Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/PAZmbOvmW0GXY3MBOecwmWHXeLI.roa
File:                     PAZmbOvmW0GXY3MBOecwmWHXeLI.roa (raw, json)
Hash identifier:          XP69b5xnDNpgtxSqDTH7tXT4KpFl8GuzrNoDsJn7rUM=
Subject key identifier:   3C:06:66:6C:EB:E6:5B:41:97:63:73:01:39:E7:30:99:61:D7:78:B2
Certificate issuer:       /CN=568ae803b9ba38855401827b3eece14505a9c0f6
Certificate serial:       018CC56E71F2C2059D8CD76E08C55FF5EF90
Authority key identifier: 56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/PAZmbOvmW0GXY3MBOecwmWHXeLI.roa
Signing time:             Mon 01 Jan 2024 14:29:58 +0000
ROA not before:           Mon 01 Jan 2024 14:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199732
IP address blocks:        81.27.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:71:f2:c2:05:9d:8c:d7:6e:08:c5:5f:f5:ef:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568ae803b9ba38855401827b3eece14505a9c0f6
        Validity
            Not Before: Jan  1 14:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c06666cebe65b419763730139e7309961d778b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f6:7b:fb:c3:d8:d7:f2:cd:fe:09:08:96:eb:
                    37:6f:e6:81:2a:ee:79:17:57:75:6c:0d:ec:59:46:
                    40:56:e2:db:ff:40:2a:cb:7e:92:0a:2d:39:14:b1:
                    50:d9:23:21:a7:82:ad:d8:0a:6c:7d:d9:bf:c7:63:
                    60:1a:09:5c:8a:f7:46:82:1b:bf:7f:b3:36:fa:43:
                    34:66:10:74:9e:71:8e:ce:fd:6f:60:ef:ca:8e:a8:
                    40:0e:f9:7d:b9:55:90:c0:2f:6e:aa:c6:e5:e9:a6:
                    35:9c:dd:a0:b9:71:a2:a4:a8:68:51:26:2d:fe:d7:
                    30:bd:5a:19:a1:f5:69:9e:4a:39:82:8e:7d:32:2a:
                    e0:f8:08:9b:cf:7b:b4:94:82:54:4f:00:cd:af:11:
                    67:b0:3b:ad:57:e3:37:40:20:83:e0:e3:d2:f9:9d:
                    3e:b7:aa:59:45:d5:bc:a0:08:45:d0:a9:77:6e:bd:
                    7c:bf:28:1b:c3:a6:ee:8d:31:ab:6e:3c:10:5b:f5:
                    b1:9a:72:78:85:92:f9:04:b4:3d:8b:ba:ad:94:d2:
                    15:0f:cd:ee:ac:cd:39:24:c1:20:04:16:2d:3d:95:
                    d0:99:31:64:d5:96:b5:74:8f:cb:72:7b:d9:b1:3b:
                    88:ae:72:6a:a0:c1:a5:a9:b7:38:19:3f:dc:34:74:
                    be:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:06:66:6C:EB:E6:5B:41:97:63:73:01:39:E7:30:99:61:D7:78:B2
            X509v3 Authority Key Identifier:
                keyid:56:8A:E8:03:B9:BA:38:85:54:01:82:7B:3E:EC:E1:45:05:A9:C0:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VoroA7m6OIVUAYJ7PuzhRQWpwPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/PAZmbOvmW0GXY3MBOecwmWHXeLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/278d5f-9ee6-4477-9fe0-8eae8b75e9ca/1/VoroA7m6OIVUAYJ7PuzhRQWpwPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.27.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:c2:d8:29:48:72:6f:0d:1a:7b:aa:38:e7:38:e8:2d:dd:99:
         33:32:33:fb:10:79:0c:8b:6b:5d:17:e4:00:8e:fe:de:d9:c7:
         be:6b:bd:5a:c2:8e:cf:da:1e:5d:c2:99:36:e3:87:51:f1:91:
         25:95:e5:f7:02:91:52:6b:e1:f5:28:64:29:31:a5:cf:e1:ae:
         e6:ef:08:b5:9b:97:15:a7:81:12:e3:00:97:85:28:bb:7b:83:
         bb:52:99:b5:f2:50:29:82:31:27:69:43:18:0d:e4:f3:b9:1e:
         de:f8:87:ed:63:c4:93:94:6f:e5:70:64:b6:e9:0c:fe:4f:0a:
         25:39:fc:52:7b:97:be:ab:2a:c4:7e:8b:1f:8e:db:59:70:2b:
         e1:fd:4c:a6:8f:31:f1:3b:f3:c2:a0:ca:59:15:4d:68:54:d3:
         8c:23:94:23:8a:ba:02:ae:1e:b6:41:67:d2:1b:39:7d:ba:26:
         b0:eb:20:af:99:c6:f0:4d:55:13:04:07:24:02:fb:e0:88:b0:
         01:d0:73:1e:b5:77:e6:67:ae:6c:6f:8b:af:79:6b:cc:fb:3b:
         45:b2:7e:48:fa:b0:bd:9c:d8:0f:44:8d:a7:92:69:69:c2:f0:
         d6:6d:df:3e:a6:49:98:7d:30:88:dc:6d:ef:df:3e:86:6b:91:
         cd:9b:fe:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbnHywgWdjNduCMVf9e+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGFlODAzYjliYTM4ODU1NDAxODI3YjNlZWNlMTQ1MDVh
OWMwZjYwHhcNMjQwMTAxMTQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzA2NjY2Y2ViZTY1YjQxOTc2MzczMDEzOWU3MzA5OTYxZDc3OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPZ7+8PY1/LN/gkIlus3b+aBKu55
F1d1bA3sWUZAVuLb/0Aqy36SCi05FLFQ2SMhp4Kt2Apsfdm/x2NgGglcivdGghu/
f7M2+kM0ZhB0nnGOzv1vYO/KjqhADvl9uVWQwC9uqsbl6aY1nN2guXGipKhoUSYt
/tcwvVoZofVpnko5go59Mirg+Aibz3u0lIJUTwDNrxFnsDutV+M3QCCD4OPS+Z0+
t6pZRdW8oAhF0Kl3br18vygbw6bujTGrbjwQW/WxmnJ4hZL5BLQ9i7qtlNIVD83u
rM05JMEgBBYtPZXQmTFk1Za1dI/LcnvZsTuIrnJqoMGlqbc4GT/cNHS+4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwGZmzr5ltBl2NzATnnMJlh13iyMB8GA1UdIwQY
MBaAFFaK6AO5ujiFVAGCez7s4UUFqcD2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAt
OGVhZThiNzVlOWNhLzEvUEFabWJPdm1XMEdYWTNNQk9lY3dtV0hYZUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yNzhkNWYtOWVlNi00NDc3LTlmZTAtOGVhZThiNzVlOWNh
LzEvVm9yb0E3bTZPSVZVQVlKN1B1emhSUVdwd1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURv1MA0G
CSqGSIb3DQEBCwUAA4IBAQCTwtgpSHJvDRp7qjjnOOgt3ZkzMjP7EHkMi2tdF+QA
jv7e2ce+a71awo7P2h5dwpk244dR8ZElleX3ApFSa+H1KGQpMaXP4a7m7wi1m5cV
p4ES4wCXhSi7e4O7Upm18lApgjEnaUMYDeTzuR7e+IftY8STlG/lcGS26Qz+Twol
OfxSe5e+qyrEfosfjttZcCvh/UymjzHxO/PCoMpZFU1oVNOMI5QjiroCrh62QWfS
Gzl9uiaw6yCvmcbwTVUTBAckAvvgiLAB0HMetXfmZ65sb4uveWvM+ztFsn5I+rC9
nNgPRI2nkmlpwvDWbd8+pkmYfTCI3G3v3z6Ga5HNm/7d
-----END CERTIFICATE-----