Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/1n9nwdvGLJLZojjaEOk9Jf6KSnk.roa
File:                     1n9nwdvGLJLZojjaEOk9Jf6KSnk.roa (raw, json)
Hash identifier:          mvs8YZspPM8iLmp46iMspfkGI5JTebybFekGDWlFdso=
Subject key identifier:   D6:7F:67:C1:DB:C6:2C:92:D9:A2:38:DA:10:E9:3D:25:FE:8A:4A:79
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC21FF70EB537A9DF95F58453F0EBE
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/1n9nwdvGLJLZojjaEOk9Jf6KSnk.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205902
IP address blocks:        212.183.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:21:ff:70:eb:53:7a:9d:f9:5f:58:45:3f:0e:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d67f67c1dbc62c92d9a238da10e93d25fe8a4a79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ec:9a:fe:89:32:2a:b8:23:87:78:ec:41:24:
                    26:f0:7c:73:9e:96:44:d3:f1:b7:93:23:52:1e:10:
                    1a:b8:4c:66:8f:ad:6b:04:12:ba:1b:2c:8a:a4:9e:
                    af:c9:8d:8d:8b:c0:e7:78:74:f7:5b:bf:47:7b:aa:
                    62:74:23:64:75:c7:cc:6a:9f:c0:5b:ce:6d:51:62:
                    47:a4:13:05:59:e9:f6:9b:c9:44:bb:fa:20:11:26:
                    4d:b2:65:16:4f:67:a5:da:06:9d:2b:03:eb:16:46:
                    d0:6d:92:71:17:0a:36:26:97:df:a0:df:8f:58:d7:
                    78:04:e9:3c:0d:29:b8:67:8a:f0:3e:7e:16:21:b7:
                    59:b8:df:25:40:08:ab:df:92:a9:c1:59:ed:1a:97:
                    8c:1e:23:03:96:b6:e3:78:4f:e5:64:f0:5f:8c:f0:
                    9c:4a:24:0b:e8:e0:8d:eb:0c:7d:c2:31:a6:5d:9f:
                    fa:45:4f:3d:5b:55:ee:20:4a:c4:9c:53:c9:a1:62:
                    c8:75:69:88:64:b2:86:1b:25:48:7c:df:9e:a2:04:
                    d2:fc:c1:74:93:28:87:c0:30:82:80:76:cc:73:a5:
                    aa:96:42:88:15:e6:61:e7:4b:be:cc:04:e6:f4:2e:
                    22:d7:58:b0:98:74:29:8c:e3:39:71:27:32:94:1c:
                    6a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:7F:67:C1:DB:C6:2C:92:D9:A2:38:DA:10:E9:3D:25:FE:8A:4A:79
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/1n9nwdvGLJLZojjaEOk9Jf6KSnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.183.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:c7:1a:12:36:6a:ff:57:cf:04:9e:2f:63:7f:31:8d:62:f3:
         43:68:8b:5e:44:dc:74:06:35:94:e0:78:21:99:88:5b:45:8f:
         4e:3d:c4:3d:7e:44:da:90:93:37:83:f6:0c:e9:6e:32:d6:ed:
         ac:68:75:82:a1:9f:59:e1:20:19:61:39:45:ab:8c:c7:51:69:
         33:cd:f8:da:31:fa:d5:22:9a:c5:cf:bf:40:82:7e:24:82:99:
         8f:8c:b1:34:aa:2e:e6:3e:c4:b2:f7:a5:b6:29:7a:da:fd:69:
         68:ae:51:0a:a1:72:b1:05:47:76:98:7a:d9:bb:b8:59:73:35:
         52:95:7b:1e:f3:89:8e:68:dd:f5:63:2f:37:8a:d2:6f:40:2f:
         69:c6:90:2e:4b:7b:33:b0:24:e3:64:3a:58:79:fe:6b:40:42:
         56:bf:05:19:f5:aa:26:ad:cc:90:c7:7d:51:18:23:df:91:ce:
         99:6b:89:ca:9b:69:27:3d:c5:26:dd:94:33:14:e9:51:9d:02:
         64:46:e9:c0:cb:cf:59:a1:0c:c3:35:e8:79:3a:0a:8b:6e:b2:
         d9:ea:ba:a5:50:cf:e4:15:fe:02:ae:fe:15:59:6f:b3:55:2e:
         5f:9a:ad:33:33:67:d1:dd:2c:dc:a1:27:3f:5a:68:ab:a7:e8:
         28:d1:27:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CH/cOtTep35X1hFPw6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjdmNjdjMWRiYzYyYzkyZDlhMjM4ZGExMGU5M2QyNWZlOGE0YTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOya/okyKrgjh3jsQSQm8HxznpZE
0/G3kyNSHhAauExmj61rBBK6GyyKpJ6vyY2Ni8DneHT3W79He6pidCNkdcfMap/A
W85tUWJHpBMFWen2m8lEu/ogESZNsmUWT2el2gadKwPrFkbQbZJxFwo2JpffoN+P
WNd4BOk8DSm4Z4rwPn4WIbdZuN8lQAir35KpwVntGpeMHiMDlrbjeE/lZPBfjPCc
SiQL6OCN6wx9wjGmXZ/6RU89W1XuIErEnFPJoWLIdWmIZLKGGyVIfN+eogTS/MF0
kyiHwDCCgHbMc6WqlkKIFeZh50u+zATm9C4i11iwmHQpjOM5cScylBxqMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZ/Z8HbxiyS2aI42hDpPSX+ikp5MB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvMW45bndkdkdMSkxab2pqYUVPazlKZjZLU25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1LcbMA0G
CSqGSIb3DQEBCwUAA4IBAQCtxxoSNmr/V88Eni9jfzGNYvNDaIteRNx0BjWU4Hgh
mYhbRY9OPcQ9fkTakJM3g/YM6W4y1u2saHWCoZ9Z4SAZYTlFq4zHUWkzzfjaMfrV
IprFz79Agn4kgpmPjLE0qi7mPsSy96W2KXra/WlorlEKoXKxBUd2mHrZu7hZczVS
lXse84mOaN31Yy83itJvQC9pxpAuS3szsCTjZDpYef5rQEJWvwUZ9aomrcyQx31R
GCPfkc6Za4nKm2knPcUm3ZQzFOlRnQJkRunAy89ZoQzDNeh5OgqLbrLZ6rqlUM/k
Ff4Crv4VWW+zVS5fmq0zM2fR3SzcoSc/Wmirp+go0Scz
-----END CERTIFICATE-----