Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/DNqc5HuRGO39V396AyWcAIocSNE.roa
File:                     DNqc5HuRGO39V396AyWcAIocSNE.roa (raw, json)
Hash identifier:          FFzuTXljOvpIZDu6MMjnE/qWedYjj3h1+YvdEGEP02g=
Subject key identifier:   0C:DA:9C:E4:7B:91:18:ED:FD:57:7F:7A:03:25:9C:00:8A:1C:48:D1
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C87C0A49D117309CBD151040ECA38
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/DNqc5HuRGO39V396AyWcAIocSNE.roa
Signing time:             Thu 02 Jan 2025 09:50:34 +0000
ROA not before:           Thu 02 Jan 2025 09:50:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204354
IP address blocks:        185.251.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:87:c0:a4:9d:11:73:09:cb:d1:51:04:0e:ca:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cda9ce47b9118edfd577f7a03259c008a1c48d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:87:8e:7f:ef:51:e2:91:c9:5d:f0:48:14:e7:
                    1b:3a:80:b2:aa:bb:aa:38:86:5d:d9:3a:d1:e4:ba:
                    4f:b8:06:dd:db:ec:9c:7e:13:d7:5d:10:dc:0d:4d:
                    98:6b:3c:f3:00:1a:53:e4:01:18:e5:99:73:87:97:
                    30:69:3f:fe:f3:11:97:ce:b8:d2:16:9e:a2:5c:23:
                    b4:95:fd:b0:5b:3f:b7:47:97:98:a2:13:bf:5b:1e:
                    c8:2f:0c:56:f9:61:5e:8b:7e:7e:3a:6c:27:6b:e2:
                    38:62:dd:05:26:26:41:c0:79:1d:28:a1:d7:fe:66:
                    58:82:42:e8:3e:a3:0e:b4:9c:b1:10:38:9e:3f:f2:
                    3e:33:ba:2c:69:ad:f1:49:af:69:d2:b1:f1:02:27:
                    5d:57:c7:ed:8c:89:6c:0b:46:c4:8b:cb:bb:84:e2:
                    f6:d1:93:98:28:49:dc:83:96:d2:e8:98:61:8f:6d:
                    06:9b:1e:ac:10:ab:1b:6c:9f:20:16:d0:51:dd:94:
                    a5:0c:55:bb:e0:1f:d6:8b:a9:19:34:e0:9e:ea:6a:
                    6f:45:6a:eb:97:56:37:fa:0e:cd:83:8b:ae:b6:24:
                    60:54:b2:a2:cc:08:30:c7:14:40:a1:d8:07:14:71:
                    67:a7:ca:57:72:bc:df:80:78:1c:11:94:1e:df:25:
                    a1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DA:9C:E4:7B:91:18:ED:FD:57:7F:7A:03:25:9C:00:8A:1C:48:D1
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/DNqc5HuRGO39V396AyWcAIocSNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:d3:2d:06:d8:d9:35:0b:67:aa:56:9e:f4:72:0e:91:b1:bd:
         a1:bb:b9:34:f5:3c:94:df:1e:5f:30:81:83:af:93:e8:72:98:
         3b:ba:12:e6:56:0d:49:fa:42:d9:c1:ca:1a:ea:cb:8b:84:22:
         79:0e:93:da:2d:e0:c3:14:d0:d9:4e:4d:a7:39:b6:2f:4c:a9:
         60:d3:d5:c2:fa:af:17:52:e6:db:60:ba:58:a8:c0:ce:a2:22:
         8c:32:06:ce:cf:d9:ed:cd:bd:37:3a:31:7b:59:06:5a:6b:5e:
         81:32:03:b6:dd:98:7f:2e:22:08:f0:a2:a7:0e:25:69:ef:78:
         14:74:3c:2f:31:27:14:24:17:7a:2b:fe:fa:46:0c:40:6a:56:
         2b:10:10:38:ed:fd:5f:4b:fc:87:29:30:25:8c:66:2b:b2:63:
         5b:ac:08:0b:4b:ed:ce:c9:28:a1:48:5c:75:97:bb:d1:c3:b1:
         6a:32:f0:b9:df:cb:d0:8c:dd:44:a4:76:93:17:fb:d4:64:b1:
         db:c1:a0:bb:27:f6:59:97:1a:83:aa:00:30:31:f0:ef:8d:f5:
         df:1b:28:2e:e2:33:94:40:0b:c8:e4:d5:63:b4:bd:26:ec:00:
         de:4b:99:99:49:a1:93:51:d6:7a:b4:64:eb:54:23:02:ca:3d:
         5d:75:d0:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbIfApJ0RcwnL0VEEDso4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2RhOWNlNDdiOTExOGVkZmQ1NzdmN2EwMzI1OWMwMDhhMWM0OGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIeOf+9R4pHJXfBIFOcbOoCyqruq
OIZd2TrR5LpPuAbd2+ycfhPXXRDcDU2YazzzABpT5AEY5Zlzh5cwaT/+8xGXzrjS
Fp6iXCO0lf2wWz+3R5eYohO/Wx7ILwxW+WFei35+Omwna+I4Yt0FJiZBwHkdKKHX
/mZYgkLoPqMOtJyxEDieP/I+M7osaa3xSa9p0rHxAiddV8ftjIlsC0bEi8u7hOL2
0ZOYKEncg5bS6Jhhj20Gmx6sEKsbbJ8gFtBR3ZSlDFW74B/Wi6kZNOCe6mpvRWrr
l1Y3+g7Ng4uutiRgVLKizAgwxxRAodgHFHFnp8pXcrzfgHgcEZQe3yWhkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzanOR7kRjt/Vd/egMlnACKHEjRMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvRE5xYzVIdVJHTzM5VjM5NkF5V2NBSW9jU05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufvwMA0G
CSqGSIb3DQEBCwUAA4IBAQAy0y0G2Nk1C2eqVp70cg6Rsb2hu7k09TyU3x5fMIGD
r5Pocpg7uhLmVg1J+kLZwcoa6suLhCJ5DpPaLeDDFNDZTk2nObYvTKlg09XC+q8X
UubbYLpYqMDOoiKMMgbOz9ntzb03OjF7WQZaa16BMgO23Zh/LiII8KKnDiVp73gU
dDwvMScUJBd6K/76RgxAalYrEBA47f1fS/yHKTAljGYrsmNbrAgLS+3OySihSFx1
l7vRw7FqMvC538vQjN1EpHaTF/vUZLHbwaC7J/ZZlxqDqgAwMfDvjfXfGygu4jOU
QAvI5NVjtL0m7ADeS5mZSaGTUdZ6tGTrVCMCyj1dddAd
-----END CERTIFICATE-----