Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/J27luxOZFoZ7X-IFSRRhrt6BfY8.roa
File:                     J27luxOZFoZ7X-IFSRRhrt6BfY8.roa (raw, json)
Hash identifier:          nRIDV3+cpOG9NdLUUg1/Cl0tZlmi0p18Eyb+wwxoy1g=
Subject key identifier:   27:6E:E5:BB:13:99:16:86:7B:5F:E2:05:49:14:61:AE:DE:81:7D:8F
Certificate issuer:       /CN=ec65d31440bf75d25c606f7915c236ca614464a2
Certificate serial:       018CC26D10595C8C83666FE43B8D2BCFAA74
Authority key identifier: EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/J27luxOZFoZ7X-IFSRRhrt6BfY8.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197704
IP address blocks:        185.80.35.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:10:59:5c:8c:83:66:6f:e4:3b:8d:2b:cf:aa:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec65d31440bf75d25c606f7915c236ca614464a2
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=276ee5bb139916867b5fe205491461aede817d8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d7:06:aa:80:97:79:4d:37:29:bf:3e:79:c0:
                    6d:9a:f9:7e:6d:ae:42:97:32:3b:8b:e6:e8:5f:15:
                    cd:3f:3c:fb:06:8f:6a:fc:c4:38:ca:32:a6:d2:c9:
                    37:10:44:d4:7e:64:4e:20:68:11:c2:79:27:6e:0a:
                    d4:00:9a:ed:29:71:bb:21:30:34:32:19:fe:7d:f0:
                    38:2c:2f:f2:43:c8:e9:7e:b2:d1:2a:ae:50:c8:31:
                    20:dc:54:4b:77:62:ea:c1:83:20:e4:22:ff:b9:a5:
                    5f:e8:7e:dd:5d:d3:a6:4e:22:ec:68:fa:ff:b1:37:
                    cc:b8:3a:87:ef:8d:3f:5e:70:ee:1f:38:47:68:ab:
                    5f:91:40:9e:2f:b4:99:e1:79:88:a0:51:00:42:4c:
                    87:72:e7:c1:70:6d:ac:f1:52:02:9e:de:25:10:73:
                    fa:af:aa:3f:74:3d:3c:5a:6f:aa:fc:24:b0:a9:61:
                    05:99:3d:82:37:06:55:72:b1:69:aa:30:9d:fe:1e:
                    b6:51:f9:6d:d2:f7:70:5f:73:7c:7e:8c:8a:9c:af:
                    0d:e4:29:8e:99:46:e9:e6:de:ee:ea:48:1c:45:5c:
                    b3:f9:8e:8f:be:11:e0:07:7a:af:b1:09:cc:8f:e0:
                    09:b6:b6:4f:b9:3c:61:1a:a7:6a:89:c7:72:40:46:
                    5b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:6E:E5:BB:13:99:16:86:7B:5F:E2:05:49:14:61:AE:DE:81:7D:8F
            X509v3 Authority Key Identifier:
                keyid:EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/J27luxOZFoZ7X-IFSRRhrt6BfY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:e0:64:94:d4:61:47:23:7b:b6:fc:f5:ea:73:62:97:65:00:
         94:ec:61:bd:93:02:6f:65:20:08:b3:48:95:43:f5:b7:56:9c:
         f1:1b:64:e0:2b:d7:2d:4a:24:b8:69:55:01:ce:da:33:ca:1d:
         43:91:e7:84:fe:2e:af:0d:be:27:19:46:b0:6f:dc:ee:d5:66:
         bd:b7:2c:15:10:ed:d1:db:8e:de:33:31:b0:54:9f:00:98:3c:
         62:0d:ce:4f:c5:cd:ab:7d:4a:55:d8:0f:80:eb:e0:7a:2d:84:
         fc:8b:01:6b:59:f6:c4:ed:45:d6:a0:8a:1c:56:d1:fd:e6:7f:
         38:11:29:c1:d6:0e:0c:7a:94:ad:bf:7f:88:68:61:02:b8:a1:
         55:a1:9a:b7:fa:b4:46:0b:c7:43:9a:01:b7:5a:fd:d1:3e:81:
         97:d1:1e:15:19:cb:62:4e:cd:be:ca:86:61:fd:28:e5:47:b2:
         29:ab:2c:a1:fb:a8:fb:62:e1:6e:b4:af:d3:10:71:db:c4:65:
         7e:ca:a5:89:7c:33:15:e1:3d:64:02:e6:c7:3a:12:0a:47:ff:
         10:d4:97:ae:4a:ab:1c:df:f8:4b:17:45:61:e6:2e:d0:09:c1:
         36:a5:d7:79:77:49:31:28:b2:10:68:e6:f3:80:35:c2:2c:b0:
         31:1f:35:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRBZXIyDZm/kO40rz6p0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNjVkMzE0NDBiZjc1ZDI1YzYwNmY3OTE1YzIzNmNhNjE0
NDY0YTIwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzZlZTViYjEzOTkxNjg2N2I1ZmUyMDU0OTE0NjFhZWRlODE3ZDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidcGqoCXeU03Kb8+ecBtmvl+ba5C
lzI7i+boXxXNPzz7Bo9q/MQ4yjKm0sk3EETUfmROIGgRwnknbgrUAJrtKXG7ITA0
Mhn+ffA4LC/yQ8jpfrLRKq5QyDEg3FRLd2LqwYMg5CL/uaVf6H7dXdOmTiLsaPr/
sTfMuDqH740/XnDuHzhHaKtfkUCeL7SZ4XmIoFEAQkyHcufBcG2s8VICnt4lEHP6
r6o/dD08Wm+q/CSwqWEFmT2CNwZVcrFpqjCd/h62Uflt0vdwX3N8foyKnK8N5CmO
mUbp5t7u6kgcRVyz+Y6PvhHgB3qvsQnMj+AJtrZPuTxhGqdqicdyQEZbIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdu5bsTmRaGe1/iBUkUYa7egX2PMB8GA1UdIwQY
MBaAFOxl0xRAv3XSXGBveRXCNsphRGSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzkt
ZTI5NTg5ZTg5NjRhLzEvSjI3bHV4T1pGb1o3WC1JRlNSUmhydDZCZlk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzktZTI5NTg5ZTg5NjRh
LzEvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVAjMA0G
CSqGSIb3DQEBCwUAA4IBAQBw4GSU1GFHI3u2/PXqc2KXZQCU7GG9kwJvZSAIs0iV
Q/W3VpzxG2TgK9ctSiS4aVUBztozyh1DkeeE/i6vDb4nGUawb9zu1Wa9tywVEO3R
247eMzGwVJ8AmDxiDc5Pxc2rfUpV2A+A6+B6LYT8iwFrWfbE7UXWoIocVtH95n84
ESnB1g4MepStv3+IaGECuKFVoZq3+rRGC8dDmgG3Wv3RPoGX0R4VGctiTs2+yoZh
/SjlR7Ipqyyh+6j7YuFutK/TEHHbxGV+yqWJfDMV4T1kAubHOhIKR/8Q1JeuSqsc
3/hLF0Vh5i7QCcE2pdd5d0kxKLIQaObzgDXCLLAxHzW7
-----END CERTIFICATE-----