Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/dCemgIpCn07_XsHUzXYnZQTdBNg.roa
File:                     dCemgIpCn07_XsHUzXYnZQTdBNg.roa (raw, json)
Hash identifier:          A3gFC3cqW4zoFCzmtlWqOCnSU3P9bNN8azP8hjLiAqQ=
Subject key identifier:   74:27:A6:80:8A:42:9F:4E:FF:5E:C1:D4:CD:76:27:65:04:DD:04:D8
Certificate issuer:       /CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
Certificate serial:       0196810CEE8708374EC328CE88246FAE93BD
Authority key identifier: 8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/dCemgIpCn07_XsHUzXYnZQTdBNg.roa
Signing time:             Tue 29 Apr 2025 10:17:10 +0000
ROA not before:           Tue 29 Apr 2025 10:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        194.150.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:0c:ee:87:08:37:4e:c3:28:ce:88:24:6f:ae:93:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
        Validity
            Not Before: Apr 29 10:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7427a6808a429f4eff5ec1d4cd76276504dd04d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:33:f9:1b:e3:25:8b:f2:5a:9d:be:20:27:2e:
                    9c:1c:07:ae:db:77:ad:55:7e:5b:82:d4:6f:63:3a:
                    8f:9a:ce:28:e8:00:a9:60:54:a6:7f:f0:4d:ae:c7:
                    29:14:e0:23:e3:93:f9:16:15:7d:84:ce:99:3a:53:
                    8d:6a:d0:dc:4a:68:16:0e:c7:14:97:76:68:f4:5a:
                    b7:46:4d:30:f2:a5:c4:0e:17:eb:9c:f4:f3:93:fb:
                    4e:2f:59:39:86:24:a3:88:30:60:43:4e:da:3e:f9:
                    38:61:5d:b2:89:c0:c6:0c:0a:88:9b:da:f4:c2:95:
                    69:ca:25:01:02:7c:e4:fc:bb:91:32:04:c8:96:f3:
                    8a:ba:e9:5e:62:67:a9:3e:28:da:2e:c6:4e:d5:1d:
                    e2:31:b8:53:e4:cf:69:1f:bb:4f:77:23:1b:04:f5:
                    42:af:34:3c:96:f1:f9:a3:f8:e1:ca:1e:e7:f7:ec:
                    96:ed:85:cd:65:d4:bc:9d:04:fd:ef:a4:57:57:7c:
                    0a:c1:c9:0a:79:c3:73:23:58:c0:63:b9:87:ee:97:
                    80:0f:4a:e3:33:d5:a6:94:0c:e0:0c:05:ab:01:36:
                    e4:64:dd:a3:5d:f9:29:26:33:63:9c:86:87:5f:0d:
                    9a:2e:b3:fb:cf:4e:a9:a8:43:7c:74:af:dc:b3:b4:
                    12:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:27:A6:80:8A:42:9F:4E:FF:5E:C1:D4:CD:76:27:65:04:DD:04:D8
            X509v3 Authority Key Identifier:
                keyid:8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/dCemgIpCn07_XsHUzXYnZQTdBNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:80:96:a4:96:9c:51:4f:92:ad:ee:ae:58:40:e5:19:b8:d0:
         39:19:58:dc:0e:bc:1a:33:15:db:5c:b2:fe:25:63:02:50:43:
         a3:a9:15:5f:be:e8:d5:24:6c:96:3e:6f:b8:94:6f:45:6f:2f:
         9b:fd:ed:85:10:18:0b:05:1a:ce:8a:71:f7:24:9a:37:5a:51:
         6b:c6:b4:42:cf:60:db:76:5c:9b:cc:ef:c0:0e:e8:ed:ba:76:
         75:1f:19:83:07:d3:86:19:e1:b3:c2:b8:10:3d:aa:c5:cf:19:
         7c:a9:45:a6:9e:38:70:b3:2a:5f:bc:bf:bf:b2:06:47:ff:fa:
         ed:1b:80:21:62:a8:ad:44:11:33:93:ef:cc:0b:88:aa:b4:7b:
         5a:85:e6:a6:1f:1f:71:54:af:5f:bc:66:47:62:cf:5a:30:56:
         2f:d5:1e:9d:73:ab:01:54:0c:9c:ee:28:d0:03:99:f9:7c:69:
         71:7c:6e:ba:3d:a7:ce:2e:17:73:8f:2b:bb:35:f9:7a:81:23:
         88:19:38:81:c3:04:23:c6:58:76:41:51:f2:f3:00:53:27:2b:
         95:d5:61:83:da:3f:f3:4a:24:91:75:c5:43:b8:f6:1d:29:5d:
         49:28:89:02:5b:98:cd:46:97:d7:1a:d1:cd:cf:5c:34:d0:73:
         53:24:10:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaBDO6HCDdOwyjOiCRvrpO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjAyNGIyYzI3YTY3ZGZmNWI2NTRlZmEwNmJmN2JmYzEy
MjI2MjUwHhcNMjUwNDI5MTAxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDI3YTY4MDhhNDI5ZjRlZmY1ZWMxZDRjZDc2Mjc2NTA0ZGQwNGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjP5G+Mli/Janb4gJy6cHAeu23et
VX5bgtRvYzqPms4o6ACpYFSmf/BNrscpFOAj45P5FhV9hM6ZOlONatDcSmgWDscU
l3Zo9Fq3Rk0w8qXEDhfrnPTzk/tOL1k5hiSjiDBgQ07aPvk4YV2yicDGDAqIm9r0
wpVpyiUBAnzk/LuRMgTIlvOKuuleYmepPijaLsZO1R3iMbhT5M9pH7tPdyMbBPVC
rzQ8lvH5o/jhyh7n9+yW7YXNZdS8nQT976RXV3wKwckKecNzI1jAY7mH7peAD0rj
M9WmlAzgDAWrATbkZN2jXfkpJjNjnIaHXw2aLrP7z06pqEN8dK/cs7QSQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQnpoCKQp9O/17B1M12J2UE3QTYMB8GA1UdIwQY
MBaAFIpgJLLCemff9bZU76Br97/BIiYlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEt
MDhlOGYwY2JiODQwLzEvZENlbWdJcENuMDdfWHNIVXpYWW5aUVRkQk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEtMDhlOGYwY2JiODQw
LzEvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpZLMA0G
CSqGSIb3DQEBCwUAA4IBAQChgJaklpxRT5Kt7q5YQOUZuNA5GVjcDrwaMxXbXLL+
JWMCUEOjqRVfvujVJGyWPm+4lG9Fby+b/e2FEBgLBRrOinH3JJo3WlFrxrRCz2Db
dlybzO/ADujtunZ1HxmDB9OGGeGzwrgQParFzxl8qUWmnjhwsypfvL+/sgZH//rt
G4AhYqitRBEzk+/MC4iqtHtaheamHx9xVK9fvGZHYs9aMFYv1R6dc6sBVAyc7ijQ
A5n5fGlxfG66PafOLhdzjyu7Nfl6gSOIGTiBwwQjxlh2QVHy8wBTJyuV1WGD2j/z
SiSRdcVDuPYdKV1JKIkCW5jNRpfXGtHNz1w00HNTJBBc
-----END CERTIFICATE-----