Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/g8zmfO2HPSEN8YUDrAkY2r7Nlqw.roa
File:                     g8zmfO2HPSEN8YUDrAkY2r7Nlqw.roa (raw, json)
Hash identifier:          uAg57JMTD8oD+ghOOtfACvdQoLeAHc5YjQ/CuCFoViY=
Subject key identifier:   83:CC:E6:7C:ED:87:3D:21:0D:F1:85:03:AC:09:18:DA:BE:CD:96:AC
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       01942369BE829D7D2FA84762969F6B77B987
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/g8zmfO2HPSEN8YUDrAkY2r7Nlqw.roa
Signing time:             Wed 01 Jan 2025 19:48:40 +0000
ROA not before:           Wed 01 Jan 2025 19:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137409
IP address blocks:        81.199.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 06:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:be:82:9d:7d:2f:a8:47:62:96:9f:6b:77:b9:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Jan  1 19:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83cce67ced873d210df18503ac0918dabecd96ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:58:62:5d:29:73:55:2b:a4:36:32:c9:eb:7a:
                    4f:b5:00:0c:46:98:93:3b:66:42:83:df:06:72:d6:
                    87:d9:ca:e1:f6:90:84:ed:bb:d5:ad:55:36:f9:b1:
                    df:37:05:72:4e:01:4d:aa:a7:f3:f4:0f:39:2b:46:
                    8a:67:50:95:b4:40:ec:ee:d7:64:34:cb:e3:3e:8d:
                    fa:73:38:8b:ef:92:7d:6f:5c:d3:3d:a8:cb:d4:fd:
                    19:2a:29:75:8f:3b:76:9f:8e:5d:f0:d1:f0:4e:21:
                    63:e5:1e:f2:51:c5:a1:8d:f5:d9:32:63:8c:d2:a1:
                    e7:14:b5:81:be:f2:40:3b:98:73:da:f9:86:e3:30:
                    d6:55:2a:92:ee:e1:cf:a5:b9:fb:f0:51:ea:f5:70:
                    6f:9a:2e:cf:df:9b:49:15:3e:7e:20:f4:66:d5:bf:
                    5e:b2:6d:45:3e:5a:df:e3:64:74:7b:d4:1a:e0:24:
                    3b:a9:03:93:8a:2e:2f:38:7f:18:cb:44:10:6f:85:
                    e1:b0:b8:24:81:24:ed:99:50:bb:87:2b:f2:fd:6b:
                    cd:c0:5b:f2:a8:16:77:b5:30:67:fd:ce:96:f4:62:
                    12:13:8a:76:25:26:10:b6:09:8e:07:43:8b:c0:96:
                    53:d4:93:1d:e2:2a:77:c7:44:5f:45:c5:be:34:30:
                    a4:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:CC:E6:7C:ED:87:3D:21:0D:F1:85:03:AC:09:18:DA:BE:CD:96:AC
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/g8zmfO2HPSEN8YUDrAkY2r7Nlqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:71:85:45:ff:97:d2:41:8d:85:2f:54:44:01:76:61:e4:20:
         e5:35:07:3a:6c:5d:a3:cd:76:6c:17:42:35:03:2f:e8:11:67:
         2d:42:7f:5c:d8:97:af:1a:56:ff:0e:8d:ff:8b:7b:22:4e:c2:
         8f:6d:9e:31:98:0c:50:82:85:c1:3e:99:ac:45:fa:e9:a3:cc:
         5e:ab:20:6f:14:6a:01:cf:be:00:ca:36:ec:d7:ab:5b:5a:23:
         a5:10:0d:e5:f9:0d:d3:24:9b:9e:c4:45:d4:0f:1c:ed:8b:4d:
         b4:53:a4:31:46:10:d1:e4:ad:c5:6a:fa:c9:98:14:44:f6:d1:
         7c:b6:c4:90:38:ca:bc:31:bb:55:ec:ff:60:6b:42:da:52:ac:
         6b:c2:3c:30:00:64:00:ff:d4:0e:15:55:d2:ff:74:41:c3:fd:
         86:3d:a6:0f:70:4d:45:59:7e:c5:d8:5b:30:6e:06:00:87:ef:
         b7:5b:b8:ac:e1:56:ec:78:c8:02:48:64:ed:69:f8:1f:2b:47:
         8b:34:17:da:e1:d7:9b:d4:5d:43:e4:73:23:1d:c6:58:36:62:
         f8:92:69:89:f1:f5:bd:82:7e:85:15:26:d8:bd:eb:27:9d:b5:
         16:55:ac:5e:12:82:20:8c:af:3d:15:27:3a:af:12:a1:54:6b:
         0e:02:86:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjab6CnX0vqEdilp9rd7mHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjUwMTAxMTk0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2NjZTY3Y2VkODczZDIxMGRmMTg1MDNhYzA5MThkYWJlY2Q5NmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlhiXSlzVSukNjLJ63pPtQAMRpiT
O2ZCg98GctaH2crh9pCE7bvVrVU2+bHfNwVyTgFNqqfz9A85K0aKZ1CVtEDs7tdk
NMvjPo36cziL75J9b1zTPajL1P0ZKil1jzt2n45d8NHwTiFj5R7yUcWhjfXZMmOM
0qHnFLWBvvJAO5hz2vmG4zDWVSqS7uHPpbn78FHq9XBvmi7P35tJFT5+IPRm1b9e
sm1FPlrf42R0e9Qa4CQ7qQOTii4vOH8Yy0QQb4XhsLgkgSTtmVC7hyvy/WvNwFvy
qBZ3tTBn/c6W9GISE4p2JSYQtgmOB0OLwJZT1JMd4ip3x0RfRcW+NDCkWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPM5nzthz0hDfGFA6wJGNq+zZasMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvZzh6bWZPMkhQU0VOOFlVRHJBa1kycjdObHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUccbMA0G
CSqGSIb3DQEBCwUAA4IBAQCEcYVF/5fSQY2FL1REAXZh5CDlNQc6bF2jzXZsF0I1
Ay/oEWctQn9c2JevGlb/Do3/i3siTsKPbZ4xmAxQgoXBPpmsRfrpo8xeqyBvFGoB
z74Ayjbs16tbWiOlEA3l+Q3TJJuexEXUDxzti020U6QxRhDR5K3FavrJmBRE9tF8
tsSQOMq8MbtV7P9ga0LaUqxrwjwwAGQA/9QOFVXS/3RBw/2GPaYPcE1FWX7F2Fsw
bgYAh++3W7is4VbseMgCSGTtafgfK0eLNBfa4deb1F1D5HMjHcZYNmL4kmmJ8fW9
gn6FFSbYvesnnbUWVaxeEoIgjK89FSc6rxKhVGsOAoZi
-----END CERTIFICATE-----