Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/6EgqkZi8qb3OrE_KatzUDRXDERY.roa
File:                     6EgqkZi8qb3OrE_KatzUDRXDERY.roa (raw, json)
Hash identifier:          /DKWxAGTVy8qIasX07gtHjL/ijmd5q4mP+6zO7AvQsY=
Subject key identifier:   E8:48:2A:91:98:BC:A9:BD:CE:AC:4F:CA:6A:DC:D4:0D:15:C3:11:16
Certificate issuer:       /CN=5c3a1d973f9b3391e8adacaa664d1b23d778f008
Certificate serial:       018CCA2BA30B99E0D8949C835E23EBB54E05
Authority key identifier: 5C:3A:1D:97:3F:9B:33:91:E8:AD:AC:AA:66:4D:1B:23:D7:78:F0:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/6EgqkZi8qb3OrE_KatzUDRXDERY.roa
Signing time:             Tue 02 Jan 2024 12:35:06 +0000
ROA not before:           Tue 02 Jan 2024 12:35:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 01:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a3:0b:99:e0:d8:94:9c:83:5e:23:eb:b5:4e:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c3a1d973f9b3391e8adacaa664d1b23d778f008
        Validity
            Not Before: Jan  2 12:35:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8482a9198bca9bdceac4fca6adcd40d15c31116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8b:44:e3:bd:ad:9c:18:86:65:0a:a5:1f:01:
                    ea:76:38:97:61:1f:df:89:02:fd:cc:1a:75:7a:f4:
                    51:1b:9a:8e:d9:66:89:bc:60:af:6a:77:b7:6f:76:
                    ac:c3:1d:8f:df:ab:15:c7:a9:a7:b9:7a:26:b6:72:
                    b4:42:16:78:33:cd:78:93:9a:f7:64:8e:64:79:27:
                    e6:6b:6c:40:02:ce:7f:ca:11:01:82:4d:c5:8e:89:
                    8a:9a:e5:d4:34:65:7c:90:df:74:e7:01:af:dd:30:
                    2f:e3:44:7c:ef:c5:5e:58:7f:11:fe:e7:a7:e9:3f:
                    bf:8f:01:bc:f1:a1:a8:16:4b:27:a9:6e:0b:b5:6a:
                    c2:1d:e2:90:4a:86:72:ad:4f:af:f8:97:f5:b7:cd:
                    09:60:4d:4a:3a:ab:1e:fa:23:82:38:f9:01:94:df:
                    fe:dd:06:b6:da:f5:ba:62:86:e6:15:16:5e:40:37:
                    25:59:e8:24:94:11:e3:44:e0:ea:82:73:54:59:94:
                    23:35:df:c7:cc:ee:fa:02:a4:6e:68:70:df:6b:04:
                    d9:12:c0:6a:dd:65:e1:ee:b8:20:b8:40:32:97:eb:
                    8e:0b:fb:b2:1e:d2:59:95:83:8e:fb:1d:2f:f1:37:
                    95:cd:81:d2:eb:26:63:25:89:6e:99:fb:9e:db:19:
                    4d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:48:2A:91:98:BC:A9:BD:CE:AC:4F:CA:6A:DC:D4:0D:15:C3:11:16
            X509v3 Authority Key Identifier:
                keyid:5C:3A:1D:97:3F:9B:33:91:E8:AD:AC:AA:66:4D:1B:23:D7:78:F0:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/6EgqkZi8qb3OrE_KatzUDRXDERY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:fd:1e:aa:5f:ca:aa:83:59:cb:9f:aa:c3:de:18:eb:d6:68:
         f3:7c:70:13:7d:d4:fd:7b:c2:f2:71:4e:24:4e:c3:02:16:48:
         9c:0f:e1:e2:2d:0a:24:f8:b6:02:9b:1e:7f:77:c4:6e:e7:3b:
         45:92:a4:ec:19:a5:66:6f:f2:5a:6b:e2:e4:e1:17:82:b1:14:
         2c:16:3f:88:71:19:5e:38:ad:68:51:c9:e9:85:8b:a4:9f:00:
         ad:06:97:5a:3c:b8:96:88:eb:6e:3d:f4:07:25:8f:b5:63:54:
         13:a8:c1:9c:d4:6c:38:26:20:54:18:1e:0e:19:c6:3c:1d:2a:
         d2:08:e1:09:9f:7f:ab:19:08:92:0d:da:ca:a4:40:57:bb:ab:
         e8:0a:5a:39:bd:59:d2:b7:fa:65:3d:3a:a8:47:31:fa:d0:07:
         17:2f:ad:ca:ac:4f:7a:c2:f9:74:ed:2d:4f:0a:8a:b1:34:c1:
         61:95:fe:89:62:e8:3e:2c:22:08:47:b3:c3:e2:f5:3f:49:b7:
         f2:8a:22:ff:4d:09:93:3b:5d:d9:67:dd:ac:33:de:e4:a9:f8:
         6e:61:e6:8f:8e:4a:64:c2:26:09:4b:18:a9:0b:09:57:f8:a5:
         c0:35:ab:6b:6c:35:38:4f:6d:2a:4d:e3:21:2e:3f:d6:54:b4:
         d3:c0:cf:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK6MLmeDYlJyDXiPrtU4FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjM2ExZDk3M2Y5YjMzOTFlOGFkYWNhYTY2NGQxYjIzZDc3
OGYwMDgwHhcNMjQwMTAyMTIzNTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODQ4MmE5MTk4YmNhOWJkY2VhYzRmY2E2YWRjZDQwZDE1YzMxMTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYtE472tnBiGZQqlHwHqdjiXYR/f
iQL9zBp1evRRG5qO2WaJvGCvane3b3aswx2P36sVx6mnuXomtnK0QhZ4M814k5r3
ZI5keSfma2xAAs5/yhEBgk3FjomKmuXUNGV8kN905wGv3TAv40R878VeWH8R/uen
6T+/jwG88aGoFksnqW4LtWrCHeKQSoZyrU+v+Jf1t80JYE1KOqse+iOCOPkBlN/+
3Qa22vW6YobmFRZeQDclWegklBHjRODqgnNUWZQjNd/HzO76AqRuaHDfawTZEsBq
3WXh7rgguEAyl+uOC/uyHtJZlYOO+x0v8TeVzYHS6yZjJYlumfue2xlNJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhIKpGYvKm9zqxPymrc1A0VwxEWMB8GA1UdIwQY
MBaAFFw6HZc/mzOR6K2sqmZNGyPXePAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWERvZGx6LWJNNUhvcmF5cVprMGJJOWQ0OEFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9hNWZjZjUtNzg2My00M2MxLWExYzEt
MTk0Y2M5OTAyYWJmLzEvNkVncWtaaThxYjNPckVfS2F0elVEUlhERVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9hNWZjZjUtNzg2My00M2MxLWExYzEtMTk0Y2M5OTAyYWJm
LzEvWERvZGx6LWJNNUhvcmF5cVprMGJJOWQ0OEFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQEbMA0G
CSqGSIb3DQEBCwUAA4IBAQBV/R6qX8qqg1nLn6rD3hjr1mjzfHATfdT9e8LycU4k
TsMCFkicD+HiLQok+LYCmx5/d8Ru5ztFkqTsGaVmb/Jaa+Lk4ReCsRQsFj+IcRle
OK1oUcnphYuknwCtBpdaPLiWiOtuPfQHJY+1Y1QTqMGc1Gw4JiBUGB4OGcY8HSrS
COEJn3+rGQiSDdrKpEBXu6voClo5vVnSt/plPTqoRzH60AcXL63KrE96wvl07S1P
CoqxNMFhlf6JYug+LCIIR7PD4vU/SbfyiiL/TQmTO13ZZ92sM97kqfhuYeaPjkpk
wiYJSxipCwlX+KXANatrbDU4T20qTeMhLj/WVLTTwM9l
-----END CERTIFICATE-----