Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/J4osEdyK2x45JsCUMJHexFdk2GU.roa
File:                     J4osEdyK2x45JsCUMJHexFdk2GU.roa (raw, json)
Hash identifier:          731kAKS4bSL9/VcQ07rKgFNPzRxbZi54KbWB+hsPPWk=
Subject key identifier:   27:8A:2C:11:DC:8A:DB:1E:39:26:C0:94:30:91:DE:C4:57:64:D8:65
Certificate issuer:       /CN=d1a8969d7e32cbf927664b2dc436b96e7149a62b
Certificate serial:       018CC56E48F7B1B3811245E41239D4094617
Authority key identifier: D1:A8:96:9D:7E:32:CB:F9:27:66:4B:2D:C4:36:B9:6E:71:49:A6:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0aiWnX4yy_knZkstxDa5bnFJpis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/J4osEdyK2x45JsCUMJHexFdk2GU.roa
Signing time:             Mon 01 Jan 2024 14:29:48 +0000
ROA not before:           Mon 01 Jan 2024 14:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51518
IP address blocks:        91.217.78.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/0aiWnX4yy_knZkstxDa5bnFJpis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/0aiWnX4yy_knZkstxDa5bnFJpis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0aiWnX4yy_knZkstxDa5bnFJpis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:48:f7:b1:b3:81:12:45:e4:12:39:d4:09:46:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1a8969d7e32cbf927664b2dc436b96e7149a62b
        Validity
            Not Before: Jan  1 14:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=278a2c11dc8adb1e3926c0943091dec45764d865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:56:17:96:43:2c:bc:e5:6b:be:62:33:56:92:
                    0f:82:8f:10:ce:b2:71:a7:3d:2d:da:fe:0b:05:b3:
                    4a:af:88:3d:f3:13:fd:f3:3d:40:5f:e6:e5:02:98:
                    38:84:61:81:96:05:b7:01:c9:92:b7:5a:fc:9e:7c:
                    44:68:cb:c5:3e:c2:92:53:33:fb:5f:3f:32:4f:64:
                    04:f3:1b:d4:6b:8a:44:97:ff:e9:8d:bc:0d:ab:77:
                    1c:c2:d4:32:9c:0f:e3:6b:d4:b1:f9:16:40:3f:10:
                    59:78:9e:67:33:07:e0:bf:c4:ac:bd:ca:ce:49:d2:
                    b2:f9:95:49:c0:34:0d:5c:6f:b1:ba:38:77:07:6a:
                    4d:4b:c6:24:b4:d3:2c:91:90:ba:07:f8:59:44:8d:
                    93:c2:fe:5b:ef:21:54:0a:9c:61:36:c7:cb:75:13:
                    5e:17:4e:80:7a:72:58:1d:b0:e3:91:3a:d5:05:ae:
                    b8:b9:31:84:d9:3e:75:2b:8f:36:33:73:93:6d:20:
                    dd:a7:a3:68:5d:2d:93:99:c2:fd:64:b9:f3:22:e6:
                    3e:03:d8:72:ee:c0:8a:c2:61:e5:8d:ae:12:32:3d:
                    99:78:ca:e8:0f:f9:1e:32:6e:26:ab:ba:ef:b4:68:
                    2a:f8:43:fc:7a:bf:72:b6:ea:21:34:b2:d9:7f:6f:
                    fa:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:8A:2C:11:DC:8A:DB:1E:39:26:C0:94:30:91:DE:C4:57:64:D8:65
            X509v3 Authority Key Identifier:
                keyid:D1:A8:96:9D:7E:32:CB:F9:27:66:4B:2D:C4:36:B9:6E:71:49:A6:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0aiWnX4yy_knZkstxDa5bnFJpis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/J4osEdyK2x45JsCUMJHexFdk2GU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/0aiWnX4yy_knZkstxDa5bnFJpis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:92:36:c1:6a:0d:39:9c:68:16:ef:87:ad:33:af:a3:29:af:
         82:ac:3f:22:2d:67:9f:8b:cd:bd:f2:10:07:aa:d2:e5:0a:ec:
         dd:b6:69:1c:49:62:98:9c:07:54:75:67:83:c7:b4:69:1a:4d:
         5b:61:03:11:32:7d:75:a9:ac:1b:fa:a0:2a:81:17:16:f1:49:
         d4:25:25:91:ba:70:18:4f:eb:86:c7:93:b0:21:ce:fd:9b:8e:
         79:e4:5d:cb:7a:55:8d:6b:23:94:4a:03:aa:c8:2b:44:cd:92:
         12:f4:d2:c4:a5:56:0b:f6:58:cc:24:36:28:dd:59:9f:dd:20:
         a2:ee:a6:92:09:6b:20:4d:12:e5:bb:91:25:16:7b:27:41:39:
         7c:7e:7f:14:d8:c9:d8:6e:5e:7d:a7:e6:2d:60:0f:37:51:e2:
         39:3f:0e:44:20:f1:f9:f0:fa:15:a3:17:9a:4a:a8:ed:bb:04:
         5b:e1:97:4a:5e:8c:30:c5:e0:e3:c5:8c:ec:8c:0f:6c:b0:40:
         35:3c:8a:b6:84:0d:24:01:29:5f:26:9b:4a:0b:24:b5:71:f8:
         30:8f:58:05:2d:78:8d:0a:e5:8a:78:68:23:6b:9c:ad:93:5e:
         b5:ce:ef:83:ba:97:a8:51:59:4f:84:60:52:36:a4:39:03:a3:
         9a:bf:c6:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbkj3sbOBEkXkEjnUCUYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxYTg5NjlkN2UzMmNiZjkyNzY2NGIyZGM0MzZiOTZlNzE0
OWE2MmIwHhcNMjQwMTAxMTQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzhhMmMxMWRjOGFkYjFlMzkyNmMwOTQzMDkxZGVjNDU3NjRkODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlYXlkMsvOVrvmIzVpIPgo8QzrJx
pz0t2v4LBbNKr4g98xP98z1AX+blApg4hGGBlgW3AcmSt1r8nnxEaMvFPsKSUzP7
Xz8yT2QE8xvUa4pEl//pjbwNq3ccwtQynA/ja9Sx+RZAPxBZeJ5nMwfgv8SsvcrO
SdKy+ZVJwDQNXG+xujh3B2pNS8YktNMskZC6B/hZRI2Twv5b7yFUCpxhNsfLdRNe
F06AenJYHbDjkTrVBa64uTGE2T51K482M3OTbSDdp6NoXS2TmcL9ZLnzIuY+A9hy
7sCKwmHlja4SMj2ZeMroD/keMm4mq7rvtGgq+EP8er9ytuohNLLZf2/6+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeKLBHcitseOSbAlDCR3sRXZNhlMB8GA1UdIwQY
MBaAFNGolp1+Msv5J2ZLLcQ2uW5xSaYrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGFpV25YNHl5X2tuWmtzdHhEYTVibkZKcGlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yNzI5NGUtYjllNy00NjYwLTkzMmQt
MjEwNDhhNzM0YTQ2LzEvSjRvc0VkeUsyeDQ1SnNDVU1KSGV4RmRrMkdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yNzI5NGUtYjllNy00NjYwLTkzMmQtMjEwNDhhNzM0YTQ2
LzEvMGFpV25YNHl5X2tuWmtzdHhEYTVibkZKcGlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9lOMA0G
CSqGSIb3DQEBCwUAA4IBAQCWkjbBag05nGgW74etM6+jKa+CrD8iLWefi8298hAH
qtLlCuzdtmkcSWKYnAdUdWeDx7RpGk1bYQMRMn11qawb+qAqgRcW8UnUJSWRunAY
T+uGx5OwIc79m4555F3LelWNayOUSgOqyCtEzZIS9NLEpVYL9ljMJDYo3Vmf3SCi
7qaSCWsgTRLlu5ElFnsnQTl8fn8U2MnYbl59p+YtYA83UeI5Pw5EIPH58PoVoxea
SqjtuwRb4ZdKXowwxeDjxYzsjA9ssEA1PIq2hA0kASlfJptKCyS1cfgwj1gFLXiN
CuWKeGgja5ytk161zu+DupeoUVlPhGBSNqQ5A6Oav8YZ
-----END CERTIFICATE-----