Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/N95SjD9jaTMzN3i0kRDtPRPjEes.roa
File:                     N95SjD9jaTMzN3i0kRDtPRPjEes.roa (raw, json)
Hash identifier:          JIYeWSh4NX8SK1c+Gvd6/hm/hW3f4xL03mxmhqbLCUU=
Subject key identifier:   37:DE:52:8C:3F:63:69:33:33:37:78:B4:91:10:ED:3D:13:E3:11:EB
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93F671B0229F68A9239C4475649C5
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/N95SjD9jaTMzN3i0kRDtPRPjEes.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200900
IP address blocks:        195.184.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3f:67:1b:02:29:f6:8a:92:39:c4:47:56:49:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37de528c3f636933333778b49110ed3d13e311eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c1:15:4d:8f:3d:25:a0:74:da:c4:20:06:f3:
                    69:4e:df:68:49:7c:b1:a2:87:ae:30:54:d0:71:45:
                    08:91:22:5f:b7:75:8e:be:c0:18:5b:4f:ce:cd:c1:
                    0c:66:41:ea:64:da:b5:77:28:45:fb:6f:d1:b0:d4:
                    3f:5c:5e:9c:0a:8b:cb:80:2e:da:ed:48:7e:2d:95:
                    2d:4e:1d:98:57:b3:92:0f:b9:c0:9a:5b:14:fc:cb:
                    0b:cf:10:25:7c:f1:c4:d0:cc:e9:85:67:d3:3b:2f:
                    a6:6a:88:6b:1d:1d:47:5c:e1:f8:96:bd:bd:ec:93:
                    3e:d4:8d:f7:5b:1f:96:17:1f:21:d2:18:32:f9:36:
                    25:ee:7a:5a:36:48:65:a9:fe:55:61:10:27:f4:61:
                    b2:88:cb:82:39:37:86:d2:50:06:cc:53:e7:c5:6f:
                    7e:eb:fd:11:72:a0:9d:d4:ab:5c:a5:b8:3e:69:88:
                    bb:3f:e9:62:72:5b:f7:23:5f:3b:32:1e:c4:40:0c:
                    1f:17:e5:f5:10:80:d8:5d:c2:3b:14:c6:91:27:72:
                    87:b3:9a:1f:a6:d4:dc:38:4b:59:94:b1:81:43:41:
                    de:b7:73:01:12:b4:3e:71:47:8d:cc:ea:9d:83:a0:
                    60:0c:6e:5b:71:fa:43:bb:3d:a4:0e:16:48:3e:b7:
                    5b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:DE:52:8C:3F:63:69:33:33:37:78:B4:91:10:ED:3D:13:E3:11:EB
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/N95SjD9jaTMzN3i0kRDtPRPjEes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:68:f3:b5:cc:5e:18:38:ab:1e:1d:96:57:66:72:3f:64:ad:
         fa:4b:a2:74:55:89:ab:1d:e4:86:7f:a4:3d:1e:dd:f8:68:92:
         e5:67:b3:ee:a7:fa:06:71:01:2b:08:f1:08:41:c3:b3:fa:2e:
         13:e6:b6:dc:7c:2e:7a:7e:c9:da:ca:60:b3:70:02:25:69:f9:
         7b:a1:95:9e:69:55:3c:89:53:a2:8b:2e:ad:a2:e1:10:ce:6e:
         1f:39:8a:28:88:b6:d9:42:dc:51:72:4c:77:5b:5a:8e:89:6c:
         ab:6f:05:f5:8e:28:5d:16:24:65:8d:b1:04:39:9d:da:16:6f:
         89:5f:aa:e1:d2:2f:9b:a6:9a:e2:4c:bd:b1:61:c0:ea:28:32:
         5f:14:8d:03:af:ea:54:83:e7:ab:2e:c8:d8:99:54:24:05:24:
         6e:ee:b5:bd:df:14:c5:be:c8:70:8c:ff:26:1d:9c:48:17:80:
         4f:d8:a9:20:3f:ea:e1:d7:93:03:ab:45:46:23:e1:50:ea:df:
         06:c0:ee:53:33:4b:5a:aa:2e:24:4f:c8:22:27:10:27:7f:d6:
         84:79:3b:48:ce:7e:fe:9f:e8:9f:50:01:cd:f5:e3:6e:08:a9:
         36:1a:3e:26:2e:d0:71:42:d6:f8:10:08:ca:81:99:54:44:43:
         b1:c1:89:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuT9nGwIp9oqSOcRHVknFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2RlNTI4YzNmNjM2OTMzMzMzNzc4YjQ5MTEwZWQzZDEzZTMxMWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMEVTY89JaB02sQgBvNpTt9oSXyx
ooeuMFTQcUUIkSJft3WOvsAYW0/OzcEMZkHqZNq1dyhF+2/RsNQ/XF6cCovLgC7a
7Uh+LZUtTh2YV7OSD7nAmlsU/MsLzxAlfPHE0MzphWfTOy+maohrHR1HXOH4lr29
7JM+1I33Wx+WFx8h0hgy+TYl7npaNkhlqf5VYRAn9GGyiMuCOTeG0lAGzFPnxW9+
6/0RcqCd1Ktcpbg+aYi7P+liclv3I187Mh7EQAwfF+X1EIDYXcI7FMaRJ3KHs5of
ptTcOEtZlLGBQ0Het3MBErQ+cUeNzOqdg6BgDG5bcfpDuz2kDhZIPrdb/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfeUow/Y2kzMzd4tJEQ7T0T4xHrMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvTjk1U2pEOWphVE16TjNpMGtSRHRQUlBqRWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7gbMA0G
CSqGSIb3DQEBCwUAA4IBAQAjaPO1zF4YOKseHZZXZnI/ZK36S6J0VYmrHeSGf6Q9
Ht34aJLlZ7Pup/oGcQErCPEIQcOz+i4T5rbcfC56fsnaymCzcAIlafl7oZWeaVU8
iVOiiy6touEQzm4fOYooiLbZQtxRckx3W1qOiWyrbwX1jihdFiRljbEEOZ3aFm+J
X6rh0i+bppriTL2xYcDqKDJfFI0Dr+pUg+erLsjYmVQkBSRu7rW93xTFvshwjP8m
HZxIF4BP2KkgP+rh15MDq0VGI+FQ6t8GwO5TM0taqi4kT8giJxAnf9aEeTtIzn7+
n+ifUAHN9eNuCKk2Gj4mLtBxQtb4EAjKgZlUREOxwYko
-----END CERTIFICATE-----