Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/6e27ca-7ff7-4e09-bae5-0d0d7c0189ad/1/g7d8qIhbNnPANMMQbOcQrkP5XMM.roa
File:                     g7d8qIhbNnPANMMQbOcQrkP5XMM.roa (raw, json)
Hash identifier:          PiR0FFy29ovFvlBoBQ/8WUHsfFT3mbXqdjXTkCErj/4=
Subject key identifier:   83:B7:7C:A8:88:5B:36:73:C0:34:C3:10:6C:E7:10:AE:43:F9:5C:C3
Certificate issuer:       /CN=275aab7dfbb152a646adf3273b31aa5dde64a1df
Certificate serial:       018CCA28561008097685EDF621AC71E98C12
Authority key identifier: 27:5A:AB:7D:FB:B1:52:A6:46:AD:F3:27:3B:31:AA:5D:DE:64:A1:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J1qrffuxUqZGrfMnOzGqXd5kod8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/6e27ca-7ff7-4e09-bae5-0d0d7c0189ad/1/g7d8qIhbNnPANMMQbOcQrkP5XMM.roa
Signing time:             Tue 02 Jan 2024 12:31:30 +0000
ROA not before:           Tue 02 Jan 2024 12:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48275
IP address blocks:        91.207.180.0/24 maxlen: 32
                          91.207.181.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/6e27ca-7ff7-4e09-bae5-0d0d7c0189ad/1/J1qrffuxUqZGrfMnOzGqXd5kod8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/6e27ca-7ff7-4e09-bae5-0d0d7c0189ad/1/J1qrffuxUqZGrfMnOzGqXd5kod8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J1qrffuxUqZGrfMnOzGqXd5kod8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:56:10:08:09:76:85:ed:f6:21:ac:71:e9:8c:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=275aab7dfbb152a646adf3273b31aa5dde64a1df
        Validity
            Not Before: Jan  2 12:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83b77ca8885b3673c034c3106ce710ae43f95cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fa:74:20:58:de:51:8b:d1:86:a8:1e:65:48:
                    99:a8:bf:e6:05:60:00:4d:a1:7e:2c:de:09:87:9b:
                    81:6b:d8:4f:16:24:5f:bb:4a:9d:22:69:9e:10:65:
                    a5:a5:0c:64:02:10:c6:3b:25:2f:3b:d1:e2:84:39:
                    7d:ff:51:bf:77:05:df:07:9f:b2:01:07:8f:ca:41:
                    af:3e:ea:d2:d1:3d:d3:bb:ce:4d:06:75:31:8c:ff:
                    22:20:df:55:6a:25:22:64:f0:94:3d:27:71:de:60:
                    ce:78:6f:38:df:6b:1a:89:0c:99:03:fa:32:1f:5c:
                    ac:c0:52:2f:2a:94:5e:99:ec:9e:0d:9d:81:55:7d:
                    77:75:69:a8:5b:b2:cf:8a:f2:3b:57:ad:93:62:90:
                    1f:a3:22:28:cd:ac:37:8e:5e:b9:76:aa:89:60:9c:
                    41:94:75:32:96:51:23:65:dc:80:24:7a:d0:6e:22:
                    04:19:38:bb:6c:a4:2a:2b:ec:a8:96:30:dc:bc:f6:
                    09:55:5c:c3:53:43:82:41:01:64:2b:ef:3a:7c:82:
                    42:0e:8a:34:62:96:74:cf:2e:ac:c2:a3:8c:54:8f:
                    a8:26:1f:7f:05:76:38:c7:54:12:68:0e:b6:6d:f5:
                    94:3e:4a:c9:a7:9b:f9:e6:99:a3:4b:8f:97:e0:59:
                    db:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:B7:7C:A8:88:5B:36:73:C0:34:C3:10:6C:E7:10:AE:43:F9:5C:C3
            X509v3 Authority Key Identifier:
                keyid:27:5A:AB:7D:FB:B1:52:A6:46:AD:F3:27:3B:31:AA:5D:DE:64:A1:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J1qrffuxUqZGrfMnOzGqXd5kod8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/6e27ca-7ff7-4e09-bae5-0d0d7c0189ad/1/g7d8qIhbNnPANMMQbOcQrkP5XMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/6e27ca-7ff7-4e09-bae5-0d0d7c0189ad/1/J1qrffuxUqZGrfMnOzGqXd5kod8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:7f:20:06:d3:52:c3:bb:d3:86:5d:3c:3d:33:4e:ae:43:04:
         a1:3c:d6:52:95:a2:61:3f:d4:63:af:9a:a2:89:20:91:f9:36:
         c4:50:bf:28:25:33:ea:e9:42:d2:18:78:cd:64:f7:35:30:bc:
         39:27:0b:be:2f:41:2e:6b:76:f4:d5:0a:44:e0:05:96:00:82:
         4b:75:98:82:6b:81:60:ac:20:66:87:12:04:4e:e5:34:4c:be:
         11:73:7e:17:62:6b:7c:9b:11:c9:67:f6:db:63:4a:b6:f5:69:
         27:31:bd:3e:bc:a7:ad:c4:67:47:88:0a:27:ae:c3:c7:89:1a:
         28:56:a4:f3:c4:60:04:f0:7f:6c:fc:46:39:d2:a1:a7:50:5c:
         9a:81:61:f9:e3:bb:e5:17:15:2c:8c:63:d3:c8:1b:50:66:30:
         7a:f4:4f:e6:65:70:07:d5:47:a5:d4:90:59:93:79:06:28:5e:
         89:6f:f8:9f:41:76:d5:ab:3f:47:53:f5:57:1d:63:f1:72:64:
         30:3a:33:db:8b:35:06:5a:5d:c4:0a:6b:3f:12:8a:c6:58:69:
         62:06:b8:49:91:a6:00:c1:ac:7f:4b:cc:24:c0:b0:42:78:27:
         13:20:c0:d2:ed:65:5f:6c:25:67:a6:84:50:5e:34:b6:11:d4:
         c5:6a:0e:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKFYQCAl2he32Iaxx6YwSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NWFhYjdkZmJiMTUyYTY0NmFkZjMyNzNiMzFhYTVkZGU2
NGExZGYwHhcNMjQwMTAyMTIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2I3N2NhODg4NWIzNjczYzAzNGMzMTA2Y2U3MTBhZTQzZjk1Y2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Pp0IFjeUYvRhqgeZUiZqL/mBWAA
TaF+LN4Jh5uBa9hPFiRfu0qdImmeEGWlpQxkAhDGOyUvO9HihDl9/1G/dwXfB5+y
AQePykGvPurS0T3Tu85NBnUxjP8iIN9VaiUiZPCUPSdx3mDOeG8432saiQyZA/oy
H1yswFIvKpRemeyeDZ2BVX13dWmoW7LPivI7V62TYpAfoyIozaw3jl65dqqJYJxB
lHUyllEjZdyAJHrQbiIEGTi7bKQqK+yoljDcvPYJVVzDU0OCQQFkK+86fIJCDoo0
YpZ0zy6swqOMVI+oJh9/BXY4x1QSaA62bfWUPkrJp5v55pmjS4+X4FnbJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIO3fKiIWzZzwDTDEGznEK5D+VzDMB8GA1UdIwQY
MBaAFCdaq337sVKmRq3zJzsxql3eZKHfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjFxcmZmdXhVcVpHcmZNbk96R3FYZDVrb2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC82ZTI3Y2EtN2ZmNy00ZTA5LWJhZTUt
MGQwZDdjMDE4OWFkLzEvZzdkOHFJaGJOblBBTk1NUWJPY1Fya1A1WE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC82ZTI3Y2EtN2ZmNy00ZTA5LWJhZTUtMGQwZDdjMDE4OWFk
LzEvSjFxcmZmdXhVcVpHcmZNbk96R3FYZDVrb2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8+0MA0G
CSqGSIb3DQEBCwUAA4IBAQBHfyAG01LDu9OGXTw9M06uQwShPNZSlaJhP9Rjr5qi
iSCR+TbEUL8oJTPq6ULSGHjNZPc1MLw5Jwu+L0Eua3b01QpE4AWWAIJLdZiCa4Fg
rCBmhxIETuU0TL4Rc34XYmt8mxHJZ/bbY0q29WknMb0+vKetxGdHiAonrsPHiRoo
VqTzxGAE8H9s/EY50qGnUFyagWH547vlFxUsjGPTyBtQZjB69E/mZXAH1Uel1JBZ
k3kGKF6Jb/ifQXbVqz9HU/VXHWPxcmQwOjPbizUGWl3ECms/EorGWGliBrhJkaYA
wax/S8wkwLBCeCcTIMDS7WVfbCVnpoRQXjS2EdTFag7O
-----END CERTIFICATE-----