Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/6JZopMJN7uTSjk8RLqAqQqiOTv8.roa
File:                     6JZopMJN7uTSjk8RLqAqQqiOTv8.roa (raw, json)
Hash identifier:          i0CLCf229jC92V+lcugJs5cHzmKb/QwzzortpUgSlE0=
Subject key identifier:   E8:96:68:A4:C2:4D:EE:E4:D2:8E:4F:11:2E:A0:2A:42:A8:8E:4E:FF
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       0195FBB9C2E9DD7D1B33F4CD4834D9802597
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/6JZopMJN7uTSjk8RLqAqQqiOTv8.roa
Signing time:             Thu 03 Apr 2025 12:56:50 +0000
ROA not before:           Thu 03 Apr 2025 12:56:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210021
IP address blocks:        194.127.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 03:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fb:b9:c2:e9:dd:7d:1b:33:f4:cd:48:34:d9:80:25:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Apr  3 12:56:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e89668a4c24deee4d28e4f112ea02a42a88e4eff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:b7:08:ce:2a:d2:34:2b:da:7f:3e:2e:92:62:
                    55:c7:aa:94:6a:9f:3a:45:ab:3e:aa:62:5e:75:f5:
                    3b:d5:f8:ab:41:76:82:64:0b:58:14:07:50:00:c4:
                    2d:97:fa:87:f2:52:e4:f5:bd:df:e3:ac:a2:ab:08:
                    41:1c:04:4e:fe:4e:98:ed:c3:00:16:94:7a:e2:c9:
                    a6:ed:eb:49:3a:4f:54:12:d6:6b:e0:18:40:88:27:
                    20:c3:7e:e2:71:0b:13:c6:80:3d:59:67:ee:38:85:
                    f3:99:99:a1:92:c5:d6:e9:d0:d0:41:b3:93:1d:bd:
                    14:62:cc:de:b6:62:72:79:58:f6:b3:f4:7b:ad:d2:
                    94:a6:e4:7f:3c:6a:7f:eb:40:e6:d2:23:7e:3e:93:
                    0c:0f:1a:ba:27:f3:db:83:39:b1:ad:1c:d8:b0:46:
                    74:ab:69:ab:28:2c:74:db:df:9c:06:b9:cf:5c:aa:
                    55:70:e1:f2:4e:09:92:ad:41:b8:99:2d:31:aa:c6:
                    a1:57:30:ba:7f:f9:39:32:af:66:96:50:fb:18:b1:
                    e6:ac:4d:9d:8b:2b:d4:bb:de:f4:96:7f:64:76:91:
                    f6:2a:f5:88:b9:e6:00:22:57:33:76:c9:69:e3:c4:
                    56:e5:9c:45:d2:bc:3b:57:58:a4:2c:4d:74:fe:d1:
                    d4:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:96:68:A4:C2:4D:EE:E4:D2:8E:4F:11:2E:A0:2A:42:A8:8E:4E:FF
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/6JZopMJN7uTSjk8RLqAqQqiOTv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:05:f2:0c:68:d6:58:2c:6f:eb:14:30:4f:7f:b2:5e:19:79:
         2d:a4:58:ea:c1:c1:21:a5:d4:4c:58:f5:65:f0:84:ae:9f:74:
         16:5b:1b:81:21:d8:13:97:da:64:f8:db:e6:06:d2:c3:fa:8c:
         70:a6:01:ec:73:6d:54:74:3d:07:f1:26:a5:12:18:62:cf:5d:
         cc:29:ea:ac:c0:48:49:bb:09:47:f3:69:ed:14:13:08:f4:1d:
         5d:ab:d1:dd:3b:6c:aa:11:54:a9:60:22:68:dd:f9:21:0f:a9:
         68:69:d8:30:65:bf:85:0b:ad:9b:d2:20:83:34:2c:24:f2:32:
         90:a0:b3:8c:6c:42:54:9e:8d:66:d7:be:29:f0:eb:73:d8:1a:
         b7:2d:f9:4c:01:da:03:23:c7:e8:d5:fe:04:25:43:48:99:5a:
         a0:25:67:9c:45:c1:af:24:ba:92:2f:ad:ba:fb:5b:17:d4:8b:
         e3:18:0a:76:05:13:3e:9c:3e:b5:da:7a:00:42:81:ce:03:c8:
         e3:35:4e:a4:cd:4e:ed:ba:70:af:4f:35:b8:a6:c9:21:53:0b:
         cb:86:0b:f7:97:43:c9:e4:e5:d6:3e:fe:b4:91:5d:df:12:d3:
         60:b3:6f:7f:b3:84:15:1e:e5:31:f4:1c:15:c3:d2:4d:f2:dc:
         c5:74:56:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX7ucLp3X0bM/TNSDTZgCWXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjUwNDAzMTI1NjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODk2NjhhNGMyNGRlZWU0ZDI4ZTRmMTEyZWEwMmE0MmE4OGU0ZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9rcIzirSNCvafz4ukmJVx6qUap86
Ras+qmJedfU71firQXaCZAtYFAdQAMQtl/qH8lLk9b3f46yiqwhBHARO/k6Y7cMA
FpR64smm7etJOk9UEtZr4BhAiCcgw37icQsTxoA9WWfuOIXzmZmhksXW6dDQQbOT
Hb0UYszetmJyeVj2s/R7rdKUpuR/PGp/60Dm0iN+PpMMDxq6J/PbgzmxrRzYsEZ0
q2mrKCx029+cBrnPXKpVcOHyTgmSrUG4mS0xqsahVzC6f/k5Mq9mllD7GLHmrE2d
iyvUu970ln9kdpH2KvWIueYAIlczdslp48RW5ZxF0rw7V1ikLE10/tHUNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiWaKTCTe7k0o5PES6gKkKojk7/MB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvNkpab3BNSk43dVRTams4UkxxQXFRcWlPVHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn9vMA0G
CSqGSIb3DQEBCwUAA4IBAQCFBfIMaNZYLG/rFDBPf7JeGXktpFjqwcEhpdRMWPVl
8ISun3QWWxuBIdgTl9pk+NvmBtLD+oxwpgHsc21UdD0H8SalEhhiz13MKeqswEhJ
uwlH82ntFBMI9B1dq9HdO2yqEVSpYCJo3fkhD6loadgwZb+FC62b0iCDNCwk8jKQ
oLOMbEJUno1m174p8Otz2Bq3LflMAdoDI8fo1f4EJUNImVqgJWecRcGvJLqSL626
+1sX1IvjGAp2BRM+nD612noAQoHOA8jjNU6kzU7tunCvTzW4pskhUwvLhgv3l0PJ
5OXWPv60kV3fEtNgs29/s4QVHuUx9BwVw9JN8tzFdFZS
-----END CERTIFICATE-----