Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/MlI27KcEJzg8m98MEwCi-Bwg8gU.roa
File:                     MlI27KcEJzg8m98MEwCi-Bwg8gU.roa (raw, json)
Hash identifier:          u6FAz2F90AXtZlCuTEonK/JHSUSdLhNZz8NFprKyg8k=
Subject key identifier:   32:52:36:EC:A7:04:27:38:3C:9B:DF:0C:13:00:A2:F8:1C:20:F2:05
Certificate issuer:       /CN=568ae803b9ba38855401827b3eece14505a9c0f6
Certificate serial:       018CC56E70C3272A3AD387F5724A53D0F5C9
Authority key identifier: 56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/MlI27KcEJzg8m98MEwCi-Bwg8gU.roa
Signing time:             Mon 01 Jan 2024 14:29:58 +0000
ROA not before:           Mon 01 Jan 2024 14:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35508
IP address blocks:        81.27.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:70:c3:27:2a:3a:d3:87:f5:72:4a:53:d0:f5:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568ae803b9ba38855401827b3eece14505a9c0f6
        Validity
            Not Before: Jan  1 14:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=325236eca70427383c9bdf0c1300a2f81c20f205
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:69:ba:90:0c:9c:1f:ef:81:1b:a9:3e:ca:0f:
                    ee:08:31:f8:c1:c6:ca:6d:68:b0:d9:42:cd:85:88:
                    9c:7c:15:ac:fa:2c:92:2c:30:ee:5f:4e:4f:e6:88:
                    76:12:29:20:a1:77:99:69:90:09:eb:27:09:cf:37:
                    a9:d0:7c:26:65:7d:e9:ba:28:35:97:be:00:e7:cf:
                    ab:77:da:d7:4a:68:1c:0f:25:b0:04:5f:4a:ae:45:
                    50:1b:a0:3d:fb:1a:e2:3f:28:f9:b7:1d:29:13:f6:
                    14:ca:fe:32:e6:79:77:b9:b7:a9:ec:4e:a8:ba:43:
                    04:c1:e0:cd:21:31:59:f4:c8:8e:3d:0e:64:e2:30:
                    3e:26:92:3f:d8:a1:3c:81:fe:fe:59:c2:ea:d7:d9:
                    7f:ed:fc:82:d6:47:08:2d:df:8a:06:b0:3a:35:1f:
                    96:0b:d7:83:d8:9d:d3:e9:fa:f6:36:40:40:d8:62:
                    ac:c9:d9:2f:55:c5:b2:d7:5c:41:42:c8:2c:7d:4a:
                    55:d3:69:ca:a6:58:3f:ce:0a:85:69:f1:fe:88:a7:
                    a9:1e:37:02:d5:39:3c:1e:85:1a:d6:97:48:ef:15:
                    63:b3:92:2a:14:e6:85:64:bd:5d:20:21:ec:0c:10:
                    a6:56:8c:43:29:89:01:cb:1b:b1:43:18:e3:0f:51:
                    90:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:52:36:EC:A7:04:27:38:3C:9B:DF:0C:13:00:A2:F8:1C:20:F2:05
            X509v3 Authority Key Identifier:
                keyid:56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/MlI27KcEJzg8m98MEwCi-Bwg8gU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.27.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:15:9d:42:83:b7:d4:35:1a:01:bc:41:63:51:ac:85:ef:59:
         5b:39:b9:e8:8b:a0:aa:a8:0f:55:51:fa:49:c4:4b:8e:b1:7d:
         49:03:4c:25:42:20:d5:c3:33:d0:6a:86:89:8a:56:0b:64:ef:
         72:54:4e:1a:d7:67:76:8b:14:1a:2d:95:84:15:eb:01:63:4a:
         0d:8d:68:f2:84:fe:bc:87:45:90:f0:74:45:a5:af:00:71:64:
         7c:ed:34:f3:23:7d:4e:f4:99:2d:9e:9c:5b:3a:c7:fe:f2:c2:
         04:28:8a:e5:fb:8a:f0:34:1a:fe:95:b5:25:45:f3:b3:6e:a2:
         65:e6:c6:89:36:b6:bd:0d:19:fa:a1:bc:7e:4e:6c:cb:d8:ea:
         52:36:2c:8c:95:51:38:eb:ed:59:d8:ba:ee:0c:db:bf:29:3a:
         7f:14:cc:46:8b:b7:17:32:09:e4:41:0c:d6:dc:07:04:9d:29:
         6f:97:81:1e:bd:14:b5:25:39:f3:d6:55:60:d7:8e:c9:d1:c1:
         1a:55:74:18:19:9a:b2:be:3a:42:48:fd:14:75:0f:5d:22:42:
         0b:fb:06:1c:c2:fe:f8:29:fa:d6:2e:c0:9e:9b:ec:d9:25:99:
         8f:ff:fa:eb:14:c3:70:09:9f:40:82:77:ba:d5:41:cc:b9:9d:
         dd:fa:03:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbnDDJyo604f1ckpT0PXJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGFlODAzYjliYTM4ODU1NDAxODI3YjNlZWNlMTQ1MDVh
OWMwZjYwHhcNMjQwMTAxMTQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjUyMzZlY2E3MDQyNzM4M2M5YmRmMGMxMzAwYTJmODFjMjBmMjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWm6kAycH++BG6k+yg/uCDH4wcbK
bWiw2ULNhYicfBWs+iySLDDuX05P5oh2EikgoXeZaZAJ6ycJzzep0HwmZX3puig1
l74A58+rd9rXSmgcDyWwBF9KrkVQG6A9+xriPyj5tx0pE/YUyv4y5nl3ubep7E6o
ukMEweDNITFZ9MiOPQ5k4jA+JpI/2KE8gf7+WcLq19l/7fyC1kcILd+KBrA6NR+W
C9eD2J3T6fr2NkBA2GKsydkvVcWy11xBQsgsfUpV02nKplg/zgqFafH+iKepHjcC
1Tk8HoUa1pdI7xVjs5IqFOaFZL1dICHsDBCmVoxDKYkByxuxQxjjD1GQ0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJSNuynBCc4PJvfDBMAovgcIPIFMB8GA1UdIwQY
MBaAFFaK6AO5ujiFVAGCez7s4UUFqcD2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAt
OGVhZThiNzVlOWNhLzEvTWxJMjdLY0VKemc4bTk4TUV3Q2ktQndnOGdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAtOGVhZThiNzVlOWNh
LzEvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURv0MA0G
CSqGSIb3DQEBCwUAA4IBAQAxFZ1Cg7fUNRoBvEFjUayF71lbObnoi6CqqA9VUfpJ
xEuOsX1JA0wlQiDVwzPQaoaJilYLZO9yVE4a12d2ixQaLZWEFesBY0oNjWjyhP68
h0WQ8HRFpa8AcWR87TTzI31O9JktnpxbOsf+8sIEKIrl+4rwNBr+lbUlRfOzbqJl
5saJNra9DRn6obx+TmzL2OpSNiyMlVE46+1Z2LruDNu/KTp/FMxGi7cXMgnkQQzW
3AcEnSlvl4EevRS1JTnz1lVg147J0cEaVXQYGZqyvjpCSP0UdQ9dIkIL+wYcwv74
KfrWLsCem+zZJZmP//rrFMNwCZ9Agne61UHMuZ3d+gOh
-----END CERTIFICATE-----