Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/8aba71-3ba8-4b8d-8eb6-346a3ec1868c/1/09sSIkFNu55oeuqEn9VtrtTQTZw.roa
File:                     09sSIkFNu55oeuqEn9VtrtTQTZw.roa (raw, json)
Hash identifier:          LJ2m5Aba/ndu1eOjsJTyhEdgDO28HRyJubvMhQTKPSo=
Subject key identifier:   D3:DB:12:22:41:4D:BB:9E:68:7A:EA:84:9F:D5:6D:AE:D4:D0:4D:9C
Certificate issuer:       /CN=27e0f7bbbe4031a24ef1b9db196aab0642e84a06
Certificate serial:       018CC2DB3CD50D770429AA2EF8D3632D4D7F
Authority key identifier: 27:E0:F7:BB:BE:40:31:A2:4E:F1:B9:DB:19:6A:AB:06:42:E8:4A:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J-D3u75AMaJO8bnbGWqrBkLoSgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/8aba71-3ba8-4b8d-8eb6-346a3ec1868c/1/09sSIkFNu55oeuqEn9VtrtTQTZw.roa
Signing time:             Mon 01 Jan 2024 02:29:57 +0000
ROA not before:           Mon 01 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211174
IP address blocks:        146.185.94.0/24 maxlen: 24
                          2a04:f340:1000::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/8aba71-3ba8-4b8d-8eb6-346a3ec1868c/1/J-D3u75AMaJO8bnbGWqrBkLoSgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/8aba71-3ba8-4b8d-8eb6-346a3ec1868c/1/J-D3u75AMaJO8bnbGWqrBkLoSgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J-D3u75AMaJO8bnbGWqrBkLoSgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3c:d5:0d:77:04:29:aa:2e:f8:d3:63:2d:4d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27e0f7bbbe4031a24ef1b9db196aab0642e84a06
        Validity
            Not Before: Jan  1 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3db1222414dbb9e687aea849fd56daed4d04d9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b5:dd:db:46:2e:5a:4e:a1:02:2f:2d:e4:0d:
                    3c:15:1f:8f:3c:3e:0f:69:59:96:67:b7:e6:20:f1:
                    98:85:4d:e8:af:6e:24:9e:00:1c:51:af:aa:9f:b7:
                    78:d6:e3:7b:90:71:6e:fa:06:d2:0d:80:56:4c:19:
                    cb:f3:2f:d3:16:47:35:9c:59:57:4f:04:36:52:e3:
                    1d:50:f3:2b:24:ee:4d:62:64:6e:6a:c6:1c:77:9d:
                    d1:68:ce:f1:f1:b2:14:4f:da:2b:7f:62:7f:9f:01:
                    86:86:16:6b:81:e5:58:dc:a2:06:25:fb:c5:f7:97:
                    e9:72:7b:72:41:17:f2:16:36:77:b9:5f:1b:46:a6:
                    a9:7d:62:89:c3:87:de:38:ff:5b:41:c8:29:f3:97:
                    69:c7:d2:70:30:92:48:8b:ff:a5:47:8e:38:65:b7:
                    5f:a5:7d:29:b3:a5:4e:d8:31:85:0d:c5:d3:78:e3:
                    06:a2:ac:22:cd:20:1a:91:c6:de:0f:65:c3:ac:3d:
                    c1:3f:35:87:30:c2:98:a5:16:90:99:23:15:74:77:
                    08:5c:1b:94:a6:d1:a2:78:ac:e0:26:46:ad:ba:b1:
                    d2:c5:f9:75:1b:47:e0:03:90:ec:92:2e:5c:6c:7b:
                    e5:e8:ce:73:7a:dd:f5:81:bb:ae:db:db:9c:83:60:
                    30:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:DB:12:22:41:4D:BB:9E:68:7A:EA:84:9F:D5:6D:AE:D4:D0:4D:9C
            X509v3 Authority Key Identifier:
                keyid:27:E0:F7:BB:BE:40:31:A2:4E:F1:B9:DB:19:6A:AB:06:42:E8:4A:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J-D3u75AMaJO8bnbGWqrBkLoSgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8aba71-3ba8-4b8d-8eb6-346a3ec1868c/1/09sSIkFNu55oeuqEn9VtrtTQTZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8aba71-3ba8-4b8d-8eb6-346a3ec1868c/1/J-D3u75AMaJO8bnbGWqrBkLoSgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.185.94.0/24
                IPv6:
                  2a04:f340:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9c:d0:18:4d:d6:28:c2:57:96:31:a6:ca:93:15:3a:3b:05:5f:
         44:d8:62:fc:3b:39:e8:e0:60:38:88:7c:fd:37:32:39:65:1f:
         e2:9a:5b:60:fe:17:24:72:b5:ea:c8:22:28:41:c2:b8:8f:3b:
         4d:99:64:7d:e7:74:0f:43:01:f3:6d:25:87:b9:12:d9:2d:e6:
         66:58:80:fc:21:96:21:8e:45:f6:f1:10:05:47:aa:60:b8:0e:
         73:fd:e9:3b:bb:f9:fb:91:a1:96:cc:cf:5c:18:88:18:20:49:
         15:2d:8d:ed:7b:ca:51:b4:4d:b2:6b:61:52:3f:d5:38:ec:d2:
         47:1d:6f:ee:aa:b7:3f:cd:d5:55:9b:bb:ad:b4:c7:3c:92:4f:
         d2:fd:7d:c6:e3:75:e4:6a:52:2a:07:42:37:c0:69:64:18:08:
         8b:d3:e4:28:07:a3:4f:87:77:06:86:16:50:e2:07:ed:a4:e6:
         e4:11:ed:5f:88:14:71:4b:e7:da:f4:21:49:6e:87:a5:7f:e2:
         03:0b:49:67:25:42:7f:60:af:47:38:60:b4:d3:a5:74:2b:00:
         99:37:d3:8b:c3:1f:8c:bb:d0:6d:1c:d6:38:d7:4c:63:c4:89:
         ce:eb:44:41:75:1c:a5:8b:c9:93:37:c2:8c:df:a4:ed:83:b4:
         b3:df:26:18
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzC2zzVDXcEKaou+NNjLU1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZTBmN2JiYmU0MDMxYTI0ZWYxYjlkYjE5NmFhYjA2NDJl
ODRhMDYwHhcNMjQwMTAxMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2RiMTIyMjQxNGRiYjllNjg3YWVhODQ5ZmQ1NmRhZWQ0ZDA0ZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7Xd20YuWk6hAi8t5A08FR+PPD4P
aVmWZ7fmIPGYhU3or24kngAcUa+qn7d41uN7kHFu+gbSDYBWTBnL8y/TFkc1nFlX
TwQ2UuMdUPMrJO5NYmRuasYcd53RaM7x8bIUT9orf2J/nwGGhhZrgeVY3KIGJfvF
95fpcntyQRfyFjZ3uV8bRqapfWKJw4feOP9bQcgp85dpx9JwMJJIi/+lR444Zbdf
pX0ps6VO2DGFDcXTeOMGoqwizSAakcbeD2XDrD3BPzWHMMKYpRaQmSMVdHcIXBuU
ptGieKzgJkaturHSxfl1G0fgA5Dski5cbHvl6M5zet31gbuu29ucg2AwcQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFNPbEiJBTbueaHrqhJ/Vba7U0E2cMB8GA1UdIwQY
MBaAFCfg97u+QDGiTvG52xlqqwZC6EoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSi1EM3U3NUFNYUpPOGJuYkdXcXJCa0xvU2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84YWJhNzEtM2JhOC00YjhkLThlYjYt
MzQ2YTNlYzE4NjhjLzEvMDlzU0lrRk51NTVvZXVxRW45VnRydFRRVFp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84YWJhNzEtM2JhOC00YjhkLThlYjYtMzQ2YTNlYzE4Njhj
LzEvSi1EM3U3NUFNYUpPOGJuYkdXcXJCa0xvU2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAkrleMA4E
AgACMAgDBgAqBPNAEDANBgkqhkiG9w0BAQsFAAOCAQEAnNAYTdYowleWMabKkxU6
OwVfRNhi/Ds56OBgOIh8/TcyOWUf4ppbYP4XJHK16sgiKEHCuI87TZlkfed0D0MB
820lh7kS2S3mZliA/CGWIY5F9vEQBUeqYLgOc/3pO7v5+5GhlszPXBiIGCBJFS2N
7XvKUbRNsmthUj/VOOzSRx1v7qq3P83VVZu7rbTHPJJP0v19xuN15GpSKgdCN8Bp
ZBgIi9PkKAejT4d3BoYWUOIH7aTm5BHtX4gUcUvn2vQhSW6HpX/iAwtJZyVCf2Cv
RzhgtNOldCsAmTfTi8MfjLvQbRzWONdMY8SJzutEQXUcpYvJkzfCjN+k7YO0s98m
GA==
-----END CERTIFICATE-----