Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/27o56I1AjfKywmAjawdPKgYq12Q.roa
File:                     27o56I1AjfKywmAjawdPKgYq12Q.roa (raw, json)
Hash identifier:          i77V7+mY2l6joUJwlb9lmK24i++B4+Z6vfoCTPqaQgA=
Subject key identifier:   DB:BA:39:E8:8D:40:8D:F2:B2:C2:60:23:6B:07:4F:2A:06:2A:D7:64
Certificate issuer:       /CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
Certificate serial:       01924823F4BFB59BC8A6979BCA2A38C9EFFE
Authority key identifier: DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/27o56I1AjfKywmAjawdPKgYq12Q.roa
Signing time:             Tue 01 Oct 2024 12:52:48 +0000
ROA not before:           Tue 01 Oct 2024 12:52:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        178.212.62.0/24 maxlen: 24
                          178.212.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:48:23:f4:bf:b5:9b:c8:a6:97:9b:ca:2a:38:c9:ef:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
        Validity
            Not Before: Oct  1 12:52:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbba39e88d408df2b2c260236b074f2a062ad764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:09:e2:8b:5c:fc:42:74:9e:25:1c:db:e3:5a:
                    53:e6:50:3c:26:c9:70:f7:8a:f2:87:5e:07:76:0c:
                    44:d5:69:f0:ba:70:0f:7d:a1:f6:3d:15:63:3a:e6:
                    d5:78:83:90:f5:07:2a:59:d3:7d:7c:88:d7:8b:2b:
                    46:9d:0d:00:41:94:0e:a7:4c:17:b0:3f:df:01:0d:
                    72:7c:29:85:b6:64:7f:69:98:a0:0a:8e:81:d7:1f:
                    3f:83:dc:61:f4:ae:0c:db:2c:b0:9a:0d:ba:ab:21:
                    c5:b2:16:30:b5:e2:ef:32:b2:de:c0:56:ce:07:3c:
                    09:a4:d6:6a:4b:ba:58:a5:83:e4:8f:e0:07:91:01:
                    30:00:6c:f9:32:40:f1:33:ca:d4:73:9e:35:e1:fd:
                    44:bf:18:f5:4e:b6:59:b8:03:ed:b0:f0:bd:a7:59:
                    27:91:dd:12:bd:0c:e1:7d:10:79:4a:10:9b:59:1a:
                    2d:18:14:80:95:51:68:08:96:a1:f2:93:4a:66:13:
                    e0:6d:41:64:3b:60:60:4c:38:2d:f7:30:bf:bd:d5:
                    ba:c3:ea:34:4a:8d:85:c5:20:09:a1:12:5f:4b:46:
                    df:ad:20:eb:ec:ed:fa:3e:bc:90:bf:1e:cf:78:4a:
                    17:00:c5:23:c6:8e:95:52:da:1d:cc:36:75:2f:04:
                    39:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:BA:39:E8:8D:40:8D:F2:B2:C2:60:23:6B:07:4F:2A:06:2A:D7:64
            X509v3 Authority Key Identifier:
                keyid:DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/27o56I1AjfKywmAjawdPKgYq12Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:79:aa:dd:f2:b8:27:eb:ec:97:79:6e:30:c0:4e:ba:38:8a:
         61:35:15:61:f7:4e:e9:78:d3:33:c2:2e:12:7c:d1:70:76:a4:
         27:0a:59:bc:38:5a:9f:66:ce:5d:0b:7b:5a:95:67:41:5f:52:
         04:11:9e:98:21:69:9e:83:01:16:ec:bb:6a:5c:cf:64:4b:d9:
         a9:73:41:91:c6:66:0d:b1:6d:f1:40:f8:1f:32:b9:11:b9:d8:
         53:9a:52:18:58:90:03:17:e3:4d:44:02:f9:fe:16:1d:3a:ae:
         a8:0f:9a:8e:d7:a4:de:4f:e8:09:6a:55:21:ad:46:58:54:15:
         0c:4c:41:61:bc:05:e3:85:1e:5e:33:6d:ea:6e:5a:e0:9c:9b:
         32:f1:1e:50:2b:45:f2:2e:11:1c:06:b1:a5:da:39:98:06:89:
         80:11:2f:f6:ac:c3:94:35:46:e0:42:20:6b:89:a7:85:3c:8e:
         25:14:0f:ab:8f:ae:92:99:33:44:b7:3e:2e:a9:4a:e3:66:ea:
         5e:7c:69:fe:5f:ad:28:28:6e:f0:60:a4:3f:f2:47:99:bf:b4:
         fe:24:03:6c:df:47:c0:cd:b1:de:96:0a:19:17:fa:55:63:e4:
         f8:6f:94:34:e9:ea:52:78:ff:5b:8c:ea:64:13:a3:a2:2f:f9:
         8b:f1:6a:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJII/S/tZvIppebyio4ye/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYmU2ZTBhZGFlOGJiNDc4MzkzYWFiMTc1YjYzODY0NGM3
NGNjYjcwHhcNMjQxMDAxMTI1MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmJhMzllODhkNDA4ZGYyYjJjMjYwMjM2YjA3NGYyYTA2MmFkNzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQnii1z8QnSeJRzb41pT5lA8Jslw
94ryh14HdgxE1WnwunAPfaH2PRVjOubVeIOQ9QcqWdN9fIjXiytGnQ0AQZQOp0wX
sD/fAQ1yfCmFtmR/aZigCo6B1x8/g9xh9K4M2yywmg26qyHFshYwteLvMrLewFbO
BzwJpNZqS7pYpYPkj+AHkQEwAGz5MkDxM8rUc5414f1Evxj1TrZZuAPtsPC9p1kn
kd0SvQzhfRB5ShCbWRotGBSAlVFoCJah8pNKZhPgbUFkO2BgTDgt9zC/vdW6w+o0
So2FxSAJoRJfS0bfrSDr7O36PryQvx7PeEoXAMUjxo6VUtodzDZ1LwQ58wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNu6OeiNQI3yssJgI2sHTyoGKtdkMB8GA1UdIwQY
MBaAFN2+bgra6LtHg5OqsXW2OGRMdMy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjkt
NmJhYTNiNTQ4ZDIzLzEvMjdvNTZJMUFqZkt5d21BamF3ZFBLZ1lxMTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjktNmJhYTNiNTQ4ZDIz
LzEvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBstQ+MA0G
CSqGSIb3DQEBCwUAA4IBAQBOeard8rgn6+yXeW4wwE66OIphNRVh907peNMzwi4S
fNFwdqQnClm8OFqfZs5dC3talWdBX1IEEZ6YIWmegwEW7LtqXM9kS9mpc0GRxmYN
sW3xQPgfMrkRudhTmlIYWJADF+NNRAL5/hYdOq6oD5qO16TeT+gJalUhrUZYVBUM
TEFhvAXjhR5eM23qblrgnJsy8R5QK0XyLhEcBrGl2jmYBomAES/2rMOUNUbgQiBr
iaeFPI4lFA+rj66SmTNEtz4uqUrjZupefGn+X60oKG7wYKQ/8keZv7T+JANs30fA
zbHelgoZF/pVY+T4b5Q06epSeP9bjOpkE6OiL/mL8Wp1
-----END CERTIFICATE-----