Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/DCsIzUY9MCA0JaV6Og8Z-7mZrek.roa
File:                     DCsIzUY9MCA0JaV6Og8Z-7mZrek.roa (raw, json)
Hash identifier:          fdCemzvEyH44ROybDOkOmBmBhHkALSGBPuIIm5TTIXY=
Subject key identifier:   0C:2B:08:CD:46:3D:30:20:34:25:A5:7A:3A:0F:19:FB:B9:99:AD:E9
Certificate issuer:       /CN=b307c87e7b6e294f2700790eef19e82939d85cd6
Certificate serial:       019424B36EB3C748A6D1A0DBBB8476C58567
Authority key identifier: B3:07:C8:7E:7B:6E:29:4F:27:00:79:0E:EF:19:E8:29:39:D8:5C:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/DCsIzUY9MCA0JaV6Og8Z-7mZrek.roa
Signing time:             Thu 02 Jan 2025 01:48:46 +0000
ROA not before:           Thu 02 Jan 2025 01:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211100
IP address blocks:        185.53.34.0/24 maxlen: 24
                          2a10:fa40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 07:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:6e:b3:c7:48:a6:d1:a0:db:bb:84:76:c5:85:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b307c87e7b6e294f2700790eef19e82939d85cd6
        Validity
            Not Before: Jan  2 01:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c2b08cd463d30203425a57a3a0f19fbb999ade9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:42:c0:dc:68:73:4e:bb:13:0f:ae:26:a2:a0:
                    4d:d0:89:c8:df:e0:72:99:71:65:e8:a6:cf:ac:e6:
                    70:8e:5c:69:99:06:ec:b8:ee:51:58:03:52:bb:3b:
                    c8:34:11:6f:9c:00:c0:55:98:7a:4a:00:51:15:74:
                    36:1d:11:aa:30:58:a3:f1:92:f0:9d:e8:cd:bd:85:
                    91:23:b1:ca:5d:74:0b:fe:35:16:d5:ae:05:d5:58:
                    07:47:24:13:02:2a:94:58:e6:04:a4:04:b9:01:e3:
                    32:c3:c9:7b:7f:70:6d:9f:06:b1:0c:3d:47:6f:a1:
                    13:6d:63:60:68:39:2e:03:d7:cd:0f:df:0c:f5:f8:
                    4a:15:ac:f8:b7:42:06:2b:15:43:ff:8c:a0:27:44:
                    9b:d7:31:76:8e:52:b3:14:28:13:36:da:98:b2:e1:
                    6c:6e:72:5d:13:8c:7a:92:47:83:b6:f7:b0:c3:47:
                    b7:45:eb:e9:ed:f4:2a:31:91:ec:5a:0f:58:ac:9b:
                    a1:47:b8:df:a9:d4:5d:0f:5d:12:5a:b1:43:d9:c4:
                    6f:f5:34:93:91:dd:b1:ee:e5:25:d7:76:e1:b2:e9:
                    24:52:0e:c7:ac:8b:e9:96:df:70:db:a8:e9:61:cd:
                    ce:b1:8e:39:99:92:cc:9b:fe:7c:e7:34:f9:df:cc:
                    d6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:2B:08:CD:46:3D:30:20:34:25:A5:7A:3A:0F:19:FB:B9:99:AD:E9
            X509v3 Authority Key Identifier:
                keyid:B3:07:C8:7E:7B:6E:29:4F:27:00:79:0E:EF:19:E8:29:39:D8:5C:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/DCsIzUY9MCA0JaV6Og8Z-7mZrek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.34.0/24
                IPv6:
                  2a10:fa40::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:97:4c:dd:10:de:f5:25:77:bf:6f:21:e7:fd:3c:22:ac:06:
         dd:0d:f8:7c:96:d8:31:48:62:51:5f:0a:4f:c4:bd:73:13:50:
         32:8a:08:fb:1e:a0:12:96:bb:10:49:77:b1:d6:e4:dd:e9:5f:
         4e:f1:10:c0:74:04:f7:ff:bb:00:92:43:ec:5b:4a:67:68:14:
         82:0d:0e:d9:d1:ef:56:71:b0:1f:87:37:a4:c1:f9:04:be:0f:
         fe:37:be:2b:e2:71:86:a6:fc:fe:6b:93:a6:f3:83:26:7e:61:
         3d:1b:4a:b1:fd:13:b3:a0:18:81:94:08:52:cb:ff:c7:6e:0e:
         d4:d4:47:c5:2f:00:d8:6c:3a:9f:f3:75:60:36:c2:6f:ca:73:
         cb:02:83:2a:c4:26:19:c5:28:6a:fe:ae:30:fd:c3:6f:83:43:
         f8:49:6d:98:45:a0:16:8c:d5:bb:69:3e:72:ff:00:87:40:70:
         da:3f:dc:93:c5:ff:d5:8f:1a:91:05:15:f0:da:65:d7:40:f2:
         94:3a:6d:f9:dc:bf:67:9a:71:b8:f6:32:c3:dc:63:5d:94:be:
         96:af:32:a7:c7:52:65:23:68:7d:5a:4a:2c:8b:b5:20:65:a8:
         62:6f:66:7d:3f:1d:ca:79:ea:c4:6b:19:06:af:1c:a5:60:eb:
         04:34:5a:b6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks26zx0im0aDbu4R2xYVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMDdjODdlN2I2ZTI5NGYyNzAwNzkwZWVmMTllODI5Mzlk
ODVjZDYwHhcNMjUwMTAyMDE0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzJiMDhjZDQ2M2QzMDIwMzQyNWE1N2EzYTBmMTlmYmI5OTlhZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsELA3GhzTrsTD64moqBN0InI3+By
mXFl6KbPrOZwjlxpmQbsuO5RWANSuzvINBFvnADAVZh6SgBRFXQ2HRGqMFij8ZLw
nejNvYWRI7HKXXQL/jUW1a4F1VgHRyQTAiqUWOYEpAS5AeMyw8l7f3BtnwaxDD1H
b6ETbWNgaDkuA9fND98M9fhKFaz4t0IGKxVD/4ygJ0Sb1zF2jlKzFCgTNtqYsuFs
bnJdE4x6kkeDtveww0e3Revp7fQqMZHsWg9YrJuhR7jfqdRdD10SWrFD2cRv9TST
kd2x7uUl13bhsukkUg7HrIvplt9w26jpYc3OsY45mZLMm/585zT538zW3wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAwrCM1GPTAgNCWlejoPGfu5ma3pMB8GA1UdIwQY
MBaAFLMHyH57bilPJwB5Du8Z6Ck52FzWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3dmSWZudHVLVThuQUhrTzd4bm9LVG5ZWE5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9kYTY0MmEtYTZhYi00NzA1LTk1ODct
NjQ5NDVhNGY4ZTEyLzEvRENzSXpVWTlNQ0EwSmFWNk9nOFotN21acmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9kYTY0MmEtYTZhYi00NzA1LTk1ODctNjQ5NDVhNGY4ZTEy
LzEvc3dmSWZudHVLVThuQUhrTzd4bm9LVG5ZWE5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTUiMA0E
AgACMAcDBQAqEPpAMA0GCSqGSIb3DQEBCwUAA4IBAQAel0zdEN71JXe/byHn/Twi
rAbdDfh8ltgxSGJRXwpPxL1zE1Ayigj7HqASlrsQSXex1uTd6V9O8RDAdAT3/7sA
kkPsW0pnaBSCDQ7Z0e9WcbAfhzekwfkEvg/+N74r4nGGpvz+a5Om84MmfmE9G0qx
/ROzoBiBlAhSy//Hbg7U1EfFLwDYbDqf83VgNsJvynPLAoMqxCYZxShq/q4w/cNv
g0P4SW2YRaAWjNW7aT5y/wCHQHDaP9yTxf/VjxqRBRXw2mXXQPKUOm353L9nmnG4
9jLD3GNdlL6WrzKnx1JlI2h9Wkosi7UgZahib2Z9Px3KeerEaxkGrxylYOsENFq2
-----END CERTIFICATE-----