Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/d1837a-606e-4180-a7f0-728e0dfb840d/1/3PhEpra73rPdyQ5Ye9g59msFyRQ.roa
File:                     3PhEpra73rPdyQ5Ye9g59msFyRQ.roa (raw, json)
Hash identifier:          CZ/Z/E34zji5y3cxLZh0KN0nRSV3LzX6+OxR+Mdf23w=
Subject key identifier:   DC:F8:44:A6:B6:BB:DE:B3:DD:C9:0E:58:7B:D8:39:F6:6B:05:C9:14
Certificate issuer:       /CN=a4ad23f6dce4d9683c2a4943bd37c17335c7618a
Certificate serial:       018CC2DAE7145557FAFB7B062AA78491AFF6
Authority key identifier: A4:AD:23:F6:DC:E4:D9:68:3C:2A:49:43:BD:37:C1:73:35:C7:61:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pK0j9tzk2Wg8KklDvTfBczXHYYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/d1837a-606e-4180-a7f0-728e0dfb840d/1/3PhEpra73rPdyQ5Ye9g59msFyRQ.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8278
IP address blocks:        147.27.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/d1837a-606e-4180-a7f0-728e0dfb840d/1/pK0j9tzk2Wg8KklDvTfBczXHYYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/d1837a-606e-4180-a7f0-728e0dfb840d/1/pK0j9tzk2Wg8KklDvTfBczXHYYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pK0j9tzk2Wg8KklDvTfBczXHYYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 17:29:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e7:14:55:57:fa:fb:7b:06:2a:a7:84:91:af:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4ad23f6dce4d9683c2a4943bd37c17335c7618a
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcf844a6b6bbdeb3ddc90e587bd839f66b05c914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e9:fa:d3:50:fe:d4:90:5c:57:b5:e7:26:4d:
                    ca:35:5e:e8:3c:5d:d1:2c:6e:45:9e:7b:ce:ce:c6:
                    85:d2:2a:60:87:88:b9:3e:f8:a6:ae:e1:de:e0:98:
                    06:28:0e:ab:52:95:77:c2:6e:70:54:85:02:0c:8f:
                    14:8e:95:aa:35:13:62:b0:43:61:d8:1d:d1:e2:e4:
                    59:a2:b6:44:a0:c9:fa:ff:4c:33:75:7d:d6:24:22:
                    f3:58:07:0d:b0:6b:49:59:80:75:51:ec:15:0d:14:
                    7f:42:29:44:a0:8b:aa:13:f8:79:a5:b7:79:4b:8a:
                    3a:44:0b:32:88:b1:f2:a0:50:02:79:88:0e:ca:0f:
                    2f:97:02:f1:4d:e4:1c:44:96:0f:a1:f9:62:b7:1c:
                    fb:e6:16:9a:26:b9:99:93:c2:35:f3:ab:dd:d1:86:
                    e5:bc:ca:85:8f:b3:bf:77:b5:75:e0:11:51:3d:df:
                    32:50:35:e0:5a:35:f2:b5:6d:8f:63:8c:db:7b:bc:
                    02:d6:0d:db:65:d2:2e:a1:31:02:cb:38:ea:46:ba:
                    04:5e:d7:56:03:a5:0b:95:54:b1:03:97:b8:c3:3b:
                    d5:54:4b:b6:3f:d6:af:b3:9b:23:5f:73:ca:aa:e8:
                    02:1e:c8:9c:e3:8c:47:26:e6:86:d0:fd:e7:d7:15:
                    b5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:F8:44:A6:B6:BB:DE:B3:DD:C9:0E:58:7B:D8:39:F6:6B:05:C9:14
            X509v3 Authority Key Identifier:
                keyid:A4:AD:23:F6:DC:E4:D9:68:3C:2A:49:43:BD:37:C1:73:35:C7:61:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pK0j9tzk2Wg8KklDvTfBczXHYYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d1837a-606e-4180-a7f0-728e0dfb840d/1/3PhEpra73rPdyQ5Ye9g59msFyRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d1837a-606e-4180-a7f0-728e0dfb840d/1/pK0j9tzk2Wg8KklDvTfBczXHYYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.27.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         81:49:d9:ad:64:bf:cc:66:8a:c3:d2:ef:43:52:55:4a:9d:ab:
         77:4d:06:23:7e:7a:2a:7d:8d:3b:13:88:c8:b8:8e:28:c2:bf:
         ee:26:b9:61:b3:59:42:0a:d4:92:4e:73:c0:1a:8b:80:10:dd:
         04:9c:31:48:46:12:04:6f:c7:ea:40:96:43:74:46:6a:ba:ff:
         72:26:ac:82:cc:8c:44:5b:b6:41:ec:70:e8:de:7d:34:cd:b3:
         25:1f:51:ba:15:79:cb:8a:7c:c9:8e:75:ad:39:c4:b6:2b:b0:
         00:a9:e5:95:ad:33:69:08:0f:eb:51:59:06:2f:a4:02:1a:d0:
         65:b9:a3:48:51:42:da:96:b5:92:7c:cd:d5:4b:29:98:5e:5c:
         eb:0b:93:84:73:fe:78:d5:30:66:d2:bd:7e:fe:22:a2:b3:e6:
         72:e6:c6:3f:9c:24:7f:0b:b3:7e:c3:bd:74:30:f0:4d:14:73:
         73:6a:ea:a3:88:ca:c0:03:76:c6:17:52:14:6e:47:06:44:47:
         e8:f8:ea:9d:7b:3d:2e:ea:ea:ff:69:08:3b:76:4c:31:3e:69:
         be:25:5b:8c:14:12:0f:74:5d:80:7a:83:e1:8c:b0:e3:a6:a0:
         e7:35:9a:78:22:98:ef:bf:4a:e6:7a:7d:1f:94:a7:72:97:8e:
         6c:93:22:9b
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzC2ucUVVf6+3sGKqeEka/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YWQyM2Y2ZGNlNGQ5NjgzYzJhNDk0M2JkMzdjMTczMzVj
NzYxOGEwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Y4NDRhNmI2YmJkZWIzZGRjOTBlNTg3YmQ4MzlmNjZiMDVjOTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnen601D+1JBcV7XnJk3KNV7oPF3R
LG5FnnvOzsaF0ipgh4i5PvimruHe4JgGKA6rUpV3wm5wVIUCDI8UjpWqNRNisENh
2B3R4uRZorZEoMn6/0wzdX3WJCLzWAcNsGtJWYB1UewVDRR/QilEoIuqE/h5pbd5
S4o6RAsyiLHyoFACeYgOyg8vlwLxTeQcRJYPoflitxz75haaJrmZk8I186vd0Ybl
vMqFj7O/d7V14BFRPd8yUDXgWjXytW2PY4zbe7wC1g3bZdIuoTECyzjqRroEXtdW
A6ULlVSxA5e4wzvVVEu2P9avs5sjX3PKqugCHsic44xHJuaG0P3n1xW1LQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNz4RKa2u96z3ckOWHvYOfZrBckUMB8GA1UdIwQY
MBaAFKStI/bc5NloPCpJQ703wXM1x2GKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEswajl0emsyV2c4S2tsRHZUZkJjelhIWVlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9kMTgzN2EtNjA2ZS00MTgwLWE3ZjAt
NzI4ZTBkZmI4NDBkLzEvM1BoRXByYTczclBkeVE1WWU5ZzU5bXNGeVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9kMTgzN2EtNjA2ZS00MTgwLWE3ZjAtNzI4ZTBkZmI4NDBk
LzEvcEswajl0emsyV2c4S2tsRHZUZkJjelhIWVlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkxswDQYJ
KoZIhvcNAQELBQADggEBAIFJ2a1kv8xmisPS70NSVUqdq3dNBiN+eip9jTsTiMi4
jijCv+4muWGzWUIK1JJOc8Aai4AQ3QScMUhGEgRvx+pAlkN0Rmq6/3ImrILMjERb
tkHscOjefTTNsyUfUboVecuKfMmOda05xLYrsACp5ZWtM2kID+tRWQYvpAIa0GW5
o0hRQtqWtZJ8zdVLKZheXOsLk4Rz/njVMGbSvX7+IqKz5nLmxj+cJH8Ls37DvXQw
8E0Uc3Nq6qOIysADdsYXUhRuRwZER+j46p17PS7q6v9pCDt2TDE+ab4lW4wUEg90
XYB6g+GMsOOmoOc1mngimO+/SuZ6fR+Up3KXjmyTIps=
-----END CERTIFICATE-----