Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/kCe2YfWM1qtvy_MXcyzQ3-O_x6k.roa
File:                     kCe2YfWM1qtvy_MXcyzQ3-O_x6k.roa (raw, json)
Hash identifier:          YLw2qlSjRcL20D8Y3jRyqBwvbIOpB+tNJZF50vThHzo=
Subject key identifier:   90:27:B6:61:F5:8C:D6:AB:6F:CB:F3:17:73:2C:D0:DF:E3:BF:C7:A9
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018E08D656D19A2BC7D79147C00D952029DB
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/kCe2YfWM1qtvy_MXcyzQ3-O_x6k.roa
Signing time:             Mon 04 Mar 2024 09:40:48 +0000
ROA not before:           Mon 04 Mar 2024 09:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47427
IP address blocks:        80.96.224.0/23 maxlen: 23
                          81.180.90.0/23 maxlen: 23
                          193.231.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:08:d6:56:d1:9a:2b:c7:d7:91:47:c0:0d:95:20:29:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Mar  4 09:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9027b661f58cd6ab6fcbf317732cd0dfe3bfc7a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:c5:c2:4a:b6:c2:07:69:1b:49:c0:13:c1:56:
                    bd:72:ea:ae:c9:a3:e0:ba:30:3e:c6:1a:a0:17:48:
                    ad:43:ad:fa:4b:9e:21:8c:e5:20:4b:14:cd:ef:67:
                    c4:50:ac:bf:61:7b:9a:10:5f:e0:8f:52:49:46:3b:
                    eb:84:37:5d:b2:4c:a8:38:0e:24:12:61:4e:31:5b:
                    39:7f:82:7c:c6:ea:24:88:a5:44:a5:ea:ef:d5:f3:
                    84:3a:5d:ee:d8:f1:8c:67:25:1b:5b:e3:66:9c:ec:
                    0d:5a:bf:a8:ce:3a:45:4a:09:55:73:98:bf:fc:9c:
                    a8:b6:ba:69:76:f6:41:95:eb:99:97:1f:f4:58:e3:
                    dd:ae:13:1b:f9:5b:9a:95:fe:bc:06:45:02:2e:ce:
                    77:e3:27:24:fd:be:cc:06:04:f6:83:0c:bd:44:5d:
                    af:06:1f:e5:2e:91:77:39:a8:41:47:a7:83:3e:a9:
                    e0:ef:6f:5b:f9:0b:9c:f9:77:a7:ff:81:1a:32:90:
                    38:01:73:d0:0a:ad:72:a4:7b:8d:8a:67:94:25:7c:
                    02:52:6b:ff:ca:58:14:02:ad:4f:11:95:d8:a6:a7:
                    71:43:ed:e0:18:d5:5e:0b:26:c8:85:c6:a9:ac:f4:
                    74:eb:e1:47:a8:f2:9a:47:b2:f3:99:1d:0d:de:09:
                    6d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:27:B6:61:F5:8C:D6:AB:6F:CB:F3:17:73:2C:D0:DF:E3:BF:C7:A9
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/kCe2YfWM1qtvy_MXcyzQ3-O_x6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.224.0/23
                  81.180.90.0/23
                  193.231.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:d6:3c:30:62:3b:91:05:ed:ee:bc:05:de:6f:e7:4c:bc:ca:
         c1:9f:f3:0b:51:d3:c0:98:58:99:c8:da:66:33:b8:f5:51:53:
         79:05:c3:01:e3:73:b1:54:4e:50:a5:05:66:23:bd:43:39:18:
         28:93:b9:fc:44:ca:84:7e:22:c6:74:be:bf:e1:09:05:21:f8:
         28:14:fc:2c:e6:2a:52:f5:99:dc:2e:0d:20:20:51:aa:be:6d:
         aa:1a:fc:d8:8b:22:6b:1e:d6:ea:ab:99:4a:19:f6:7b:80:2b:
         da:05:3f:ce:dc:be:db:62:8f:b3:b5:55:28:78:d8:3d:a9:7a:
         ed:8b:42:ef:2e:93:f1:63:a6:40:a5:de:2d:43:f7:bf:6c:41:
         2f:ff:e1:ad:9d:66:21:90:08:e6:4d:14:a4:c3:b3:c4:72:6c:
         83:f3:5b:15:6d:5e:8a:70:82:7b:ae:2c:73:c6:78:73:a3:3b:
         32:ef:5e:9c:00:10:fa:94:24:8e:0a:cd:82:34:df:87:7c:e3:
         eb:af:fd:53:71:f0:2c:fe:59:69:8f:1d:e8:52:dc:02:7a:14:
         bb:c1:14:6f:1c:ab:19:31:81:f3:5f:51:b5:eb:43:c2:0c:4d:
         41:0a:2b:a6:30:f3:ea:ea:0e:e2:00:74:d2:2e:d0:1b:5b:4a:
         8a:ec:00:35
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY4I1lbRmivH15FHwA2VICnbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMzA0MDk0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDI3YjY2MWY1OGNkNmFiNmZjYmYzMTc3MzJjZDBkZmUzYmZjN2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68XCSrbCB2kbScATwVa9cuquyaPg
ujA+xhqgF0itQ636S54hjOUgSxTN72fEUKy/YXuaEF/gj1JJRjvrhDddskyoOA4k
EmFOMVs5f4J8xuokiKVEperv1fOEOl3u2PGMZyUbW+NmnOwNWr+ozjpFSglVc5i/
/JyotrppdvZBleuZlx/0WOPdrhMb+Vualf68BkUCLs534yck/b7MBgT2gwy9RF2v
Bh/lLpF3OahBR6eDPqng729b+Quc+Xen/4EaMpA4AXPQCq1ypHuNimeUJXwCUmv/
ylgUAq1PEZXYpqdxQ+3gGNVeCybIhcaprPR06+FHqPKaR7LzmR0N3gltSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJAntmH1jNarb8vzF3Ms0N/jv8epMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEva0NlMllmV00xcXR2eV9NWGN5elEzLU9feDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUGDgAwQB
UbRaAwQAwedNMA0GCSqGSIb3DQEBCwUAA4IBAQBb1jwwYjuRBe3uvAXeb+dMvMrB
n/MLUdPAmFiZyNpmM7j1UVN5BcMB43OxVE5QpQVmI71DORgok7n8RMqEfiLGdL6/
4QkFIfgoFPws5ipS9ZncLg0gIFGqvm2qGvzYiyJrHtbqq5lKGfZ7gCvaBT/O3L7b
Yo+ztVUoeNg9qXrti0LvLpPxY6ZApd4tQ/e/bEEv/+GtnWYhkAjmTRSkw7PEcmyD
81sVbV6KcIJ7rixzxnhzozsy716cABD6lCSOCs2CNN+HfOPrr/1TcfAs/llpjx3o
UtwCehS7wRRvHKsZMYHzX1G160PCDE1BCiumMPPq6g7iAHTSLtAbW0qK7AA1
-----END CERTIFICATE-----