgj
KO0WBEXm27Vl3upgn24hjTdfahQd5f9GuBORXfgxS+7f
-----END CERTIFICATE-----