Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/RvjMqeqJjU4KLe6Y4afnyqcT0io.roa
File:                     RvjMqeqJjU4KLe6Y4afnyqcT0io.roa (raw, json)
Hash identifier:          rH5S+k8TCmlVhSjldcC7jxU7T1HFpUaQCB/LLNL//iA=
Subject key identifier:   46:F8:CC:A9:EA:89:8D:4E:0A:2D:EE:98:E1:A7:E7:CA:A7:13:D2:2A
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01909BA8A31C6D70BAD2CB2634DE3F7E80CF
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/RvjMqeqJjU4KLe6Y4afnyqcT0io.roa
Signing time:             Wed 10 Jul 2024 08:00:38 +0000
ROA not before:           Wed 10 Jul 2024 08:00:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        185.27.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9b:a8:a3:1c:6d:70:ba:d2:cb:26:34:de:3f:7e:80:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jul 10 08:00:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46f8cca9ea898d4e0a2dee98e1a7e7caa713d22a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:14:a5:ff:d6:6d:7c:3f:1d:ae:f4:0d:d9:9d:
                    d1:ed:95:e9:80:10:95:41:c6:e9:bb:9e:4f:cd:9b:
                    98:67:90:95:c6:cf:d2:83:d2:31:a1:dd:d9:93:ba:
                    40:d0:60:b2:e0:66:8d:de:4b:84:f5:66:5a:e2:44:
                    d9:7f:6c:4b:15:5b:26:10:d3:69:82:42:9c:e7:ce:
                    58:29:18:af:df:bd:41:3e:57:ae:f3:33:a9:3b:8a:
                    70:3c:41:2d:a7:fb:36:5d:42:e5:f3:10:29:f9:03:
                    0c:5a:d9:ac:08:d5:90:ae:b8:c6:bc:4d:30:d3:2c:
                    8c:80:9e:a0:a6:16:c5:2d:99:8f:bb:b5:e1:9b:69:
                    b1:56:5b:4d:12:2d:57:67:32:0a:d2:c5:88:64:f3:
                    c0:c4:9b:5f:16:f6:a5:35:0a:60:c3:c5:7f:b5:33:
                    93:e2:24:77:0b:e9:22:27:a2:45:b3:ec:70:70:dd:
                    9b:c7:79:97:8e:6c:0d:fb:af:40:20:c0:f0:d6:da:
                    81:b7:3c:d3:84:da:a8:7d:1e:54:da:c4:ba:b5:6d:
                    fc:b9:e1:e5:9a:cb:b7:7c:38:a5:32:97:bc:93:3b:
                    61:69:5f:5d:cc:bf:94:0f:05:c2:a0:82:f1:d7:2a:
                    c2:96:be:a7:d1:22:46:44:0c:97:9b:90:b2:31:39:
                    03:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:F8:CC:A9:EA:89:8D:4E:0A:2D:EE:98:E1:A7:E7:CA:A7:13:D2:2A
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/RvjMqeqJjU4KLe6Y4afnyqcT0io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:3c:10:e1:76:eb:5b:f0:b3:19:f6:63:1d:67:89:ea:3b:e2:
         cb:56:d3:a5:56:90:c5:7f:97:74:2f:bc:a5:d3:ce:4b:1c:c1:
         6e:06:9f:b7:45:f4:3a:50:eb:73:26:f6:65:b4:90:dd:ca:6a:
         a4:cf:7a:20:48:85:da:bd:a4:a3:56:fc:be:a5:63:13:7f:e2:
         8a:bd:08:c5:21:15:1b:57:2e:6c:8c:31:fe:10:d5:7a:49:c3:
         d2:e7:ac:ba:fb:ea:b7:2a:ae:fe:46:b8:8b:89:81:f7:00:d2:
         33:21:61:e1:4b:c0:40:30:a0:e9:2e:aa:e3:78:03:a9:e6:c0:
         91:7c:0f:fc:c7:4f:2e:fe:5a:06:74:ca:bd:a5:18:13:fc:51:
         8f:28:5e:cc:93:28:a4:cb:89:ec:1e:76:26:29:03:06:b0:5e:
         82:6e:c1:ab:c1:5f:c9:af:53:d9:6f:78:4e:aa:d3:a2:7e:2c:
         a1:d5:20:bd:f5:aa:7f:2e:d4:82:af:01:b5:bd:a0:98:bc:21:
         38:b8:5c:63:6d:71:ac:42:4f:33:2d:ab:6b:58:84:e8:c5:55:
         40:73:f7:2e:50:bb:1b:c9:fb:cb:b1:3c:06:94:21:22:14:d2:
         04:97:00:c0:f8:c5:17:f0:3b:bb:11:cf:0c:66:93:60:74:d8:
         9c:94:0e:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCbqKMcbXC60ssmNN4/foDPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwNzEwMDgwMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmY4Y2NhOWVhODk4ZDRlMGEyZGVlOThlMWE3ZTdjYWE3MTNkMjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BSl/9ZtfD8drvQN2Z3R7ZXpgBCV
Qcbpu55PzZuYZ5CVxs/Sg9Ixod3Zk7pA0GCy4GaN3kuE9WZa4kTZf2xLFVsmENNp
gkKc585YKRiv371BPleu8zOpO4pwPEEtp/s2XULl8xAp+QMMWtmsCNWQrrjGvE0w
0yyMgJ6gphbFLZmPu7Xhm2mxVltNEi1XZzIK0sWIZPPAxJtfFvalNQpgw8V/tTOT
4iR3C+kiJ6JFs+xwcN2bx3mXjmwN+69AIMDw1tqBtzzThNqofR5U2sS6tW38ueHl
msu3fDilMpe8kzthaV9dzL+UDwXCoILx1yrClr6n0SJGRAyXm5CyMTkD0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEb4zKnqiY1OCi3umOGn58qnE9IqMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvUnZqTXFlcUpqVTRLTGU2WTRhZm55cWNUMGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRvKMA0G
CSqGSIb3DQEBCwUAA4IBAQCXPBDhdutb8LMZ9mMdZ4nqO+LLVtOlVpDFf5d0L7yl
085LHMFuBp+3RfQ6UOtzJvZltJDdymqkz3ogSIXavaSjVvy+pWMTf+KKvQjFIRUb
Vy5sjDH+ENV6ScPS56y6++q3Kq7+RriLiYH3ANIzIWHhS8BAMKDpLqrjeAOp5sCR
fA/8x08u/loGdMq9pRgT/FGPKF7Mkyiky4nsHnYmKQMGsF6CbsGrwV/Jr1PZb3hO
qtOifiyh1SC99ap/LtSCrwG1vaCYvCE4uFxjbXGsQk8zLatrWIToxVVAc/cuULsb
yfvLsTwGlCEiFNIElwDA+MUX8Du7Ec8MZpNgdNiclA5P
-----END CERTIFICATE-----