Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/X9FH3CZDECg0g0MoIdjyCT31J0k.roa
File:                     X9FH3CZDECg0g0MoIdjyCT31J0k.roa (raw, json)
Hash identifier:          4ztsW2MEpTIqh1VwNkESft8LKz/s0CfG8eHjuYgysf8=
Subject key identifier:   5F:D1:47:DC:26:43:10:28:34:83:43:28:21:D8:F2:09:3D:F5:27:49
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC79455591CE667AFFE3ACD9C8E49B129
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/X9FH3CZDECg0g0MoIdjyCT31J0k.roa
Signing time:             Tue 02 Jan 2024 00:30:36 +0000
ROA not before:           Tue 02 Jan 2024 00:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61209
IP address blocks:        80.191.172.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:55:59:1c:e6:67:af:fe:3a:cd:9c:8e:49:b1:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fd147dc264310283483432821d8f2093df52749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:14:40:57:fe:b5:52:27:b3:78:c5:9c:21:30:
                    2d:44:90:f2:2a:22:4b:e7:0e:83:d5:96:74:5d:96:
                    6c:72:08:99:4f:c1:73:e5:25:41:5f:9a:4e:4b:22:
                    b4:12:f3:d4:d9:1c:7c:ca:cf:7c:35:ae:1b:26:10:
                    53:8d:eb:10:c4:d4:dc:d6:3a:20:24:8e:ca:0f:18:
                    48:91:da:1f:13:34:17:64:ea:6b:05:fe:6d:3a:b6:
                    38:92:02:b4:2d:a5:8a:01:a3:80:49:fe:c8:80:00:
                    55:a6:b7:d1:30:9f:41:25:0c:c6:90:c3:31:3d:85:
                    1f:3c:65:c9:bc:05:dc:a7:f9:8c:b3:50:ec:59:1e:
                    3d:fd:a5:eb:ce:c5:ba:a7:f5:56:98:ea:e9:00:70:
                    f2:4c:33:84:71:ea:85:62:80:2b:2d:dd:b2:08:ee:
                    4c:37:bd:fe:5e:58:ac:1f:58:1d:4e:39:2a:4c:57:
                    93:c6:1f:74:a9:b3:d4:85:3b:d0:2e:79:8e:63:6b:
                    a6:dd:4d:85:dc:e8:25:b7:5e:a4:8b:bb:32:77:b3:
                    b2:e5:6a:84:19:5f:fe:b8:4b:96:e6:02:e5:64:af:
                    4b:bd:1d:87:2e:a4:2e:00:20:ce:e5:98:cb:73:8a:
                    e6:52:56:ae:82:8f:38:c2:94:82:6c:2b:9e:cd:a0:
                    fe:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:D1:47:DC:26:43:10:28:34:83:43:28:21:D8:F2:09:3D:F5:27:49
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/X9FH3CZDECg0g0MoIdjyCT31J0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.191.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:0f:72:99:30:5f:84:63:11:d1:66:19:d5:ea:a8:f3:1f:d0:
         cd:71:53:4c:e6:c5:18:c0:c4:d3:c0:1e:71:19:9f:9d:da:f7:
         d8:b3:cc:f1:f9:97:69:46:dd:d8:fc:d1:ef:06:c8:bb:fa:a4:
         45:e9:8d:fb:ef:cb:11:d7:73:40:d2:b6:f4:1d:5d:06:cd:64:
         9c:d1:a0:4c:78:c0:5f:de:b8:5b:2c:cc:eb:86:04:f9:51:61:
         65:89:46:8e:ca:cb:2e:21:5f:c1:bd:74:de:30:04:6d:11:ee:
         54:b8:1b:a2:a5:12:ca:98:d9:e3:0c:b3:19:b9:54:ca:6f:e7:
         7b:b5:fe:ee:3e:bf:5b:74:a8:64:9d:28:0c:c0:08:ad:98:b6:
         2a:e5:3d:12:65:da:18:2e:fb:a5:db:25:a8:b1:16:7c:b6:c3:
         36:ea:68:55:76:2d:2f:d1:ad:43:ba:70:9e:da:5c:a5:5c:95:
         cd:8d:e4:84:ab:83:ef:ac:ad:2e:cd:9c:53:cb:15:0f:49:b9:
         dd:f0:5b:28:bf:25:76:52:f9:34:1b:66:58:d6:40:b5:32:84:
         cd:7c:16:25:2c:07:10:f7:0a:85:86:cd:00:ad:10:e9:5f:ca:
         fe:98:cc:7e:91:e8:c4:83:b9:c2:f1:57:b0:89:8b:87:83:7a:
         0c:64:a3:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFVZHOZnr/46zZyOSbEpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmQxNDdkYzI2NDMxMDI4MzQ4MzQzMjgyMWQ4ZjIwOTNkZjUyNzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxRAV/61UiezeMWcITAtRJDyKiJL
5w6D1ZZ0XZZscgiZT8Fz5SVBX5pOSyK0EvPU2Rx8ys98Na4bJhBTjesQxNTc1jog
JI7KDxhIkdofEzQXZOprBf5tOrY4kgK0LaWKAaOASf7IgABVprfRMJ9BJQzGkMMx
PYUfPGXJvAXcp/mMs1DsWR49/aXrzsW6p/VWmOrpAHDyTDOEceqFYoArLd2yCO5M
N73+XlisH1gdTjkqTFeTxh90qbPUhTvQLnmOY2um3U2F3Oglt16ki7syd7Oy5WqE
GV/+uEuW5gLlZK9LvR2HLqQuACDO5ZjLc4rmUlaugo84wpSCbCuezaD+qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/RR9wmQxAoNINDKCHY8gk99SdJMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvWDlGSDNDWkRFQ2cwZzBNb0lkanlDVDMxSjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUL+sMA0G
CSqGSIb3DQEBCwUAA4IBAQBXD3KZMF+EYxHRZhnV6qjzH9DNcVNM5sUYwMTTwB5x
GZ+d2vfYs8zx+ZdpRt3Y/NHvBsi7+qRF6Y3778sR13NA0rb0HV0GzWSc0aBMeMBf
3rhbLMzrhgT5UWFliUaOyssuIV/BvXTeMARtEe5UuBuipRLKmNnjDLMZuVTKb+d7
tf7uPr9bdKhknSgMwAitmLYq5T0SZdoYLvul2yWosRZ8tsM26mhVdi0v0a1DunCe
2lylXJXNjeSEq4PvrK0uzZxTyxUPSbnd8FsovyV2Uvk0G2ZY1kC1MoTNfBYlLAcQ
9wqFhs0ArRDpX8r+mMx+kejEg7nC8VewiYuHg3oMZKOL
-----END CERTIFICATE-----