Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/9a8a3b-9b44-49ca-b674-d92c9380af33/1/JzA7Qrk4fD_Zlr7bKnvOA0QE85k.roa
File:                     JzA7Qrk4fD_Zlr7bKnvOA0QE85k.roa (raw, json)
Hash identifier:          sMQcSKf652A0jtQdxB+AsAuw43ekr1S2J06nhpl75+k=
Subject key identifier:   27:30:3B:42:B9:38:7C:3F:D9:96:BE:DB:2A:7B:CE:03:44:04:F3:99
Certificate issuer:       /CN=35d7dbaa75ef3420d8d9459130ed01dc535136fb
Certificate serial:       0190ED84890F8DDE1233CDC838CB1BB1C30C
Authority key identifier: 35:D7:DB:AA:75:EF:34:20:D8:D9:45:91:30:ED:01:DC:53:51:36:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NdfbqnXvNCDY2UWRMO0B3FNRNvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/9a8a3b-9b44-49ca-b674-d92c9380af33/1/JzA7Qrk4fD_Zlr7bKnvOA0QE85k.roa
Signing time:             Fri 26 Jul 2024 05:30:04 +0000
ROA not before:           Fri 26 Jul 2024 05:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198176
IP address blocks:        91.232.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/9a8a3b-9b44-49ca-b674-d92c9380af33/1/NdfbqnXvNCDY2UWRMO0B3FNRNvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/9a8a3b-9b44-49ca-b674-d92c9380af33/1/NdfbqnXvNCDY2UWRMO0B3FNRNvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NdfbqnXvNCDY2UWRMO0B3FNRNvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ed:84:89:0f:8d:de:12:33:cd:c8:38:cb:1b:b1:c3:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35d7dbaa75ef3420d8d9459130ed01dc535136fb
        Validity
            Not Before: Jul 26 05:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27303b42b9387c3fd996bedb2a7bce034404f399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:66:31:db:1f:26:6a:54:99:bb:79:d7:da:fe:
                    16:d1:e7:71:26:e3:ff:d6:59:89:e1:53:ff:56:65:
                    27:db:90:e9:f5:cc:43:b3:53:9b:54:23:fc:01:eb:
                    ea:a9:05:ef:96:c9:19:46:85:31:4f:87:b8:71:c6:
                    d3:c9:ba:61:ac:a2:25:10:0e:02:51:f0:3e:7c:0f:
                    14:55:15:a0:3b:d2:f8:d0:56:a0:f7:ce:a8:80:8c:
                    57:89:63:82:ca:0b:08:b4:b3:61:59:d2:fd:dc:47:
                    61:62:92:ea:29:8a:f6:f8:45:34:f6:6e:50:0a:2f:
                    d1:fb:11:ef:3d:aa:3e:9d:18:fa:25:b0:0b:38:eb:
                    02:a0:8a:16:25:0a:c0:8d:32:99:5a:56:6b:be:0b:
                    c2:01:e8:6a:1e:5c:a5:35:88:c3:13:b1:ed:c0:90:
                    85:21:a0:3d:22:91:44:c1:fb:a5:51:f3:af:d8:e9:
                    1a:47:d2:bb:1b:74:27:cb:75:23:93:2d:a6:cf:17:
                    c2:4c:29:86:33:2e:03:45:17:49:b2:79:26:29:ab:
                    41:de:33:2b:81:99:92:93:92:94:07:25:d0:0b:0f:
                    f1:53:a3:2e:41:d5:f8:62:d7:50:cc:c8:da:a9:0d:
                    26:c9:07:3a:aa:2a:72:e9:03:bb:84:0e:8b:e4:37:
                    19:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:30:3B:42:B9:38:7C:3F:D9:96:BE:DB:2A:7B:CE:03:44:04:F3:99
            X509v3 Authority Key Identifier:
                keyid:35:D7:DB:AA:75:EF:34:20:D8:D9:45:91:30:ED:01:DC:53:51:36:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NdfbqnXvNCDY2UWRMO0B3FNRNvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/9a8a3b-9b44-49ca-b674-d92c9380af33/1/JzA7Qrk4fD_Zlr7bKnvOA0QE85k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/9a8a3b-9b44-49ca-b674-d92c9380af33/1/NdfbqnXvNCDY2UWRMO0B3FNRNvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:cc:0a:71:7a:f3:f5:bc:09:15:71:45:25:46:83:bb:48:24:
         c6:a3:e5:9e:b4:85:b6:0f:73:2b:18:cd:e7:91:b6:e0:c1:d5:
         8b:6a:9c:ee:f6:e0:34:6d:1b:49:a0:6c:26:ee:ac:25:89:62:
         af:d3:19:36:98:11:ee:1a:f7:fa:d3:9c:2b:6f:fd:cb:aa:24:
         ea:51:3c:92:8f:1a:ee:74:e2:df:27:4a:80:62:7e:ea:b9:65:
         7b:34:27:95:ec:90:cd:4c:63:04:91:a7:6b:65:99:0f:62:6a:
         44:41:17:b1:ac:d0:19:5f:cc:97:eb:61:7a:13:8c:68:12:a3:
         75:89:92:15:57:60:27:eb:71:a6:58:6c:5f:29:23:72:12:54:
         20:dc:e6:12:bb:aa:cd:57:fa:ed:38:0f:31:b8:c4:47:8e:82:
         02:c6:87:c8:61:06:cd:0f:54:63:60:f9:f9:6f:bc:5b:58:95:
         5c:99:11:45:86:0b:13:08:e5:64:33:b3:d5:29:a3:72:bb:1c:
         8c:7e:fc:cb:93:c5:84:50:02:ae:81:17:62:a8:8a:dc:5e:71:
         3b:f1:73:26:04:66:6e:8b:41:01:9a:22:3b:73:e0:50:45:74:
         5b:bd:74:4a:b6:ee:f8:4f:c5:f0:b2:2e:1b:dd:ee:1a:d7:6c:
         38:ec:d1:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDthIkPjd4SM83IOMsbscMMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZDdkYmFhNzVlZjM0MjBkOGQ5NDU5MTMwZWQwMWRjNTM1
MTM2ZmIwHhcNMjQwNzI2MDUzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzMwM2I0MmI5Mzg3YzNmZDk5NmJlZGIyYTdiY2UwMzQ0MDRmMzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmYx2x8malSZu3nX2v4W0edxJuP/
1lmJ4VP/VmUn25Dp9cxDs1ObVCP8AevqqQXvlskZRoUxT4e4ccbTybphrKIlEA4C
UfA+fA8UVRWgO9L40Fag986ogIxXiWOCygsItLNhWdL93EdhYpLqKYr2+EU09m5Q
Ci/R+xHvPao+nRj6JbALOOsCoIoWJQrAjTKZWlZrvgvCAehqHlylNYjDE7HtwJCF
IaA9IpFEwfulUfOv2OkaR9K7G3Qny3Ujky2mzxfCTCmGMy4DRRdJsnkmKatB3jMr
gZmSk5KUByXQCw/xU6MuQdX4YtdQzMjaqQ0myQc6qipy6QO7hA6L5DcZJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCcwO0K5OHw/2Za+2yp7zgNEBPOZMB8GA1UdIwQY
MBaAFDXX26p17zQg2NlFkTDtAdxTUTb7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmRmYnFuWHZOQ0RZMlVXUk1PMEIzRk5STnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi85YThhM2ItOWI0NC00OWNhLWI2NzQt
ZDkyYzkzODBhZjMzLzEvSnpBN1FyazRmRF9abHI3Yktudk9BMFFFODVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi85YThhM2ItOWI0NC00OWNhLWI2NzQtZDkyYzkzODBhZjMz
LzEvTmRmYnFuWHZOQ0RZMlVXUk1PMEIzRk5STnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+gbMA0G
CSqGSIb3DQEBCwUAA4IBAQAwzApxevP1vAkVcUUlRoO7SCTGo+WetIW2D3MrGM3n
kbbgwdWLapzu9uA0bRtJoGwm7qwliWKv0xk2mBHuGvf605wrb/3LqiTqUTySjxru
dOLfJ0qAYn7quWV7NCeV7JDNTGMEkadrZZkPYmpEQRexrNAZX8yX62F6E4xoEqN1
iZIVV2An63GmWGxfKSNyElQg3OYSu6rNV/rtOA8xuMRHjoICxofIYQbND1RjYPn5
b7xbWJVcmRFFhgsTCOVkM7PVKaNyuxyMfvzLk8WEUAKugRdiqIrcXnE78XMmBGZu
i0EBmiI7c+BQRXRbvXRKtu74T8Xwsi4b3e4a12w47NGC
-----END CERTIFICATE-----