Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/1Up92kLaciflZCGF6thZ6O_2gb4.roa
File:                     1Up92kLaciflZCGF6thZ6O_2gb4.roa (raw, json)
Hash identifier:          MZjlg+hjkFznVUD2gKvbQop6qeX1ypK906BpNhUjgLA=
Subject key identifier:   D5:4A:7D:DA:42:DA:72:27:E5:64:21:85:EA:D8:59:E8:EF:F6:81:BE
Certificate issuer:       /CN=27f5180f9b93ae7573c08a894bd452bd77ce56cd
Certificate serial:       01941F8C344B8337F314C978538B6EF0CDE9
Authority key identifier: 27:F5:18:0F:9B:93:AE:75:73:C0:8A:89:4B:D4:52:BD:77:CE:56:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/1Up92kLaciflZCGF6thZ6O_2gb4.roa
Signing time:             Wed 01 Jan 2025 01:47:49 +0000
ROA not before:           Wed 01 Jan 2025 01:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20546
IP address blocks:        213.189.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:34:4b:83:37:f3:14:c9:78:53:8b:6e:f0:cd:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27f5180f9b93ae7573c08a894bd452bd77ce56cd
        Validity
            Not Before: Jan  1 01:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d54a7dda42da7227e5642185ead859e8eff681be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:36:25:a9:d2:7d:06:15:c1:54:38:68:42:a5:
                    6c:04:d6:2b:a7:59:1e:09:d3:65:ee:16:83:13:cd:
                    fd:be:20:f6:75:71:45:9b:52:d0:58:04:56:1e:62:
                    35:ab:6d:48:4e:19:c3:e1:8b:55:23:f9:bb:25:5e:
                    93:10:24:d2:ef:d2:53:56:c0:f8:fa:79:b1:6a:e7:
                    11:ba:60:84:42:d3:1a:0c:97:cf:d8:d4:6a:33:a2:
                    aa:4a:eb:94:29:38:97:51:3d:41:31:3d:bf:6c:c7:
                    9a:68:1e:91:27:84:e4:0c:85:9b:0a:e4:de:a6:43:
                    78:c6:9c:31:42:6d:95:af:0d:50:4c:af:a5:7d:b4:
                    b8:49:e0:bd:cd:eb:ab:1f:5b:aa:f5:58:3b:35:45:
                    f2:c3:5f:e1:54:8e:e1:b8:d9:6e:bc:27:e7:c7:cf:
                    24:15:da:5e:cc:1c:d9:21:73:35:04:31:95:e5:b2:
                    d2:de:9d:97:99:91:a8:d8:06:b6:4e:fd:98:bb:d5:
                    e1:14:eb:c1:5e:a4:a9:aa:0d:a0:1b:bb:a9:75:8f:
                    12:67:9d:12:d7:b1:ab:f6:00:b7:38:a8:c2:83:9a:
                    8f:d1:2a:ee:d1:f2:3c:ed:22:9f:35:2c:63:ec:c2:
                    68:ea:d4:5a:5a:06:33:6d:ae:51:21:0c:0d:fa:85:
                    f7:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:4A:7D:DA:42:DA:72:27:E5:64:21:85:EA:D8:59:E8:EF:F6:81:BE
            X509v3 Authority Key Identifier:
                keyid:27:F5:18:0F:9B:93:AE:75:73:C0:8A:89:4B:D4:52:BD:77:CE:56:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/1Up92kLaciflZCGF6thZ6O_2gb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.189.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:a9:c0:36:d2:7c:04:ba:00:e8:7f:87:b5:9e:84:e1:21:96:
         7c:59:dd:60:57:3c:10:e4:20:ef:21:c3:26:2f:35:95:79:0e:
         f6:39:25:82:d8:ba:73:43:97:4f:f9:fa:fe:7e:5d:b1:b5:48:
         42:14:6c:cd:04:3d:5d:43:32:c2:2e:09:97:56:44:9d:73:de:
         75:e7:48:e4:0b:27:fe:db:6a:e3:9b:41:08:3d:cd:e0:44:c5:
         c5:e7:9a:8e:e5:d0:54:06:bf:f9:ac:55:bb:aa:18:ba:d1:2b:
         10:81:5b:58:fe:e4:86:da:ac:36:19:f6:8f:bc:b7:46:61:c6:
         4e:dd:bd:dc:a7:cf:ec:21:f6:ee:d5:93:16:40:42:95:94:19:
         1a:8b:cd:e0:e3:ab:04:bd:ad:f7:25:bb:90:3d:cd:0f:a7:e2:
         d1:1a:a9:f2:b0:aa:9b:46:b6:07:6b:8c:cc:48:e6:46:be:77:
         1d:85:66:56:0f:9a:31:12:1c:f4:37:a3:ca:6b:5f:a0:6e:c1:
         78:42:10:4a:99:68:15:e0:8e:13:90:70:e0:53:4d:e9:eb:0a:
         8a:74:d8:eb:a0:c2:0f:c6:59:42:43:45:7c:c2:c2:74:d7:c5:
         d7:cc:49:de:f4:a6:a0:cd:4e:bc:f9:e5:da:9f:54:13:95:67:
         30:79:8b:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjDRLgzfzFMl4U4tu8M3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZjUxODBmOWI5M2FlNzU3M2MwOGE4OTRiZDQ1MmJkNzdj
ZTU2Y2QwHhcNMjUwMTAxMDE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTRhN2RkYTQyZGE3MjI3ZTU2NDIxODVlYWQ4NTllOGVmZjY4MWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzYlqdJ9BhXBVDhoQqVsBNYrp1ke
CdNl7haDE839viD2dXFFm1LQWARWHmI1q21IThnD4YtVI/m7JV6TECTS79JTVsD4
+nmxaucRumCEQtMaDJfP2NRqM6KqSuuUKTiXUT1BMT2/bMeaaB6RJ4TkDIWbCuTe
pkN4xpwxQm2Vrw1QTK+lfbS4SeC9zeurH1uq9Vg7NUXyw1/hVI7huNluvCfnx88k
FdpezBzZIXM1BDGV5bLS3p2XmZGo2Aa2Tv2Yu9XhFOvBXqSpqg2gG7updY8SZ50S
17Gr9gC3OKjCg5qP0Sru0fI87SKfNSxj7MJo6tRaWgYzba5RIQwN+oX3DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVKfdpC2nIn5WQhherYWejv9oG+MB8GA1UdIwQY
MBaAFCf1GA+bk651c8CKiUvUUr13zlbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl9VWUQ1dVRyblZ6d0lxSlM5UlN2WGZPVnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9lMWI4NGItMzlhNi00YWM4LWJlNjMt
MzBmZWUyN2U4NGNiLzEvMVVwOTJrTGFjaWZsWkNHRjZ0aFo2T18yZ2I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9lMWI4NGItMzlhNi00YWM4LWJlNjMtMzBmZWUyN2U4NGNi
LzEvSl9VWUQ1dVRyblZ6d0lxSlM5UlN2WGZPVnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1b2TMA0G
CSqGSIb3DQEBCwUAA4IBAQCVqcA20nwEugDof4e1noThIZZ8Wd1gVzwQ5CDvIcMm
LzWVeQ72OSWC2LpzQ5dP+fr+fl2xtUhCFGzNBD1dQzLCLgmXVkSdc95150jkCyf+
22rjm0EIPc3gRMXF55qO5dBUBr/5rFW7qhi60SsQgVtY/uSG2qw2GfaPvLdGYcZO
3b3cp8/sIfbu1ZMWQEKVlBkai83g46sEva33JbuQPc0Pp+LRGqnysKqbRrYHa4zM
SOZGvncdhWZWD5oxEhz0N6PKa1+gbsF4QhBKmWgV4I4TkHDgU03p6wqKdNjroMIP
xllCQ0V8wsJ018XXzEne9KagzU68+eXan1QTlWcweYtj
-----END CERTIFICATE-----