Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/FatPJwpZHfEbtT0eFK3yNZMZF30.roa
File:                     FatPJwpZHfEbtT0eFK3yNZMZF30.roa (raw, json)
Hash identifier:          Fn0WP6HFlcZuCrRztdWK/1GUngEcj+yyw8+kLGWfN6E=
Subject key identifier:   15:AB:4F:27:0A:59:1D:F1:1B:B5:3D:1E:14:AD:F2:35:93:19:17:7D
Certificate issuer:       /CN=27f5180f9b93ae7573c08a894bd452bd77ce56cd
Certificate serial:       018CCA2B472CA9C096FAF3FA6D86FC1D4302
Authority key identifier: 27:F5:18:0F:9B:93:AE:75:73:C0:8A:89:4B:D4:52:BD:77:CE:56:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/FatPJwpZHfEbtT0eFK3yNZMZF30.roa
Signing time:             Tue 02 Jan 2024 12:34:43 +0000
ROA not before:           Tue 02 Jan 2024 12:34:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        5.252.136.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:47:2c:a9:c0:96:fa:f3:fa:6d:86:fc:1d:43:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27f5180f9b93ae7573c08a894bd452bd77ce56cd
        Validity
            Not Before: Jan  2 12:34:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15ab4f270a591df11bb53d1e14adf2359319177d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:bc:a4:de:6e:5d:9c:f8:88:b8:e5:ef:ef:d5:
                    64:db:c6:89:30:a7:33:df:24:d8:19:f9:e5:63:e0:
                    60:fe:5a:8a:66:2f:07:49:5e:0e:c7:f8:75:4a:a9:
                    d8:43:78:24:ba:2f:1f:28:dc:d8:aa:08:17:8f:b0:
                    02:9d:e3:59:dd:56:8c:f9:89:2a:bd:36:7f:ca:d3:
                    cf:e9:8b:f6:15:1b:6b:3e:76:01:9d:1e:de:de:74:
                    8e:38:15:20:c6:2c:02:99:6b:e4:6e:16:67:db:42:
                    05:5d:97:a4:91:cb:7e:8a:fb:53:41:b1:58:50:f4:
                    77:21:24:e2:47:f9:3e:f9:5f:77:fb:6c:df:72:c6:
                    a4:e0:17:48:90:6e:11:a4:d8:5f:9b:d9:24:91:e5:
                    b0:f8:e5:fa:14:8a:5a:a5:53:ec:e8:cf:b6:e5:4c:
                    1d:21:04:4d:5f:f4:30:15:77:64:8c:5e:f4:ff:af:
                    6c:d7:9e:31:27:6a:ec:d8:ff:da:99:db:fc:ce:e2:
                    40:4a:b4:e6:b4:62:0c:f1:95:a5:4d:7a:c3:1c:95:
                    3e:0f:0d:0c:84:c2:47:e8:07:29:43:20:7a:fb:01:
                    c8:17:ca:8d:dc:61:9b:36:53:5d:a7:2e:c2:22:ae:
                    e6:bc:c5:40:9a:ca:a8:7b:14:6b:bc:d5:64:5f:ae:
                    ee:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:AB:4F:27:0A:59:1D:F1:1B:B5:3D:1E:14:AD:F2:35:93:19:17:7D
            X509v3 Authority Key Identifier:
                keyid:27:F5:18:0F:9B:93:AE:75:73:C0:8A:89:4B:D4:52:BD:77:CE:56:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/FatPJwpZHfEbtT0eFK3yNZMZF30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:09:c8:c2:1b:b9:a8:fd:1e:7a:40:9b:0f:04:7f:d3:15:22:
         07:d8:09:d6:5f:64:91:67:35:b7:1f:4d:2c:e1:07:4e:b0:e7:
         53:54:14:5c:69:0a:98:6f:f4:86:66:0f:3b:06:ca:56:70:21:
         d6:e5:17:5e:37:0d:9c:23:68:92:3f:c8:3d:33:ae:f0:20:be:
         a7:4d:a8:ac:72:d2:8f:3d:a7:80:e2:f8:1e:33:90:d0:e1:18:
         a5:2a:33:9e:45:ea:58:99:62:66:21:5a:05:e4:92:1d:d1:1f:
         3c:7b:d5:0e:e9:59:83:7a:01:5e:5c:aa:55:47:01:7f:b6:24:
         ef:7d:a5:37:b1:8b:71:9a:f8:d9:fd:e8:d5:53:ad:6a:a1:99:
         43:48:ef:bc:91:df:fb:80:48:6c:ee:eb:66:67:fd:c5:c7:a0:
         12:83:34:2c:74:db:a2:58:12:93:07:4a:72:d2:34:90:ce:41:
         ba:72:02:78:30:7d:1d:07:49:92:43:54:b2:12:8d:05:f6:4a:
         3b:92:37:72:07:30:92:22:d4:2b:50:a5:7d:af:a0:73:4f:3d:
         2b:9d:ef:ef:0c:98:59:94:7b:ab:b8:b2:89:c9:1c:d0:b1:62:
         63:f4:15:67:df:29:32:fb:6c:17:9e:2a:59:43:85:27:90:15:
         39:b1:82:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK0csqcCW+vP6bYb8HUMCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZjUxODBmOWI5M2FlNzU3M2MwOGE4OTRiZDQ1MmJkNzdj
ZTU2Y2QwHhcNMjQwMTAyMTIzNDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWFiNGYyNzBhNTkxZGYxMWJiNTNkMWUxNGFkZjIzNTkzMTkxNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Lyk3m5dnPiIuOXv79Vk28aJMKcz
3yTYGfnlY+Bg/lqKZi8HSV4Ox/h1SqnYQ3gkui8fKNzYqggXj7ACneNZ3VaM+Ykq
vTZ/ytPP6Yv2FRtrPnYBnR7e3nSOOBUgxiwCmWvkbhZn20IFXZekkct+ivtTQbFY
UPR3ISTiR/k++V93+2zfcsak4BdIkG4RpNhfm9kkkeWw+OX6FIpapVPs6M+25Uwd
IQRNX/QwFXdkjF70/69s154xJ2rs2P/amdv8zuJASrTmtGIM8ZWlTXrDHJU+Dw0M
hMJH6AcpQyB6+wHIF8qN3GGbNlNdpy7CIq7mvMVAmsqoexRrvNVkX67u9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWrTycKWR3xG7U9HhSt8jWTGRd9MB8GA1UdIwQY
MBaAFCf1GA+bk651c8CKiUvUUr13zlbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl9VWUQ1dVRyblZ6d0lxSlM5UlN2WGZPVnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9lMWI4NGItMzlhNi00YWM4LWJlNjMt
MzBmZWUyN2U4NGNiLzEvRmF0UEp3cFpIZkVidFQwZUZLM3lOWk1aRjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9lMWI4NGItMzlhNi00YWM4LWJlNjMtMzBmZWUyN2U4NGNi
LzEvSl9VWUQ1dVRyblZ6d0lxSlM5UlN2WGZPVnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfyIMA0G
CSqGSIb3DQEBCwUAA4IBAQB1CcjCG7mo/R56QJsPBH/TFSIH2AnWX2SRZzW3H00s
4QdOsOdTVBRcaQqYb/SGZg87BspWcCHW5RdeNw2cI2iSP8g9M67wIL6nTaisctKP
PaeA4vgeM5DQ4RilKjOeRepYmWJmIVoF5JId0R88e9UO6VmDegFeXKpVRwF/tiTv
faU3sYtxmvjZ/ejVU61qoZlDSO+8kd/7gEhs7utmZ/3Fx6ASgzQsdNuiWBKTB0py
0jSQzkG6cgJ4MH0dB0mSQ1SyEo0F9ko7kjdyBzCSItQrUKV9r6BzTz0rne/vDJhZ
lHuruLKJyRzQsWJj9BVn3yky+2wXnipZQ4UnkBU5sYJP
-----END CERTIFICATE-----