Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/dxoiRnOS0o4U_vHMR3bSoEoo1_A.roa
File:                     dxoiRnOS0o4U_vHMR3bSoEoo1_A.roa (raw, json)
Hash identifier:          VHSqUms8qVy5q8bBRtSu3GtW99GA4IxKqRhTv61Oo0c=
Subject key identifier:   77:1A:22:46:73:92:D2:8E:14:FE:F1:CC:47:76:D2:A0:4A:28:D7:F0
Certificate issuer:       /CN=27321078f359d7990276dabb0f8c30070e685963
Certificate serial:       018CC3B6C177735C478EE8D5DB0F5F6ABC40
Authority key identifier: 27:32:10:78:F3:59:D7:99:02:76:DA:BB:0F:8C:30:07:0E:68:59:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JzIQePNZ15kCdtq7D4wwBw5oWWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/dxoiRnOS0o4U_vHMR3bSoEoo1_A.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210526
IP address blocks:        185.179.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/JzIQePNZ15kCdtq7D4wwBw5oWWM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/JzIQePNZ15kCdtq7D4wwBw5oWWM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JzIQePNZ15kCdtq7D4wwBw5oWWM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c1:77:73:5c:47:8e:e8:d5:db:0f:5f:6a:bc:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27321078f359d7990276dabb0f8c30070e685963
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=771a22467392d28e14fef1cc4776d2a04a28d7f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:72:0f:9c:69:83:79:33:81:ac:de:29:72:89:
                    86:67:0e:cf:fa:91:ed:38:da:a6:19:4a:6a:f9:b8:
                    1b:c4:ad:77:a2:de:d8:7f:fd:f4:a8:cc:77:7f:e9:
                    ca:dc:b7:05:dc:ad:65:de:a1:0b:25:01:1e:51:ef:
                    fe:10:f2:90:12:81:89:51:d1:46:26:ae:57:44:4a:
                    c2:a0:ff:4c:a6:74:77:f1:68:dc:2d:82:4e:45:9a:
                    66:ea:de:4d:f9:39:c9:b3:33:b0:17:f8:d4:78:bd:
                    f7:f1:c2:34:32:f0:bd:8c:da:95:58:23:38:e1:b5:
                    89:3b:4d:8f:54:c8:b4:12:0a:a4:0a:b7:05:a0:79:
                    d5:fb:78:3b:f0:76:9f:90:58:5d:f5:22:6b:17:3d:
                    9f:8e:a6:09:28:78:e5:85:e0:3b:99:7d:3e:dc:56:
                    57:5a:fe:22:10:96:e9:d1:74:be:b3:67:9f:44:ab:
                    e0:b5:36:50:a7:df:94:12:c6:92:24:95:d0:76:20:
                    14:66:50:6d:63:12:0f:48:03:f2:60:14:26:25:a7:
                    49:63:cf:81:31:c6:88:66:4b:b8:d2:07:06:e5:ad:
                    44:e6:af:b4:e3:67:b4:10:ef:48:1b:21:68:95:91:
                    03:77:b1:21:d7:7e:d3:f8:4e:07:32:09:f6:ad:a0:
                    27:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:1A:22:46:73:92:D2:8E:14:FE:F1:CC:47:76:D2:A0:4A:28:D7:F0
            X509v3 Authority Key Identifier:
                keyid:27:32:10:78:F3:59:D7:99:02:76:DA:BB:0F:8C:30:07:0E:68:59:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JzIQePNZ15kCdtq7D4wwBw5oWWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/dxoiRnOS0o4U_vHMR3bSoEoo1_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/JzIQePNZ15kCdtq7D4wwBw5oWWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:8b:8a:93:ae:1a:a2:b8:13:e1:56:a8:73:7a:07:f0:8f:f0:
         06:3f:f8:1a:48:27:ff:d8:ac:b5:d0:e3:df:c7:29:ad:88:16:
         69:b0:18:7b:d0:a7:13:3c:be:f1:8b:59:6b:e7:a9:90:1e:b1:
         22:82:f1:35:44:99:c3:6f:cd:90:03:be:3f:61:94:a4:c1:73:
         64:cd:a7:25:21:1f:e7:59:ca:54:ec:8a:c0:d0:28:52:c1:73:
         2a:bd:0d:1d:e1:49:71:33:c7:99:fa:00:4c:8f:9b:24:46:c7:
         c1:a1:aa:9d:2f:e1:bc:7b:6b:f6:66:0c:23:72:ab:39:40:e0:
         63:2c:fe:40:12:dc:09:a7:61:46:e1:b2:7f:72:9e:92:cb:b6:
         b8:32:3f:b0:d6:db:88:ee:74:d6:76:53:fb:2a:9c:68:3a:19:
         28:05:b1:ee:36:70:4f:fe:d1:fc:aa:52:50:9a:2d:cc:31:ff:
         db:b3:c7:3b:f4:2f:6e:3e:e0:b8:ed:e8:da:4d:1f:88:a7:d6:
         84:1d:f3:50:fe:cc:3b:5c:8e:01:01:b5:fe:b9:5c:0d:23:1b:
         fa:4c:65:d0:10:fa:fa:49:74:92:ef:b2:cf:37:6c:fd:83:02:
         86:7a:c4:3d:3a:b4:c3:9e:45:9b:ac:e4:25:82:3e:d7:fc:9f:
         4d:c6:49:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsF3c1xHjujV2w9farxAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MzIxMDc4ZjM1OWQ3OTkwMjc2ZGFiYjBmOGMzMDA3MGU2
ODU5NjMwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzFhMjI0NjczOTJkMjhlMTRmZWYxY2M0Nzc2ZDJhMDRhMjhkN2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnIPnGmDeTOBrN4pcomGZw7P+pHt
ONqmGUpq+bgbxK13ot7Yf/30qMx3f+nK3LcF3K1l3qELJQEeUe/+EPKQEoGJUdFG
Jq5XRErCoP9MpnR38WjcLYJORZpm6t5N+TnJszOwF/jUeL338cI0MvC9jNqVWCM4
4bWJO02PVMi0EgqkCrcFoHnV+3g78HafkFhd9SJrFz2fjqYJKHjlheA7mX0+3FZX
Wv4iEJbp0XS+s2efRKvgtTZQp9+UEsaSJJXQdiAUZlBtYxIPSAPyYBQmJadJY8+B
McaIZku40gcG5a1E5q+042e0EO9IGyFolZEDd7Eh137T+E4HMgn2raAnJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcaIkZzktKOFP7xzEd20qBKKNfwMB8GA1UdIwQY
MBaAFCcyEHjzWdeZAnbauw+MMAcOaFljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnpJUWVQTloxNWtDZHRxN0Q0d3dCdzVvV1dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9lYjI3ZjItZTM2OS00YjA3LThkMWQt
YzM0MzFkMzIwNDA2LzEvZHhvaVJuT1MwbzRVX3ZITVIzYlNvRW9vMV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9lYjI3ZjItZTM2OS00YjA3LThkMWQtYzM0MzFkMzIwNDA2
LzEvSnpJUWVQTloxNWtDZHRxN0Q0d3dCdzVvV1dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubPUMA0G
CSqGSIb3DQEBCwUAA4IBAQA+i4qTrhqiuBPhVqhzegfwj/AGP/gaSCf/2Ky10OPf
xymtiBZpsBh70KcTPL7xi1lr56mQHrEigvE1RJnDb82QA74/YZSkwXNkzaclIR/n
WcpU7IrA0ChSwXMqvQ0d4UlxM8eZ+gBMj5skRsfBoaqdL+G8e2v2Zgwjcqs5QOBj
LP5AEtwJp2FG4bJ/cp6Sy7a4Mj+w1tuI7nTWdlP7KpxoOhkoBbHuNnBP/tH8qlJQ
mi3MMf/bs8c79C9uPuC47ejaTR+Ip9aEHfNQ/sw7XI4BAbX+uVwNIxv6TGXQEPr6
SXSS77LPN2z9gwKGesQ9OrTDnkWbrOQlgj7X/J9Nxkkd
-----END CERTIFICATE-----