Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/A27u4uaTW6Wfn1YJN7sriqWyvlY.roa
File:                     A27u4uaTW6Wfn1YJN7sriqWyvlY.roa (raw, json)
Hash identifier:          eRUT0mnKKp1D1eZhZRZxpjyCM3yHa+jgOt2PMVH/I+o=
Subject key identifier:   03:6E:EE:E2:E6:93:5B:A5:9F:9F:56:09:37:BB:2B:8A:A5:B2:BE:56
Certificate issuer:       /CN=bcaf8ba59f7a3c5d00fe0ad4564d80524df7fa90
Certificate serial:       019421B2293F116ECA90D8B445292317425C
Authority key identifier: BC:AF:8B:A5:9F:7A:3C:5D:00:FE:0A:D4:56:4D:80:52:4D:F7:FA:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vK-LpZ96PF0A_grUVk2AUk33-pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/A27u4uaTW6Wfn1YJN7sriqWyvlY.roa
Signing time:             Wed 01 Jan 2025 11:48:31 +0000
ROA not before:           Wed 01 Jan 2025 11:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31673
IP address blocks:        185.52.212.0/22 maxlen: 24
                          2a01:baa0::/32 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/vK-LpZ96PF0A_grUVk2AUk33-pA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/vK-LpZ96PF0A_grUVk2AUk33-pA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vK-LpZ96PF0A_grUVk2AUk33-pA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:29:3f:11:6e:ca:90:d8:b4:45:29:23:17:42:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcaf8ba59f7a3c5d00fe0ad4564d80524df7fa90
        Validity
            Not Before: Jan  1 11:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=036eeee2e6935ba59f9f560937bb2b8aa5b2be56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0e:cd:97:54:2f:60:a4:f5:a7:5f:31:4f:00:
                    bc:43:48:ad:46:f7:dd:6f:6f:62:5c:41:e7:0c:8a:
                    6d:6c:c6:d0:c4:eb:d6:86:0f:57:07:f9:d2:dd:56:
                    92:6f:58:e4:a5:3d:ca:25:81:c0:f1:62:5f:44:64:
                    69:ea:ed:72:16:6b:ce:f5:f5:78:25:dc:da:34:5c:
                    1f:d6:8e:c0:6a:2d:cd:10:50:09:43:a0:74:5b:d8:
                    3f:6f:6e:51:6f:cb:06:9a:a6:40:70:c2:3a:98:77:
                    15:66:89:46:33:a6:50:31:e4:2e:d2:e6:0f:ed:d6:
                    f5:f0:9d:c2:24:58:a0:e7:a8:94:eb:e1:eb:0b:c2:
                    72:4e:99:b3:78:a4:f5:e8:84:12:5a:01:e3:a9:ec:
                    1c:13:5a:f6:80:0c:e3:9c:cd:36:49:e9:c8:d6:d3:
                    b1:18:6b:47:38:80:72:6e:54:31:b6:a9:26:20:73:
                    c8:5c:42:ce:87:16:c5:e7:32:69:08:ac:96:99:21:
                    3f:fb:71:71:6e:dc:bc:79:14:50:f2:64:b4:7f:c3:
                    33:ec:95:80:4b:dc:27:6b:70:66:37:0f:d9:8a:14:
                    4e:f0:e8:55:6d:a5:87:58:1b:b9:4a:b7:00:6c:e7:
                    cd:83:67:d2:45:7d:60:1f:db:38:f7:d8:4b:14:63:
                    c1:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:6E:EE:E2:E6:93:5B:A5:9F:9F:56:09:37:BB:2B:8A:A5:B2:BE:56
            X509v3 Authority Key Identifier:
                keyid:BC:AF:8B:A5:9F:7A:3C:5D:00:FE:0A:D4:56:4D:80:52:4D:F7:FA:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vK-LpZ96PF0A_grUVk2AUk33-pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/A27u4uaTW6Wfn1YJN7sriqWyvlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d07e9e-132a-48e2-9538-902aec440464/1/vK-LpZ96PF0A_grUVk2AUk33-pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.212.0/22
                IPv6:
                  2a01:baa0::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:a8:a0:f1:b8:6e:2e:bf:10:a6:9e:0d:c5:9a:51:0d:5a:43:
         3e:21:39:30:b5:a1:10:1d:6d:04:d6:ed:61:05:af:ba:2f:54:
         04:c5:c7:d4:ed:72:81:3f:e3:51:4c:23:39:ac:17:01:bd:30:
         c4:95:9a:8f:20:ab:68:40:01:fc:5a:f6:76:95:6b:81:cb:3b:
         26:be:03:7f:41:8c:d9:1d:03:d2:ea:64:e1:fe:79:f7:de:c5:
         a4:f9:35:8c:45:8a:5b:dc:a8:1f:23:34:df:3b:53:09:92:65:
         47:38:33:00:20:9c:de:e8:69:a5:f1:ba:ad:cc:4b:ac:db:32:
         c8:c7:b0:8c:9a:d8:20:5c:72:4b:7c:92:e9:1d:50:8e:bc:3f:
         6e:97:07:61:57:9a:ca:54:b9:81:c3:3e:2d:53:d0:ff:d4:f7:
         9c:ef:a9:18:ba:89:69:86:4a:53:e1:b7:f1:6e:d7:98:7a:1e:
         83:60:61:9b:4e:e6:c2:1d:e0:91:da:a9:ea:7a:04:fc:c3:45:
         08:0a:f2:6b:f7:76:e2:52:e6:6a:74:f9:83:b0:36:f6:12:71:
         d2:83:e5:86:d3:c4:05:f5:e7:8a:5d:42:94:f5:8d:65:09:9f:
         ca:70:20:a7:ce:da:a3:4b:97:ee:0c:2a:8a:e8:3d:d8:52:71:
         17:ce:f6:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsik/EW7KkNi0RSkjF0JcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjYWY4YmE1OWY3YTNjNWQwMGZlMGFkNDU2NGQ4MDUyNGRm
N2ZhOTAwHhcNMjUwMTAxMTE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzZlZWVlMmU2OTM1YmE1OWY5ZjU2MDkzN2JiMmI4YWE1YjJiZTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyg7Nl1QvYKT1p18xTwC8Q0itRvfd
b29iXEHnDIptbMbQxOvWhg9XB/nS3VaSb1jkpT3KJYHA8WJfRGRp6u1yFmvO9fV4
JdzaNFwf1o7Aai3NEFAJQ6B0W9g/b25Rb8sGmqZAcMI6mHcVZolGM6ZQMeQu0uYP
7db18J3CJFig56iU6+HrC8JyTpmzeKT16IQSWgHjqewcE1r2gAzjnM02SenI1tOx
GGtHOIByblQxtqkmIHPIXELOhxbF5zJpCKyWmSE/+3Fxbty8eRRQ8mS0f8Mz7JWA
S9wna3BmNw/ZihRO8OhVbaWHWBu5SrcAbOfNg2fSRX1gH9s499hLFGPBswIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFANu7uLmk1uln59WCTe7K4qlsr5WMB8GA1UdIwQY
MBaAFLyvi6WfejxdAP4K1FZNgFJN9/qQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkstTHBaOTZQRjBBX2dyVVZrMkFVazMzLXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kMDdlOWUtMTMyYS00OGUyLTk1Mzgt
OTAyYWVjNDQwNDY0LzEvQTI3dTR1YVRXNldmbjFZSk43c3JpcVd5dmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kMDdlOWUtMTMyYS00OGUyLTk1MzgtOTAyYWVjNDQwNDY0
LzEvdkstTHBaOTZQRjBBX2dyVVZrMkFVazMzLXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTTUMA0E
AgACMAcDBQAqAbqgMA0GCSqGSIb3DQEBCwUAA4IBAQCCqKDxuG4uvxCmng3FmlEN
WkM+ITkwtaEQHW0E1u1hBa+6L1QExcfU7XKBP+NRTCM5rBcBvTDElZqPIKtoQAH8
WvZ2lWuByzsmvgN/QYzZHQPS6mTh/nn33sWk+TWMRYpb3KgfIzTfO1MJkmVHODMA
IJze6Gml8bqtzEus2zLIx7CMmtggXHJLfJLpHVCOvD9ulwdhV5rKVLmBwz4tU9D/
1Pec76kYuolphkpT4bfxbteYeh6DYGGbTubCHeCR2qnqegT8w0UICvJr93biUuZq
dPmDsDb2EnHSg+WG08QF9eeKXUKU9Y1lCZ/KcCCnztqjS5fuDCqK6D3YUnEXzvZD
-----END CERTIFICATE-----