Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/WwrNp1o0gQoA_a78lzDI76zCqg4.roa
File:                     WwrNp1o0gQoA_a78lzDI76zCqg4.roa (raw, json)
Hash identifier:          O+Pz2qHsSnexIiEhDKkRQJ45GChXh5UhUF7LtvnI59U=
Subject key identifier:   5B:0A:CD:A7:5A:34:81:0A:00:FD:AE:FC:97:30:C8:EF:AC:C2:AA:0E
Certificate issuer:       /CN=27fc21856cd8e037a7bb8c6392a6198213a8b4f6
Certificate serial:       018CC56EC07A8CF91E9C3E33F3FF1A711AB5
Authority key identifier: 27:FC:21:85:6C:D8:E0:37:A7:BB:8C:63:92:A6:19:82:13:A8:B4:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_whhWzY4Denu4xjkqYZghOotPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/WwrNp1o0gQoA_a78lzDI76zCqg4.roa
Signing time:             Mon 01 Jan 2024 14:30:18 +0000
ROA not before:           Mon 01 Jan 2024 14:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        194.40.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/J_whhWzY4Denu4xjkqYZghOotPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/J_whhWzY4Denu4xjkqYZghOotPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_whhWzY4Denu4xjkqYZghOotPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c0:7a:8c:f9:1e:9c:3e:33:f3:ff:1a:71:1a:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27fc21856cd8e037a7bb8c6392a6198213a8b4f6
        Validity
            Not Before: Jan  1 14:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b0acda75a34810a00fdaefc9730c8efacc2aa0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b5:fc:31:5a:ce:de:2e:37:12:2d:76:a0:b7:
                    cf:9c:5b:10:c2:2d:7f:7e:1d:b9:db:a4:18:18:cd:
                    4a:e4:7f:5e:71:98:8a:fe:41:21:c0:ff:e0:e6:d3:
                    66:44:d6:30:72:2c:7d:6b:42:27:f3:5f:5a:bd:5f:
                    51:0b:a0:08:35:52:3c:91:8c:5e:8d:d2:a1:6a:8a:
                    3a:42:f9:17:ff:0b:7f:35:c8:75:a0:94:ba:f8:c0:
                    40:e1:2d:fd:06:b7:a5:41:45:2e:4d:58:b1:89:ed:
                    a9:6e:b8:37:0d:56:7e:a0:16:99:be:9e:d4:a6:4a:
                    cb:7d:fb:99:e5:3c:ab:ae:87:0b:9d:6e:6e:58:df:
                    ad:6d:b9:14:a4:5f:d9:12:f6:2c:a7:7a:75:56:b9:
                    b1:6a:c5:75:8d:29:81:e2:57:fb:09:a0:d3:a1:cc:
                    0a:80:b5:c8:fb:29:81:d2:b6:81:c4:8b:c8:4b:57:
                    f3:ee:ad:95:55:69:18:e0:2b:22:3a:fd:25:48:97:
                    69:a1:59:c4:4b:88:d1:73:53:41:fd:42:32:45:3e:
                    fa:51:60:94:90:75:8c:d1:08:88:24:c6:43:80:8d:
                    5d:7d:cb:c6:67:fc:ea:69:c8:6a:a6:86:24:60:cc:
                    01:c5:e6:b7:37:ac:3f:41:a4:a6:a8:ff:31:92:51:
                    b5:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:0A:CD:A7:5A:34:81:0A:00:FD:AE:FC:97:30:C8:EF:AC:C2:AA:0E
            X509v3 Authority Key Identifier:
                keyid:27:FC:21:85:6C:D8:E0:37:A7:BB:8C:63:92:A6:19:82:13:A8:B4:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_whhWzY4Denu4xjkqYZghOotPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/WwrNp1o0gQoA_a78lzDI76zCqg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/c7fa48-2876-422b-8825-e1f367e79620/1/J_whhWzY4Denu4xjkqYZghOotPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.40.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:62:d4:f1:ae:4b:4a:f3:a1:68:b9:67:da:95:c6:14:6b:03:
         a2:64:21:b2:45:62:d1:06:e5:d6:b8:3c:fb:34:dc:dd:a1:f4:
         0f:04:83:57:6b:3f:ef:07:6c:35:e2:f7:65:c8:7e:25:8e:b8:
         e9:49:54:d8:23:a8:07:51:e6:9b:3f:17:23:6f:80:35:15:fe:
         76:00:70:e2:51:7b:d4:06:77:71:77:04:56:6d:ab:ee:48:b5:
         63:81:fd:e2:8c:09:f6:fa:fc:ac:e0:7d:08:0d:63:03:33:9e:
         da:df:d8:88:30:d0:4e:e8:45:18:f4:9f:e8:9f:a9:27:ed:2a:
         99:9b:e6:6d:8a:ba:f5:67:f0:ea:97:d0:39:dd:9c:60:22:30:
         c9:86:cb:03:53:fa:5a:6a:73:e1:8f:6b:96:b6:1e:bf:9d:2f:
         24:ad:78:32:f6:c4:67:19:15:56:90:32:24:75:4f:b6:e6:38:
         72:63:d6:1b:a5:21:e2:cc:e4:5f:4a:64:60:46:b2:7a:e9:dc:
         f0:2c:fa:2f:9f:43:6f:5e:dc:8f:57:d9:b9:c2:07:50:d5:f0:
         07:5e:e4:09:94:af:15:bf:39:e9:7a:d2:9d:b1:63:9e:b2:74:
         ea:83:d6:51:eb:b9:d2:06:1c:7e:4c:0e:e0:f9:e1:e7:99:72:
         52:80:a7:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbsB6jPkenD4z8/8acRq1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZmMyMTg1NmNkOGUwMzdhN2JiOGM2MzkyYTYxOTgyMTNh
OGI0ZjYwHhcNMjQwMTAxMTQzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjBhY2RhNzVhMzQ4MTBhMDBmZGFlZmM5NzMwYzhlZmFjYzJhYTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorX8MVrO3i43Ei12oLfPnFsQwi1/
fh2526QYGM1K5H9ecZiK/kEhwP/g5tNmRNYwcix9a0In819avV9RC6AINVI8kYxe
jdKhaoo6QvkX/wt/Nch1oJS6+MBA4S39BrelQUUuTVixie2pbrg3DVZ+oBaZvp7U
pkrLffuZ5TyrrocLnW5uWN+tbbkUpF/ZEvYsp3p1VrmxasV1jSmB4lf7CaDTocwK
gLXI+ymB0raBxIvIS1fz7q2VVWkY4CsiOv0lSJdpoVnES4jRc1NB/UIyRT76UWCU
kHWM0QiIJMZDgI1dfcvGZ/zqachqpoYkYMwBxea3N6w/QaSmqP8xklG1RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsKzadaNIEKAP2u/JcwyO+swqoOMB8GA1UdIwQY
MBaAFCf8IYVs2OA3p7uMY5KmGYITqLT2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl93aGhXelk0RGVudTR4amtxWVpnaE9vdFBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9jN2ZhNDgtMjg3Ni00MjJiLTg4MjUt
ZTFmMzY3ZTc5NjIwLzEvV3dyTnAxbzBnUW9BX2E3OGx6REk3NnpDcWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9jN2ZhNDgtMjg3Ni00MjJiLTg4MjUtZTFmMzY3ZTc5NjIw
LzEvSl93aGhXelk0RGVudTR4amtxWVpnaE9vdFBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwijpMA0G
CSqGSIb3DQEBCwUAA4IBAQCPYtTxrktK86FouWfalcYUawOiZCGyRWLRBuXWuDz7
NNzdofQPBINXaz/vB2w14vdlyH4ljrjpSVTYI6gHUeabPxcjb4A1Ff52AHDiUXvU
BndxdwRWbavuSLVjgf3ijAn2+vys4H0IDWMDM57a39iIMNBO6EUY9J/on6kn7SqZ
m+Ztirr1Z/Dql9A53ZxgIjDJhssDU/paanPhj2uWth6/nS8krXgy9sRnGRVWkDIk
dU+25jhyY9YbpSHizORfSmRgRrJ66dzwLPovn0NvXtyPV9m5wgdQ1fAHXuQJlK8V
vznpetKdsWOesnTqg9ZR67nSBhx+TA7g+eHnmXJSgKd5
-----END CERTIFICATE-----