Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/rv-khS3pfrPW5YQTT5E2lF8tE7Y.roa
File:                     rv-khS3pfrPW5YQTT5E2lF8tE7Y.roa (raw, json)
Hash identifier:          Pt+0+eL8KY/VsmqR1tAeq/RUrZoMiPHOrB6eGLdaDOA=
Subject key identifier:   AE:FF:A4:85:2D:E9:7E:B3:D6:E5:84:13:4F:91:36:94:5F:2D:13:B6
Certificate issuer:       /CN=5380cd8ad2f84e14e9b5b64238937b6d4207e221
Certificate serial:       018F28B1A83C9AA3DD07ABB3169417CDA259
Authority key identifier: 53:80:CD:8A:D2:F8:4E:14:E9:B5:B6:42:38:93:7B:6D:42:07:E2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/rv-khS3pfrPW5YQTT5E2lF8tE7Y.roa
Signing time:             Mon 29 Apr 2024 07:11:22 +0000
ROA not before:           Mon 29 Apr 2024 07:11:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198381
IP address blocks:        185.12.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:28:b1:a8:3c:9a:a3:dd:07:ab:b3:16:94:17:cd:a2:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5380cd8ad2f84e14e9b5b64238937b6d4207e221
        Validity
            Not Before: Apr 29 07:11:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aeffa4852de97eb3d6e584134f9136945f2d13b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4b:bd:25:12:8e:3a:97:61:90:84:fe:2e:0d:
                    32:0f:3b:98:c3:30:26:33:60:44:44:1f:e9:fc:e8:
                    cf:05:de:a2:47:15:0b:ad:af:1d:70:23:69:10:fb:
                    de:dc:7f:83:46:6f:fe:82:f4:83:00:29:0d:86:0c:
                    7f:fd:34:ae:dc:4c:0a:93:80:f5:96:3e:06:0d:29:
                    5e:ac:9e:88:8c:85:f4:ce:b5:36:cd:75:e7:78:16:
                    4f:95:13:7d:c8:68:ba:73:bd:40:16:ba:ab:f9:e7:
                    81:8a:c0:0f:71:e3:66:ea:fc:d7:ce:32:e1:7d:63:
                    e5:5e:7c:57:2f:61:e1:31:81:a9:75:1e:a9:8e:db:
                    76:64:fb:9b:34:aa:2e:d5:3c:84:83:ae:f8:d8:05:
                    7e:4c:5f:29:b0:68:f3:b0:59:81:60:cf:92:5f:3c:
                    1c:9a:87:a6:cf:f2:a7:26:5b:c1:8e:52:9e:6f:2f:
                    f2:b5:ac:24:a9:bf:c5:5f:00:d0:8a:3e:8a:36:c3:
                    de:60:08:68:23:d2:66:d3:3f:88:06:bc:b4:f2:29:
                    11:41:56:e8:b4:97:9c:cf:52:14:f4:0c:f1:00:b4:
                    78:af:49:35:a9:a0:8c:97:b7:df:c9:e6:e5:76:36:
                    70:90:61:4b:17:42:0a:71:b7:60:6f:46:38:a1:b5:
                    20:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:FF:A4:85:2D:E9:7E:B3:D6:E5:84:13:4F:91:36:94:5F:2D:13:B6
            X509v3 Authority Key Identifier:
                keyid:53:80:CD:8A:D2:F8:4E:14:E9:B5:B6:42:38:93:7B:6D:42:07:E2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U4DNitL4ThTptbZCOJN7bUIH4iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/rv-khS3pfrPW5YQTT5E2lF8tE7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2fcc92-c967-4a65-a434-5e36d1b0825e/1/U4DNitL4ThTptbZCOJN7bUIH4iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:84:fc:7c:66:b5:06:f4:1d:4f:ba:27:65:18:de:58:25:8f:
         70:77:a8:e3:c2:8d:4e:28:2e:fc:c6:76:f5:e5:da:fe:3e:11:
         d4:f1:23:dc:bb:38:c4:4e:25:bd:dd:18:20:c2:58:ac:39:96:
         7e:90:18:f8:cb:d0:18:b1:ae:5b:35:ab:85:ac:ea:de:61:c4:
         8f:49:46:31:8c:d2:24:f0:10:b8:0a:31:07:df:5f:61:e1:ed:
         49:39:98:c0:62:3e:3e:16:0b:01:57:f6:c0:9a:0e:37:cb:ec:
         ed:ab:5e:51:4d:7d:5f:58:be:19:51:5e:ba:66:9e:c5:b2:79:
         6a:d9:2f:3c:f8:f0:66:25:91:d6:77:4e:2c:65:79:a2:a0:e9:
         12:ef:41:41:36:43:fb:06:e2:9c:d7:4a:4e:57:f6:f2:c8:15:
         b6:15:be:a2:34:cd:78:08:00:65:b1:2f:1c:5f:2e:7a:2e:0f:
         0b:b1:a7:6a:c9:02:ba:df:3c:a4:0b:6a:7f:43:f5:5b:7c:1d:
         54:d7:d2:c8:fd:f6:99:cd:25:93:f4:ef:6a:29:83:3f:10:c0:
         bf:b6:3f:19:5a:55:55:f2:4e:5d:ce:0b:ee:6b:c3:07:7f:f2:
         a2:b6:07:f2:7d:ff:22:49:47:c9:20:10:50:e8:8c:42:05:f0:
         55:5f:54:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8osag8mqPdB6uzFpQXzaJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzODBjZDhhZDJmODRlMTRlOWI1YjY0MjM4OTM3YjZkNDIw
N2UyMjEwHhcNMjQwNDI5MDcxMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWZmYTQ4NTJkZTk3ZWIzZDZlNTg0MTM0ZjkxMzY5NDVmMmQxM2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtku9JRKOOpdhkIT+Lg0yDzuYwzAm
M2BERB/p/OjPBd6iRxULra8dcCNpEPve3H+DRm/+gvSDACkNhgx//TSu3EwKk4D1
lj4GDSlerJ6IjIX0zrU2zXXneBZPlRN9yGi6c71AFrqr+eeBisAPceNm6vzXzjLh
fWPlXnxXL2HhMYGpdR6pjtt2ZPubNKou1TyEg6742AV+TF8psGjzsFmBYM+SXzwc
moemz/KnJlvBjlKeby/ytawkqb/FXwDQij6KNsPeYAhoI9Jm0z+IBry08ikRQVbo
tJecz1IU9AzxALR4r0k1qaCMl7ffyebldjZwkGFLF0IKcbdgb0Y4obUgeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7/pIUt6X6z1uWEE0+RNpRfLRO2MB8GA1UdIwQY
MBaAFFOAzYrS+E4U6bW2QjiTe21CB+IhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTRETml0TDRUaFRwdGJaQ09KTjdiVUlINGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8yZmNjOTItYzk2Ny00YTY1LWE0MzQt
NWUzNmQxYjA4MjVlLzEvcnYta2hTM3BmclBXNVlRVFQ1RTJsRjh0RTdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8yZmNjOTItYzk2Ny00YTY1LWE0MzQtNWUzNmQxYjA4MjVl
LzEvVTRETml0TDRUaFRwdGJaQ09KTjdiVUlINGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQwbMA0G
CSqGSIb3DQEBCwUAA4IBAQA0hPx8ZrUG9B1PuidlGN5YJY9wd6jjwo1OKC78xnb1
5dr+PhHU8SPcuzjETiW93RggwlisOZZ+kBj4y9AYsa5bNauFrOreYcSPSUYxjNIk
8BC4CjEH319h4e1JOZjAYj4+FgsBV/bAmg43y+ztq15RTX1fWL4ZUV66Zp7Fsnlq
2S88+PBmJZHWd04sZXmioOkS70FBNkP7BuKc10pOV/byyBW2Fb6iNM14CABlsS8c
Xy56Lg8LsadqyQK63zykC2p/Q/VbfB1U19LI/faZzSWT9O9qKYM/EMC/tj8ZWlVV
8k5dzgvua8MHf/Kitgfyff8iSUfJIBBQ6IxCBfBVX1T3
-----END CERTIFICATE-----