Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/SuzZxnR7ZTiR82otY6hDdiuveFQ.roa
File:                     SuzZxnR7ZTiR82otY6hDdiuveFQ.roa (raw, json)
Hash identifier:          uE3Gg3MK2vUJArdbHxMPk3IQfsUZMi1FV5f1kBb1nzA=
Subject key identifier:   4A:EC:D9:C6:74:7B:65:38:91:F3:6A:2D:63:A8:43:76:2B:AF:78:54
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC7944EC8962FE540F13093DF4F225F41
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/SuzZxnR7ZTiR82otY6hDdiuveFQ.roa
Signing time:             Tue 02 Jan 2024 00:30:34 +0000
ROA not before:           Tue 02 Jan 2024 00:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4817
IP address blocks:        2.189.242.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4e:c8:96:2f:e5:40:f1:30:93:df:4f:22:5f:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4aecd9c6747b653891f36a2d63a843762baf7854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:39:0e:21:a1:9e:4f:45:fb:f4:41:57:fa:51:
                    64:03:79:ad:64:4c:55:1c:5d:77:d1:48:3a:7d:a3:
                    6b:6c:b6:4b:14:3d:49:b1:cd:53:50:f3:90:4a:d9:
                    9b:e5:0c:5b:8f:7c:a2:8d:98:e0:b6:a5:63:34:6e:
                    27:9c:b9:9f:1d:de:af:20:6a:24:bf:86:e6:ae:e2:
                    8b:73:09:0e:e6:36:d5:88:d6:a1:5d:09:38:be:80:
                    2a:25:9e:9e:2d:e2:7c:fd:57:85:f7:f0:7c:ff:5c:
                    79:7d:13:ad:2e:5d:c7:b8:61:dd:d4:b0:62:8b:53:
                    bf:aa:bb:bb:75:d7:1f:4b:b0:91:60:d5:98:f6:df:
                    2c:ba:4f:d3:1a:8d:ce:1d:b8:9c:42:da:3f:f1:02:
                    81:b6:53:90:4d:d5:43:53:25:1d:7f:73:0a:cf:cc:
                    fd:62:01:96:f1:a5:c8:5c:bb:c3:56:dd:ea:c5:3f:
                    a9:7e:d3:69:fd:79:9c:ea:cf:0c:83:d7:9c:ea:bb:
                    67:59:72:8e:94:0a:e8:ea:47:b1:c5:93:3c:4b:13:
                    3d:dc:dd:d9:7d:01:61:7c:e0:8e:e4:79:6b:1d:b8:
                    d5:aa:78:09:88:27:34:6d:9e:04:65:05:ca:77:f0:
                    cd:77:a3:d5:28:60:e3:85:45:7d:59:12:eb:21:1f:
                    1e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:EC:D9:C6:74:7B:65:38:91:F3:6A:2D:63:A8:43:76:2B:AF:78:54
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/SuzZxnR7ZTiR82otY6hDdiuveFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.189.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:55:cc:8a:95:a1:f4:c7:c2:f8:e2:6c:69:c5:2d:bd:21:44:
         18:58:c4:8c:9f:27:0e:11:0b:cb:32:fe:45:02:ae:e5:cb:fe:
         2c:16:67:c3:9d:4e:d5:b4:3b:70:3c:1c:7d:54:2c:92:85:0e:
         59:07:66:30:19:98:d6:8c:81:88:52:9c:91:ac:b3:39:d4:5d:
         d7:15:e4:1d:2d:ed:92:20:a6:0e:4c:4c:2d:5e:5d:ae:94:29:
         7a:28:c0:8f:5e:dd:04:04:cf:c1:92:47:0a:66:eb:57:2a:34:
         82:39:0f:fc:96:a2:f1:3f:52:8a:63:a7:e7:f0:c2:ce:da:03:
         32:27:9e:3f:e1:6e:60:4a:a8:f8:5a:1b:05:72:20:1f:8b:9e:
         68:74:05:a7:39:77:98:c2:e8:3c:f4:8d:c8:c8:69:83:f4:48:
         b8:b3:4d:a7:a4:06:02:ec:44:81:a7:53:3d:82:20:44:b3:25:
         4d:39:85:eb:84:0f:4f:06:15:f0:3c:7b:db:2d:ac:49:fb:3c:
         4c:a9:fb:92:bd:1b:9d:8e:4d:3b:5a:7f:ce:59:61:05:12:2b:
         dd:ba:20:b8:48:b0:5b:5d:b3:30:53:d2:ec:30:2e:60:38:84:
         e6:4c:45:49:83:f4:a7:67:89:4c:f0:9b:65:fb:0b:0c:76:a6:
         6b:f8:58:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlE7Ili/lQPEwk99PIl9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWVjZDljNjc0N2I2NTM4OTFmMzZhMmQ2M2E4NDM3NjJiYWY3ODU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjkOIaGeT0X79EFX+lFkA3mtZExV
HF130Ug6faNrbLZLFD1Jsc1TUPOQStmb5Qxbj3yijZjgtqVjNG4nnLmfHd6vIGok
v4bmruKLcwkO5jbViNahXQk4voAqJZ6eLeJ8/VeF9/B8/1x5fROtLl3HuGHd1LBi
i1O/qru7ddcfS7CRYNWY9t8suk/TGo3OHbicQto/8QKBtlOQTdVDUyUdf3MKz8z9
YgGW8aXIXLvDVt3qxT+pftNp/Xmc6s8Mg9ec6rtnWXKOlAro6kexxZM8SxM93N3Z
fQFhfOCO5HlrHbjVqngJiCc0bZ4EZQXKd/DNd6PVKGDjhUV9WRLrIR8eoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErs2cZ0e2U4kfNqLWOoQ3Yrr3hUMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvU3V6WnhuUjdaVGlSODJvdFk2aERkaXV2ZUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAr3yMA0G
CSqGSIb3DQEBCwUAA4IBAQCeVcyKlaH0x8L44mxpxS29IUQYWMSMnycOEQvLMv5F
Aq7ly/4sFmfDnU7VtDtwPBx9VCyShQ5ZB2YwGZjWjIGIUpyRrLM51F3XFeQdLe2S
IKYOTEwtXl2ulCl6KMCPXt0EBM/BkkcKZutXKjSCOQ/8lqLxP1KKY6fn8MLO2gMy
J54/4W5gSqj4WhsFciAfi55odAWnOXeYwug89I3IyGmD9Ei4s02npAYC7ESBp1M9
giBEsyVNOYXrhA9PBhXwPHvbLaxJ+zxMqfuSvRudjk07Wn/OWWEFEivduiC4SLBb
XbMwU9LsMC5gOITmTEVJg/SnZ4lM8Jtl+wsMdqZr+Fg4
-----END CERTIFICATE-----