Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/J_T7zSn_2TEGNeAK-Jlqn_aOXXA.roa
File:                     J_T7zSn_2TEGNeAK-Jlqn_aOXXA.roa (raw, json)
Hash identifier:          s4cN7/YJkEYdpkAgLoAvsaHUMa8Gnw2/qhoQFH15f94=
Subject key identifier:   27:F4:FB:CD:29:FF:D9:31:06:35:E0:0A:F8:99:6A:9F:F6:8E:5D:70
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       018ED20688E92CFBEC383825B7A97BC71682
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/J_T7zSn_2TEGNeAK-Jlqn_aOXXA.roa
Signing time:             Fri 12 Apr 2024 11:17:07 +0000
ROA not before:           Fri 12 Apr 2024 11:17:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149457
IP address blocks:        185.202.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:06:88:e9:2c:fb:ec:38:38:25:b7:a9:7b:c7:16:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Apr 12 11:17:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27f4fbcd29ffd9310635e00af8996a9ff68e5d70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4f:48:e0:b3:1f:b7:3d:af:b5:2c:27:d0:08:
                    c3:fc:83:1f:c0:fe:05:c9:9d:88:a8:16:51:ae:2d:
                    42:2d:48:df:a3:d6:6d:d8:0b:71:fb:ca:02:35:42:
                    fa:05:32:7a:95:c1:26:7d:05:3b:0f:37:b1:56:16:
                    cc:52:9d:77:c0:19:cf:16:06:4f:b4:98:f5:ae:3d:
                    0c:b6:1c:2f:28:9f:99:19:73:db:f4:96:25:41:eb:
                    ff:84:1b:96:c9:08:ce:f9:a8:ba:9a:3e:ef:1b:0e:
                    f0:0b:0b:4a:b7:d2:03:17:1d:38:a9:e5:4c:eb:08:
                    63:a5:23:f3:15:97:67:16:a8:74:e5:20:fe:7f:ea:
                    64:5b:82:02:ba:96:b6:91:0c:e9:da:98:0e:61:ea:
                    8b:2e:98:98:05:68:d8:db:65:8a:18:f8:f9:57:38:
                    4f:eb:f9:e4:74:c4:2a:56:11:7e:50:67:2c:39:de:
                    04:fe:c2:9d:24:ce:1f:9d:90:75:ca:4e:a4:3f:04:
                    27:87:cb:a8:23:be:5d:7b:30:2a:0d:45:35:64:69:
                    ec:ee:4b:78:13:22:44:20:11:4f:4f:13:0d:62:90:
                    5b:b3:e4:99:dd:f1:14:1c:40:be:00:78:e7:5f:cf:
                    01:2b:6e:f4:34:a6:96:ab:dc:24:c5:2c:8b:51:dc:
                    37:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:F4:FB:CD:29:FF:D9:31:06:35:E0:0A:F8:99:6A:9F:F6:8E:5D:70
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/J_T7zSn_2TEGNeAK-Jlqn_aOXXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:c9:5c:17:b6:01:29:52:2e:f7:db:7b:f5:68:00:6e:a9:a1:
         62:64:42:11:06:fc:ae:95:a3:1c:4d:80:77:0a:3b:16:a4:4e:
         c6:d8:4b:c4:23:24:00:9c:20:27:f7:04:8d:0d:cd:ab:04:7f:
         ac:05:f2:8e:d6:32:93:9c:9a:48:44:a0:82:6d:d8:d9:34:a0:
         ac:f2:55:c1:18:4c:79:a1:05:cc:38:3e:5a:0a:e7:74:fc:1b:
         32:b5:4e:0f:a5:32:9b:bb:2b:35:d8:0b:8b:d3:62:3f:7e:9b:
         7f:f2:6a:af:7f:98:93:a8:db:12:2d:1b:75:6e:19:6d:2a:ba:
         65:29:b2:bd:50:ae:7f:aa:98:9b:67:60:fe:bc:33:72:67:4d:
         a4:db:ae:b5:8c:46:36:25:ec:0c:75:ee:7e:c5:46:d1:a7:eb:
         3a:97:5b:a2:56:78:23:00:fd:3e:dd:ce:06:1a:4a:eb:0d:26:
         c4:0b:d6:d2:18:b9:12:03:36:9e:0e:93:1e:cd:fc:86:ce:60:
         3e:20:f7:c6:a0:cf:af:84:15:4c:2f:fc:a1:69:ca:d5:3f:98:
         fb:a4:18:3f:66:8a:7a:75:6e:90:ad:7a:83:39:48:6c:94:6b:
         1c:64:d4:08:df:2e:93:c2:b6:a3:52:d6:b8:a3:e1:05:e9:9c:
         c3:79:cf:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7SBojpLPvsODglt6l7xxaCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQwNDEyMTExNzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2Y0ZmJjZDI5ZmZkOTMxMDYzNWUwMGFmODk5NmE5ZmY2OGU1ZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArE9I4LMftz2vtSwn0AjD/IMfwP4F
yZ2IqBZRri1CLUjfo9Zt2Atx+8oCNUL6BTJ6lcEmfQU7DzexVhbMUp13wBnPFgZP
tJj1rj0MthwvKJ+ZGXPb9JYlQev/hBuWyQjO+ai6mj7vGw7wCwtKt9IDFx04qeVM
6whjpSPzFZdnFqh05SD+f+pkW4ICupa2kQzp2pgOYeqLLpiYBWjY22WKGPj5VzhP
6/nkdMQqVhF+UGcsOd4E/sKdJM4fnZB1yk6kPwQnh8uoI75dezAqDUU1ZGns7kt4
EyJEIBFPTxMNYpBbs+SZ3fEUHEC+AHjnX88BK270NKaWq9wkxSyLUdw3XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCf0+80p/9kxBjXgCviZap/2jl1wMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvSl9UN3pTbl8yVEVHTmVBSy1KbHFuX2FPWFhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucpmMA0G
CSqGSIb3DQEBCwUAA4IBAQB/yVwXtgEpUi7323v1aABuqaFiZEIRBvyulaMcTYB3
CjsWpE7G2EvEIyQAnCAn9wSNDc2rBH+sBfKO1jKTnJpIRKCCbdjZNKCs8lXBGEx5
oQXMOD5aCud0/BsytU4PpTKbuys12AuL02I/fpt/8mqvf5iTqNsSLRt1bhltKrpl
KbK9UK5/qpibZ2D+vDNyZ02k2661jEY2JewMde5+xUbRp+s6l1uiVngjAP0+3c4G
GkrrDSbEC9bSGLkSAzaeDpMezfyGzmA+IPfGoM+vhBVML/yhacrVP5j7pBg/Zop6
dW6QrXqDOUhslGscZNQI3y6TwrajUta4o+EF6ZzDec8V
-----END CERTIFICATE-----