Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/ZkodGyek0vEzRhdsNiSax4QB7F4.roa
File:                     ZkodGyek0vEzRhdsNiSax4QB7F4.roa (raw, json)
Hash identifier:          u+ILs42jkd9ncccCrikX8nnWXVY57a1KnEqm+sP44CU=
Subject key identifier:   66:4A:1D:1B:27:A4:D2:F1:33:46:17:6C:36:24:9A:C7:84:01:EC:5E
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       01920931C3C60C55F140B841359EDBFF53E6
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/ZkodGyek0vEzRhdsNiSax4QB7F4.roa
Signing time:             Thu 19 Sep 2024 07:31:49 +0000
ROA not before:           Thu 19 Sep 2024 07:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215029
IP address blocks:        46.27.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:09:31:c3:c6:0c:55:f1:40:b8:41:35:9e:db:ff:53:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Sep 19 07:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=664a1d1b27a4d2f13346176c36249ac78401ec5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:62:ff:ab:03:68:55:c0:2e:99:c5:89:10:fb:
                    15:93:27:fe:7a:35:82:5b:c6:bc:db:03:31:68:c3:
                    50:e1:b0:8e:8b:e7:81:c6:c2:44:a9:65:db:ad:fc:
                    1c:a7:57:f6:2d:ed:88:74:b9:eb:b0:7b:81:6c:69:
                    9b:aa:78:ed:7c:63:40:cd:d6:cf:e9:9a:92:da:1f:
                    18:13:fe:48:98:df:d4:4d:48:23:f1:df:bc:6b:50:
                    05:ae:b6:b8:49:56:2f:0a:64:60:fd:b4:a3:73:ac:
                    15:23:92:c2:9f:97:13:bc:c6:c3:a0:4e:af:89:25:
                    45:67:43:8e:80:37:2b:62:d8:6a:c9:9a:ce:1a:cb:
                    8e:79:25:76:a1:8b:4c:a9:bf:6d:4f:26:ce:3a:a3:
                    a1:cd:45:40:45:d7:a4:59:62:b6:b7:d8:6e:20:12:
                    46:f2:fa:e6:e8:69:fe:ea:7a:e7:b0:16:a4:2a:53:
                    0c:a5:65:b8:2a:c5:74:93:df:70:93:3c:53:e3:d6:
                    27:c2:92:41:f0:38:d3:18:0c:fd:00:49:31:05:a5:
                    a8:3d:68:42:cc:90:c9:84:9e:2f:54:8f:30:4f:97:
                    be:d6:31:eb:97:a0:d8:d3:55:f9:16:44:9e:f2:93:
                    02:87:b1:30:19:b7:1b:1d:0f:80:6c:99:05:e2:4e:
                    56:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:4A:1D:1B:27:A4:D2:F1:33:46:17:6C:36:24:9A:C7:84:01:EC:5E
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/ZkodGyek0vEzRhdsNiSax4QB7F4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.27.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:3e:f6:f5:53:5d:97:ba:ae:9d:f8:3c:ba:e4:e5:f6:ae:36:
         b0:f8:90:c8:65:12:55:b9:6c:54:de:ac:9c:14:fd:2c:80:15:
         b9:de:8d:8f:cf:ef:50:c0:05:43:92:62:f1:24:c7:ec:c5:c0:
         46:ff:d1:40:38:ed:21:77:fe:30:24:69:6d:05:22:72:7e:57:
         8d:9b:58:17:9d:36:76:1c:e2:8c:02:1e:22:75:b6:7f:3c:7c:
         89:b3:b0:72:86:5c:22:9d:ff:f7:3f:a0:ad:de:79:62:12:7e:
         b4:19:c3:a2:8e:4b:0b:52:74:5e:f4:c4:47:40:1d:54:9a:0a:
         5f:fc:c3:4c:a8:9d:2e:f2:e1:26:cb:2f:56:c0:35:e7:36:1f:
         25:b2:77:fb:38:b8:78:16:1d:a0:d6:e1:0b:e8:59:93:25:f6:
         08:3c:f6:93:62:a5:05:33:1e:89:eb:89:b1:24:36:68:30:c8:
         98:9c:e8:a2:50:7e:fa:f2:43:15:c6:76:42:57:38:0b:83:21:
         f8:bf:7a:ad:f7:e8:01:3b:1d:0b:cf:d4:d1:e9:57:1c:ec:fc:
         7f:7a:61:54:80:10:69:71:50:3d:f3:94:aa:8d:e0:ff:c1:f2:
         2b:7e:f9:b5:56:da:a0:f6:08:c6:98:b8:84:d6:d2:4c:e3:de:
         cb:98:69:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIJMcPGDFXxQLhBNZ7b/1PmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjQwOTE5MDczMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjRhMWQxYjI3YTRkMmYxMzM0NjE3NmMzNjI0OWFjNzg0MDFlYzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2L/qwNoVcAumcWJEPsVkyf+ejWC
W8a82wMxaMNQ4bCOi+eBxsJEqWXbrfwcp1f2Le2IdLnrsHuBbGmbqnjtfGNAzdbP
6ZqS2h8YE/5ImN/UTUgj8d+8a1AFrra4SVYvCmRg/bSjc6wVI5LCn5cTvMbDoE6v
iSVFZ0OOgDcrYthqyZrOGsuOeSV2oYtMqb9tTybOOqOhzUVARdekWWK2t9huIBJG
8vrm6Gn+6nrnsBakKlMMpWW4KsV0k99wkzxT49YnwpJB8DjTGAz9AEkxBaWoPWhC
zJDJhJ4vVI8wT5e+1jHrl6DY01X5FkSe8pMCh7EwGbcbHQ+AbJkF4k5WBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZKHRsnpNLxM0YXbDYkmseEAexeMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvWmtvZEd5ZWswdkV6Umhkc05pU2F4NFFCN0Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhvDMA0G
CSqGSIb3DQEBCwUAA4IBAQAbPvb1U12Xuq6d+Dy65OX2rjaw+JDIZRJVuWxU3qyc
FP0sgBW53o2Pz+9QwAVDkmLxJMfsxcBG/9FAOO0hd/4wJGltBSJyfleNm1gXnTZ2
HOKMAh4idbZ/PHyJs7Byhlwinf/3P6Ct3nliEn60GcOijksLUnRe9MRHQB1Umgpf
/MNMqJ0u8uEmyy9WwDXnNh8lsnf7OLh4Fh2g1uEL6FmTJfYIPPaTYqUFMx6J64mx
JDZoMMiYnOiiUH768kMVxnZCVzgLgyH4v3qt9+gBOx0Lz9TR6Vcc7Px/emFUgBBp
cVA985SqjeD/wfIrfvm1Vtqg9gjGmLiE1tJM497LmGn6
-----END CERTIFICATE-----