Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/1b19d1-1dd7-4c45-bef9-335882db9a25/1/27OstEMkFz6z8oCspY9UEpTgDCI.roa
File:                     27OstEMkFz6z8oCspY9UEpTgDCI.roa (raw, json)
Hash identifier:          lDFDHelXei1RQWdM96bxB8eJAkvqOPb886jPNWfOo/U=
Subject key identifier:   DB:B3:AC:B4:43:24:17:3E:B3:F2:80:AC:A5:8F:54:12:94:E0:0C:22
Certificate issuer:       /CN=af3adce3664bf0e7f688ff4122551734c4d14756
Certificate serial:       0197E5761DEB5C52F6C4F47232B1168C306B
Authority key identifier: AF:3A:DC:E3:66:4B:F0:E7:F6:88:FF:41:22:55:17:34:C4:D1:47:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rzrc42ZL8Of2iP9BIlUXNMTRR1Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/1b19d1-1dd7-4c45-bef9-335882db9a25/1/27OstEMkFz6z8oCspY9UEpTgDCI.roa
Signing time:             Mon 07 Jul 2025 15:16:52 +0000
ROA not before:           Mon 07 Jul 2025 15:16:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213967
IP address blocks:        69.5.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/1b19d1-1dd7-4c45-bef9-335882db9a25/1/rzrc42ZL8Of2iP9BIlUXNMTRR1Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/1b19d1-1dd7-4c45-bef9-335882db9a25/1/rzrc42ZL8Of2iP9BIlUXNMTRR1Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rzrc42ZL8Of2iP9BIlUXNMTRR1Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e5:76:1d:eb:5c:52:f6:c4:f4:72:32:b1:16:8c:30:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af3adce3664bf0e7f688ff4122551734c4d14756
        Validity
            Not Before: Jul  7 15:16:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbb3acb44324173eb3f280aca58f541294e00c22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1b:be:93:b4:15:ee:ea:8c:69:e3:6b:da:c2:
                    56:bc:d3:97:8a:18:55:28:e9:1c:eb:63:10:fb:7b:
                    7f:30:d3:40:76:9e:15:e8:0d:50:77:b5:a3:d3:6e:
                    44:a1:4a:ef:34:d9:e4:8b:36:cd:e3:23:e6:6f:4d:
                    5e:9c:51:bd:ee:4a:95:f9:e6:d8:e7:12:bb:16:83:
                    0d:0e:f1:c0:98:14:91:07:51:29:d3:c7:22:59:8c:
                    bf:01:3f:6a:84:92:3a:a7:d9:49:4f:eb:05:de:e8:
                    e4:a3:0a:98:ba:0b:24:62:d9:67:6e:d2:0b:97:47:
                    b7:0e:59:d1:ba:65:68:e4:c9:9a:8f:9b:c3:cf:0c:
                    a5:e2:90:74:30:e5:40:d4:b1:27:9f:b3:99:25:ae:
                    66:1e:10:a7:23:25:50:ea:cf:02:68:22:f8:07:25:
                    19:a2:1b:8c:fc:13:de:0c:09:b9:06:78:b7:64:e9:
                    4d:12:b2:45:be:87:d2:96:26:92:62:64:dc:9d:b6:
                    a2:6c:a7:2d:69:ba:68:0e:87:b2:05:af:d7:04:70:
                    f5:87:fc:ff:4c:f6:50:40:88:7f:9b:04:67:3a:74:
                    35:82:db:3a:4a:19:bc:11:9e:c9:d7:25:20:ed:1b:
                    bb:50:84:d7:da:33:a9:1c:87:92:c5:6e:75:1a:46:
                    f8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:B3:AC:B4:43:24:17:3E:B3:F2:80:AC:A5:8F:54:12:94:E0:0C:22
            X509v3 Authority Key Identifier:
                keyid:AF:3A:DC:E3:66:4B:F0:E7:F6:88:FF:41:22:55:17:34:C4:D1:47:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rzrc42ZL8Of2iP9BIlUXNMTRR1Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/1b19d1-1dd7-4c45-bef9-335882db9a25/1/27OstEMkFz6z8oCspY9UEpTgDCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/1b19d1-1dd7-4c45-bef9-335882db9a25/1/rzrc42ZL8Of2iP9BIlUXNMTRR1Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.5.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:22:33:31:b1:00:c1:62:01:cb:93:af:a4:f3:b3:17:70:94:
         c5:03:8b:e1:27:0e:7c:6c:fa:84:39:9b:35:62:ad:0f:fb:6f:
         d6:12:92:b4:35:86:d3:8c:15:e2:d5:d5:88:9d:59:59:71:e4:
         9c:38:a2:fc:1d:15:5c:93:9f:c9:8d:3b:57:48:22:7d:d6:f2:
         1e:fd:71:79:74:d5:39:1a:02:b1:20:cb:41:2c:dd:22:6e:4d:
         24:8a:67:4c:da:42:0e:c3:10:58:95:1b:3b:50:4f:6f:4c:f5:
         28:56:2e:e4:18:50:5f:1b:30:e3:6e:e4:4f:55:d9:e8:dd:93:
         45:72:a2:07:37:ad:37:7e:c4:e6:02:d0:c8:05:38:4a:b9:ae:
         9d:64:bc:3a:98:ea:4e:a5:de:a0:a8:6c:08:71:c9:60:b1:1f:
         01:ab:32:c7:da:46:1a:a3:e8:82:f3:de:23:8a:b1:5f:f3:0a:
         f5:b4:c4:ab:ce:b6:b1:53:54:f8:c6:eb:95:f8:72:7a:3d:9a:
         8e:ea:78:13:e8:a1:c1:14:34:6d:e0:25:13:1f:e6:ef:c5:07:
         89:6c:c2:f7:df:a4:cd:1f:38:d7:83:86:22:1e:32:83:aa:65:
         f6:a5:5a:84:6a:1a:ff:fa:51:e5:99:a4:c2:68:2b:93:82:31:
         c8:62:af:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfldh3rXFL2xPRyMrEWjDBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmM2FkY2UzNjY0YmYwZTdmNjg4ZmY0MTIyNTUxNzM0YzRk
MTQ3NTYwHhcNMjUwNzA3MTUxNjUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmIzYWNiNDQzMjQxNzNlYjNmMjgwYWNhNThmNTQxMjk0ZTAwYzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhu+k7QV7uqMaeNr2sJWvNOXihhV
KOkc62MQ+3t/MNNAdp4V6A1Qd7Wj025EoUrvNNnkizbN4yPmb01enFG97kqV+ebY
5xK7FoMNDvHAmBSRB1Ep08ciWYy/AT9qhJI6p9lJT+sF3ujkowqYugskYtlnbtIL
l0e3DlnRumVo5Mmaj5vDzwyl4pB0MOVA1LEnn7OZJa5mHhCnIyVQ6s8CaCL4ByUZ
ohuM/BPeDAm5Bni3ZOlNErJFvofSliaSYmTcnbaibKctabpoDoeyBa/XBHD1h/z/
TPZQQIh/mwRnOnQ1gts6Shm8EZ7J1yUg7Ru7UITX2jOpHIeSxW51Gkb4AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNuzrLRDJBc+s/KArKWPVBKU4AwiMB8GA1UdIwQY
MBaAFK863ONmS/Dn9oj/QSJVFzTE0UdWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnpyYzQyWkw4T2YyaVA5QklsVVhOTVRSUjFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8xYjE5ZDEtMWRkNy00YzQ1LWJlZjkt
MzM1ODgyZGI5YTI1LzEvMjdPc3RFTWtGejZ6OG9Dc3BZOVVFcFRnRENJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8xYjE5ZDEtMWRkNy00YzQ1LWJlZjktMzM1ODgyZGI5YTI1
LzEvcnpyYzQyWkw4T2YyaVA5QklsVVhOTVRSUjFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQARQW4MA0G
CSqGSIb3DQEBCwUAA4IBAQAYIjMxsQDBYgHLk6+k87MXcJTFA4vhJw58bPqEOZs1
Yq0P+2/WEpK0NYbTjBXi1dWInVlZceScOKL8HRVck5/JjTtXSCJ91vIe/XF5dNU5
GgKxIMtBLN0ibk0kimdM2kIOwxBYlRs7UE9vTPUoVi7kGFBfGzDjbuRPVdno3ZNF
cqIHN603fsTmAtDIBThKua6dZLw6mOpOpd6gqGwIcclgsR8BqzLH2kYao+iC894j
irFf8wr1tMSrzraxU1T4xuuV+HJ6PZqO6ngT6KHBFDRt4CUTH+bvxQeJbML336TN
HzjXg4YiHjKDqmX2pVqEahr/+lHlmaTCaCuTgjHIYq8U
-----END CERTIFICATE-----