Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/7Z5kCjgCcaomSLnVNRwT01Iu31o.roa
File:                     7Z5kCjgCcaomSLnVNRwT01Iu31o.roa (raw, json)
Hash identifier:          177flGseI8VFQylmvg7OaHD7DXedQeWfSl2kZCJcjOQ=
Subject key identifier:   ED:9E:64:0A:38:02:71:AA:26:48:B9:D5:35:1C:13:D3:52:2E:DF:5A
Certificate issuer:       /CN=de3d3687fe7df48c3be8398aad7bd20106545382
Certificate serial:       018CC3B6CDD765CCFCEAD354EE3E4F44A38C
Authority key identifier: DE:3D:36:87:FE:7D:F4:8C:3B:E8:39:8A:AD:7B:D2:01:06:54:53:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3j02h_599Iw76DmKrXvSAQZUU4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/7Z5kCjgCcaomSLnVNRwT01Iu31o.roa
Signing time:             Mon 01 Jan 2024 06:29:46 +0000
ROA not before:           Mon 01 Jan 2024 06:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60662
IP address blocks:        185.27.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/3j02h_599Iw76DmKrXvSAQZUU4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/3j02h_599Iw76DmKrXvSAQZUU4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3j02h_599Iw76DmKrXvSAQZUU4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:cd:d7:65:cc:fc:ea:d3:54:ee:3e:4f:44:a3:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de3d3687fe7df48c3be8398aad7bd20106545382
        Validity
            Not Before: Jan  1 06:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed9e640a380271aa2648b9d5351c13d3522edf5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4b:bc:1b:98:a1:b3:82:c9:d3:c6:72:e2:2c:
                    45:0e:be:21:29:da:d0:89:66:53:3c:41:db:7f:7b:
                    b5:92:dd:fe:6d:2b:8e:7c:da:fd:77:ce:6d:b6:32:
                    39:d3:5b:86:bb:e8:37:ee:a6:3c:b8:3a:c5:ec:ea:
                    fa:cd:b4:79:86:fe:03:62:a2:25:72:7e:18:1c:dc:
                    ef:db:e9:b9:9c:ae:4a:2a:6b:2c:c2:24:a4:d9:6f:
                    16:9c:75:99:cf:31:6c:89:7e:92:57:5a:a9:fe:66:
                    1b:cf:e8:33:36:e6:d7:5a:62:7d:cd:d6:6b:61:e3:
                    ff:c6:5b:eb:63:4c:bf:6d:4a:37:e8:90:fa:b3:19:
                    71:7b:b8:1a:5f:33:58:3c:71:a2:3e:3f:91:a9:6e:
                    01:fb:7e:8b:6e:12:31:57:bf:f7:74:55:b5:63:0e:
                    65:3d:a2:09:07:c0:fa:41:4e:26:6a:83:67:1b:1f:
                    6b:62:85:e1:14:46:08:69:fa:1c:22:42:74:4b:86:
                    97:2e:32:08:a0:c6:5f:9c:c9:a0:21:b3:7d:02:bd:
                    05:d4:a8:66:77:61:da:f6:2e:55:29:28:d1:37:4e:
                    07:9a:0e:04:59:43:d5:d0:05:ea:82:00:8f:d0:76:
                    50:b2:ad:2f:bc:79:22:1b:02:04:c7:fc:6c:2b:9c:
                    a5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:9E:64:0A:38:02:71:AA:26:48:B9:D5:35:1C:13:D3:52:2E:DF:5A
            X509v3 Authority Key Identifier:
                keyid:DE:3D:36:87:FE:7D:F4:8C:3B:E8:39:8A:AD:7B:D2:01:06:54:53:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3j02h_599Iw76DmKrXvSAQZUU4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/7Z5kCjgCcaomSLnVNRwT01Iu31o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/400b4f-3688-497c-9785-234cbafac86a/1/3j02h_599Iw76DmKrXvSAQZUU4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:d1:5a:43:05:8c:1c:42:05:d1:c9:26:e8:d7:35:35:e2:6f:
         cd:53:3e:a6:57:68:0a:31:7e:d7:25:c7:a2:d4:5c:aa:aa:00:
         7b:90:e3:0c:b8:43:5c:38:2c:60:68:15:c0:f4:dd:ad:9c:7f:
         89:8c:e4:25:f3:7b:67:10:32:04:bf:c0:4b:2b:5e:86:b6:9f:
         09:35:c3:a1:90:b0:f8:6a:26:ac:e1:af:0e:7d:62:85:ca:37:
         a9:78:78:92:08:ab:ed:79:5d:82:d2:94:08:24:0f:a0:33:c4:
         ac:d5:55:fa:e3:52:ff:d2:d7:b1:d1:01:8d:5a:53:b1:43:eb:
         f5:6e:b5:7b:93:0a:58:d4:9b:99:90:79:52:21:92:76:5b:43:
         85:b7:9b:30:ec:15:45:cd:1b:1a:87:86:9c:ec:7e:f4:af:a3:
         8d:b4:be:73:c7:f6:ca:7b:f2:a7:65:26:f8:d4:42:e0:30:a4:
         ec:9e:65:23:73:85:05:75:63:9b:16:10:02:20:b7:a6:11:7e:
         ac:12:4c:9b:20:dd:f5:9b:7b:8d:41:0b:47:c4:0c:a0:71:36:
         ed:d4:b4:2b:d0:e3:c1:ed:9d:fd:d7:35:7f:79:4b:61:24:9e:
         19:5a:03:2a:df:ae:2a:73:48:f6:a2:13:b0:04:7c:12:94:be:
         77:94:de:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDts3XZcz86tNU7j5PRKOMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlM2QzNjg3ZmU3ZGY0OGMzYmU4Mzk4YWFkN2JkMjAxMDY1
NDUzODIwHhcNMjQwMTAxMDYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDllNjQwYTM4MDI3MWFhMjY0OGI5ZDUzNTFjMTNkMzUyMmVkZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjku8G5ihs4LJ08Zy4ixFDr4hKdrQ
iWZTPEHbf3u1kt3+bSuOfNr9d85ttjI501uGu+g37qY8uDrF7Or6zbR5hv4DYqIl
cn4YHNzv2+m5nK5KKmsswiSk2W8WnHWZzzFsiX6SV1qp/mYbz+gzNubXWmJ9zdZr
YeP/xlvrY0y/bUo36JD6sxlxe7gaXzNYPHGiPj+RqW4B+36LbhIxV7/3dFW1Yw5l
PaIJB8D6QU4maoNnGx9rYoXhFEYIafocIkJ0S4aXLjIIoMZfnMmgIbN9Ar0F1Khm
d2Ha9i5VKSjRN04Hmg4EWUPV0AXqggCP0HZQsq0vvHkiGwIEx/xsK5ylLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2eZAo4AnGqJki51TUcE9NSLt9aMB8GA1UdIwQY
MBaAFN49Nof+ffSMO+g5iq170gEGVFOCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2owMmhfNTk5SXc3NkRtS3JYdlNBUVpVVTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy80MDBiNGYtMzY4OC00OTdjLTk3ODUt
MjM0Y2JhZmFjODZhLzEvN1o1a0NqZ0NjYW9tU0xuVk5Sd1QwMUl1MzFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy80MDBiNGYtMzY4OC00OTdjLTk3ODUtMjM0Y2JhZmFjODZh
LzEvM2owMmhfNTk5SXc3NkRtS3JYdlNBUVpVVTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRuoMA0G
CSqGSIb3DQEBCwUAA4IBAQAT0VpDBYwcQgXRySbo1zU14m/NUz6mV2gKMX7XJcei
1FyqqgB7kOMMuENcOCxgaBXA9N2tnH+JjOQl83tnEDIEv8BLK16Gtp8JNcOhkLD4
aias4a8OfWKFyjepeHiSCKvteV2C0pQIJA+gM8Ss1VX641L/0tex0QGNWlOxQ+v1
brV7kwpY1JuZkHlSIZJ2W0OFt5sw7BVFzRsah4ac7H70r6ONtL5zx/bKe/KnZSb4
1ELgMKTsnmUjc4UFdWObFhACILemEX6sEkybIN31m3uNQQtHxAygcTbt1LQr0OPB
7Z391zV/eUthJJ4ZWgMq364qc0j2ohOwBHwSlL53lN6k
-----END CERTIFICATE-----