Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/832147-310e-4bb5-99da-e99a8dc30255/1/OOrlalvIF5AE5LysiL3bA0gTuCY.roa
File:                     OOrlalvIF5AE5LysiL3bA0gTuCY.roa (raw, json)
Hash identifier:          Ng2e3EF9rSmUcTtBtLX/BsZQdqGivy4Ybb+dEiSYwq0=
Subject key identifier:   38:EA:E5:6A:5B:C8:17:90:04:E4:BC:AC:88:BD:DB:03:48:13:B8:26
Certificate issuer:       /CN=27d54e4a788d6967a2eef3a6692622626f54efad
Certificate serial:       018CC94D98D45229C72B85D4B86E1D67809C
Authority key identifier: 27:D5:4E:4A:78:8D:69:67:A2:EE:F3:A6:69:26:22:62:6F:54:EF:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J9VOSniNaWei7vOmaSYiYm9U760.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/832147-310e-4bb5-99da-e99a8dc30255/1/OOrlalvIF5AE5LysiL3bA0gTuCY.roa
Signing time:             Tue 02 Jan 2024 08:32:34 +0000
ROA not before:           Tue 02 Jan 2024 08:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59853
IP address blocks:        185.156.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/832147-310e-4bb5-99da-e99a8dc30255/1/J9VOSniNaWei7vOmaSYiYm9U760.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/832147-310e-4bb5-99da-e99a8dc30255/1/J9VOSniNaWei7vOmaSYiYm9U760.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J9VOSniNaWei7vOmaSYiYm9U760.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:98:d4:52:29:c7:2b:85:d4:b8:6e:1d:67:80:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27d54e4a788d6967a2eef3a6692622626f54efad
        Validity
            Not Before: Jan  2 08:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38eae56a5bc8179004e4bcac88bddb034813b826
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:27:46:1f:e6:0e:14:87:b0:49:f8:5d:86:6e:
                    d0:f5:bb:73:37:ca:f3:84:6f:f7:13:ca:34:b9:7a:
                    78:54:2b:17:e2:df:7b:c4:fe:3c:60:b3:a1:6c:52:
                    22:e8:ff:49:b6:56:f0:25:1a:50:22:9f:5a:48:4a:
                    ea:a4:4e:12:66:38:d1:79:9a:f1:1b:8e:85:3b:b7:
                    12:52:ca:6a:ef:de:a0:e0:e1:51:42:98:7f:ec:4d:
                    19:3e:34:dd:cf:44:87:6b:8b:d0:c0:c8:30:da:0f:
                    01:eb:3d:09:20:7b:5a:e1:40:37:6e:41:5c:28:54:
                    4b:aa:03:5d:12:cf:dd:8a:34:62:7b:ad:9d:58:ed:
                    d3:68:09:74:5b:b9:47:75:ee:dc:7d:22:c1:35:64:
                    13:93:c1:a7:b1:e7:af:0c:78:a9:51:19:25:dd:eb:
                    49:48:11:b2:47:99:51:10:ef:0d:f8:39:f4:32:90:
                    ac:71:ed:24:71:77:73:e0:d3:6a:ac:c6:67:9e:cf:
                    23:f1:7b:cf:da:31:45:07:97:86:d9:fc:d2:49:2a:
                    d1:92:cb:6e:e1:0e:2e:4a:48:58:b2:ea:7e:76:a1:
                    3c:fb:e0:a7:21:70:ce:43:e0:00:a2:04:82:e2:8d:
                    aa:c5:10:0d:40:ef:4a:0a:db:ce:2c:fe:05:3d:35:
                    73:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:EA:E5:6A:5B:C8:17:90:04:E4:BC:AC:88:BD:DB:03:48:13:B8:26
            X509v3 Authority Key Identifier:
                keyid:27:D5:4E:4A:78:8D:69:67:A2:EE:F3:A6:69:26:22:62:6F:54:EF:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J9VOSniNaWei7vOmaSYiYm9U760.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/832147-310e-4bb5-99da-e99a8dc30255/1/OOrlalvIF5AE5LysiL3bA0gTuCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/832147-310e-4bb5-99da-e99a8dc30255/1/J9VOSniNaWei7vOmaSYiYm9U760.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:38:67:26:85:ea:89:0a:0f:9d:21:31:31:d5:3a:c6:ce:f0:
         cc:fd:75:7b:80:23:a4:4a:93:51:db:42:6a:e8:40:7c:02:e4:
         a1:39:bd:c7:f1:5e:a9:bf:e0:cf:d2:67:4e:2d:cc:06:14:c8:
         4a:61:db:8d:13:54:78:c8:ab:ff:1e:87:02:1a:30:78:f2:f3:
         ad:78:75:27:c3:27:12:df:c4:33:9a:c0:67:fd:d4:f3:24:e7:
         21:35:36:c3:ab:3e:38:11:bb:7b:81:51:c0:90:f7:2e:38:22:
         dd:79:cf:63:17:de:7b:3d:57:1f:25:07:4a:10:00:85:cf:a1:
         59:d4:70:1e:63:1a:43:89:22:8e:a4:59:f5:82:fb:22:ae:c8:
         2e:c9:d6:d4:a1:43:51:dd:fd:81:d0:ed:92:48:71:83:e0:9d:
         7f:46:ec:0f:be:88:24:fd:8c:eb:fc:24:24:f1:dc:4e:ee:72:
         df:4c:3b:33:3e:64:d3:0d:e9:a3:8c:59:f0:48:0e:ed:28:ec:
         3e:38:02:97:ab:b5:8a:ee:a1:46:ff:40:cc:44:db:19:32:19:
         db:31:62:e1:32:fe:f4:72:22:14:31:99:92:19:3a:8c:86:a7:
         da:58:38:f3:ee:74:68:08:7e:55:f2:d1:e9:cf:d0:86:06:5c:
         10:74:83:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTZjUUinHK4XUuG4dZ4CcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZDU0ZTRhNzg4ZDY5NjdhMmVlZjNhNjY5MjYyMjYyNmY1
NGVmYWQwHhcNMjQwMTAyMDgzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGVhZTU2YTViYzgxNzkwMDRlNGJjYWM4OGJkZGIwMzQ4MTNiODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlidGH+YOFIewSfhdhm7Q9btzN8rz
hG/3E8o0uXp4VCsX4t97xP48YLOhbFIi6P9JtlbwJRpQIp9aSErqpE4SZjjReZrx
G46FO7cSUspq796g4OFRQph/7E0ZPjTdz0SHa4vQwMgw2g8B6z0JIHta4UA3bkFc
KFRLqgNdEs/dijRie62dWO3TaAl0W7lHde7cfSLBNWQTk8GnseevDHipURkl3etJ
SBGyR5lREO8N+Dn0MpCsce0kcXdz4NNqrMZnns8j8XvP2jFFB5eG2fzSSSrRkstu
4Q4uSkhYsup+dqE8++CnIXDOQ+AAogSC4o2qxRANQO9KCtvOLP4FPTVzkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjq5WpbyBeQBOS8rIi92wNIE7gmMB8GA1UdIwQY
MBaAFCfVTkp4jWlnou7zpmkmImJvVO+tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjlWT1NuaU5hV2VpN3ZPbWFTWWlZbTlVNzYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84MzIxNDctMzEwZS00YmI1LTk5ZGEt
ZTk5YThkYzMwMjU1LzEvT09ybGFsdklGNUFFNUx5c2lMM2JBMGdUdUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84MzIxNDctMzEwZS00YmI1LTk5ZGEtZTk5YThkYzMwMjU1
LzEvSjlWT1NuaU5hV2VpN3ZPbWFTWWlZbTlVNzYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZwbMA0G
CSqGSIb3DQEBCwUAA4IBAQAZOGcmheqJCg+dITEx1TrGzvDM/XV7gCOkSpNR20Jq
6EB8AuShOb3H8V6pv+DP0mdOLcwGFMhKYduNE1R4yKv/HocCGjB48vOteHUnwycS
38QzmsBn/dTzJOchNTbDqz44Ebt7gVHAkPcuOCLdec9jF957PVcfJQdKEACFz6FZ
1HAeYxpDiSKOpFn1gvsirsguydbUoUNR3f2B0O2SSHGD4J1/RuwPvogk/Yzr/CQk
8dxO7nLfTDszPmTTDemjjFnwSA7tKOw+OAKXq7WK7qFG/0DMRNsZMhnbMWLhMv70
ciIUMZmSGTqMhqfaWDjz7nRoCH5V8tHpz9CGBlwQdINS
-----END CERTIFICATE-----