Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/DoutZlvm4IbzXZXDTFrxAAquQLg.roa
File:                     DoutZlvm4IbzXZXDTFrxAAquQLg.roa (raw, json)
Hash identifier:          qnpQEntxymSrGJJO5sN1jep0qMMWrabFq1224NHJCYE=
Subject key identifier:   0E:8B:AD:66:5B:E6:E0:86:F3:5D:95:C3:4C:5A:F1:00:0A:AE:40:B8
Certificate issuer:       /CN=df895a3ee2211b6ee2df7202f09a426680d66269
Certificate serial:       019782F9CA843F6AF6A3807BFD859ABEB391
Authority key identifier: DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/DoutZlvm4IbzXZXDTFrxAAquQLg.roa
Signing time:             Wed 18 Jun 2025 12:18:17 +0000
ROA not before:           Wed 18 Jun 2025 12:18:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216024
IP address blocks:        194.50.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 07:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:82:f9:ca:84:3f:6a:f6:a3:80:7b:fd:85:9a:be:b3:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df895a3ee2211b6ee2df7202f09a426680d66269
        Validity
            Not Before: Jun 18 12:18:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e8bad665be6e086f35d95c34c5af1000aae40b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:75:f1:49:65:20:f8:91:23:49:6f:83:04:f6:
                    53:33:c0:27:87:96:f2:8b:f7:c0:de:c9:c1:0b:3c:
                    97:74:66:f8:a9:33:df:22:5e:5a:db:12:a3:a5:0e:
                    01:b9:2e:be:9c:03:83:4d:83:be:90:0d:64:b1:0b:
                    e3:29:ad:4b:33:23:08:b9:a5:5e:cc:98:c4:97:1e:
                    e1:d8:dd:86:e4:3c:3f:c3:80:93:a2:43:b4:1e:98:
                    f0:4e:76:26:50:7a:fe:85:2a:a4:05:7f:28:26:85:
                    f0:55:fd:5d:64:49:7e:7c:29:20:50:25:20:d5:5e:
                    16:73:aa:23:9e:19:a2:6b:7c:68:38:d9:f7:c0:5a:
                    a1:81:87:ed:2d:bf:92:57:47:0b:54:4e:d2:ab:a6:
                    99:4c:c6:19:7c:7f:85:6c:1d:60:73:b2:27:6c:12:
                    61:5a:8f:a8:d2:48:6e:53:9b:f0:8d:27:a5:94:00:
                    20:39:29:7f:ff:1a:28:af:26:f2:fa:10:b3:b6:04:
                    0b:8c:db:44:a4:e6:7a:fa:ff:2d:3b:8e:03:3e:32:
                    56:4c:08:49:70:50:45:bb:39:ed:ff:73:10:8c:8f:
                    cf:16:ce:53:b1:45:7d:13:51:43:ba:c1:c2:ab:c8:
                    72:3b:40:1d:84:53:6d:0a:51:71:4c:5f:84:f4:70:
                    47:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:8B:AD:66:5B:E6:E0:86:F3:5D:95:C3:4C:5A:F1:00:0A:AE:40:B8
            X509v3 Authority Key Identifier:
                keyid:DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/DoutZlvm4IbzXZXDTFrxAAquQLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:4c:47:55:7e:40:b9:92:6a:7c:d8:fc:6e:d5:15:0d:7e:58:
         56:b4:0f:6b:35:4a:f6:f0:8c:b3:a6:e8:68:7d:d4:2f:d2:91:
         14:e9:4c:a7:02:a0:18:d1:d9:0b:14:a9:0d:36:9a:d4:da:db:
         28:42:a9:0e:52:6c:6b:2d:46:44:5b:19:98:f2:21:8b:3b:86:
         bb:07:f1:f3:fc:7d:cb:51:79:3e:fd:f4:2d:26:44:46:95:70:
         3b:0a:bd:2d:c2:6b:bb:b5:56:8f:f6:59:83:2a:b3:dd:2f:98:
         db:35:2e:b7:b0:fe:a2:e5:5d:f5:6f:b9:88:02:0b:b4:c2:a3:
         61:26:b4:5d:13:05:aa:16:62:5c:c0:56:46:1e:5e:c8:b6:40:
         94:78:d9:8e:1f:29:15:65:c7:6c:86:25:5a:10:b0:87:81:5d:
         b3:1b:ff:4f:2a:d7:a2:5a:24:61:eb:a2:44:c8:00:51:c3:18:
         d8:d6:d2:98:20:23:a2:25:a3:1a:b6:a5:8e:d4:25:ac:c2:69:
         1a:51:6f:38:65:07:e6:fb:9a:2f:d6:39:50:19:4f:20:e1:ab:
         e6:c3:d1:4c:59:2f:7e:c6:41:30:d7:41:05:3a:93:e7:c6:6d:
         0b:1b:61:71:d1:ce:3d:30:04:77:2c:4e:51:f5:dc:8a:47:4c:
         5a:9d:93:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeC+cqEP2r2o4B7/YWavrORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmODk1YTNlZTIyMTFiNmVlMmRmNzIwMmYwOWE0MjY2ODBk
NjYyNjkwHhcNMjUwNjE4MTIxODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZThiYWQ2NjViZTZlMDg2ZjM1ZDk1YzM0YzVhZjEwMDBhYWU0MGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunXxSWUg+JEjSW+DBPZTM8Anh5by
i/fA3snBCzyXdGb4qTPfIl5a2xKjpQ4BuS6+nAODTYO+kA1ksQvjKa1LMyMIuaVe
zJjElx7h2N2G5Dw/w4CTokO0HpjwTnYmUHr+hSqkBX8oJoXwVf1dZEl+fCkgUCUg
1V4Wc6ojnhmia3xoONn3wFqhgYftLb+SV0cLVE7Sq6aZTMYZfH+FbB1gc7InbBJh
Wo+o0khuU5vwjSellAAgOSl//xooryby+hCztgQLjNtEpOZ6+v8tO44DPjJWTAhJ
cFBFuznt/3MQjI/PFs5TsUV9E1FDusHCq8hyO0AdhFNtClFxTF+E9HBHaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6LrWZb5uCG812Vw0xa8QAKrkC4MB8GA1UdIwQY
MBaAFN+JWj7iIRtu4t9yAvCaQmaA1mJpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUt
NzBiMmViZDUxNDM4LzEvRG91dFpsdm00SWJ6WFpYRFRGcnhBQXF1UUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUtNzBiMmViZDUxNDM4
LzEvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjKZMA0G
CSqGSIb3DQEBCwUAA4IBAQCITEdVfkC5kmp82Pxu1RUNflhWtA9rNUr28Iyzpuho
fdQv0pEU6UynAqAY0dkLFKkNNprU2tsoQqkOUmxrLUZEWxmY8iGLO4a7B/Hz/H3L
UXk+/fQtJkRGlXA7Cr0twmu7tVaP9lmDKrPdL5jbNS63sP6i5V31b7mIAgu0wqNh
JrRdEwWqFmJcwFZGHl7ItkCUeNmOHykVZcdshiVaELCHgV2zG/9PKteiWiRh66JE
yABRwxjY1tKYICOiJaMatqWO1CWswmkaUW84ZQfm+5ov1jlQGU8g4avmw9FMWS9+
xkEw10EFOpPnxm0LG2Fx0c49MAR3LE5R9dyKR0xanZNW
-----END CERTIFICATE-----