Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/3NOYODJiBVJIXJBLFs2EpJVbf_A.roa
File:                     3NOYODJiBVJIXJBLFs2EpJVbf_A.roa (raw, json)
Hash identifier:          ySZv3i1TQJ47QUz8GZ5O7EFEHaUw3nChoBDmxWWMUIg=
Subject key identifier:   DC:D3:98:38:32:62:05:52:48:5C:90:4B:16:CD:84:A4:95:5B:7F:F0
Certificate issuer:       /CN=27f958c3b759b2c7896f5ed663e807781f3ff5a2
Certificate serial:       018CC2DAF4EF140CC9B208A6733F3CE94CE1
Authority key identifier: 27:F9:58:C3:B7:59:B2:C7:89:6F:5E:D6:63:E8:07:78:1F:3F:F5:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_lYw7dZsseJb17WY-gHeB8_9aI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/3NOYODJiBVJIXJBLFs2EpJVbf_A.roa
Signing time:             Mon 01 Jan 2024 02:29:38 +0000
ROA not before:           Mon 01 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210168
IP address blocks:        5.1.127.0/24 maxlen: 24
                          2a02:e747::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/J_lYw7dZsseJb17WY-gHeB8_9aI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/J_lYw7dZsseJb17WY-gHeB8_9aI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_lYw7dZsseJb17WY-gHeB8_9aI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f4:ef:14:0c:c9:b2:08:a6:73:3f:3c:e9:4c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27f958c3b759b2c7896f5ed663e807781f3ff5a2
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcd3983832620552485c904b16cd84a4955b7ff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:7e:85:40:a2:6f:35:10:15:53:54:ab:bb:af:
                    92:1f:c9:86:b6:0e:a9:12:bb:51:32:78:d3:d8:b3:
                    81:4b:d7:65:2c:4b:41:5d:47:7e:71:e3:ff:ce:78:
                    53:94:09:18:a2:6b:4c:8b:c4:92:75:6c:45:cb:c1:
                    82:a8:06:c1:ca:cc:9e:f0:95:64:ba:66:1a:f6:1a:
                    61:ee:8f:78:09:d0:2d:f1:88:9a:bd:43:00:cd:04:
                    d3:6b:20:ab:02:c0:ac:37:c2:fe:61:cb:aa:f8:a1:
                    a3:ae:a8:a1:dd:b2:f5:39:c2:df:f6:c6:08:d1:8a:
                    fe:c1:95:9d:72:7c:56:40:9d:91:7c:59:70:a0:f5:
                    f1:69:26:ee:3f:bd:1b:0e:2f:b2:9b:62:72:79:6b:
                    18:c1:47:05:29:0e:ed:92:d1:2c:55:04:d2:ef:5b:
                    29:3a:eb:d7:76:49:91:14:f1:e6:d9:0a:b7:06:32:
                    38:cf:4f:4b:2d:51:26:7b:ae:78:85:6e:30:08:e8:
                    d3:49:ab:91:36:53:1d:fa:7f:f8:f7:a2:9a:b3:6e:
                    51:64:6c:4e:e3:a3:19:d2:66:ce:2f:3a:14:b8:69:
                    9e:5b:b7:b3:81:fc:28:de:a5:33:17:ff:aa:9c:15:
                    d8:83:a6:87:35:f8:2b:d3:1f:a3:4b:89:74:64:9b:
                    cf:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:D3:98:38:32:62:05:52:48:5C:90:4B:16:CD:84:A4:95:5B:7F:F0
            X509v3 Authority Key Identifier:
                keyid:27:F9:58:C3:B7:59:B2:C7:89:6F:5E:D6:63:E8:07:78:1F:3F:F5:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_lYw7dZsseJb17WY-gHeB8_9aI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/3NOYODJiBVJIXJBLFs2EpJVbf_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/cdbfbd-ed67-44b7-9e1f-b29107b98acc/1/J_lYw7dZsseJb17WY-gHeB8_9aI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.127.0/24
                IPv6:
                  2a02:e747::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:8b:6f:d7:5a:5d:01:47:84:3d:5f:31:bd:a5:46:5a:91:b2:
         dd:5d:d7:10:56:3e:b4:24:4d:fb:36:fd:24:68:40:98:69:2c:
         92:23:a5:d8:48:e9:d9:33:74:87:30:4b:54:80:55:97:44:4a:
         6a:b3:dc:f1:c5:47:8f:12:94:a9:0d:c5:3a:94:e3:2e:17:f5:
         1a:28:a3:7b:72:76:91:13:6b:69:b8:57:08:aa:6a:2a:28:be:
         36:92:6b:5d:59:ec:26:7e:74:a9:f4:6c:f1:42:99:b8:16:2c:
         38:46:29:6c:11:7e:69:57:92:b4:3f:69:32:9d:9c:8c:31:c7:
         0b:d7:15:48:26:65:2b:a9:22:1a:aa:43:93:2d:b2:f8:84:72:
         f9:58:49:c5:d5:0c:04:d7:2a:92:2f:ea:31:fb:63:72:09:02:
         44:b0:d5:e4:5e:9e:51:08:ea:2e:b0:3f:1b:b6:c8:64:96:da:
         67:3d:eb:85:d5:67:cd:53:88:68:86:9c:93:f7:fc:54:2b:b4:
         b5:af:b6:01:b0:bb:25:ab:ab:3a:0f:12:b9:91:9f:0a:6d:1f:
         0f:a7:7b:73:ad:bc:f3:dd:7b:91:50:e5:9a:09:2c:fe:3a:ed:
         98:6c:ce:25:e0:86:39:12:03:b4:d6:70:f5:e2:0a:b7:07:41:
         e3:6f:2f:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2vTvFAzJsgimcz886UzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3Zjk1OGMzYjc1OWIyYzc4OTZmNWVkNjYzZTgwNzc4MWYz
ZmY1YTIwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2QzOTgzODMyNjIwNTUyNDg1YzkwNGIxNmNkODRhNDk1NWI3ZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgH6FQKJvNRAVU1Sru6+SH8mGtg6p
ErtRMnjT2LOBS9dlLEtBXUd+ceP/znhTlAkYomtMi8SSdWxFy8GCqAbBysye8JVk
umYa9hph7o94CdAt8YiavUMAzQTTayCrAsCsN8L+Ycuq+KGjrqih3bL1OcLf9sYI
0Yr+wZWdcnxWQJ2RfFlwoPXxaSbuP70bDi+ym2JyeWsYwUcFKQ7tktEsVQTS71sp
OuvXdkmRFPHm2Qq3BjI4z09LLVEme654hW4wCOjTSauRNlMd+n/496Kas25RZGxO
46MZ0mbOLzoUuGmeW7ezgfwo3qUzF/+qnBXYg6aHNfgr0x+jS4l0ZJvPWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNzTmDgyYgVSSFyQSxbNhKSVW3/wMB8GA1UdIwQY
MBaAFCf5WMO3WbLHiW9e1mPoB3gfP/WiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl9sWXc3ZFpzc2VKYjE3V1ktZ0hlQjhfOWFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9jZGJmYmQtZWQ2Ny00NGI3LTllMWYt
YjI5MTA3Yjk4YWNjLzEvM05PWU9ESmlCVkpJWEpCTEZzMkVwSlZiZl9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9jZGJmYmQtZWQ2Ny00NGI3LTllMWYtYjI5MTA3Yjk4YWNj
LzEvSl9sWXc3ZFpzc2VKYjE3V1ktZ0hlQjhfOWFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQABQF/MA8E
AgACMAkDBwAqAudHAAAwDQYJKoZIhvcNAQELBQADggEBAC2Lb9daXQFHhD1fMb2l
RlqRst1d1xBWPrQkTfs2/SRoQJhpLJIjpdhI6dkzdIcwS1SAVZdESmqz3PHFR48S
lKkNxTqU4y4X9Rooo3tydpETa2m4VwiqaioovjaSa11Z7CZ+dKn0bPFCmbgWLDhG
KWwRfmlXkrQ/aTKdnIwxxwvXFUgmZSupIhqqQ5MtsviEcvlYScXVDATXKpIv6jH7
Y3IJAkSw1eRenlEI6i6wPxu2yGSW2mc964XVZ81TiGiGnJP3/FQrtLWvtgGwuyWr
qzoPErmRnwptHw+ne3OtvPPde5FQ5ZoJLP467ZhsziXghjkSA7TWcPXiCrcHQeNv
L1Q=
-----END CERTIFICATE-----