Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/zT27IWSWIQOtH3t5JpEAiW21MXQ.roa
File:                     zT27IWSWIQOtH3t5JpEAiW21MXQ.roa (raw, json)
Hash identifier:          pLSDizvQ5Ro5Ng1RTRGvK1Edp7sHn4oy/DHomPtGunE=
Subject key identifier:   CD:3D:BB:21:64:96:21:03:AD:1F:7B:79:26:91:00:89:6D:B5:31:74
Certificate issuer:       /CN=dd5f72f0facf52705727c039bdc1fbb7cc97d428
Certificate serial:       018CC64B35B46EB323E6F0CF556187A4D8E0
Authority key identifier: DD:5F:72:F0:FA:CF:52:70:57:27:C0:39:BD:C1:FB:B7:CC:97:D4:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/zT27IWSWIQOtH3t5JpEAiW21MXQ.roa
Signing time:             Mon 01 Jan 2024 18:31:06 +0000
ROA not before:           Mon 01 Jan 2024 18:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8937
IP address blocks:        193.141.183.0/24 maxlen: 24
                          193.141.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:35:b4:6e:b3:23:e6:f0:cf:55:61:87:a4:d8:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd5f72f0facf52705727c039bdc1fbb7cc97d428
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd3dbb2164962103ad1f7b79269100896db53174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:dd:6c:f8:51:7a:e4:e9:87:8d:0a:19:d8:f0:
                    ca:4a:3e:5f:4d:37:32:ff:c2:bd:71:15:b6:52:76:
                    21:86:82:02:f4:88:83:c9:02:90:32:ad:1e:3d:04:
                    66:81:ce:1b:12:d6:e6:99:8e:3d:68:18:29:2f:08:
                    f1:1c:30:3f:d7:27:7d:36:37:1b:ba:4e:05:69:aa:
                    33:3b:41:b9:2a:b5:9d:54:0c:36:81:ef:24:30:d5:
                    0f:97:9c:33:1b:55:e8:ea:4b:72:79:5c:99:b6:97:
                    0c:7f:9a:77:11:95:29:cb:83:e7:42:31:96:68:5d:
                    96:58:17:6e:da:a3:15:13:c5:24:33:fa:7f:02:2c:
                    82:1c:e8:31:0d:86:75:78:b3:07:17:90:be:98:dc:
                    a2:5b:14:f0:b8:62:03:42:40:48:16:2d:b5:1b:27:
                    5a:2a:9c:9c:c4:fd:08:7a:b7:71:86:6d:57:45:25:
                    aa:77:d5:b1:e1:19:e1:33:78:ed:cc:ad:45:f9:39:
                    e3:73:58:90:35:b6:4e:ba:9a:6b:b1:a2:b8:d8:19:
                    b3:63:97:58:4c:71:78:51:4b:93:0a:ab:c7:ba:1e:
                    96:93:11:9e:74:29:f6:37:66:93:95:31:4c:1e:fe:
                    d7:5a:96:87:c6:5d:b9:43:b2:1e:1d:e2:4c:c2:aa:
                    bf:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:3D:BB:21:64:96:21:03:AD:1F:7B:79:26:91:00:89:6D:B5:31:74
            X509v3 Authority Key Identifier:
                keyid:DD:5F:72:F0:FA:CF:52:70:57:27:C0:39:BD:C1:FB:B7:CC:97:D4:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/zT27IWSWIQOtH3t5JpEAiW21MXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.141.183.0/24
                  193.141.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:78:35:4b:71:1b:00:d6:80:8d:ff:7a:26:a5:d9:da:83:2b:
         66:0c:eb:62:25:47:25:a7:54:87:f9:4e:4c:39:68:b2:f2:2f:
         83:bf:e5:1d:77:3a:6d:78:3a:bc:b2:a3:f1:f4:63:86:ec:fa:
         c7:93:8c:b3:f9:14:ab:95:c4:c5:0c:18:90:c4:93:1a:e6:de:
         b8:c9:62:e9:e0:a6:ef:34:c0:cb:f7:e1:9b:2b:f7:f8:f2:7c:
         09:58:4e:51:7e:00:67:9b:39:6c:75:49:75:e0:4c:43:87:ec:
         d2:98:31:6b:dd:2c:1c:7a:82:5e:97:56:27:b0:f5:fc:8a:1e:
         56:9c:88:c0:02:1a:84:92:72:a5:db:68:56:bd:47:9f:64:4a:
         7f:5e:a8:89:af:8d:06:57:81:74:ce:44:6b:49:ae:4a:c0:cd:
         a5:b7:dd:fa:b6:7a:a2:c6:85:d2:dc:31:ea:9f:f8:de:ac:41:
         3c:23:53:53:70:16:c7:c8:77:99:5e:04:27:69:bf:59:de:8e:
         f7:77:ff:63:95:68:0e:56:ba:c9:bf:7e:5c:13:98:20:9d:f5:
         e2:88:c9:e2:52:d0:58:0c:a0:62:07:da:57:6b:8e:6d:aa:4b:
         68:74:bf:6d:22:7e:6a:c4:4c:c9:f2:bc:e0:dc:07:09:dd:f1:
         ed:bc:9a:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSzW0brMj5vDPVWGHpNjgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNWY3MmYwZmFjZjUyNzA1NzI3YzAzOWJkYzFmYmI3Y2M5
N2Q0MjgwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDNkYmIyMTY0OTYyMTAzYWQxZjdiNzkyNjkxMDA4OTZkYjUzMTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkd1s+FF65OmHjQoZ2PDKSj5fTTcy
/8K9cRW2UnYhhoIC9IiDyQKQMq0ePQRmgc4bEtbmmY49aBgpLwjxHDA/1yd9Njcb
uk4FaaozO0G5KrWdVAw2ge8kMNUPl5wzG1Xo6ktyeVyZtpcMf5p3EZUpy4PnQjGW
aF2WWBdu2qMVE8UkM/p/AiyCHOgxDYZ1eLMHF5C+mNyiWxTwuGIDQkBIFi21Gyda
KpycxP0Ierdxhm1XRSWqd9Wx4RnhM3jtzK1F+Tnjc1iQNbZOupprsaK42BmzY5dY
THF4UUuTCqvHuh6WkxGedCn2N2aTlTFMHv7XWpaHxl25Q7IeHeJMwqq/xQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM09uyFkliEDrR97eSaRAIlttTF0MB8GA1UdIwQY
MBaAFN1fcvD6z1JwVyfAOb3B+7fMl9QoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1Y5eThQclBVbkJYSjhBNXZjSDd0OHlYMUNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yZjMzZWUtNTU5MC00YTIyLWI4ZTIt
Mjg4MDYxMjcwNWVlLzEvelQyN0lXU1dJUU90SDN0NUpwRUFpVzIxTVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yZjMzZWUtNTU5MC00YTIyLWI4ZTItMjg4MDYxMjcwNWVl
LzEvM1Y5eThQclBVbkJYSjhBNXZjSDd0OHlYMUNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwY23AwQA
wY28MA0GCSqGSIb3DQEBCwUAA4IBAQA+eDVLcRsA1oCN/3ompdnagytmDOtiJUcl
p1SH+U5MOWiy8i+Dv+UddzpteDq8sqPx9GOG7PrHk4yz+RSrlcTFDBiQxJMa5t64
yWLp4KbvNMDL9+GbK/f48nwJWE5RfgBnmzlsdUl14ExDh+zSmDFr3SwceoJel1Yn
sPX8ih5WnIjAAhqEknKl22hWvUefZEp/XqiJr40GV4F0zkRrSa5KwM2lt936tnqi
xoXS3DHqn/jerEE8I1NTcBbHyHeZXgQnab9Z3o73d/9jlWgOVrrJv35cE5ggnfXi
iMniUtBYDKBiB9pXa45tqktodL9tIn5qxEzJ8rzg3AcJ3fHtvJoQ
-----END CERTIFICATE-----