Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/ogNupXuJAlzd5zBtka0VFXOd9xE.roa
File:                     ogNupXuJAlzd5zBtka0VFXOd9xE.roa (raw, json)
Hash identifier:          4dymA2EDdNu7JgMNsdOoDGffC3vU+hKqdxb3KU4HwNs=
Subject key identifier:   A2:03:6E:A5:7B:89:02:5C:DD:E7:30:6D:91:AD:15:15:73:9D:F7:11
Certificate issuer:       /CN=27c5f36413e7af472813fe3a714e2ecdaa21f2e8
Certificate serial:       018CC6B87D54923082646972B9CAB5FCD274
Authority key identifier: 27:C5:F3:64:13:E7:AF:47:28:13:FE:3A:71:4E:2E:CD:AA:21:F2:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8XzZBPnr0coE_46cU4uzaoh8ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/ogNupXuJAlzd5zBtka0VFXOd9xE.roa
Signing time:             Mon 01 Jan 2024 20:30:28 +0000
ROA not before:           Mon 01 Jan 2024 20:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60497
IP address blocks:        185.30.172.0/24 maxlen: 24
                          185.30.175.0/24 maxlen: 24
                          185.30.173.0/24 maxlen: 24
                          185.30.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/J8XzZBPnr0coE_46cU4uzaoh8ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/J8XzZBPnr0coE_46cU4uzaoh8ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8XzZBPnr0coE_46cU4uzaoh8ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:7d:54:92:30:82:64:69:72:b9:ca:b5:fc:d2:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c5f36413e7af472813fe3a714e2ecdaa21f2e8
        Validity
            Not Before: Jan  1 20:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2036ea57b89025cdde7306d91ad1515739df711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c2:3f:97:89:0e:82:66:34:36:14:b5:7b:ae:
                    a4:49:d4:29:b1:38:75:c0:10:87:c4:0a:71:74:2c:
                    c8:bf:7d:ba:c2:46:c3:30:05:b2:57:82:c6:72:85:
                    44:b9:b9:b7:b0:98:86:f0:20:e2:1b:47:e8:aa:7f:
                    a1:ca:7e:3c:49:bc:df:ef:99:a5:01:a9:ae:5e:ca:
                    40:45:7a:c4:65:09:23:22:9b:cf:e2:38:cd:51:3e:
                    6a:d3:ed:65:9c:03:e0:99:9a:91:8a:7d:4d:d3:2a:
                    d0:e5:78:a1:d4:d1:72:5a:9d:ee:15:f0:ad:45:f2:
                    ea:ae:55:a3:a1:3c:22:02:e1:ec:0b:8e:96:33:79:
                    4f:cf:a6:19:f3:bc:63:4f:5d:88:cf:69:10:82:bc:
                    b2:59:1f:61:3e:55:52:3d:35:60:db:06:c2:54:4a:
                    74:dc:ba:37:31:5d:b9:23:d1:12:44:8e:bb:3c:58:
                    08:cc:3e:ef:37:11:3d:e6:9b:94:04:ec:16:7f:dd:
                    75:ee:4b:6c:73:bf:13:fb:75:83:61:ff:60:ba:79:
                    40:30:65:96:e4:80:a3:be:a9:94:ab:6f:f3:a9:b6:
                    79:45:5b:6f:58:b6:73:dc:e5:1d:f0:16:8a:9a:46:
                    0e:dc:01:ca:12:46:ce:d1:90:aa:8d:4a:c6:d1:a1:
                    84:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:03:6E:A5:7B:89:02:5C:DD:E7:30:6D:91:AD:15:15:73:9D:F7:11
            X509v3 Authority Key Identifier:
                keyid:27:C5:F3:64:13:E7:AF:47:28:13:FE:3A:71:4E:2E:CD:AA:21:F2:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8XzZBPnr0coE_46cU4uzaoh8ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/ogNupXuJAlzd5zBtka0VFXOd9xE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/188fc9-b9b5-4072-bc93-79132946b699/1/J8XzZBPnr0coE_46cU4uzaoh8ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:48:bd:57:95:54:aa:f6:01:72:24:7c:a5:57:8d:66:d7:ee:
         40:cc:5d:cd:4e:51:05:32:2c:71:41:06:85:2f:a8:b3:95:90:
         3f:2e:9f:f5:a7:c4:56:40:7a:9a:e0:4c:85:36:85:0f:76:82:
         cb:03:b2:2a:01:f9:3c:66:ce:3b:83:1c:20:38:d8:a8:08:bb:
         1a:e8:fa:a3:2c:46:75:0c:3e:7d:29:5c:c8:d5:a6:14:a0:bd:
         ae:99:3a:cb:c0:4e:f0:7c:51:c5:80:74:fa:fb:29:61:9c:13:
         71:b3:9e:9a:4e:8a:1b:46:10:9b:8a:f1:00:e9:9c:09:04:d4:
         85:22:8b:d8:cf:09:70:62:e5:a3:64:69:c8:77:5f:ef:fe:0a:
         27:f1:9e:51:3b:02:fd:a6:b7:ff:79:57:e8:84:42:56:0a:bd:
         79:79:0d:a9:00:70:c5:82:07:6f:61:79:e9:fd:25:38:35:63:
         cc:f7:32:19:ce:82:02:23:66:17:48:06:af:f1:11:23:16:c9:
         ac:26:5a:07:0c:5c:b2:43:d0:b3:3b:a1:30:80:11:87:12:42:
         68:1e:37:44:b5:71:78:6f:b1:85:2e:ed:46:29:dd:19:28:35:
         2e:47:95:33:ce:93:1a:1e:45:b3:9a:a3:37:68:cf:6c:b3:f3:
         f3:80:80:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuH1UkjCCZGlyucq1/NJ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzVmMzY0MTNlN2FmNDcyODEzZmUzYTcxNGUyZWNkYWEy
MWYyZTgwHhcNMjQwMTAxMjAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjAzNmVhNTdiODkwMjVjZGRlNzMwNmQ5MWFkMTUxNTczOWRmNzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsI/l4kOgmY0NhS1e66kSdQpsTh1
wBCHxApxdCzIv326wkbDMAWyV4LGcoVEubm3sJiG8CDiG0foqn+hyn48Sbzf75ml
AamuXspARXrEZQkjIpvP4jjNUT5q0+1lnAPgmZqRin1N0yrQ5Xih1NFyWp3uFfCt
RfLqrlWjoTwiAuHsC46WM3lPz6YZ87xjT12Iz2kQgryyWR9hPlVSPTVg2wbCVEp0
3Lo3MV25I9ESRI67PFgIzD7vNxE95puUBOwWf9117ktsc78T+3WDYf9gunlAMGWW
5ICjvqmUq2/zqbZ5RVtvWLZz3OUd8BaKmkYO3AHKEkbO0ZCqjUrG0aGEPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIDbqV7iQJc3ecwbZGtFRVznfcRMB8GA1UdIwQY
MBaAFCfF82QT569HKBP+OnFOLs2qIfLoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhYelpCUG5yMGNvRV80NmNVNHV6YW9oOHVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8xODhmYzktYjliNS00MDcyLWJjOTMt
NzkxMzI5NDZiNjk5LzEvb2dOdXBYdUpBbHpkNXpCdGthMFZGWE9kOXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8xODhmYzktYjliNS00MDcyLWJjOTMtNzkxMzI5NDZiNjk5
LzEvSjhYelpCUG5yMGNvRV80NmNVNHV6YW9oOHVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR6sMA0G
CSqGSIb3DQEBCwUAA4IBAQCNSL1XlVSq9gFyJHylV41m1+5AzF3NTlEFMixxQQaF
L6izlZA/Lp/1p8RWQHqa4EyFNoUPdoLLA7IqAfk8Zs47gxwgONioCLsa6PqjLEZ1
DD59KVzI1aYUoL2umTrLwE7wfFHFgHT6+ylhnBNxs56aToobRhCbivEA6ZwJBNSF
IovYzwlwYuWjZGnId1/v/gon8Z5ROwL9prf/eVfohEJWCr15eQ2pAHDFggdvYXnp
/SU4NWPM9zIZzoICI2YXSAav8REjFsmsJloHDFyyQ9CzO6EwgBGHEkJoHjdEtXF4
b7GFLu1GKd0ZKDUuR5UzzpMaHkWzmqM3aM9ss/PzgIBp
-----END CERTIFICATE-----