Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/2d4818-f182-4b46-9e8c-0827961c05e0/1/XCytqrQFaAponbzX9lOWgKKPGAU.roa
File:                     XCytqrQFaAponbzX9lOWgKKPGAU.roa (raw, json)
Hash identifier:          JB09NR7Yh9/oDtfDC2ak9Majt9j9zW2ZMpeqU4QBRJQ=
Subject key identifier:   5C:2C:AD:AA:B4:05:68:0A:68:9D:BC:D7:F6:53:96:80:A2:8F:18:05
Certificate issuer:       /CN=aca6f0683cc74badd23a8140c385f1c81ce24df7
Certificate serial:       018CC7275FFAF443E1F92EF5E77FBF61837D
Authority key identifier: AC:A6:F0:68:3C:C7:4B:AD:D2:3A:81:40:C3:85:F1:C8:1C:E2:4D:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKbwaDzHS63SOoFAw4XxyBziTfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/2d4818-f182-4b46-9e8c-0827961c05e0/1/XCytqrQFaAponbzX9lOWgKKPGAU.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210797
IP address blocks:        178.22.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/2d4818-f182-4b46-9e8c-0827961c05e0/1/rKbwaDzHS63SOoFAw4XxyBziTfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/2d4818-f182-4b46-9e8c-0827961c05e0/1/rKbwaDzHS63SOoFAw4XxyBziTfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKbwaDzHS63SOoFAw4XxyBziTfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5f:fa:f4:43:e1:f9:2e:f5:e7:7f:bf:61:83:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca6f0683cc74badd23a8140c385f1c81ce24df7
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c2cadaab405680a689dbcd7f6539680a28f1805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:19:57:ec:99:c1:3a:bb:ad:dd:45:69:76:62:
                    ee:26:0f:31:cb:08:fe:41:44:43:57:31:a7:e0:15:
                    db:5f:d4:27:ec:25:ed:9f:a7:94:d3:54:e7:b5:8e:
                    d7:cc:42:01:74:15:fb:c1:0f:ce:35:ae:00:40:c7:
                    e7:37:e2:02:3d:c0:51:ef:07:fa:96:9e:b2:be:1f:
                    8d:cd:01:b6:7f:da:83:2a:47:56:9e:35:f1:2d:61:
                    6a:10:b2:4c:28:37:58:0f:f6:d0:05:61:5b:a7:a5:
                    ca:0f:f8:e3:a4:05:ad:d2:93:c8:8d:d7:05:d5:aa:
                    ec:86:81:3d:6a:17:b9:1f:d2:19:55:66:a9:16:59:
                    c8:33:b0:1d:19:38:e7:bc:1a:e4:72:d2:6c:82:64:
                    86:b7:b7:ce:78:76:7e:ee:f0:c3:a9:1d:5a:f4:45:
                    72:af:47:3a:7e:8e:ef:9d:a3:28:d7:c7:bb:da:8b:
                    da:66:0e:de:0a:36:4d:fe:52:7c:e6:65:5c:f7:b7:
                    97:68:cf:38:ea:51:f5:6d:e3:9c:e6:2c:a2:a8:29:
                    84:fc:fe:f9:f6:8b:0a:26:5e:cb:e0:07:b8:18:30:
                    2c:19:1b:1b:8e:f6:07:01:90:c7:ef:ea:55:be:b6:
                    02:f1:bf:01:51:b4:a5:5c:38:31:2b:b3:0f:b5:79:
                    c1:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:2C:AD:AA:B4:05:68:0A:68:9D:BC:D7:F6:53:96:80:A2:8F:18:05
            X509v3 Authority Key Identifier:
                keyid:AC:A6:F0:68:3C:C7:4B:AD:D2:3A:81:40:C3:85:F1:C8:1C:E2:4D:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKbwaDzHS63SOoFAw4XxyBziTfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/2d4818-f182-4b46-9e8c-0827961c05e0/1/XCytqrQFaAponbzX9lOWgKKPGAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/2d4818-f182-4b46-9e8c-0827961c05e0/1/rKbwaDzHS63SOoFAw4XxyBziTfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.22.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:1c:a8:5e:bd:9e:25:87:72:45:fa:13:14:96:35:a5:4a:08:
         99:05:04:df:f6:0b:7b:00:7a:93:3d:a4:e9:54:37:de:8b:7a:
         1c:c2:6a:0c:c8:cf:2d:83:f4:00:0f:53:43:c1:82:3b:1d:79:
         f0:25:ae:01:da:05:b0:bb:a8:16:69:64:de:9b:a6:fc:dc:a3:
         7f:ba:37:25:c4:30:ac:ed:72:85:7a:e3:7c:37:6c:91:46:50:
         e6:18:98:0f:e6:c2:f2:5c:ab:ea:85:92:01:38:bd:80:b7:f1:
         09:a4:8a:62:10:3f:5a:b0:84:d5:ab:29:01:ac:95:0f:b5:02:
         24:6c:5e:b0:c2:23:29:79:b1:1a:85:2c:a3:a8:ff:23:d6:e8:
         81:5c:d1:59:4e:1e:70:df:76:ca:ed:73:45:da:d7:0f:b5:6a:
         98:c7:05:77:50:15:d3:cc:fa:8d:3d:a2:fe:9e:f4:fe:96:e4:
         e1:95:61:86:0d:a5:22:9e:b7:80:a7:35:df:1b:82:56:82:c7:
         be:14:94:f5:9e:50:d5:bb:52:7a:92:fa:70:a6:87:47:5e:9f:
         fd:09:f7:7e:23:c3:d2:ab:ea:d7:b5:90:3c:a4:f6:2b:33:b0:
         e2:c0:3b:8f:00:f0:6e:46:68:5f:e0:fb:39:c3:0b:56:f2:88:
         25:0c:3e:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1/69EPh+S7153+/YYN9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTZmMDY4M2NjNzRiYWRkMjNhODE0MGMzODVmMWM4MWNl
MjRkZjcwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzJjYWRhYWI0MDU2ODBhNjg5ZGJjZDdmNjUzOTY4MGEyOGYxODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphlX7JnBOrut3UVpdmLuJg8xywj+
QURDVzGn4BXbX9Qn7CXtn6eU01TntY7XzEIBdBX7wQ/ONa4AQMfnN+ICPcBR7wf6
lp6yvh+NzQG2f9qDKkdWnjXxLWFqELJMKDdYD/bQBWFbp6XKD/jjpAWt0pPIjdcF
1arshoE9ahe5H9IZVWapFlnIM7AdGTjnvBrkctJsgmSGt7fOeHZ+7vDDqR1a9EVy
r0c6fo7vnaMo18e72ovaZg7eCjZN/lJ85mVc97eXaM846lH1beOc5iyiqCmE/P75
9osKJl7L4Ae4GDAsGRsbjvYHAZDH7+pVvrYC8b8BUbSlXDgxK7MPtXnB2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwsraq0BWgKaJ281/ZTloCijxgFMB8GA1UdIwQY
MBaAFKym8Gg8x0ut0jqBQMOF8cgc4k33MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktid2FEekhTNjNTT29GQXc0WHh5QnppVGZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8yZDQ4MTgtZjE4Mi00YjQ2LTllOGMt
MDgyNzk2MWMwNWUwLzEvWEN5dHFyUUZhQXBvbmJ6WDlsT1dnS0tQR0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8yZDQ4MTgtZjE4Mi00YjQ2LTllOGMtMDgyNzk2MWMwNWUw
LzEvcktid2FEekhTNjNTT29GQXc0WHh5QnppVGZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshYbMA0G
CSqGSIb3DQEBCwUAA4IBAQBQHKhevZ4lh3JF+hMUljWlSgiZBQTf9gt7AHqTPaTp
VDfei3ocwmoMyM8tg/QAD1NDwYI7HXnwJa4B2gWwu6gWaWTem6b83KN/ujclxDCs
7XKFeuN8N2yRRlDmGJgP5sLyXKvqhZIBOL2At/EJpIpiED9asITVqykBrJUPtQIk
bF6wwiMpebEahSyjqP8j1uiBXNFZTh5w33bK7XNF2tcPtWqYxwV3UBXTzPqNPaL+
nvT+luThlWGGDaUinreApzXfG4JWgse+FJT1nlDVu1J6kvpwpodHXp/9Cfd+I8PS
q+rXtZA8pPYrM7DiwDuPAPBuRmhf4Ps5wwtW8oglDD72
-----END CERTIFICATE-----