Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/229e79-9bc4-47ba-b136-33881467ac5e/1/FFs9cXBjnEqTf9ETCH2_FfTV-G0.roa
File:                     FFs9cXBjnEqTf9ETCH2_FfTV-G0.roa (raw, json)
Hash identifier:          J0Hh1Kkznm5TzUaC4/Hb8xspUVWaCjFmgq6t9mn2XY8=
Subject key identifier:   14:5B:3D:71:70:63:9C:4A:93:7F:D1:13:08:7D:BF:15:F4:D5:F8:6D
Certificate issuer:       /CN=53c9a8fb5599bf93b50ffbbcc877884a6d815157
Certificate serial:       018ED7936D2B7C10CC308D94C3173F7CEE6D
Authority key identifier: 53:C9:A8:FB:55:99:BF:93:B5:0F:FB:BC:C8:77:88:4A:6D:81:51:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8mo-1WZv5O1D_u8yHeISm2BUVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/229e79-9bc4-47ba-b136-33881467ac5e/1/FFs9cXBjnEqTf9ETCH2_FfTV-G0.roa
Signing time:             Sat 13 Apr 2024 13:09:06 +0000
ROA not before:           Sat 13 Apr 2024 13:09:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20668
IP address blocks:        188.92.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/229e79-9bc4-47ba-b136-33881467ac5e/1/U8mo-1WZv5O1D_u8yHeISm2BUVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/229e79-9bc4-47ba-b136-33881467ac5e/1/U8mo-1WZv5O1D_u8yHeISm2BUVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8mo-1WZv5O1D_u8yHeISm2BUVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d7:93:6d:2b:7c:10:cc:30:8d:94:c3:17:3f:7c:ee:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c9a8fb5599bf93b50ffbbcc877884a6d815157
        Validity
            Not Before: Apr 13 13:09:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=145b3d7170639c4a937fd113087dbf15f4d5f86d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:9e:a3:41:92:09:8c:ce:9f:9c:eb:ed:83:d0:
                    ee:e5:b3:58:d0:19:4c:0f:08:25:8b:f8:c6:d8:d2:
                    22:c2:10:e6:1f:4e:2a:a2:11:a8:7b:5d:67:0a:97:
                    60:d3:89:32:ac:64:6f:02:70:42:f4:4d:f7:02:c3:
                    aa:71:5a:7a:5d:ae:ca:4f:dc:b8:db:44:eb:24:5e:
                    8d:29:b7:16:a1:4c:17:ae:d2:80:00:58:0a:c8:4e:
                    90:21:03:f5:6c:1d:17:e1:9c:c4:14:15:8b:d4:f5:
                    3e:40:62:ca:d0:56:f4:58:2d:69:6b:2e:b4:2c:e0:
                    3c:de:dc:c5:bf:c8:93:84:53:bb:fe:ea:57:e0:c0:
                    5c:3b:cb:4f:83:c0:53:1a:74:24:19:f7:ce:8a:d3:
                    5e:c0:ae:f4:37:e9:cd:4d:50:7f:d1:5d:99:7f:74:
                    65:ee:16:e4:cc:11:cb:15:5d:89:a0:ef:2b:fa:46:
                    10:35:3c:52:5b:3b:5d:e1:3c:be:6f:1b:a1:78:da:
                    e7:18:56:9a:80:dc:f7:bd:ca:c1:ed:1f:ad:09:69:
                    5e:70:77:87:d4:e0:3b:a3:08:52:4e:0c:65:14:9a:
                    e1:ac:45:7d:a3:f2:fe:ae:ed:74:7d:7b:49:fc:42:
                    92:4c:22:7d:4c:ed:75:45:8f:da:21:37:b2:1e:42:
                    99:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:5B:3D:71:70:63:9C:4A:93:7F:D1:13:08:7D:BF:15:F4:D5:F8:6D
            X509v3 Authority Key Identifier:
                keyid:53:C9:A8:FB:55:99:BF:93:B5:0F:FB:BC:C8:77:88:4A:6D:81:51:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8mo-1WZv5O1D_u8yHeISm2BUVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/229e79-9bc4-47ba-b136-33881467ac5e/1/FFs9cXBjnEqTf9ETCH2_FfTV-G0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/229e79-9bc4-47ba-b136-33881467ac5e/1/U8mo-1WZv5O1D_u8yHeISm2BUVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:5d:a0:cf:1b:b9:79:76:71:fe:a9:3e:28:af:de:3a:e7:e2:
         e6:a4:2c:91:9f:bd:b8:6f:ee:59:5d:ca:1e:cc:a3:15:8b:91:
         c4:ff:78:23:01:c1:9f:3f:89:b9:9c:3f:88:3a:92:39:9e:76:
         4a:5a:dd:e1:d9:12:e6:3d:e2:2a:ae:44:9c:90:b2:bc:93:9a:
         ef:4a:29:db:87:b5:6c:55:d1:ea:f3:00:aa:c4:00:74:c0:7d:
         00:c8:ef:7e:cd:91:35:84:37:d5:f1:01:13:e0:f7:05:bb:41:
         66:6b:7e:f9:60:9c:d2:19:1d:81:75:29:19:5d:f4:66:33:d4:
         1a:4b:f9:de:cf:0d:50:98:2a:09:61:02:58:9e:14:be:25:2e:
         fa:0d:85:81:68:4c:04:dd:0e:4d:fe:60:e8:ab:f1:d6:ce:5c:
         b7:24:50:a2:1c:59:dc:6c:4e:fa:c8:fb:7e:bd:91:77:0c:bf:
         b8:fa:dc:71:59:7f:b1:be:b5:76:9f:a0:f5:9f:ad:4c:3f:8b:
         73:83:61:7f:6d:8f:e0:ca:46:f9:da:09:36:df:8a:88:ae:93:
         83:d4:a8:f7:7f:a8:8e:67:58:a0:df:44:71:a7:d8:33:aa:10:
         2f:20:1d:ba:f6:2d:37:79:ff:c8:57:70:f9:dd:63:cb:33:4d:
         1a:6b:c6:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Xk20rfBDMMI2Uwxc/fO5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzlhOGZiNTU5OWJmOTNiNTBmZmJiY2M4Nzc4ODRhNmQ4
MTUxNTcwHhcNMjQwNDEzMTMwOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDViM2Q3MTcwNjM5YzRhOTM3ZmQxMTMwODdkYmYxNWY0ZDVmODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnp6jQZIJjM6fnOvtg9Du5bNY0BlM
Dwgli/jG2NIiwhDmH04qohGoe11nCpdg04kyrGRvAnBC9E33AsOqcVp6Xa7KT9y4
20TrJF6NKbcWoUwXrtKAAFgKyE6QIQP1bB0X4ZzEFBWL1PU+QGLK0Fb0WC1pay60
LOA83tzFv8iThFO7/upX4MBcO8tPg8BTGnQkGffOitNewK70N+nNTVB/0V2Zf3Rl
7hbkzBHLFV2JoO8r+kYQNTxSWztd4Ty+bxuheNrnGFaagNz3vcrB7R+tCWlecHeH
1OA7owhSTgxlFJrhrEV9o/L+ru10fXtJ/EKSTCJ9TO11RY/aITeyHkKZ9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRbPXFwY5xKk3/REwh9vxX01fhtMB8GA1UdIwQY
MBaAFFPJqPtVmb+TtQ/7vMh3iEptgVFXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThtby0xV1p2NU8xRF91OHlIZUlTbTJCVVZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yMjllNzktOWJjNC00N2JhLWIxMzYt
MzM4ODE0NjdhYzVlLzEvRkZzOWNYQmpuRXFUZjlFVENIMl9GZlRWLUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yMjllNzktOWJjNC00N2JhLWIxMzYtMzM4ODE0NjdhYzVl
LzEvVThtby0xV1p2NU8xRF91OHlIZUlTbTJCVVZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFwbMA0G
CSqGSIb3DQEBCwUAA4IBAQBNXaDPG7l5dnH+qT4or9465+LmpCyRn724b+5ZXcoe
zKMVi5HE/3gjAcGfP4m5nD+IOpI5nnZKWt3h2RLmPeIqrkSckLK8k5rvSinbh7Vs
VdHq8wCqxAB0wH0AyO9+zZE1hDfV8QET4PcFu0Fma375YJzSGR2BdSkZXfRmM9Qa
S/nezw1QmCoJYQJYnhS+JS76DYWBaEwE3Q5N/mDoq/HWzly3JFCiHFncbE76yPt+
vZF3DL+4+txxWX+xvrV2n6D1n61MP4tzg2F/bY/gykb52gk234qIrpOD1Kj3f6iO
Z1ig30Rxp9gzqhAvIB269i03ef/IV3D53WPLM00aa8Ya
-----END CERTIFICATE-----