Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Md7YZ-d1Y1XheM9ry7B9sgz4YA4.roa
File:                     Md7YZ-d1Y1XheM9ry7B9sgz4YA4.roa (raw, json)
Hash identifier:          Ih78eioWDLIJh2FdRhV0xY7L6/wFxYgEtTJFDLMZDFU=
Subject key identifier:   31:DE:D8:67:E7:75:63:55:E1:78:CF:6B:CB:B0:7D:B2:0C:F8:60:0E
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       0194274799D54667AA2D886FEBC9AB0EAEFE
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Md7YZ-d1Y1XheM9ry7B9sgz4YA4.roa
Signing time:             Thu 02 Jan 2025 13:49:51 +0000
ROA not before:           Thu 02 Jan 2025 13:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43395
IP address blocks:        2.188.232.0/23 maxlen: 23
                          2.188.236.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:99:d5:46:67:aa:2d:88:6f:eb:c9:ab:0e:ae:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 13:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31ded867e7756355e178cf6bcbb07db20cf8600e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ff:f2:7b:d4:1b:8d:f1:a1:69:a0:13:92:9c:
                    d0:a3:da:a3:83:d3:74:82:97:62:e8:e2:cf:8f:be:
                    5f:e8:90:f4:5d:62:92:5a:ad:30:d3:d1:e9:7b:e3:
                    d9:35:1f:12:a4:34:46:9b:5d:86:71:cd:07:e7:0f:
                    4f:13:c2:3d:3b:84:19:dc:88:d9:f4:20:21:89:7f:
                    aa:da:41:13:47:4f:71:f9:11:37:c5:59:e7:eb:63:
                    9c:60:fd:57:f6:14:98:eb:69:c7:8d:08:c4:21:e4:
                    ea:4c:80:1c:89:7c:25:3c:0a:44:c2:68:02:f3:a9:
                    69:48:67:c2:23:4e:ba:95:04:d7:d2:31:d9:0d:5c:
                    1b:0b:80:a3:6c:9b:89:22:84:c7:96:2c:36:a4:11:
                    50:48:4a:81:36:04:1e:10:ef:29:07:1b:ea:1f:cf:
                    3a:6f:6b:a5:e5:fe:1f:22:51:b5:16:28:40:2a:9e:
                    46:2d:23:f3:cd:5d:53:16:22:b0:8b:a7:f9:26:fe:
                    b7:37:e1:46:ba:a0:7b:f6:e8:b8:f9:7f:ae:7d:6b:
                    e7:d0:85:f1:d9:65:f7:c9:bc:2c:23:5e:08:79:b8:
                    c5:49:58:a1:26:af:84:66:a2:72:33:74:9a:c6:dc:
                    ca:24:06:a2:5f:84:99:11:25:c6:f4:ba:2d:83:d9:
                    ff:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:DE:D8:67:E7:75:63:55:E1:78:CF:6B:CB:B0:7D:B2:0C:F8:60:0E
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Md7YZ-d1Y1XheM9ry7B9sgz4YA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.188.232.0/23
                  2.188.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:1d:cd:bc:9d:48:15:bd:4c:d6:e4:ee:79:3c:78:89:e5:77:
         8f:13:18:23:0c:64:38:8c:a6:75:ad:48:7d:91:e8:cc:cc:ed:
         0a:6c:47:bb:50:3b:32:1d:ef:21:78:a1:75:1a:72:58:41:eb:
         9c:91:59:d6:a2:72:50:c8:3c:09:f4:c2:27:e8:36:c0:1f:66:
         98:84:8f:ae:cb:6c:71:f3:18:67:18:6a:0e:fd:68:28:f9:f6:
         0b:35:ff:58:51:bb:ee:29:f6:4a:37:86:8e:46:5e:48:49:3e:
         ae:a9:40:9f:8c:0b:5c:84:55:a9:62:86:e5:63:8d:d9:98:50:
         97:d1:fa:2a:15:55:c7:b2:fa:8c:13:3a:33:a8:f9:08:c8:33:
         f8:50:d7:39:ec:e4:a6:65:51:bd:b5:5e:f2:3a:df:f2:3c:d9:
         f4:98:65:14:f3:10:ed:41:69:2d:75:a9:a3:84:b1:34:95:26:
         51:89:34:d4:d7:a9:e4:59:d2:a3:30:c2:ef:4c:f6:0b:30:0c:
         a5:43:58:86:d9:e7:4f:cf:77:bb:f3:30:8c:24:f6:57:ce:ea:
         83:85:63:ed:e5:cf:29:d8:5c:9b:23:20:4b:72:03:a3:5f:e3:
         5d:78:9b:c7:06:5f:4c:5f:22:0a:38:f4:ea:7f:8f:49:83:26:
         09:65:dc:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR5nVRmeqLYhv68mrDq7+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjUwMTAyMTM0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWRlZDg2N2U3NzU2MzU1ZTE3OGNmNmJjYmIwN2RiMjBjZjg2MDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwv/ye9QbjfGhaaATkpzQo9qjg9N0
gpdi6OLPj75f6JD0XWKSWq0w09Hpe+PZNR8SpDRGm12Gcc0H5w9PE8I9O4QZ3IjZ
9CAhiX+q2kETR09x+RE3xVnn62OcYP1X9hSY62nHjQjEIeTqTIAciXwlPApEwmgC
86lpSGfCI066lQTX0jHZDVwbC4CjbJuJIoTHliw2pBFQSEqBNgQeEO8pBxvqH886
b2ul5f4fIlG1FihAKp5GLSPzzV1TFiKwi6f5Jv63N+FGuqB79ui4+X+ufWvn0IXx
2WX3ybwsI14IebjFSVihJq+EZqJyM3SaxtzKJAaiX4SZESXG9Lotg9n/0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDHe2GfndWNV4XjPa8uwfbIM+GAOMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvTWQ3WVotZDFZMVhoZU05cnk3QjlzZ3o0WUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBArzoAwQB
ArzsMA0GCSqGSIb3DQEBCwUAA4IBAQAuHc28nUgVvUzW5O55PHiJ5XePExgjDGQ4
jKZ1rUh9kejMzO0KbEe7UDsyHe8heKF1GnJYQeuckVnWonJQyDwJ9MIn6DbAH2aY
hI+uy2xx8xhnGGoO/Wgo+fYLNf9YUbvuKfZKN4aORl5IST6uqUCfjAtchFWpYobl
Y43ZmFCX0foqFVXHsvqMEzozqPkIyDP4UNc57OSmZVG9tV7yOt/yPNn0mGUU8xDt
QWktdamjhLE0lSZRiTTU16nkWdKjMMLvTPYLMAylQ1iG2edPz3e78zCMJPZXzuqD
hWPt5c8p2FybIyBLcgOjX+NdeJvHBl9MXyIKOPTqf49JgyYJZdzL
-----END CERTIFICATE-----