Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/9f1503-f77d-4f78-8c9f-a8ab5d5737df/1/Dgcly8v4CR7-bWoogRwA8Cd0ZgQ.roa
File:                     Dgcly8v4CR7-bWoogRwA8Cd0ZgQ.roa (raw, json)
Hash identifier:          XQw1h6VNbTxzmM1H2Iqg9dXPjJiJyzhNIjXbV7g4seM=
Subject key identifier:   0E:07:25:CB:CB:F8:09:1E:FE:6D:6A:28:81:1C:00:F0:27:74:66:04
Certificate issuer:       /CN=a08f8e29e0420e723dd1dc418e8713c8e96043d8
Certificate serial:       0196EDAC7CFA6F7BEA2B1444A9E54288D4CC
Authority key identifier: A0:8F:8E:29:E0:42:0E:72:3D:D1:DC:41:8E:87:13:C8:E9:60:43:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oI-OKeBCDnI90dxBjocTyOlgQ9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/9f1503-f77d-4f78-8c9f-a8ab5d5737df/1/Dgcly8v4CR7-bWoogRwA8Cd0ZgQ.roa
Signing time:             Tue 20 May 2025 12:30:26 +0000
ROA not before:           Tue 20 May 2025 12:30:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57945
IP address blocks:        91.236.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/9f1503-f77d-4f78-8c9f-a8ab5d5737df/1/oI-OKeBCDnI90dxBjocTyOlgQ9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/9f1503-f77d-4f78-8c9f-a8ab5d5737df/1/oI-OKeBCDnI90dxBjocTyOlgQ9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oI-OKeBCDnI90dxBjocTyOlgQ9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 03:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:ac:7c:fa:6f:7b:ea:2b:14:44:a9:e5:42:88:d4:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a08f8e29e0420e723dd1dc418e8713c8e96043d8
        Validity
            Not Before: May 20 12:30:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e0725cbcbf8091efe6d6a28811c00f027746604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4f:f0:f7:da:4f:8a:e4:96:45:1d:16:7c:a7:
                    ad:c1:1c:60:ce:ca:a3:b3:83:a5:27:4e:6b:c9:96:
                    49:d5:b0:22:d8:56:82:d9:36:35:82:85:52:ab:9f:
                    69:af:7d:9f:a6:50:2b:b8:fe:f6:e5:e8:72:5f:ac:
                    c7:22:57:d2:c0:3b:4c:09:aa:f5:9c:08:fd:e3:ea:
                    07:47:84:9f:62:42:65:f1:4b:fd:e2:57:73:8e:2a:
                    88:e9:f8:73:b4:64:62:b1:3d:a9:a9:e3:34:16:2a:
                    e0:ac:da:53:69:7e:3b:c5:e7:b1:1d:b1:0b:b6:eb:
                    73:e5:b9:7c:8c:a1:05:d6:79:49:90:58:26:03:f7:
                    34:bc:f3:69:39:6c:ee:50:4a:56:64:65:e6:62:df:
                    59:91:b7:ea:d6:c3:3a:59:0e:65:cf:24:af:78:c0:
                    2a:ab:aa:10:3c:5c:c8:6a:6d:d0:ba:2d:31:01:25:
                    ff:39:ea:86:6f:53:ab:3f:7e:dd:b9:a6:43:05:6e:
                    9e:cc:8a:c6:94:99:8e:c3:a9:df:38:4b:85:cd:60:
                    fa:0f:f5:6a:88:31:05:5d:88:13:4e:db:5b:08:b5:
                    96:b8:d6:9f:88:4e:2a:0b:dd:48:1d:55:58:66:ba:
                    d6:ec:e8:d0:c5:10:21:d4:dc:29:d8:12:50:bf:aa:
                    48:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:07:25:CB:CB:F8:09:1E:FE:6D:6A:28:81:1C:00:F0:27:74:66:04
            X509v3 Authority Key Identifier:
                keyid:A0:8F:8E:29:E0:42:0E:72:3D:D1:DC:41:8E:87:13:C8:E9:60:43:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oI-OKeBCDnI90dxBjocTyOlgQ9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9f1503-f77d-4f78-8c9f-a8ab5d5737df/1/Dgcly8v4CR7-bWoogRwA8Cd0ZgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9f1503-f77d-4f78-8c9f-a8ab5d5737df/1/oI-OKeBCDnI90dxBjocTyOlgQ9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:81:a8:ce:28:da:af:09:75:7e:6e:78:46:45:5f:3c:b1:7e:
         c8:aa:40:09:eb:a8:28:d3:c6:05:91:35:40:90:a4:b7:c6:57:
         4a:1f:5f:61:af:4b:1e:23:8e:a2:9f:4f:a9:36:f0:78:e7:19:
         25:49:9f:3d:81:76:55:66:52:f6:70:e4:ef:a1:5d:ec:3b:16:
         61:78:c9:e9:06:20:5a:0f:6a:3d:79:f4:3c:54:59:9d:3b:9b:
         e9:bb:c0:fa:7e:a7:26:1e:23:eb:db:e1:3f:a3:c8:63:a7:ae:
         40:08:0f:0a:34:c7:14:5c:1c:3a:aa:99:43:fb:4c:5d:cb:61:
         42:2d:b2:93:65:16:4f:ff:f6:10:18:62:99:7c:e1:b6:c5:bc:
         c7:42:50:c2:81:bd:56:fe:28:61:e3:5d:5a:26:12:7e:0c:59:
         42:08:85:db:f4:78:5e:ba:07:3c:6e:45:85:ec:b6:c5:c8:07:
         b7:45:7a:0a:03:b0:48:bd:eb:48:bd:8f:43:90:1c:e4:76:6b:
         e1:c1:90:9a:b6:9b:ce:6e:c3:22:3d:a5:90:6b:3c:f8:d2:af:
         9d:12:77:a5:36:73:b0:ab:1e:f3:6f:b1:a1:fc:23:6a:d5:a6:
         01:55:35:97:57:8f:64:29:b3:8c:35:6d:18:e4:23:b5:f8:9f:
         a5:a9:8d:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtrHz6b3vqKxREqeVCiNTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwOGY4ZTI5ZTA0MjBlNzIzZGQxZGM0MThlODcxM2M4ZTk2
MDQzZDgwHhcNMjUwNTIwMTIzMDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTA3MjVjYmNiZjgwOTFlZmU2ZDZhMjg4MTFjMDBmMDI3NzQ2NjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE/w99pPiuSWRR0WfKetwRxgzsqj
s4OlJ05ryZZJ1bAi2FaC2TY1goVSq59pr32fplAruP725ehyX6zHIlfSwDtMCar1
nAj94+oHR4SfYkJl8Uv94ldzjiqI6fhztGRisT2pqeM0FirgrNpTaX47xeexHbEL
tutz5bl8jKEF1nlJkFgmA/c0vPNpOWzuUEpWZGXmYt9Zkbfq1sM6WQ5lzySveMAq
q6oQPFzIam3Qui0xASX/OeqGb1OrP37duaZDBW6ezIrGlJmOw6nfOEuFzWD6D/Vq
iDEFXYgTTttbCLWWuNafiE4qC91IHVVYZrrW7OjQxRAh1Nwp2BJQv6pIZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4HJcvL+Ake/m1qKIEcAPAndGYEMB8GA1UdIwQY
MBaAFKCPjingQg5yPdHcQY6HE8jpYEPYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0ktT0tlQkNEbkk5MGR4QmpvY1R5T2xnUTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85ZjE1MDMtZjc3ZC00Zjc4LThjOWYt
YThhYjVkNTczN2RmLzEvRGdjbHk4djRDUjctYldvb2dSd0E4Q2QwWmdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85ZjE1MDMtZjc3ZC00Zjc4LThjOWYtYThhYjVkNTczN2Rm
LzEvb0ktT0tlQkNEbkk5MGR4QmpvY1R5T2xnUTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+zpMA0G
CSqGSIb3DQEBCwUAA4IBAQBmgajOKNqvCXV+bnhGRV88sX7IqkAJ66go08YFkTVA
kKS3xldKH19hr0seI46in0+pNvB45xklSZ89gXZVZlL2cOTvoV3sOxZheMnpBiBa
D2o9efQ8VFmdO5vpu8D6fqcmHiPr2+E/o8hjp65ACA8KNMcUXBw6qplD+0xdy2FC
LbKTZRZP//YQGGKZfOG2xbzHQlDCgb1W/ihh411aJhJ+DFlCCIXb9Hheugc8bkWF
7LbFyAe3RXoKA7BIvetIvY9DkBzkdmvhwZCatpvObsMiPaWQazz40q+dEnelNnOw
qx7zb7Gh/CNq1aYBVTWXV49kKbOMNW0Y5CO1+J+lqY1E
-----END CERTIFICATE-----