Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/4Ins6p5lfvrCQJU7E1WMO1YmH7Q.roa
File:                     4Ins6p5lfvrCQJU7E1WMO1YmH7Q.roa (raw, json)
Hash identifier:          1SGFYf2ac9MVKMF+C3A8x3W0NaR998Jj2KRB+iU+jfU=
Subject key identifier:   E0:89:EC:EA:9E:65:7E:FA:C2:40:95:3B:13:55:8C:3B:56:26:1F:B4
Certificate issuer:       /CN=27ded1d90c4d52b6871023bc71296d08a98c4cdb
Certificate serial:       018CC56EC744174912657497603852BFE72C
Authority key identifier: 27:DE:D1:D9:0C:4D:52:B6:87:10:23:BC:71:29:6D:08:A9:8C:4C:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J97R2QxNUraHECO8cSltCKmMTNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/4Ins6p5lfvrCQJU7E1WMO1YmH7Q.roa
Signing time:             Mon 01 Jan 2024 14:30:20 +0000
ROA not before:           Mon 01 Jan 2024 14:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.135.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/J97R2QxNUraHECO8cSltCKmMTNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/J97R2QxNUraHECO8cSltCKmMTNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J97R2QxNUraHECO8cSltCKmMTNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c7:44:17:49:12:65:74:97:60:38:52:bf:e7:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27ded1d90c4d52b6871023bc71296d08a98c4cdb
        Validity
            Not Before: Jan  1 14:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e089ecea9e657efac240953b13558c3b56261fb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:57:23:57:11:79:4c:63:ac:7d:39:4d:19:88:
                    fa:5c:7d:db:24:31:af:60:e0:ae:f8:7a:6d:58:a2:
                    b4:78:61:19:be:b1:05:d2:0d:a1:17:c3:f9:16:b4:
                    d8:33:8e:9d:af:b3:9c:31:f7:83:2d:29:cc:45:2a:
                    0b:f1:ac:44:93:f5:73:1c:57:f4:51:53:ae:ca:e8:
                    fa:6b:52:c4:3f:58:63:6e:dd:5b:1d:0c:fc:a1:92:
                    b9:b1:d4:48:19:fb:31:9b:c7:4a:4c:63:a7:b0:ba:
                    bf:6d:2b:ba:59:45:6f:3c:5d:30:49:ec:0f:14:ae:
                    b4:43:2b:b8:99:29:60:f5:28:d4:ed:92:19:44:9d:
                    b0:e7:dc:e9:72:a5:b7:b3:ab:d3:d3:85:57:a5:fe:
                    ec:2d:c6:cc:7a:88:3f:19:45:8f:20:04:24:19:7a:
                    07:52:9e:8b:ab:de:d4:7f:b7:15:c0:0b:28:cd:fe:
                    cb:0a:a0:f0:6a:68:f9:83:7f:d9:c6:50:1f:4a:1f:
                    4f:c2:d9:c4:6d:a5:be:ab:b7:67:11:c8:da:32:9a:
                    37:dc:cb:dd:ad:0d:13:d3:82:cf:bf:5a:86:db:3d:
                    a2:fd:89:b0:d7:e7:88:7d:d6:4a:94:7e:24:c8:0d:
                    df:da:a2:eb:e3:c3:94:5c:c5:c7:0b:9b:cf:46:07:
                    1a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:89:EC:EA:9E:65:7E:FA:C2:40:95:3B:13:55:8C:3B:56:26:1F:B4
            X509v3 Authority Key Identifier:
                keyid:27:DE:D1:D9:0C:4D:52:B6:87:10:23:BC:71:29:6D:08:A9:8C:4C:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J97R2QxNUraHECO8cSltCKmMTNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/4Ins6p5lfvrCQJU7E1WMO1YmH7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/338212-38a7-468d-b874-351ab9f236b0/1/J97R2QxNUraHECO8cSltCKmMTNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:d5:22:31:3b:bb:c1:b9:31:d8:ad:5c:57:cc:76:e2:da:70:
         c9:16:62:d5:1c:31:ef:ab:88:ce:1b:cc:1e:0c:3e:19:5f:aa:
         6e:31:2c:3d:70:f8:1a:b7:f6:c7:50:53:f5:58:63:02:93:34:
         51:30:5c:6b:c5:7b:a1:f0:ae:b7:c0:71:4a:60:62:a8:7c:0a:
         5f:22:bd:0e:42:8a:b9:84:b2:e7:09:21:69:f0:5b:27:b5:c4:
         c3:3b:bb:26:26:c7:d8:a9:a2:20:56:0c:f3:9e:6f:c4:0a:8e:
         52:cc:e2:d7:e9:7f:33:7a:c2:96:0c:93:60:a8:7c:e1:1d:07:
         c9:61:60:c3:c6:8c:d8:d6:36:57:ca:1d:1e:2c:31:4b:61:2e:
         3d:1a:99:6e:52:28:28:d4:14:59:2a:9b:13:ce:22:97:96:87:
         47:09:5f:2b:4c:c0:bd:a4:1f:fa:53:46:d3:76:9c:4e:e1:b3:
         9b:b1:72:52:02:1f:c9:78:eb:ad:13:5d:ef:4a:f6:df:43:56:
         ca:68:ce:f1:97:c0:c6:e9:8e:ff:5a:7e:36:af:3f:b2:ac:8d:
         b2:82:21:2b:62:b1:bb:bd:a3:c7:1b:78:1a:12:46:bd:dc:b4:
         38:e7:b8:f5:3d:fb:e5:f6:8a:0e:73:96:27:2e:ca:91:01:7e:
         66:16:2e:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbsdEF0kSZXSXYDhSv+csMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZGVkMWQ5MGM0ZDUyYjY4NzEwMjNiYzcxMjk2ZDA4YTk4
YzRjZGIwHhcNMjQwMTAxMTQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDg5ZWNlYTllNjU3ZWZhYzI0MDk1M2IxMzU1OGMzYjU2MjYxZmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVcjVxF5TGOsfTlNGYj6XH3bJDGv
YOCu+HptWKK0eGEZvrEF0g2hF8P5FrTYM46dr7OcMfeDLSnMRSoL8axEk/VzHFf0
UVOuyuj6a1LEP1hjbt1bHQz8oZK5sdRIGfsxm8dKTGOnsLq/bSu6WUVvPF0wSewP
FK60Qyu4mSlg9SjU7ZIZRJ2w59zpcqW3s6vT04VXpf7sLcbMeog/GUWPIAQkGXoH
Up6Lq97Uf7cVwAsozf7LCqDwamj5g3/ZxlAfSh9PwtnEbaW+q7dnEcjaMpo33Mvd
rQ0T04LPv1qG2z2i/Ymw1+eIfdZKlH4kyA3f2qLr48OUXMXHC5vPRgcaKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCJ7OqeZX76wkCVOxNVjDtWJh+0MB8GA1UdIwQY
MBaAFCfe0dkMTVK2hxAjvHEpbQipjEzbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjk3UjJReE5VcmFIRUNPOGNTbHRDS21NVE5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8zMzgyMTItMzhhNy00NjhkLWI4NzQt
MzUxYWI5ZjIzNmIwLzEvNEluczZwNWxmdnJDUUpVN0UxV01PMVltSDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8zMzgyMTItMzhhNy00NjhkLWI4NzQtMzUxYWI5ZjIzNmIw
LzEvSjk3UjJReE5VcmFIRUNPOGNTbHRDS21NVE5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYc5MA0G
CSqGSIb3DQEBCwUAA4IBAQA31SIxO7vBuTHYrVxXzHbi2nDJFmLVHDHvq4jOG8we
DD4ZX6puMSw9cPgat/bHUFP1WGMCkzRRMFxrxXuh8K63wHFKYGKofApfIr0OQoq5
hLLnCSFp8FsntcTDO7smJsfYqaIgVgzznm/ECo5SzOLX6X8zesKWDJNgqHzhHQfJ
YWDDxozY1jZXyh0eLDFLYS49GpluUigo1BRZKpsTziKXlodHCV8rTMC9pB/6U0bT
dpxO4bObsXJSAh/JeOutE13vSvbfQ1bKaM7xl8DG6Y7/Wn42rz+yrI2ygiErYrG7
vaPHG3gaEka93LQ457j1Pfvl9ooOc5YnLsqRAX5mFi5B
-----END CERTIFICATE-----