Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/9zvAjm-ZPEH2sdLMlDlct7YTGBk.roa
File:                     9zvAjm-ZPEH2sdLMlDlct7YTGBk.roa (raw, json)
Hash identifier:          Y5u4sKKNnZq18tS+cuPacrQsRG26cI1q3aZu1dqzxFQ=
Subject key identifier:   F7:3B:C0:8E:6F:99:3C:41:F6:B1:D2:CC:94:39:5C:B7:B6:13:18:19
Certificate issuer:       /CN=27f5180f9b93ae7573c08a894bd452bd77ce56cd
Certificate serial:       018CCA2B4891E9D0AD137A02B30F3F224991
Authority key identifier: 27:F5:18:0F:9B:93:AE:75:73:C0:8A:89:4B:D4:52:BD:77:CE:56:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/9zvAjm-ZPEH2sdLMlDlct7YTGBk.roa
Signing time:             Tue 02 Jan 2024 12:34:43 +0000
ROA not before:           Tue 02 Jan 2024 12:34:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20546
IP address blocks:        213.189.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:48:91:e9:d0:ad:13:7a:02:b3:0f:3f:22:49:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27f5180f9b93ae7573c08a894bd452bd77ce56cd
        Validity
            Not Before: Jan  2 12:34:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f73bc08e6f993c41f6b1d2cc94395cb7b6131819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:27:02:96:0d:ee:55:79:0b:a7:0e:9f:55:a5:
                    7a:b0:4a:f6:ee:f7:df:ef:0b:6b:b7:03:9c:3a:4e:
                    0b:ee:91:bd:88:59:a9:f0:f7:ce:81:ed:20:ac:01:
                    a1:e5:db:c1:b4:1d:09:b5:56:2e:a9:2b:74:b8:ab:
                    cf:0a:ed:03:f7:6b:0d:b5:5f:f9:04:34:cd:c7:e5:
                    ad:d8:35:34:f4:7a:31:63:00:d4:47:e3:90:cd:90:
                    ec:92:43:43:91:69:07:9b:b4:a2:ce:19:76:f6:e3:
                    ac:b4:87:8d:98:ab:c9:e3:a1:c0:50:19:0f:f5:fa:
                    6c:3b:e6:ee:4b:ef:8d:61:31:eb:08:91:53:ea:82:
                    bb:c5:0d:5a:8d:1b:5b:be:7f:71:ac:d2:b5:52:d6:
                    75:c7:74:db:74:7e:39:76:c7:26:4f:9d:bf:f2:08:
                    ca:de:09:ad:8c:57:5d:cc:aa:ff:dd:32:6f:94:7d:
                    aa:5a:fa:b8:d8:93:02:c1:30:68:9f:29:b5:b0:cb:
                    81:07:46:e6:70:f0:9d:a2:ad:66:72:8c:38:16:4a:
                    e5:3c:f6:91:63:28:b1:dc:a1:2f:c9:9c:0d:25:a9:
                    24:3b:3e:82:ee:52:38:1b:13:dc:f8:bf:d5:fb:5b:
                    85:08:09:21:66:97:24:ba:a7:c2:c5:6a:3e:b2:86:
                    9c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:3B:C0:8E:6F:99:3C:41:F6:B1:D2:CC:94:39:5C:B7:B6:13:18:19
            X509v3 Authority Key Identifier:
                keyid:27:F5:18:0F:9B:93:AE:75:73:C0:8A:89:4B:D4:52:BD:77:CE:56:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/9zvAjm-ZPEH2sdLMlDlct7YTGBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.189.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:ac:ac:d7:9b:65:7a:d6:dd:59:c4:41:a1:f3:56:60:40:60:
         7f:1a:3c:cd:dc:0f:4d:29:c6:ad:92:62:08:8a:ec:ca:78:c9:
         dc:eb:92:53:92:f7:c4:ea:f2:4d:52:3f:89:c4:39:d4:37:bd:
         f1:71:f7:a8:f4:c5:5b:51:34:67:05:43:f4:92:8d:2b:0d:b8:
         55:df:b8:07:fd:01:36:67:de:6c:1e:dc:17:19:d5:fd:a5:2a:
         10:16:46:06:56:3c:ac:66:79:37:7d:b1:6b:7e:e9:44:00:c1:
         a5:47:1d:6a:e1:20:95:dc:0c:b7:96:45:87:fc:b8:60:ad:f6:
         b8:27:c2:cc:6f:ec:c8:48:76:83:bd:3d:67:ec:b4:cc:58:97:
         c0:67:ce:55:fe:ba:25:1d:cd:03:93:5e:b1:4f:68:b5:f6:88:
         7b:7a:e5:dc:dc:d9:1d:df:9a:a2:fc:f5:80:02:af:11:6e:8c:
         5c:23:6d:4e:c5:91:74:24:42:3c:ba:6c:68:51:7b:0b:0c:37:
         2c:93:e4:84:59:1b:ce:58:e1:7e:0d:a8:b3:d4:74:12:66:d9:
         8b:47:6c:78:4e:9f:01:2c:2b:cc:90:f5:61:ae:db:17:e1:8d:
         26:de:bd:d0:77:4b:92:dc:a7:19:fb:74:17:28:ea:85:49:8f:
         af:80:a7:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK0iR6dCtE3oCsw8/IkmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZjUxODBmOWI5M2FlNzU3M2MwOGE4OTRiZDQ1MmJkNzdj
ZTU2Y2QwHhcNMjQwMTAyMTIzNDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzNiYzA4ZTZmOTkzYzQxZjZiMWQyY2M5NDM5NWNiN2I2MTMxODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoicClg3uVXkLpw6fVaV6sEr27vff
7wtrtwOcOk4L7pG9iFmp8PfOge0grAGh5dvBtB0JtVYuqSt0uKvPCu0D92sNtV/5
BDTNx+Wt2DU09HoxYwDUR+OQzZDskkNDkWkHm7Sizhl29uOstIeNmKvJ46HAUBkP
9fpsO+buS++NYTHrCJFT6oK7xQ1ajRtbvn9xrNK1UtZ1x3TbdH45dscmT52/8gjK
3gmtjFddzKr/3TJvlH2qWvq42JMCwTBonym1sMuBB0bmcPCdoq1mcow4FkrlPPaR
Yyix3KEvyZwNJakkOz6C7lI4GxPc+L/V+1uFCAkhZpckuqfCxWo+soacgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPc7wI5vmTxB9rHSzJQ5XLe2ExgZMB8GA1UdIwQY
MBaAFCf1GA+bk651c8CKiUvUUr13zlbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl9VWUQ1dVRyblZ6d0lxSlM5UlN2WGZPVnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9lMWI4NGItMzlhNi00YWM4LWJlNjMt
MzBmZWUyN2U4NGNiLzEvOXp2QWptLVpQRUgyc2RMTWxEbGN0N1lUR0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9lMWI4NGItMzlhNi00YWM4LWJlNjMtMzBmZWUyN2U4NGNi
LzEvSl9VWUQ1dVRyblZ6d0lxSlM5UlN2WGZPVnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1b2TMA0G
CSqGSIb3DQEBCwUAA4IBAQAUrKzXm2V61t1ZxEGh81ZgQGB/GjzN3A9NKcatkmII
iuzKeMnc65JTkvfE6vJNUj+JxDnUN73xcfeo9MVbUTRnBUP0ko0rDbhV37gH/QE2
Z95sHtwXGdX9pSoQFkYGVjysZnk3fbFrfulEAMGlRx1q4SCV3Ay3lkWH/Lhgrfa4
J8LMb+zISHaDvT1n7LTMWJfAZ85V/rolHc0Dk16xT2i19oh7euXc3Nkd35qi/PWA
Aq8RboxcI21OxZF0JEI8umxoUXsLDDcsk+SEWRvOWOF+Daiz1HQSZtmLR2x4Tp8B
LCvMkPVhrtsX4Y0m3r3Qd0uS3KcZ+3QXKOqFSY+vgKdX
-----END CERTIFICATE-----