Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/s_Cv1gCl6ya1CLFkqNwB2yqydvU.roa
File:                     s_Cv1gCl6ya1CLFkqNwB2yqydvU.roa (raw, json)
Hash identifier:          HhvOGlDiq0R17cKuJm+ijF0HuM3OR3APHPFpwngKcyY=
Subject key identifier:   B3:F0:AF:D6:00:A5:EB:26:B5:08:B1:64:A8:DC:01:DB:2A:B2:76:F5
Certificate issuer:       /CN=770d35d7566ee7246e4d2133cbde48a774423c77
Certificate serial:       018CC726E3B102A1BC868D326F1ED0DDFACC
Authority key identifier: 77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/s_Cv1gCl6ya1CLFkqNwB2yqydvU.roa
Signing time:             Mon 01 Jan 2024 22:31:03 +0000
ROA not before:           Mon 01 Jan 2024 22:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61175
IP address blocks:        193.27.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e3:b1:02:a1:bc:86:8d:32:6f:1e:d0:dd:fa:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=770d35d7566ee7246e4d2133cbde48a774423c77
        Validity
            Not Before: Jan  1 22:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3f0afd600a5eb26b508b164a8dc01db2ab276f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:06:f8:e4:4c:ec:3b:3e:bc:6d:4d:ee:31:ff:
                    62:43:60:95:d1:51:89:3d:9f:13:3e:34:96:9c:a5:
                    b8:a4:72:92:9d:90:12:6e:03:53:06:e1:c4:c9:e0:
                    91:1f:54:d2:a2:7c:5a:3f:2e:33:16:82:de:47:64:
                    48:5a:ea:1b:86:41:e3:77:09:82:a0:e2:61:fb:7a:
                    2b:89:26:52:70:59:eb:04:ec:fd:29:3b:fe:6b:23:
                    e4:4d:b7:84:6a:6b:70:3e:74:68:fb:44:36:88:4a:
                    11:2e:1b:19:67:76:1d:92:51:7c:6b:dd:4b:39:05:
                    0f:a1:e8:98:78:4e:f3:25:42:8d:5d:be:b7:20:50:
                    63:bc:91:1a:c9:9c:b0:fe:7e:95:d9:98:86:af:46:
                    5c:f2:3f:ac:92:9c:5c:ea:c3:12:5f:70:43:fc:29:
                    ce:68:ae:f9:bb:89:ba:16:af:0b:77:7c:20:18:cc:
                    69:1e:3f:75:21:aa:da:dc:26:92:f6:98:d3:d2:08:
                    ec:35:36:87:28:a0:46:13:91:cd:48:fc:65:3d:72:
                    40:4f:9d:39:95:35:37:f4:9c:5a:e8:4b:b0:25:ce:
                    28:45:2e:dc:db:ce:78:97:81:08:2f:00:f9:26:b6:
                    f3:20:e2:d5:4f:63:cd:57:02:01:29:9a:0a:94:16:
                    bc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:F0:AF:D6:00:A5:EB:26:B5:08:B1:64:A8:DC:01:DB:2A:B2:76:F5
            X509v3 Authority Key Identifier:
                keyid:77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/s_Cv1gCl6ya1CLFkqNwB2yqydvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:10:c9:95:52:dd:97:ca:32:34:c9:d7:c0:52:77:17:a7:12:
         3a:f4:eb:9a:14:30:b7:6b:a9:62:c4:7a:cd:d2:c0:81:71:e3:
         75:99:fa:60:5a:8a:8b:52:9e:0f:eb:3e:36:9b:b6:80:28:6f:
         f5:33:e7:60:d8:62:18:2d:7b:4f:8c:73:b3:92:d8:44:d0:22:
         70:5b:c1:09:f5:14:16:d2:21:7d:ff:78:22:ce:9d:10:c1:a3:
         a9:1b:e4:f6:73:8c:6b:76:bf:ca:d3:c9:32:0a:12:77:16:a4:
         01:12:22:95:d4:51:4e:3a:5d:83:1c:c8:48:bc:01:c0:45:56:
         0e:83:9b:47:00:c8:db:73:cc:7e:06:a0:4e:39:b6:da:78:05:
         84:d5:d1:e5:d5:e9:bf:85:d6:c4:ba:0e:5e:2f:19:6c:16:4d:
         e7:4f:ec:98:21:00:40:c7:fa:de:7f:02:e1:6a:89:e1:97:d1:
         1f:80:b8:a5:f2:b8:b2:c7:ce:21:2f:ae:de:4e:de:f5:a8:78:
         cc:48:94:5e:c7:d4:1d:79:1e:a7:67:49:2f:0e:4d:c4:ea:cb:
         fc:d3:ff:83:bc:03:e6:a6:07:63:2e:7c:ae:18:7f:ce:00:d6:
         1f:ac:f8:98:b0:34:13:e6:fd:17:19:87:b0:c8:eb:2c:f2:48:
         94:84:ab:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJuOxAqG8ho0ybx7Q3frMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MGQzNWQ3NTY2ZWU3MjQ2ZTRkMjEzM2NiZGU0OGE3NzQ0
MjNjNzcwHhcNMjQwMTAxMjIzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2YwYWZkNjAwYTVlYjI2YjUwOGIxNjRhOGRjMDFkYjJhYjI3NmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwb45EzsOz68bU3uMf9iQ2CV0VGJ
PZ8TPjSWnKW4pHKSnZASbgNTBuHEyeCRH1TSonxaPy4zFoLeR2RIWuobhkHjdwmC
oOJh+3oriSZScFnrBOz9KTv+ayPkTbeEamtwPnRo+0Q2iEoRLhsZZ3YdklF8a91L
OQUPoeiYeE7zJUKNXb63IFBjvJEayZyw/n6V2ZiGr0Zc8j+skpxc6sMSX3BD/CnO
aK75u4m6Fq8Ld3wgGMxpHj91Iara3CaS9pjT0gjsNTaHKKBGE5HNSPxlPXJAT505
lTU39Jxa6EuwJc4oRS7c2854l4EILwD5JrbzIOLVT2PNVwIBKZoKlBa8IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPwr9YApesmtQixZKjcAdsqsnb1MB8GA1UdIwQY
MBaAFHcNNddWbuckbk0hM8veSKd0Qjx3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQt
NTQ3NWRlNjAzY2QzLzEvc19DdjFnQ2w2eWExQ0xGa3FOd0IyeXF5ZHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQtNTQ3NWRlNjAzY2Qz
LzEvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRvlMA0G
CSqGSIb3DQEBCwUAA4IBAQBBEMmVUt2XyjI0ydfAUncXpxI69OuaFDC3a6lixHrN
0sCBceN1mfpgWoqLUp4P6z42m7aAKG/1M+dg2GIYLXtPjHOzkthE0CJwW8EJ9RQW
0iF9/3gizp0QwaOpG+T2c4xrdr/K08kyChJ3FqQBEiKV1FFOOl2DHMhIvAHARVYO
g5tHAMjbc8x+BqBOObbaeAWE1dHl1em/hdbEug5eLxlsFk3nT+yYIQBAx/refwLh
aonhl9EfgLil8riyx84hL67eTt71qHjMSJRex9QdeR6nZ0kvDk3E6sv80/+DvAPm
pgdjLnyuGH/OANYfrPiYsDQT5v0XGYewyOss8kiUhKvI
-----END CERTIFICATE-----