Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/Aouv7GdOdzobGwUkAAMe6yEFQzg.roa
File:                     Aouv7GdOdzobGwUkAAMe6yEFQzg.roa (raw, json)
Hash identifier:          rEQs+08pS7lJ4uxNxgj6/hDioK3sLHCe5okzzFTSJEw=
Subject key identifier:   02:8B:AF:EC:67:4E:77:3A:1B:1B:05:24:00:03:1E:EB:21:05:43:38
Certificate issuer:       /CN=27321078f359d7990276dabb0f8c30070e685963
Certificate serial:       018CC3B6C2DB1904C887C8C30B6FA9EA498C
Authority key identifier: 27:32:10:78:F3:59:D7:99:02:76:DA:BB:0F:8C:30:07:0E:68:59:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JzIQePNZ15kCdtq7D4wwBw5oWWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/Aouv7GdOdzobGwUkAAMe6yEFQzg.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213024
IP address blocks:        185.179.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/JzIQePNZ15kCdtq7D4wwBw5oWWM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/JzIQePNZ15kCdtq7D4wwBw5oWWM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JzIQePNZ15kCdtq7D4wwBw5oWWM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c2:db:19:04:c8:87:c8:c3:0b:6f:a9:ea:49:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27321078f359d7990276dabb0f8c30070e685963
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=028bafec674e773a1b1b052400031eeb21054338
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:14:87:8b:68:27:e0:b4:24:d4:c3:83:3d:1e:
                    37:41:28:29:09:c3:a0:d9:4c:69:62:a7:5a:80:69:
                    1f:39:e8:31:2c:c6:9f:f1:38:8a:c2:7a:45:75:f0:
                    2c:1d:b9:34:24:9f:ea:af:4a:12:2c:88:fa:2b:58:
                    e1:cd:3e:57:7d:cf:59:ed:25:3b:f1:0d:75:93:60:
                    31:79:8e:cc:ea:db:ca:ab:0b:fb:d1:e9:ae:5a:cc:
                    4d:eb:81:57:54:9e:b5:be:5c:98:54:88:11:d9:aa:
                    7e:d2:5b:2f:3a:71:63:78:37:5a:e7:99:e9:1d:33:
                    16:32:04:8a:5a:b7:d1:85:19:bd:a4:dd:a0:96:db:
                    ae:58:7c:f2:4e:35:8c:17:f7:e2:51:7e:9a:9b:28:
                    f4:10:76:05:d6:0c:53:fa:8d:95:44:68:80:e0:b6:
                    52:c5:aa:80:ff:aa:cb:e4:25:99:05:28:27:b8:72:
                    c8:d4:83:58:7c:3f:d8:ee:61:d0:4a:cd:0d:ef:91:
                    57:6d:28:bd:5c:4f:d6:87:a7:4e:60:e7:63:6f:4f:
                    ab:99:e3:d8:6e:9e:a5:c2:33:f0:33:9c:b8:64:67:
                    dc:d9:96:24:af:6a:18:26:43:b5:eb:41:85:c6:ec:
                    e8:d8:b3:eb:0c:5d:3d:53:ad:88:de:f5:3c:25:95:
                    55:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:8B:AF:EC:67:4E:77:3A:1B:1B:05:24:00:03:1E:EB:21:05:43:38
            X509v3 Authority Key Identifier:
                keyid:27:32:10:78:F3:59:D7:99:02:76:DA:BB:0F:8C:30:07:0E:68:59:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JzIQePNZ15kCdtq7D4wwBw5oWWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/Aouv7GdOdzobGwUkAAMe6yEFQzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/JzIQePNZ15kCdtq7D4wwBw5oWWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:64:c9:cf:1a:d7:f5:a3:9f:9b:91:9a:d3:d0:08:af:f8:0c:
         9c:ba:99:6f:7e:da:91:c2:c0:69:b5:0b:99:b1:73:81:3f:a4:
         8e:b2:40:05:70:ed:5a:a6:2e:8b:5c:24:41:3b:07:90:a8:f6:
         3a:e7:e1:ac:0d:92:74:aa:05:b0:59:0b:46:be:b3:6e:05:43:
         43:84:c3:3c:48:14:b8:f1:44:bb:27:ed:15:29:1e:39:d5:17:
         07:55:3b:2d:17:76:f4:54:07:85:51:cb:1f:fe:ce:63:a8:dc:
         cb:2d:a9:a3:89:9a:4e:5e:c9:46:4d:2f:7a:19:14:8d:90:8c:
         f2:63:dd:a0:ab:53:90:0e:89:f5:41:0e:fd:ea:00:90:29:a0:
         26:06:53:c0:be:bc:ac:91:09:22:b6:a5:05:f3:02:07:6c:99:
         c4:06:78:c5:c7:11:9b:39:00:ef:32:31:60:90:8c:7a:75:3b:
         cc:4e:78:21:8c:d0:8d:d6:6d:fd:a1:ee:b2:6e:91:db:7a:19:
         46:91:d0:73:fe:bc:a9:15:b7:9a:28:7d:77:82:bf:48:db:b7:
         86:24:f5:a5:4f:04:14:9b:22:53:6a:71:4e:6e:5f:59:4a:8a:
         cc:35:cb:67:94:14:c0:fc:40:53:be:aa:b6:62:a0:50:fc:f0:
         2f:6b:cd:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsLbGQTIh8jDC2+p6kmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MzIxMDc4ZjM1OWQ3OTkwMjc2ZGFiYjBmOGMzMDA3MGU2
ODU5NjMwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjhiYWZlYzY3NGU3NzNhMWIxYjA1MjQwMDAzMWVlYjIxMDU0MzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBSHi2gn4LQk1MODPR43QSgpCcOg
2UxpYqdagGkfOegxLMaf8TiKwnpFdfAsHbk0JJ/qr0oSLIj6K1jhzT5Xfc9Z7SU7
8Q11k2AxeY7M6tvKqwv70emuWsxN64FXVJ61vlyYVIgR2ap+0lsvOnFjeDda55np
HTMWMgSKWrfRhRm9pN2gltuuWHzyTjWMF/fiUX6amyj0EHYF1gxT+o2VRGiA4LZS
xaqA/6rL5CWZBSgnuHLI1INYfD/Y7mHQSs0N75FXbSi9XE/Wh6dOYOdjb0+rmePY
bp6lwjPwM5y4ZGfc2ZYkr2oYJkO160GFxuzo2LPrDF09U62I3vU8JZVV3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKLr+xnTnc6GxsFJAADHushBUM4MB8GA1UdIwQY
MBaAFCcyEHjzWdeZAnbauw+MMAcOaFljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnpJUWVQTloxNWtDZHRxN0Q0d3dCdzVvV1dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9lYjI3ZjItZTM2OS00YjA3LThkMWQt
YzM0MzFkMzIwNDA2LzEvQW91djdHZE9kem9iR3dVa0FBTWU2eUVGUXpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9lYjI3ZjItZTM2OS00YjA3LThkMWQtYzM0MzFkMzIwNDA2
LzEvSnpJUWVQTloxNWtDZHRxN0Q0d3dCdzVvV1dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubPXMA0G
CSqGSIb3DQEBCwUAA4IBAQASZMnPGtf1o5+bkZrT0Aiv+AycuplvftqRwsBptQuZ
sXOBP6SOskAFcO1api6LXCRBOweQqPY65+GsDZJ0qgWwWQtGvrNuBUNDhMM8SBS4
8US7J+0VKR451RcHVTstF3b0VAeFUcsf/s5jqNzLLamjiZpOXslGTS96GRSNkIzy
Y92gq1OQDon1QQ796gCQKaAmBlPAvryskQkitqUF8wIHbJnEBnjFxxGbOQDvMjFg
kIx6dTvMTnghjNCN1m39oe6ybpHbehlGkdBz/rypFbeaKH13gr9I27eGJPWlTwQU
myJTanFObl9ZSorMNctnlBTA/EBTvqq2YqBQ/PAva83b
-----END CERTIFICATE-----