Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/M0FPsQD-uZ6YwpYphQ4MyVb3i4E.roa
File:                     M0FPsQD-uZ6YwpYphQ4MyVb3i4E.roa (raw, json)
Hash identifier:          aF5xXPTf9znO5HnMuETTbl8dIKoROSLhdZfZF5SAyt8=
Subject key identifier:   33:41:4F:B1:00:FE:B9:9E:98:C2:96:29:85:0E:0C:C9:56:F7:8B:81
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0190B557E4B7A887C9307296BA03B504C07F
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/M0FPsQD-uZ6YwpYphQ4MyVb3i4E.roa
Signing time:             Mon 15 Jul 2024 07:42:34 +0000
ROA not before:           Mon 15 Jul 2024 07:42:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        104.238.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b5:57:e4:b7:a8:87:c9:30:72:96:ba:03:b5:04:c0:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jul 15 07:42:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33414fb100feb99e98c29629850e0cc956f78b81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8c:9e:e3:1f:86:83:9d:e6:ba:42:06:ee:72:
                    75:99:78:4c:f8:1c:e6:a5:11:c1:c7:dd:9d:a1:c9:
                    b7:0f:c1:9f:44:d6:7a:36:b6:7c:ea:76:f4:11:68:
                    b1:a6:47:02:1a:40:b8:81:34:29:2d:0b:53:ca:1e:
                    22:2c:64:19:10:20:58:29:88:b2:89:07:04:55:bc:
                    7b:ae:bc:bd:3b:3b:b1:b5:df:e8:5c:6d:66:2f:1c:
                    83:e7:04:52:9f:39:32:74:b1:03:71:4e:bc:6f:35:
                    c0:c6:7c:b0:8f:e5:91:69:0f:d2:e1:7f:27:7a:7f:
                    21:cd:1b:77:e7:d6:30:86:ad:2d:5b:42:8b:66:f0:
                    e6:5a:24:84:7d:b9:7e:cf:37:e7:30:72:f2:23:6e:
                    9e:f5:41:5d:78:25:bb:cc:03:ea:a4:08:c0:21:47:
                    92:6d:d2:e4:db:1a:74:4b:45:e6:dd:18:50:80:24:
                    9b:c2:dd:ad:ef:7f:91:fb:b5:d1:55:44:34:fa:00:
                    a0:bf:2b:24:90:52:ea:82:ec:88:11:a3:41:be:c1:
                    b5:53:09:20:56:35:3b:18:63:32:02:99:10:98:50:
                    48:c1:34:3b:75:82:dc:ee:d4:86:1a:90:6f:7b:96:
                    b1:ea:ff:bd:27:ea:1c:6d:83:d1:3c:a9:6b:fc:0c:
                    ab:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:41:4F:B1:00:FE:B9:9E:98:C2:96:29:85:0E:0C:C9:56:F7:8B:81
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/M0FPsQD-uZ6YwpYphQ4MyVb3i4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.238.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:f1:4b:8f:af:f0:64:74:8a:b4:ed:ef:92:d5:dd:6a:85:c4:
         e2:87:ce:b6:2d:0b:1b:77:cc:43:8a:05:4c:d2:9d:61:c4:10:
         f6:e3:07:67:77:d6:b5:df:9c:d5:5c:a8:14:ce:66:cc:da:62:
         4f:12:70:ed:9a:fe:77:ed:c1:fc:2f:44:9e:17:fc:57:03:73:
         e4:e9:d0:ea:09:29:79:4d:8c:8f:4e:c7:e5:c8:2f:c0:43:66:
         09:35:cf:f1:9c:ad:4b:5d:76:f2:10:0a:7f:d9:9f:a7:3f:ba:
         8e:63:05:c5:55:1e:1b:ef:86:74:a8:8a:59:f1:54:bb:9f:00:
         f0:8b:42:72:34:b2:ab:d6:0f:7e:72:95:a1:43:cf:ca:ae:fa:
         e3:0c:51:e0:40:88:18:19:86:77:4b:76:47:10:46:62:6a:be:
         e7:4b:9b:00:ca:3f:d7:cf:f9:bf:9c:42:c7:2f:65:01:51:02:
         3b:cb:84:b0:50:40:f7:c7:ee:0b:48:a2:a2:23:6f:96:eb:9d:
         4f:aa:f6:8a:74:11:58:ac:09:cb:16:43:88:3f:6c:9b:02:20:
         8e:a9:19:9d:f5:1d:a5:2d:2b:25:6f:cd:0b:b3:bb:57:f1:62:
         1d:d6:5b:8b:ca:fc:1d:3a:ac:07:e4:d5:05:f7:b6:d9:d0:67:
         4a:b5:a0:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC1V+S3qIfJMHKWugO1BMB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNzE1MDc0MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzQxNGZiMTAwZmViOTllOThjMjk2Mjk4NTBlMGNjOTU2Zjc4YjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIye4x+Gg53mukIG7nJ1mXhM+Bzm
pRHBx92docm3D8GfRNZ6NrZ86nb0EWixpkcCGkC4gTQpLQtTyh4iLGQZECBYKYiy
iQcEVbx7rry9Ozuxtd/oXG1mLxyD5wRSnzkydLEDcU68bzXAxnywj+WRaQ/S4X8n
en8hzRt359Ywhq0tW0KLZvDmWiSEfbl+zzfnMHLyI26e9UFdeCW7zAPqpAjAIUeS
bdLk2xp0S0Xm3RhQgCSbwt2t73+R+7XRVUQ0+gCgvyskkFLqguyIEaNBvsG1Uwkg
VjU7GGMyApkQmFBIwTQ7dYLc7tSGGpBve5ax6v+9J+ocbYPRPKlr/AyrgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNBT7EA/rmemMKWKYUODMlW94uBMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvTTBGUHNRRC11WjZZd3BZcGhRNE15VmIzaTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaO4bMA0G
CSqGSIb3DQEBCwUAA4IBAQAn8UuPr/BkdIq07e+S1d1qhcTih862LQsbd8xDigVM
0p1hxBD24wdnd9a135zVXKgUzmbM2mJPEnDtmv537cH8L0SeF/xXA3Pk6dDqCSl5
TYyPTsflyC/AQ2YJNc/xnK1LXXbyEAp/2Z+nP7qOYwXFVR4b74Z0qIpZ8VS7nwDw
i0JyNLKr1g9+cpWhQ8/KrvrjDFHgQIgYGYZ3S3ZHEEZiar7nS5sAyj/Xz/m/nELH
L2UBUQI7y4SwUED3x+4LSKKiI2+W651PqvaKdBFYrAnLFkOIP2ybAiCOqRmd9R2l
LSslb80Ls7tX8WId1luLyvwdOqwH5NUF97bZ0GdKtaBv
-----END CERTIFICATE-----