Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/kX3pV1qtpinLAmTcGU9S45kMyzU.roa
File:                     kX3pV1qtpinLAmTcGU9S45kMyzU.roa (raw, json)
Hash identifier:          CL//eYZ5Wgv+MwQ77KneINGyUtBzzIO/GUAHo9vbGP4=
Subject key identifier:   91:7D:E9:57:5A:AD:A6:29:CB:02:64:DC:19:4F:52:E3:99:0C:CB:35
Certificate issuer:       /CN=27873afe6330b7ae9ee562e0c988e9fd5ea8f567
Certificate serial:       018F4F53B3B4CDC9DDFB7882EED4323A4E75
Authority key identifier: 27:87:3A:FE:63:30:B7:AE:9E:E5:62:E0:C9:88:E9:FD:5E:A8:F5:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J4c6_mMwt66e5WLgyYjp_V6o9Wc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/kX3pV1qtpinLAmTcGU9S45kMyzU.roa
Signing time:             Mon 06 May 2024 19:13:56 +0000
ROA not before:           Mon 06 May 2024 19:13:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57094
IP address blocks:        141.8.232.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/J4c6_mMwt66e5WLgyYjp_V6o9Wc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/J4c6_mMwt66e5WLgyYjp_V6o9Wc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J4c6_mMwt66e5WLgyYjp_V6o9Wc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4f:53:b3:b4:cd:c9:dd:fb:78:82:ee:d4:32:3a:4e:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27873afe6330b7ae9ee562e0c988e9fd5ea8f567
        Validity
            Not Before: May  6 19:13:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=917de9575aada629cb0264dc194f52e3990ccb35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:83:0c:fb:f1:b7:e9:1b:ce:a0:84:81:60:17:
                    2f:a0:03:c4:9a:a6:c2:02:b2:be:e2:d5:30:cf:6c:
                    1d:78:db:98:6c:58:a5:03:ca:ea:8a:f7:1c:5f:70:
                    eb:29:18:ce:48:1b:0d:bd:9e:e4:a5:b2:ca:8a:f9:
                    6f:c6:e5:eb:8a:09:5a:50:b5:4d:65:de:0e:ff:14:
                    9a:78:61:f9:cd:d4:ca:dc:60:ca:72:42:91:25:d1:
                    e8:95:f7:58:fc:18:8d:a4:5e:13:26:45:57:14:8a:
                    5c:cd:45:56:32:4f:85:04:77:77:8b:df:7b:16:34:
                    04:c4:67:0e:3f:5f:ba:56:f7:74:ad:56:ec:2b:20:
                    4f:74:28:e6:0b:3f:bd:35:11:64:b6:3f:41:40:b2:
                    cd:3f:46:35:7d:68:95:2c:46:c9:d9:a5:05:b5:64:
                    24:82:5b:a6:08:1b:9e:98:a3:4f:1b:1a:1a:a3:95:
                    5d:83:de:3b:1b:15:96:14:70:9f:f3:0f:d0:a0:ff:
                    8c:2c:0f:f8:bd:bd:66:6e:ed:69:5b:ec:e2:af:c1:
                    46:ec:13:09:12:6a:d5:5d:31:92:ff:7f:ce:98:62:
                    a6:16:63:7c:23:69:82:60:9d:97:03:96:20:4b:4d:
                    d7:ad:c1:a0:c8:ab:aa:4e:49:2a:3c:6b:4c:22:50:
                    37:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:7D:E9:57:5A:AD:A6:29:CB:02:64:DC:19:4F:52:E3:99:0C:CB:35
            X509v3 Authority Key Identifier:
                keyid:27:87:3A:FE:63:30:B7:AE:9E:E5:62:E0:C9:88:E9:FD:5E:A8:F5:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J4c6_mMwt66e5WLgyYjp_V6o9Wc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/kX3pV1qtpinLAmTcGU9S45kMyzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/J4c6_mMwt66e5WLgyYjp_V6o9Wc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.8.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:40:a0:74:c8:1d:e7:5c:3b:1b:6f:58:b2:f9:67:c9:51:4d:
         00:01:04:8b:87:23:33:ef:aa:8c:9f:5c:a4:37:b6:c0:2b:72:
         b3:15:e0:96:31:12:8c:3f:1c:a4:b0:9a:7c:82:06:b8:98:21:
         c1:f7:b7:9f:18:10:3d:99:70:0c:e9:20:7b:46:39:f3:64:9a:
         3c:8e:3d:55:7c:a1:82:62:8d:bc:96:3f:a1:8a:86:ff:3d:7d:
         5e:b2:a6:7b:9c:09:46:fd:ac:07:0c:90:1a:be:bc:4d:25:02:
         0a:6e:01:72:02:33:66:2f:1c:81:5e:45:49:31:72:db:41:5b:
         92:ba:8c:b0:5b:5a:28:cc:61:72:5e:3f:0a:4f:75:6d:5a:af:
         37:80:43:8b:f7:30:24:9a:4d:f3:2d:40:f7:ea:8d:fb:74:30:
         74:fa:32:e9:4a:39:84:c4:ee:b6:e0:83:3e:b2:7c:10:6c:c9:
         df:f1:48:78:2e:28:62:ab:3f:d2:e0:2d:23:62:4d:23:37:a6:
         f6:33:4c:22:d9:b0:87:21:3f:85:eb:76:34:a7:ba:19:e4:f1:
         9c:bf:23:1d:37:d4:fb:05:c8:fb:c2:b6:a3:2d:2e:22:62:48:
         8c:0f:96:98:c1:bd:d1:2d:42:bd:b6:3a:92:14:86:39:66:a3:
         44:fb:c1:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9PU7O0zcnd+3iC7tQyOk51MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ODczYWZlNjMzMGI3YWU5ZWU1NjJlMGM5ODhlOWZkNWVh
OGY1NjcwHhcNMjQwNTA2MTkxMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTdkZTk1NzVhYWRhNjI5Y2IwMjY0ZGMxOTRmNTJlMzk5MGNjYjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YMM+/G36RvOoISBYBcvoAPEmqbC
ArK+4tUwz2wdeNuYbFilA8rqivccX3DrKRjOSBsNvZ7kpbLKivlvxuXriglaULVN
Zd4O/xSaeGH5zdTK3GDKckKRJdHolfdY/BiNpF4TJkVXFIpczUVWMk+FBHd3i997
FjQExGcOP1+6Vvd0rVbsKyBPdCjmCz+9NRFktj9BQLLNP0Y1fWiVLEbJ2aUFtWQk
glumCBuemKNPGxoao5Vdg947GxWWFHCf8w/QoP+MLA/4vb1mbu1pW+zir8FG7BMJ
EmrVXTGS/3/OmGKmFmN8I2mCYJ2XA5YgS03XrcGgyKuqTkkqPGtMIlA3mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJF96VdaraYpywJk3BlPUuOZDMs1MB8GA1UdIwQY
MBaAFCeHOv5jMLeunuVi4MmI6f1eqPVnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjRjNl9tTXd0NjZlNVdMZ3lZanBfVjZvOVdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kMzk0MTYtZjQ2YS00ZjgyLWIxZTEt
ZTBkMWY3Y2FjZmYxLzEva1gzcFYxcXRwaW5MQW1UY0dVOVM0NWtNeXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kMzk0MTYtZjQ2YS00ZjgyLWIxZTEtZTBkMWY3Y2FjZmYx
LzEvSjRjNl9tTXd0NjZlNVdMZ3lZanBfVjZvOVdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDjQjoMA0G
CSqGSIb3DQEBCwUAA4IBAQBkQKB0yB3nXDsbb1iy+WfJUU0AAQSLhyMz76qMn1yk
N7bAK3KzFeCWMRKMPxyksJp8gga4mCHB97efGBA9mXAM6SB7RjnzZJo8jj1VfKGC
Yo28lj+hiob/PX1esqZ7nAlG/awHDJAavrxNJQIKbgFyAjNmLxyBXkVJMXLbQVuS
uoywW1oozGFyXj8KT3VtWq83gEOL9zAkmk3zLUD36o37dDB0+jLpSjmExO624IM+
snwQbMnf8Uh4Lihiqz/S4C0jYk0jN6b2M0wi2bCHIT+F63Y0p7oZ5PGcvyMdN9T7
Bcj7wrajLS4iYkiMD5aYwb3RLUK9tjqSFIY5ZqNE+8HY
-----END CERTIFICATE-----