Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/pP9JP73YgEXtAOCiX7unQxeXObY.roa
File:                     pP9JP73YgEXtAOCiX7unQxeXObY.roa (raw, json)
Hash identifier:          hW6dutgdGcYYToazcVSuwU943wyJGNksBm7xnUelpF8=
Subject key identifier:   A4:FF:49:3F:BD:D8:80:45:ED:00:E0:A2:5F:BB:A7:43:17:97:39:B6
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       018CCA298A5358D8943844B720AB6AE3AB3C
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/pP9JP73YgEXtAOCiX7unQxeXObY.roa
Signing time:             Tue 02 Jan 2024 12:32:49 +0000
ROA not before:           Tue 02 Jan 2024 12:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395111
IP address blocks:        85.203.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:8a:53:58:d8:94:38:44:b7:20:ab:6a:e3:ab:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 12:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4ff493fbdd88045ed00e0a25fbba743179739b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:07:9e:ba:ea:91:dd:01:3c:63:ca:43:05:ea:
                    14:03:13:34:e8:7b:dd:fb:45:79:16:d8:5c:27:1f:
                    a8:73:21:cf:2e:ec:21:72:a7:f0:5e:9b:a5:1c:0c:
                    9b:07:2c:f8:b6:94:35:ec:a6:fd:79:ad:94:51:30:
                    41:ad:54:87:23:60:82:9c:cf:73:44:64:09:d9:83:
                    d5:56:20:57:4e:64:12:a9:b6:9f:ed:36:fd:f5:87:
                    e3:03:0a:b0:ec:af:8c:43:fb:53:a6:0d:03:54:e9:
                    56:17:d9:11:7d:eb:b1:6f:34:f3:64:e3:58:78:38:
                    22:2f:63:b7:08:ad:77:65:56:d5:99:b4:35:9d:1b:
                    92:ac:be:5f:8e:60:2c:2f:d3:e8:aa:57:f1:b2:7e:
                    6e:e3:7c:63:c8:91:1b:74:ba:a6:0b:78:71:0a:8a:
                    2e:22:78:2e:de:e3:f0:4d:60:2c:c0:27:a7:16:59:
                    ba:18:84:62:1a:20:1a:9e:24:87:68:2c:03:06:b9:
                    ac:56:d4:62:a9:e3:8a:1e:62:54:c4:89:4d:9a:95:
                    0e:46:0e:b8:ca:ff:21:6e:8b:20:23:25:95:17:30:
                    ef:88:7e:5a:b4:ed:83:fe:64:48:77:b6:60:cc:e0:
                    52:53:65:86:9e:60:3c:06:a9:d9:5e:34:fd:b6:5c:
                    61:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:FF:49:3F:BD:D8:80:45:ED:00:E0:A2:5F:BB:A7:43:17:97:39:B6
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/pP9JP73YgEXtAOCiX7unQxeXObY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:a5:1c:19:82:f9:f9:25:4f:68:90:20:6d:40:c1:ec:28:07:
         9e:67:83:a5:71:92:21:a2:f1:c2:03:16:61:7a:c6:fe:2f:b2:
         2d:d9:88:63:96:c4:ca:25:de:ff:ca:c4:2f:4c:09:c2:0c:45:
         e7:9c:7a:96:24:14:d1:72:a1:53:5d:d7:76:07:15:e2:be:34:
         39:4d:57:d2:13:bf:0f:a0:8e:8e:3a:4c:4b:df:8f:28:6b:d4:
         37:88:9f:3c:07:14:5f:97:51:90:aa:9e:a8:47:f8:92:66:25:
         ef:97:a5:e5:f2:56:15:33:b6:d9:49:d9:8f:62:5e:e9:2a:d0:
         6a:7a:63:96:62:ea:54:61:f4:e9:31:e3:1e:14:a1:a0:ae:bf:
         fc:fe:11:16:2a:f9:4f:6a:65:e0:c8:ac:4a:a1:74:69:7e:b9:
         c9:28:29:da:4f:7a:82:10:7e:fd:a8:ee:19:d3:c8:53:2b:d2:
         b4:02:ee:2f:81:2b:15:bd:2b:f0:f4:79:11:5c:62:f0:b2:70:
         ce:5a:4a:8e:cd:01:0a:44:da:b7:29:80:60:d5:b8:86:c4:b6:
         df:35:65:9c:71:3f:bd:45:dd:17:7a:e6:40:e2:99:2b:78:e6:
         fe:15:a4:7a:f7:23:be:4d:f6:82:73:13:e3:55:d7:80:a9:3b:
         7e:8f:dc:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKYpTWNiUOES3IKtq46s8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwMTAyMTIzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGZmNDkzZmJkZDg4MDQ1ZWQwMGUwYTI1ZmJiYTc0MzE3OTczOWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAeeuuqR3QE8Y8pDBeoUAxM06Hvd
+0V5FthcJx+ocyHPLuwhcqfwXpulHAybByz4tpQ17Kb9ea2UUTBBrVSHI2CCnM9z
RGQJ2YPVViBXTmQSqbaf7Tb99YfjAwqw7K+MQ/tTpg0DVOlWF9kRfeuxbzTzZONY
eDgiL2O3CK13ZVbVmbQ1nRuSrL5fjmAsL9Poqlfxsn5u43xjyJEbdLqmC3hxCoou
Ingu3uPwTWAswCenFlm6GIRiGiAaniSHaCwDBrmsVtRiqeOKHmJUxIlNmpUORg64
yv8hbosgIyWVFzDviH5atO2D/mRId7ZgzOBSU2WGnmA8BqnZXjT9tlxh/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKT/ST+92IBF7QDgol+7p0MXlzm2MB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvcFA5SlA3M1lnRVh0QU9DaVg3dW5ReGVYT2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcsbMA0G
CSqGSIb3DQEBCwUAA4IBAQBHpRwZgvn5JU9okCBtQMHsKAeeZ4OlcZIhovHCAxZh
esb+L7It2YhjlsTKJd7/ysQvTAnCDEXnnHqWJBTRcqFTXdd2BxXivjQ5TVfSE78P
oI6OOkxL348oa9Q3iJ88BxRfl1GQqp6oR/iSZiXvl6Xl8lYVM7bZSdmPYl7pKtBq
emOWYupUYfTpMeMeFKGgrr/8/hEWKvlPamXgyKxKoXRpfrnJKCnaT3qCEH79qO4Z
08hTK9K0Au4vgSsVvSvw9HkRXGLwsnDOWkqOzQEKRNq3KYBg1biGxLbfNWWccT+9
Rd0XeuZA4pkreOb+FaR69yO+TfaCcxPjVdeAqTt+j9xd
-----END CERTIFICATE-----