Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/J3pPVUQlHWV4i2sGDNVuIScYXYY.roa
File:                     J3pPVUQlHWV4i2sGDNVuIScYXYY.roa (raw, json)
Hash identifier:          8YZ2laUwYoH4hDuW9N553XruowVoDx6PqH0sqO7ym1M=
Subject key identifier:   27:7A:4F:55:44:25:1D:65:78:8B:6B:06:0C:D5:6E:21:27:18:5D:86
Certificate issuer:       /CN=827af17f0499627e4b3c8cc5c333ec4b8e7635e0
Certificate serial:       018CC79505C7A991E1C845D262A8C2B17659
Authority key identifier: 82:7A:F1:7F:04:99:62:7E:4B:3C:8C:C5:C3:33:EC:4B:8E:76:35:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnrxfwSZYn5LPIzFwzPsS452NeA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/J3pPVUQlHWV4i2sGDNVuIScYXYY.roa
Signing time:             Tue 02 Jan 2024 00:31:21 +0000
ROA not before:           Tue 02 Jan 2024 00:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.195.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/gnrxfwSZYn5LPIzFwzPsS452NeA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/gnrxfwSZYn5LPIzFwzPsS452NeA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnrxfwSZYn5LPIzFwzPsS452NeA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 18:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:05:c7:a9:91:e1:c8:45:d2:62:a8:c2:b1:76:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827af17f0499627e4b3c8cc5c333ec4b8e7635e0
        Validity
            Not Before: Jan  2 00:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=277a4f5544251d65788b6b060cd56e2127185d86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0a:05:74:7b:63:29:cd:b3:ae:32:eb:29:c4:
                    5c:26:34:4e:d0:c9:05:08:5c:2d:6d:e9:cf:49:c3:
                    b5:31:e2:d4:c2:7c:08:67:d0:c3:d5:a7:ce:52:56:
                    87:40:a6:1a:d9:50:45:3b:de:4a:be:01:e2:53:d9:
                    a5:25:47:de:03:11:77:29:2b:62:49:05:3e:9d:63:
                    c7:b9:55:e9:fb:44:c3:07:ee:bf:9d:01:4e:55:e5:
                    47:3b:52:f8:ab:e3:3a:0e:1f:14:22:e8:be:08:e6:
                    f7:8d:2b:fe:84:26:e6:b0:96:87:78:57:62:2d:96:
                    ab:8f:be:ed:37:1f:73:38:fe:45:5b:16:07:7d:a7:
                    8f:43:1c:89:ad:3e:3f:aa:d5:c2:52:fd:de:09:43:
                    45:73:36:93:2b:1e:69:d5:70:58:68:f4:8e:37:9b:
                    1c:c4:e5:1c:eb:6d:c8:c7:18:28:f7:6a:da:7f:c1:
                    25:82:87:10:ed:43:47:17:aa:c3:cb:90:3e:7b:9d:
                    88:22:2d:70:67:a1:ff:df:8a:d7:69:08:37:f8:e9:
                    3d:31:65:6e:19:0f:1a:d2:5d:8f:7e:32:5d:1b:0c:
                    eb:b3:09:52:3d:d4:1c:ad:ec:ed:0e:5f:60:64:71:
                    3b:e2:eb:09:53:26:28:c5:da:33:af:b2:85:f9:16:
                    12:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:7A:4F:55:44:25:1D:65:78:8B:6B:06:0C:D5:6E:21:27:18:5D:86
            X509v3 Authority Key Identifier:
                keyid:82:7A:F1:7F:04:99:62:7E:4B:3C:8C:C5:C3:33:EC:4B:8E:76:35:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnrxfwSZYn5LPIzFwzPsS452NeA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/J3pPVUQlHWV4i2sGDNVuIScYXYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c2ae3d-98b4-446f-ab28-7313c7f3ca3f/1/gnrxfwSZYn5LPIzFwzPsS452NeA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:e3:85:52:0e:1c:31:ac:3e:c9:bd:5a:2f:6e:ee:40:51:fa:
         f5:1a:26:24:7b:7e:83:ce:aa:a6:ba:df:23:6a:cc:68:62:09:
         06:00:f6:50:d8:f2:60:1c:b5:5b:95:db:00:ed:85:fb:03:c4:
         f0:94:74:2b:62:83:a5:b0:21:78:05:4d:39:84:2e:8c:b1:1a:
         99:4c:54:7c:29:56:04:06:8c:be:e5:2a:1f:82:7f:2b:69:45:
         c1:7a:1b:89:d5:d1:21:49:9d:e4:94:7e:bf:23:e9:c9:88:7f:
         59:03:81:f0:04:2f:d7:a1:15:0a:18:d1:22:44:0c:cc:c8:c7:
         50:2e:59:f2:db:3c:cc:7b:16:c0:12:51:4d:ae:3f:a3:87:d2:
         cd:84:89:34:90:e8:69:3d:04:45:85:40:35:6a:10:f2:a6:8b:
         fd:4a:0f:be:e2:57:51:43:db:aa:47:bf:61:83:36:27:af:dc:
         4c:f7:de:24:74:e3:e2:5c:a1:fc:2a:c5:ba:05:a8:bc:bb:3c:
         51:80:38:9c:e6:39:60:db:55:16:80:ff:8b:54:45:ef:e6:d4:
         d5:71:4c:b3:fc:81:e0:34:92:8b:d3:1f:7b:20:b1:19:b8:f7:
         6d:10:b9:a9:b3:db:f8:16:13:20:c1:da:85:6d:77:9f:d0:cc:
         88:dc:93:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlQXHqZHhyEXSYqjCsXZZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyN2FmMTdmMDQ5OTYyN2U0YjNjOGNjNWMzMzNlYzRiOGU3
NjM1ZTAwHhcNMjQwMTAyMDAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzdhNGY1NTQ0MjUxZDY1Nzg4YjZiMDYwY2Q1NmUyMTI3MTg1ZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAoFdHtjKc2zrjLrKcRcJjRO0MkF
CFwtbenPScO1MeLUwnwIZ9DD1afOUlaHQKYa2VBFO95KvgHiU9mlJUfeAxF3KSti
SQU+nWPHuVXp+0TDB+6/nQFOVeVHO1L4q+M6Dh8UIui+COb3jSv+hCbmsJaHeFdi
LZarj77tNx9zOP5FWxYHfaePQxyJrT4/qtXCUv3eCUNFczaTKx5p1XBYaPSON5sc
xOUc623Ixxgo92raf8ElgocQ7UNHF6rDy5A+e52IIi1wZ6H/34rXaQg3+Ok9MWVu
GQ8a0l2PfjJdGwzrswlSPdQcreztDl9gZHE74usJUyYoxdozr7KF+RYSTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCd6T1VEJR1leItrBgzVbiEnGF2GMB8GA1UdIwQY
MBaAFIJ68X8EmWJ+SzyMxcMz7EuOdjXgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25yeGZ3U1pZbjVMUEl6Rnd6UHNTNDUyTmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jMmFlM2QtOThiNC00NDZmLWFiMjgt
NzMxM2M3ZjNjYTNmLzEvSjNwUFZVUWxIV1Y0aTJzR0ROVnVJU2NZWFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jMmFlM2QtOThiNC00NDZmLWFiMjgtNzMxM2M3ZjNjYTNm
LzEvZ25yeGZ3U1pZbjVMUEl6Rnd6UHNTNDUyTmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucMAMA0G
CSqGSIb3DQEBCwUAA4IBAQCK44VSDhwxrD7JvVovbu5AUfr1GiYke36Dzqqmut8j
asxoYgkGAPZQ2PJgHLVbldsA7YX7A8TwlHQrYoOlsCF4BU05hC6MsRqZTFR8KVYE
Boy+5Sofgn8raUXBehuJ1dEhSZ3klH6/I+nJiH9ZA4HwBC/XoRUKGNEiRAzMyMdQ
Llny2zzMexbAElFNrj+jh9LNhIk0kOhpPQRFhUA1ahDypov9Sg++4ldRQ9uqR79h
gzYnr9xM994kdOPiXKH8KsW6Bai8uzxRgDic5jlg21UWgP+LVEXv5tTVcUyz/IHg
NJKL0x97ILEZuPdtELmps9v4FhMgwdqFbXef0MyI3JOY
-----END CERTIFICATE-----