Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/x6HBrtzvlBi9wS8lFhZqjGws7GE.roa
File:                     x6HBrtzvlBi9wS8lFhZqjGws7GE.roa (raw, json)
Hash identifier:          K3xXqIk+nwkIR89tmAyDSZCAlU/HPZNcW9J1YmcrdQY=
Subject key identifier:   C7:A1:C1:AE:DC:EF:94:18:BD:C1:2F:25:16:16:6A:8C:6C:2C:EC:61
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC794509E11DEA09946F1CF47CF93644A
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/x6HBrtzvlBi9wS8lFhZqjGws7GE.roa
Signing time:             Tue 02 Jan 2024 00:30:35 +0000
ROA not before:           Tue 02 Jan 2024 00:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43415
IP address blocks:        217.218.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:50:9e:11:de:a0:99:46:f1:cf:47:cf:93:64:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7a1c1aedcef9418bdc12f2516166a8c6c2cec61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b5:53:44:ba:2b:3d:c8:54:da:74:94:74:b8:
                    ff:fe:7c:b3:27:e7:0a:b4:cf:0f:4b:9c:d4:56:3b:
                    41:c8:74:d6:62:c9:83:c1:fa:1a:0b:f1:52:2f:f1:
                    44:ea:92:23:58:5a:ce:25:d6:78:20:47:af:73:34:
                    e6:54:fb:54:0d:0c:42:e1:5e:6d:4c:18:26:36:b7:
                    2b:3c:33:d8:6a:8d:96:08:0d:ea:ff:58:a0:51:c6:
                    43:cd:aa:8f:82:ef:63:94:1b:c7:7d:4d:35:29:ef:
                    c1:16:a6:58:9b:0b:72:e4:db:b3:bb:b9:11:a8:ce:
                    2c:3f:9c:67:5c:7c:79:83:0e:9d:41:92:78:59:bf:
                    9a:aa:6b:c1:8c:36:99:33:11:9e:df:67:a1:41:e9:
                    5c:56:56:7b:ec:34:3b:57:9c:5d:46:6b:c8:c7:13:
                    9b:0b:a3:0f:30:dd:3c:f9:8f:fb:4a:68:6d:cf:81:
                    2f:99:fd:db:1b:5b:18:c3:51:2c:e7:2a:e9:1b:4c:
                    7c:56:97:b9:ed:d5:37:84:36:6a:35:d5:62:1a:83:
                    52:ed:23:02:ea:b9:7a:f3:25:e6:6e:10:cf:2b:67:
                    38:cc:94:d2:a4:f7:69:38:8f:aa:12:ef:90:52:27:
                    50:ef:3c:7c:b1:99:61:72:b6:f6:19:6d:ea:6f:4f:
                    68:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:A1:C1:AE:DC:EF:94:18:BD:C1:2F:25:16:16:6A:8C:6C:2C:EC:61
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/x6HBrtzvlBi9wS8lFhZqjGws7GE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.218.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:83:7a:ca:cf:ae:ff:cf:6d:a6:02:e3:3c:cd:6c:7f:1c:c3:
         e1:8b:19:7b:4d:f0:87:2e:fb:5d:36:b4:09:3a:4e:26:0a:78:
         2c:bf:45:02:64:cb:90:7c:64:fc:70:eb:b3:ed:5e:91:a6:80:
         6f:95:ae:ab:c4:bf:a3:73:b7:17:f7:d8:1f:d8:ec:1f:5e:9f:
         f2:f6:77:d7:4e:89:42:08:28:a0:ae:9f:f2:aa:bb:dc:94:71:
         68:3d:17:45:5b:ef:ec:60:5c:ef:c8:e3:f4:e8:5c:cf:02:75:
         59:70:04:3e:98:a8:a1:8f:b2:24:2b:b1:f4:12:51:7b:5b:ef:
         07:a8:e5:d1:7b:0d:bd:4f:27:5e:e4:20:35:aa:8f:33:e5:c3:
         0e:a7:39:a7:ab:19:d3:01:6a:0c:ca:22:2b:67:be:e4:b6:a0:
         b2:ad:a5:7d:05:3e:0e:68:29:3d:67:e4:da:f3:8b:a4:d1:76:
         6f:49:28:40:30:d8:21:6a:4d:14:18:85:c7:85:65:2e:d3:8f:
         b9:de:dd:ba:ac:87:99:11:16:68:e9:4c:ad:9f:5c:d9:c6:de:
         e4:38:ba:a8:0c:ef:5f:33:75:ac:85:bc:81:6c:31:ec:89:79:
         e3:03:44:45:d4:36:78:14:ea:1e:88:61:9a:83:ed:d5:9a:23:
         e1:9d:4f:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFCeEd6gmUbxz0fPk2RKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2ExYzFhZWRjZWY5NDE4YmRjMTJmMjUxNjE2NmE4YzZjMmNlYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbVTRLorPchU2nSUdLj//nyzJ+cK
tM8PS5zUVjtByHTWYsmDwfoaC/FSL/FE6pIjWFrOJdZ4IEevczTmVPtUDQxC4V5t
TBgmNrcrPDPYao2WCA3q/1igUcZDzaqPgu9jlBvHfU01Ke/BFqZYmwty5Nuzu7kR
qM4sP5xnXHx5gw6dQZJ4Wb+aqmvBjDaZMxGe32ehQelcVlZ77DQ7V5xdRmvIxxOb
C6MPMN08+Y/7Smhtz4Evmf3bG1sYw1Es5yrpG0x8Vpe57dU3hDZqNdViGoNS7SMC
6rl68yXmbhDPK2c4zJTSpPdpOI+qEu+QUidQ7zx8sZlhcrb2GW3qb09o7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMehwa7c75QYvcEvJRYWaoxsLOxhMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEveDZIQnJ0enZsQmk5d1M4bEZoWnFqR3dzN0dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2dotMA0G
CSqGSIb3DQEBCwUAA4IBAQBug3rKz67/z22mAuM8zWx/HMPhixl7TfCHLvtdNrQJ
Ok4mCngsv0UCZMuQfGT8cOuz7V6RpoBvla6rxL+jc7cX99gf2OwfXp/y9nfXTolC
CCigrp/yqrvclHFoPRdFW+/sYFzvyOP06FzPAnVZcAQ+mKihj7IkK7H0ElF7W+8H
qOXRew29Tyde5CA1qo8z5cMOpzmnqxnTAWoMyiIrZ77ktqCyraV9BT4OaCk9Z+Ta
84uk0XZvSShAMNghak0UGIXHhWUu04+53t26rIeZERZo6Uytn1zZxt7kOLqoDO9f
M3WshbyBbDHsiXnjA0RF1DZ4FOoeiGGag+3VmiPhnU9Q
-----END CERTIFICATE-----