Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/j7b7vmD8KPkdCnlVP71o2CqtU94.roa
File:                     j7b7vmD8KPkdCnlVP71o2CqtU94.roa (raw, json)
Hash identifier:          vTXrjDCvGjQOipbgO3jSLM/qIjBdRpKJ9yHdB1QKUs0=
Subject key identifier:   8F:B6:FB:BE:60:FC:28:F9:1D:0A:79:55:3F:BD:68:D8:2A:AD:53:DE
Certificate issuer:       /CN=5c3a1d973f9b3391e8adacaa664d1b23d778f008
Certificate serial:       0194266C0361157280E4E94052128044D8DC
Authority key identifier: 5C:3A:1D:97:3F:9B:33:91:E8:AD:AC:AA:66:4D:1B:23:D7:78:F0:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/j7b7vmD8KPkdCnlVP71o2CqtU94.roa
Signing time:             Thu 02 Jan 2025 09:50:00 +0000
ROA not before:           Thu 02 Jan 2025 09:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 18:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:03:61:15:72:80:e4:e9:40:52:12:80:44:d8:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c3a1d973f9b3391e8adacaa664d1b23d778f008
        Validity
            Not Before: Jan  2 09:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fb6fbbe60fc28f91d0a79553fbd68d82aad53de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:60:d6:50:bd:d2:26:a2:37:ec:f1:a9:20:be:
                    74:c6:7b:4c:82:af:af:f5:b5:16:0d:61:ed:46:2f:
                    22:3b:fb:db:26:b6:34:c8:bd:c9:c6:4b:3f:3f:5d:
                    fe:86:0b:e7:c6:42:a8:b7:55:8e:0d:c2:ac:11:bb:
                    76:90:28:c3:13:b9:82:a0:89:22:db:7c:29:49:96:
                    a4:d5:68:f9:05:b5:86:dd:cd:94:e1:17:6e:13:bc:
                    91:5c:05:89:22:31:a8:f0:1b:9d:3b:f1:c8:2b:51:
                    e3:8e:87:7f:29:75:82:bf:3b:4d:ad:38:c4:a1:b3:
                    28:58:f9:38:f5:ed:97:9b:d9:fa:84:8c:9a:63:2d:
                    be:6e:bd:dd:68:4a:07:13:36:43:12:4c:b8:61:bd:
                    ce:64:27:4b:11:fa:12:db:42:45:a4:3c:a8:cd:ad:
                    dd:0f:4f:47:90:6e:b6:bd:39:ef:13:52:a5:d9:ff:
                    59:30:d3:8f:18:06:db:ec:d5:d3:d4:18:2a:00:81:
                    fe:87:37:45:36:73:b8:86:c0:f1:07:e7:9f:dc:66:
                    7d:3d:2d:86:d1:16:26:f8:2b:8e:71:64:1c:86:98:
                    b4:9c:b7:7e:a0:75:3a:35:9e:24:f3:96:af:9d:82:
                    63:25:d9:70:03:10:6c:8d:68:5b:0e:e0:41:6a:b8:
                    99:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B6:FB:BE:60:FC:28:F9:1D:0A:79:55:3F:BD:68:D8:2A:AD:53:DE
            X509v3 Authority Key Identifier:
                keyid:5C:3A:1D:97:3F:9B:33:91:E8:AD:AC:AA:66:4D:1B:23:D7:78:F0:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XDodlz-bM5HorayqZk0bI9d48Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/j7b7vmD8KPkdCnlVP71o2CqtU94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/a5fcf5-7863-43c1-a1c1-194cc9902abf/1/XDodlz-bM5HorayqZk0bI9d48Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:52:b1:cb:90:05:51:da:36:5b:ec:89:84:f5:a9:90:94:e1:
         a9:a8:83:76:df:ec:ab:37:95:dc:2d:6a:11:94:12:e0:fc:1d:
         d0:2e:1e:80:81:4e:9f:16:ea:35:2e:b6:e9:87:22:cc:d8:7f:
         25:09:55:1b:22:96:44:c7:d0:48:b8:04:d1:75:8f:4b:89:b6:
         23:78:5d:a1:b5:0a:e1:35:ea:de:a6:9d:fb:03:08:65:c8:45:
         c3:05:4f:15:7f:50:37:2c:a8:68:3f:dd:71:1a:f9:e4:32:28:
         f7:5a:3c:be:d5:66:07:eb:52:d9:6b:a8:f3:b9:f7:74:ee:d5:
         ba:15:5b:2e:9d:fd:d0:6d:f2:82:47:19:e3:8f:83:85:1f:7b:
         5d:95:9d:71:82:01:e3:92:c5:41:23:1a:d3:a5:fe:e6:ab:bc:
         e2:27:3f:b6:0f:40:1c:1f:ea:92:f1:77:3a:e5:dd:1f:68:1e:
         14:40:70:74:66:4f:b9:6c:18:e9:40:2a:d9:6f:5c:e4:1c:18:
         2d:dc:36:30:59:3e:6f:f5:44:db:c8:d9:72:42:6b:d5:43:aa:
         98:ad:3f:62:4c:a7:6c:34:6c:71:da:7c:9d:0c:72:86:cb:5a:
         37:38:40:ce:77:e8:85:6e:41:47:92:56:d4:c2:c7:d6:3c:61:
         59:5a:95:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbANhFXKA5OlAUhKARNjcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjM2ExZDk3M2Y5YjMzOTFlOGFkYWNhYTY2NGQxYjIzZDc3
OGYwMDgwHhcNMjUwMTAyMDk1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmI2ZmJiZTYwZmMyOGY5MWQwYTc5NTUzZmJkNjhkODJhYWQ1M2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmDWUL3SJqI37PGpIL50xntMgq+v
9bUWDWHtRi8iO/vbJrY0yL3Jxks/P13+hgvnxkKot1WODcKsEbt2kCjDE7mCoIki
23wpSZak1Wj5BbWG3c2U4RduE7yRXAWJIjGo8BudO/HIK1Hjjod/KXWCvztNrTjE
obMoWPk49e2Xm9n6hIyaYy2+br3daEoHEzZDEky4Yb3OZCdLEfoS20JFpDyoza3d
D09HkG62vTnvE1Kl2f9ZMNOPGAbb7NXT1BgqAIH+hzdFNnO4hsDxB+ef3GZ9PS2G
0RYm+CuOcWQchpi0nLd+oHU6NZ4k85avnYJjJdlwAxBsjWhbDuBBariZhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+2+75g/Cj5HQp5VT+9aNgqrVPeMB8GA1UdIwQY
MBaAFFw6HZc/mzOR6K2sqmZNGyPXePAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWERvZGx6LWJNNUhvcmF5cVprMGJJOWQ0OEFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9hNWZjZjUtNzg2My00M2MxLWExYzEt
MTk0Y2M5OTAyYWJmLzEvajdiN3ZtRDhLUGtkQ25sVlA3MW8yQ3F0VTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9hNWZjZjUtNzg2My00M2MxLWExYzEtMTk0Y2M5OTAyYWJm
LzEvWERvZGx6LWJNNUhvcmF5cVprMGJJOWQ0OEFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQEbMA0G
CSqGSIb3DQEBCwUAA4IBAQBoUrHLkAVR2jZb7ImE9amQlOGpqIN23+yrN5XcLWoR
lBLg/B3QLh6AgU6fFuo1LrbphyLM2H8lCVUbIpZEx9BIuATRdY9LibYjeF2htQrh
Nerepp37AwhlyEXDBU8Vf1A3LKhoP91xGvnkMij3Wjy+1WYH61LZa6jzufd07tW6
FVsunf3QbfKCRxnjj4OFH3tdlZ1xggHjksVBIxrTpf7mq7ziJz+2D0AcH+qS8Xc6
5d0faB4UQHB0Zk+5bBjpQCrZb1zkHBgt3DYwWT5v9UTbyNlyQmvVQ6qYrT9iTKds
NGxx2nydDHKGy1o3OEDOd+iFbkFHklbUwsfWPGFZWpWe
-----END CERTIFICATE-----