Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/DkGvgDnbdtEHDMx7b64dzBjhPco.roa
File:                     DkGvgDnbdtEHDMx7b64dzBjhPco.roa (raw, json)
Hash identifier:          8mB0OA1c8Mmrq7iJrmaJaIVGUwLhqVKrizBW/uXLsCE=
Subject key identifier:   0E:41:AF:80:39:DB:76:D1:07:0C:CC:7B:6F:AE:1D:CC:18:E1:3D:CA
Certificate issuer:       /CN=6583d322ef24c87198b765ea1d1c42c283a7f8f6
Certificate serial:       01967C354E16FF85AFB5BFBF03E6CC68607D
Authority key identifier: 65:83:D3:22:EF:24:C8:71:98:B7:65:EA:1D:1C:42:C2:83:A7:F8:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/DkGvgDnbdtEHDMx7b64dzBjhPco.roa
Signing time:             Mon 28 Apr 2025 11:43:10 +0000
ROA not before:           Mon 28 Apr 2025 11:43:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209209
IP address blocks:        185.232.44.0/24 maxlen: 24
                          2a11:fe80::/32 maxlen: 48
                          2a11:fe80:fab3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:35:4e:16:ff:85:af:b5:bf:bf:03:e6:cc:68:60:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6583d322ef24c87198b765ea1d1c42c283a7f8f6
        Validity
            Not Before: Apr 28 11:43:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e41af8039db76d1070ccc7b6fae1dcc18e13dca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:54:93:29:a7:74:eb:57:10:fe:39:d1:d3:51:
                    fa:a0:87:8b:dc:a9:fe:dc:77:e0:27:00:0c:28:b9:
                    f7:17:38:19:c3:96:6b:72:55:d8:a7:80:f3:ed:62:
                    c3:29:2e:18:88:b7:bc:a6:0e:86:0f:31:7e:3c:03:
                    af:80:c9:62:65:6f:9f:f9:7a:ed:25:48:97:2a:0d:
                    13:60:a9:92:1a:62:75:15:0f:a0:66:cc:e1:51:ac:
                    cb:b5:41:9b:89:dd:4e:36:4e:05:97:e8:cd:fe:dd:
                    ab:3f:c1:84:43:5c:e5:54:06:b0:a4:b5:4b:f9:f3:
                    76:48:a8:ac:12:26:ff:44:6c:08:de:28:23:42:0e:
                    6a:a5:2c:e1:66:99:0f:f7:c3:7f:1c:d2:e8:ad:1f:
                    25:3c:3e:7e:a1:8e:70:93:4e:ba:68:a7:f9:65:59:
                    11:14:5d:38:3e:a9:5e:f1:b3:43:5b:05:1f:2b:c7:
                    8d:2e:31:f2:c7:d2:9d:f0:9d:d6:d0:30:26:3d:c0:
                    db:93:47:67:7a:c5:5e:9f:58:02:fa:b0:e9:73:9b:
                    23:18:6f:68:9b:40:a4:81:7f:d9:81:52:f1:cd:19:
                    64:44:90:cb:cc:9e:d1:a1:76:31:dd:8b:aa:f8:e1:
                    c3:9a:e2:c7:eb:02:14:77:99:d3:d9:f4:dc:cc:e3:
                    46:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:41:AF:80:39:DB:76:D1:07:0C:CC:7B:6F:AE:1D:CC:18:E1:3D:CA
            X509v3 Authority Key Identifier:
                keyid:65:83:D3:22:EF:24:C8:71:98:B7:65:EA:1D:1C:42:C2:83:A7:F8:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/DkGvgDnbdtEHDMx7b64dzBjhPco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.44.0/24
                IPv6:
                  2a11:fe80::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:92:8b:dd:91:e9:d6:43:ee:90:40:c5:78:20:61:00:dd:90:
         ec:21:5f:d9:ab:ae:56:3d:d3:f3:3e:32:99:69:8c:2d:09:6b:
         38:18:c1:1a:db:19:ea:f4:a1:e8:4c:7a:27:c7:20:a7:60:bb:
         ad:83:0e:62:6a:7e:13:12:9a:d0:5a:6d:1b:ef:cc:36:a6:28:
         5d:c8:a9:aa:31:02:e9:ab:d7:26:d3:7b:ad:31:fb:e2:1e:72:
         7f:da:68:63:9f:3d:ea:61:54:69:25:4c:7f:15:41:50:58:14:
         06:3b:e3:7a:b6:e6:d0:bf:f3:b7:9b:70:80:48:70:c9:f4:80:
         59:5b:b0:14:9d:7a:47:f6:d9:31:5a:59:69:d1:39:29:f3:5a:
         1e:98:70:43:e3:59:3b:85:b2:fe:5b:19:5f:19:a1:64:d1:b5:
         7b:72:aa:1f:3f:31:b8:39:72:3a:1c:21:41:c0:00:8e:d9:e9:
         66:eb:ff:50:f5:fe:74:85:52:fd:5f:df:a0:46:72:d5:4d:a1:
         a9:2f:67:00:e6:7e:11:cd:ce:c5:ab:0b:b7:89:4b:70:cd:aa:
         9b:b0:86:8a:bc:19:cb:a7:1a:84:75:31:9c:51:36:0d:2e:16:
         85:f1:01:17:ef:2b:cf:71:16:20:7e:68:9b:e7:29:f9:74:36:
         8a:e7:3b:0f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZZ8NU4W/4Wvtb+/A+bMaGB9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ODNkMzIyZWYyNGM4NzE5OGI3NjVlYTFkMWM0MmMyODNh
N2Y4ZjYwHhcNMjUwNDI4MTE0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTQxYWY4MDM5ZGI3NmQxMDcwY2NjN2I2ZmFlMWRjYzE4ZTEzZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11STKad061cQ/jnR01H6oIeL3Kn+
3HfgJwAMKLn3FzgZw5ZrclXYp4Dz7WLDKS4YiLe8pg6GDzF+PAOvgMliZW+f+Xrt
JUiXKg0TYKmSGmJ1FQ+gZszhUazLtUGbid1ONk4Fl+jN/t2rP8GEQ1zlVAawpLVL
+fN2SKisEib/RGwI3igjQg5qpSzhZpkP98N/HNLorR8lPD5+oY5wk066aKf5ZVkR
FF04Pqle8bNDWwUfK8eNLjHyx9Kd8J3W0DAmPcDbk0dnesVen1gC+rDpc5sjGG9o
m0CkgX/ZgVLxzRlkRJDLzJ7RoXYx3Yuq+OHDmuLH6wIUd5nT2fTczONGYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA5Br4A523bRBwzMe2+uHcwY4T3KMB8GA1UdIwQY
MBaAFGWD0yLvJMhxmLdl6h0cQsKDp/j2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWllQVEl1OGt5SEdZdDJYcUhSeEN3b09uLVBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDk3MWEtODg5MS00YjUzLTk0NGMt
NWJlOWUxMTdkYmRhLzEvRGtHdmdEbmJkdEVIRE14N2I2NGR6QmpoUGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDk3MWEtODg5MS00YjUzLTk0NGMtNWJlOWUxMTdkYmRh
LzEvWllQVEl1OGt5SEdZdDJYcUhSeEN3b09uLVBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuegsMA0E
AgACMAcDBQAqEf6AMA0GCSqGSIb3DQEBCwUAA4IBAQCqkovdkenWQ+6QQMV4IGEA
3ZDsIV/Zq65WPdPzPjKZaYwtCWs4GMEa2xnq9KHoTHonxyCnYLutgw5ian4TEprQ
Wm0b78w2pihdyKmqMQLpq9cm03utMfviHnJ/2mhjnz3qYVRpJUx/FUFQWBQGO+N6
tubQv/O3m3CASHDJ9IBZW7AUnXpH9tkxWllp0Tkp81oemHBD41k7hbL+WxlfGaFk
0bV7cqofPzG4OXI6HCFBwACO2elm6/9Q9f50hVL9X9+gRnLVTaGpL2cA5n4Rzc7F
qwu3iUtwzaqbsIaKvBnLpxqEdTGcUTYNLhaF8QEX7yvPcRYgfmib5yn5dDaK5zsP
-----END CERTIFICATE-----