Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/d2bc90-2950-4322-a92e-c63fcd03a89b/1/V0qYH3OSBEbxLcglM_XHe_wdVdk.roa
File:                     V0qYH3OSBEbxLcglM_XHe_wdVdk.roa (raw, json)
Hash identifier:          WHePQxaoztKTfHd/X5kfcoFVOTjkv1Dj7MvP6Pr1Rtc=
Subject key identifier:   57:4A:98:1F:73:92:04:46:F1:2D:C8:25:33:F5:C7:7B:FC:1D:55:D9
Certificate issuer:       /CN=27cdcf2bd09a20d2badd3ab6c8c7edfa1fd5c2cc
Certificate serial:       01925136CDE6A00CED764001A5D77A5B18BD
Authority key identifier: 27:CD:CF:2B:D0:9A:20:D2:BA:DD:3A:B6:C8:C7:ED:FA:1F:D5:C2:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J83PK9CaINK63Tq2yMft-h_Vwsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/d2bc90-2950-4322-a92e-c63fcd03a89b/1/V0qYH3OSBEbxLcglM_XHe_wdVdk.roa
Signing time:             Thu 03 Oct 2024 07:09:59 +0000
ROA not before:           Thu 03 Oct 2024 07:09:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3292
IP address blocks:        91.199.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/d2bc90-2950-4322-a92e-c63fcd03a89b/1/J83PK9CaINK63Tq2yMft-h_Vwsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/d2bc90-2950-4322-a92e-c63fcd03a89b/1/J83PK9CaINK63Tq2yMft-h_Vwsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J83PK9CaINK63Tq2yMft-h_Vwsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:36:cd:e6:a0:0c:ed:76:40:01:a5:d7:7a:5b:18:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27cdcf2bd09a20d2badd3ab6c8c7edfa1fd5c2cc
        Validity
            Not Before: Oct  3 07:09:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=574a981f73920446f12dc82533f5c77bfc1d55d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:cd:d6:bd:01:de:5a:2a:de:30:e3:10:19:76:
                    c4:ef:e5:1e:3e:4d:2c:5a:5c:51:09:c2:3f:f3:b0:
                    74:52:1b:d6:45:06:2f:15:c3:56:b2:c9:6e:d7:97:
                    4e:07:a2:48:aa:db:26:3c:2e:b6:65:59:f2:69:e8:
                    e4:f2:a5:53:75:fc:e2:db:11:c1:57:44:74:20:bc:
                    bd:99:9b:a8:5d:25:b4:54:3d:7b:46:17:1f:53:5f:
                    77:ca:bf:51:2c:19:18:95:cb:e8:fe:e5:ec:39:ec:
                    57:1e:cf:eb:5b:9b:c4:4c:73:44:26:d3:04:b2:bc:
                    80:03:6c:df:72:6b:2a:4a:eb:c4:e4:77:40:b5:53:
                    1f:1d:a2:12:e8:55:87:c5:5f:ae:55:f0:5a:0b:f6:
                    0a:ad:05:eb:ca:c3:cf:9e:79:50:3a:81:9a:c3:51:
                    ef:fd:2f:ed:25:05:5b:37:4a:16:cf:ce:c1:9e:63:
                    f2:e0:c5:4a:ab:a0:ec:1d:9d:94:bb:17:97:ba:0c:
                    c6:31:fe:e3:3d:38:9e:10:7f:b2:9d:1d:2e:59:69:
                    f9:18:d0:bb:57:fc:2f:80:ae:99:55:2e:79:59:e6:
                    69:e1:94:5e:25:13:17:cb:cd:05:53:a2:48:da:74:
                    84:23:bb:82:bf:30:b1:bb:d6:1f:69:81:68:25:7b:
                    81:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:4A:98:1F:73:92:04:46:F1:2D:C8:25:33:F5:C7:7B:FC:1D:55:D9
            X509v3 Authority Key Identifier:
                keyid:27:CD:CF:2B:D0:9A:20:D2:BA:DD:3A:B6:C8:C7:ED:FA:1F:D5:C2:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J83PK9CaINK63Tq2yMft-h_Vwsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/d2bc90-2950-4322-a92e-c63fcd03a89b/1/V0qYH3OSBEbxLcglM_XHe_wdVdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/d2bc90-2950-4322-a92e-c63fcd03a89b/1/J83PK9CaINK63Tq2yMft-h_Vwsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:95:b7:54:66:32:c7:02:87:cf:ba:95:fe:c6:bb:47:40:33:
         52:d4:0d:ba:5d:de:9b:f3:0d:0e:95:09:57:09:2f:a6:8f:ca:
         07:74:80:97:5f:06:6b:20:54:b7:60:59:2f:1a:da:3c:81:10:
         8d:8f:51:ba:18:a8:15:d8:41:ea:dc:da:29:28:c0:a5:98:b9:
         ed:c0:5d:92:33:18:2f:93:80:09:ba:ee:fb:88:3b:54:97:6e:
         49:89:71:bb:02:97:f4:c2:61:49:b8:66:66:24:a9:ec:a2:ea:
         06:b3:05:ab:74:36:9b:24:67:1b:a7:75:b0:82:5f:16:51:68:
         bf:99:ce:76:99:59:c9:2d:a6:a7:87:6f:28:ea:d0:58:cd:97:
         02:9b:65:c6:47:b9:e6:5e:44:4a:f9:ad:e1:00:ef:ea:28:18:
         4f:53:6b:c8:3f:83:6a:5f:29:9d:43:1d:78:46:8d:4a:cf:e0:
         f8:f0:aa:7e:f4:68:c9:63:d8:e0:45:2f:13:0e:eb:dc:6b:d9:
         9b:6c:7b:28:e1:a5:ee:25:57:3c:f3:ad:fb:fa:3b:b8:18:79:
         b5:39:68:1b:b2:ae:25:cd:1d:2e:74:b5:22:0f:f3:c9:9b:c3:
         48:47:dc:49:a3:db:0a:d8:3a:88:a6:3b:99:9f:74:11:67:7b:
         3a:de:d8:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRNs3moAztdkABpdd6Wxi9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3Y2RjZjJiZDA5YTIwZDJiYWRkM2FiNmM4YzdlZGZhMWZk
NWMyY2MwHhcNMjQxMDAzMDcwOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzRhOTgxZjczOTIwNDQ2ZjEyZGM4MjUzM2Y1Yzc3YmZjMWQ1NWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3s3WvQHeWireMOMQGXbE7+UePk0s
WlxRCcI/87B0UhvWRQYvFcNWsslu15dOB6JIqtsmPC62ZVnyaejk8qVTdfzi2xHB
V0R0ILy9mZuoXSW0VD17RhcfU193yr9RLBkYlcvo/uXsOexXHs/rW5vETHNEJtME
sryAA2zfcmsqSuvE5HdAtVMfHaIS6FWHxV+uVfBaC/YKrQXrysPPnnlQOoGaw1Hv
/S/tJQVbN0oWz87BnmPy4MVKq6DsHZ2UuxeXugzGMf7jPTieEH+ynR0uWWn5GNC7
V/wvgK6ZVS55WeZp4ZReJRMXy80FU6JI2nSEI7uCvzCxu9YfaYFoJXuBlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdKmB9zkgRG8S3IJTP1x3v8HVXZMB8GA1UdIwQY
MBaAFCfNzyvQmiDSut06tsjH7fof1cLMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjgzUEs5Q2FJTks2M1RxMnlNZnQtaF9Wd3N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kMmJjOTAtMjk1MC00MzIyLWE5MmUt
YzYzZmNkMDNhODliLzEvVjBxWUgzT1NCRWJ4TGNnbE1fWEhlX3dkVmRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kMmJjOTAtMjk1MC00MzIyLWE5MmUtYzYzZmNkMDNhODli
LzEvSjgzUEs5Q2FJTks2M1RxMnlNZnQtaF9Wd3N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8fZMA0G
CSqGSIb3DQEBCwUAA4IBAQBKlbdUZjLHAofPupX+xrtHQDNS1A26Xd6b8w0OlQlX
CS+mj8oHdICXXwZrIFS3YFkvGto8gRCNj1G6GKgV2EHq3NopKMClmLntwF2SMxgv
k4AJuu77iDtUl25JiXG7Apf0wmFJuGZmJKnsouoGswWrdDabJGcbp3Wwgl8WUWi/
mc52mVnJLaanh28o6tBYzZcCm2XGR7nmXkRK+a3hAO/qKBhPU2vIP4NqXymdQx14
Ro1Kz+D48Kp+9GjJY9jgRS8TDuvca9mbbHso4aXuJVc88637+ju4GHm1OWgbsq4l
zR0udLUiD/PJm8NIR9xJo9sK2DqIpjuZn3QRZ3s63thc
-----END CERTIFICATE-----