Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/ISP0TJJTh3tprVicVW974-nq9rI.roa
File:                     ISP0TJJTh3tprVicVW974-nq9rI.roa (raw, json)
Hash identifier:          pUMX+/MC+BS6vpOzP0rNo03/k6W3G+9Ru/0k0Am9kHc=
Subject key identifier:   21:23:F4:4C:92:53:87:7B:69:AD:58:9C:55:6F:7B:E3:E9:EA:F6:B2
Certificate issuer:       /CN=ed5293cd4a627a846aed60ca7fb5d5a9019aae51
Certificate serial:       01942521CC4FC5C240C466AA3B9809A88B72
Authority key identifier: ED:52:93:CD:4A:62:7A:84:6A:ED:60:CA:7F:B5:D5:A9:01:9A:AE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7VKTzUpieoRq7WDKf7XVqQGarlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/ISP0TJJTh3tprVicVW974-nq9rI.roa
Signing time:             Thu 02 Jan 2025 03:49:19 +0000
ROA not before:           Thu 02 Jan 2025 03:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137
IP address blocks:        157.27.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/7VKTzUpieoRq7WDKf7XVqQGarlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/7VKTzUpieoRq7WDKf7XVqQGarlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7VKTzUpieoRq7WDKf7XVqQGarlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:cc:4f:c5:c2:40:c4:66:aa:3b:98:09:a8:8b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed5293cd4a627a846aed60ca7fb5d5a9019aae51
        Validity
            Not Before: Jan  2 03:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2123f44c9253877b69ad589c556f7be3e9eaf6b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:17:71:34:2a:3c:91:d2:cd:aa:84:88:7b:4c:
                    8e:25:ab:a0:94:34:8c:01:3b:c6:5b:d0:8e:c4:60:
                    13:67:24:42:14:7e:b3:79:57:ff:60:1f:a3:df:56:
                    08:c7:70:90:65:7d:67:80:ed:9f:83:4c:be:cb:f0:
                    2c:d0:cf:6e:db:00:7e:27:07:72:b4:8c:fc:52:88:
                    30:f3:4c:da:85:cf:81:10:17:cc:ae:d5:1c:4c:64:
                    4a:af:81:e1:4a:55:66:b3:0d:85:c6:56:cc:43:58:
                    3f:e5:01:4d:3d:c4:16:9c:d2:8d:2e:7f:4a:18:7b:
                    69:5d:70:0c:fb:42:f2:07:15:81:9f:55:6b:5f:3e:
                    46:be:f0:59:c6:c9:66:16:ad:90:aa:26:42:4e:9a:
                    df:84:ce:58:95:77:85:b4:14:ab:ee:2b:da:95:9e:
                    16:0b:a1:9b:fd:79:86:2b:58:21:32:d3:47:f1:57:
                    f7:1f:74:f7:7e:8d:9d:fb:12:2e:a8:98:57:9f:08:
                    b5:a5:fe:64:37:bb:3e:2d:ab:6c:dd:37:c0:b4:84:
                    0d:23:ef:bb:7c:25:f7:c8:63:c9:1b:36:6e:cf:bc:
                    36:3f:cc:8b:4e:12:9e:af:1f:e4:dc:53:25:ef:72:
                    52:7f:d3:f0:a7:62:c0:ef:62:8e:61:7b:61:a4:fb:
                    76:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:23:F4:4C:92:53:87:7B:69:AD:58:9C:55:6F:7B:E3:E9:EA:F6:B2
            X509v3 Authority Key Identifier:
                keyid:ED:52:93:CD:4A:62:7A:84:6A:ED:60:CA:7F:B5:D5:A9:01:9A:AE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7VKTzUpieoRq7WDKf7XVqQGarlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/ISP0TJJTh3tprVicVW974-nq9rI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2029a9-4396-4717-ab05-e24336ec8a08/1/7VKTzUpieoRq7WDKf7XVqQGarlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.27.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         71:bb:54:4a:73:90:6c:2b:0b:be:09:2e:e9:20:6e:b2:1b:98:
         28:df:71:44:c0:bc:4c:7e:ab:a2:cf:59:3d:99:93:70:52:3a:
         bb:2a:18:a3:88:73:23:04:5b:4d:9c:9a:cf:91:e8:c0:a9:b1:
         50:61:20:60:59:30:b6:67:71:2e:13:e4:fe:61:98:7a:55:20:
         79:bf:e4:da:08:50:85:e0:cb:76:29:f5:a0:b0:5a:78:6d:b7:
         c7:0f:3e:ea:5b:67:5a:c5:2d:7e:30:e2:62:99:93:3a:4d:09:
         9b:54:9d:ce:5c:70:fd:30:98:0f:39:97:fc:51:98:e7:d1:20:
         e2:da:7e:cb:0c:cb:75:69:99:0f:bf:4f:29:69:5d:b4:a4:cb:
         4e:79:62:d2:bc:f3:82:01:80:ca:47:48:e3:2e:94:09:5e:d1:
         3d:73:40:38:c2:86:ac:ad:b1:0d:d1:36:24:4a:cd:ec:e5:93:
         d3:08:7b:ac:2d:41:36:46:d3:bf:99:8b:33:cb:e2:92:01:ce:
         ee:58:a9:ce:f1:c5:13:13:76:a7:75:98:c9:aa:49:b9:df:38:
         16:0f:65:22:59:72:49:6a:e4:bd:56:83:e4:5d:66:b6:40:0e:
         64:67:6d:a2:54:6f:4d:5d:66:a0:92:01:a0:20:95:6e:fa:0b:
         f4:ed:02:72
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQlIcxPxcJAxGaqO5gJqItyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNTI5M2NkNGE2MjdhODQ2YWVkNjBjYTdmYjVkNWE5MDE5
YWFlNTEwHhcNMjUwMTAyMDM0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTIzZjQ0YzkyNTM4NzdiNjlhZDU4OWM1NTZmN2JlM2U5ZWFmNmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhdxNCo8kdLNqoSIe0yOJauglDSM
ATvGW9COxGATZyRCFH6zeVf/YB+j31YIx3CQZX1ngO2fg0y+y/As0M9u2wB+Jwdy
tIz8Uogw80zahc+BEBfMrtUcTGRKr4HhSlVmsw2FxlbMQ1g/5QFNPcQWnNKNLn9K
GHtpXXAM+0LyBxWBn1VrXz5GvvBZxslmFq2QqiZCTprfhM5YlXeFtBSr7ivalZ4W
C6Gb/XmGK1ghMtNH8Vf3H3T3fo2d+xIuqJhXnwi1pf5kN7s+Lats3TfAtIQNI++7
fCX3yGPJGzZuz7w2P8yLThKerx/k3FMl73JSf9Pwp2LA72KOYXthpPt2vwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCEj9EySU4d7aa1YnFVve+Pp6vayMB8GA1UdIwQY
MBaAFO1Sk81KYnqEau1gyn+11akBmq5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1ZLVHpVcGllb1JxN1dES2Y3WFZxUUdhcmxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yMDI5YTktNDM5Ni00NzE3LWFiMDUt
ZTI0MzM2ZWM4YTA4LzEvSVNQMFRKSlRoM3RwclZpY1ZXOTc0LW5xOXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yMDI5YTktNDM5Ni00NzE3LWFiMDUtZTI0MzM2ZWM4YTA4
LzEvN1ZLVHpVcGllb1JxN1dES2Y3WFZxUUdhcmxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnRswDQYJ
KoZIhvcNAQELBQADggEBAHG7VEpzkGwrC74JLukgbrIbmCjfcUTAvEx+q6LPWT2Z
k3BSOrsqGKOIcyMEW02cms+R6MCpsVBhIGBZMLZncS4T5P5hmHpVIHm/5NoIUIXg
y3Yp9aCwWnhtt8cPPupbZ1rFLX4w4mKZkzpNCZtUnc5ccP0wmA85l/xRmOfRIOLa
fssMy3VpmQ+/TylpXbSky055YtK884IBgMpHSOMulAle0T1zQDjChqytsQ3RNiRK
zezlk9MIe6wtQTZG07+ZizPL4pIBzu5Yqc7xxRMTdqd1mMmqSbnfOBYPZSJZcklq
5L1Wg+RdZrZADmRnbaJUb01dZqCSAaAglW76C/TtAnI=
-----END CERTIFICATE-----