Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/27o8hRkwFDeORzNrMDHR52m8wAs.roa
File:                     27o8hRkwFDeORzNrMDHR52m8wAs.roa (raw, json)
Hash identifier:          w1XUYVSZKMDxH5IC+bgegmiD/DFW3+o8AVckN7TdjAM=
Subject key identifier:   DB:BA:3C:85:19:30:14:37:8E:47:33:6B:30:31:D1:E7:69:BC:C0:0B
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018F3D3B2349A6A8734D8305532126583885
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/27o8hRkwFDeORzNrMDHR52m8wAs.roa
Signing time:             Fri 03 May 2024 06:53:56 +0000
ROA not before:           Fri 03 May 2024 06:53:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214980
IP address blocks:        192.165.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3d:3b:23:49:a6:a8:73:4d:83:05:53:21:26:58:38:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: May  3 06:53:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbba3c85193014378e47336b3031d1e769bcc00b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:38:d5:80:49:fb:18:60:4b:71:3e:fe:18:76:
                    91:c4:99:d4:71:ed:d5:4e:e4:38:38:a1:61:72:7f:
                    9e:f5:cf:e6:81:0a:6b:ff:e4:a6:40:00:ee:c9:b6:
                    c8:2a:f2:63:5c:cb:cf:9f:0a:ac:b3:73:49:bd:25:
                    2c:b8:36:51:f5:8a:95:d4:5d:f7:c0:f0:6f:6f:93:
                    c6:61:82:b3:ba:85:3f:3b:3f:48:15:31:92:e3:42:
                    d5:6e:4b:e6:8d:0e:56:21:0d:da:22:92:69:bd:71:
                    62:3e:07:76:f0:cd:9e:e7:3e:49:23:57:ea:26:7b:
                    c5:73:25:e9:e9:c1:c7:43:f1:2d:e1:f1:19:fb:6b:
                    2f:4c:66:38:1c:df:c0:df:a6:a5:2f:69:a4:1d:24:
                    0d:0b:de:8d:43:b0:1c:32:a4:6d:23:0c:2c:7f:fc:
                    a0:af:86:1d:ce:29:26:dd:56:cc:27:da:0b:c6:ff:
                    f1:e1:28:a6:84:1b:b1:96:11:5a:a8:fd:57:eb:fe:
                    94:bf:15:54:2c:bc:fc:f8:53:4b:e1:1a:3e:82:ce:
                    c7:ef:0e:37:74:fb:22:3f:3e:9e:aa:4f:80:a9:de:
                    1f:30:eb:dc:e0:3d:49:78:af:7c:8f:c0:ee:f7:bf:
                    84:e7:00:17:c1:af:21:e1:13:3e:ef:88:33:ed:2c:
                    54:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:BA:3C:85:19:30:14:37:8E:47:33:6B:30:31:D1:E7:69:BC:C0:0B
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/27o8hRkwFDeORzNrMDHR52m8wAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.165.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:6d:6e:dc:b8:51:45:24:aa:73:e6:e5:c3:be:c6:24:88:aa:
         58:00:18:bf:66:d1:d1:ba:31:ef:a6:06:cd:0c:a6:09:af:c2:
         25:04:10:eb:52:aa:9d:d1:28:51:72:7c:6d:14:a0:3c:62:e3:
         a3:d6:24:28:d4:dd:d7:ba:72:99:0c:27:05:a3:ef:0c:da:38:
         b3:10:7a:0d:57:b2:f5:b2:a7:f5:c6:97:9b:ba:48:9c:fb:e8:
         0d:0d:5c:47:87:d7:a3:d3:37:e1:e2:85:2c:b4:13:f0:8b:d8:
         46:c6:79:dd:dc:4e:85:bb:1d:dc:2f:8b:ce:76:97:e9:46:05:
         68:ad:a2:d8:87:5d:42:c1:c9:f2:d5:f2:e0:af:bf:c7:79:fe:
         1e:9a:6a:c9:8f:b0:96:d0:9a:c4:5b:cf:8e:f5:2d:20:60:41:
         bd:8b:a4:ef:5d:c7:d1:7e:96:98:4f:54:86:8a:b3:cb:a7:ac:
         29:ee:c4:af:97:a1:b3:18:d1:f5:fe:19:06:9e:e4:b1:65:ef:
         36:3f:66:14:7d:ae:2f:cb:a3:41:72:62:22:52:73:10:9c:b5:
         7b:83:11:0c:54:c0:ae:5c:3a:ee:f3:a2:3a:bf:0b:f8:5d:fa:
         c1:c3:4f:a7:a0:94:34:f1:6d:67:25:54:f7:dd:f7:90:e0:f7:
         00:97:ae:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY89OyNJpqhzTYMFUyEmWDiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwNTAzMDY1MzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmJhM2M4NTE5MzAxNDM3OGU0NzMzNmIzMDMxZDFlNzY5YmNjMDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjjVgEn7GGBLcT7+GHaRxJnUce3V
TuQ4OKFhcn+e9c/mgQpr/+SmQADuybbIKvJjXMvPnwqss3NJvSUsuDZR9YqV1F33
wPBvb5PGYYKzuoU/Oz9IFTGS40LVbkvmjQ5WIQ3aIpJpvXFiPgd28M2e5z5JI1fq
JnvFcyXp6cHHQ/Et4fEZ+2svTGY4HN/A36alL2mkHSQNC96NQ7AcMqRtIwwsf/yg
r4Ydzikm3VbMJ9oLxv/x4SimhBuxlhFaqP1X6/6UvxVULLz8+FNL4Ro+gs7H7w43
dPsiPz6eqk+Aqd4fMOvc4D1JeK98j8Du97+E5wAXwa8h4RM+74gz7SxUAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNu6PIUZMBQ3jkczazAx0edpvMALMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvMjdvOGhSa3dGRGVPUnpOck1ESFI1Mm04d0FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKX6MA0G
CSqGSIb3DQEBCwUAA4IBAQBRbW7cuFFFJKpz5uXDvsYkiKpYABi/ZtHRujHvpgbN
DKYJr8IlBBDrUqqd0ShRcnxtFKA8YuOj1iQo1N3XunKZDCcFo+8M2jizEHoNV7L1
sqf1xpebukic++gNDVxHh9ej0zfh4oUstBPwi9hGxnnd3E6Fux3cL4vOdpfpRgVo
raLYh11Cwcny1fLgr7/Hef4emmrJj7CW0JrEW8+O9S0gYEG9i6TvXcfRfpaYT1SG
irPLp6wp7sSvl6GzGNH1/hkGnuSxZe82P2YUfa4vy6NBcmIiUnMQnLV7gxEMVMCu
XDru86I6vwv4XfrBw0+noJQ08W1nJVT33feQ4PcAl66C
-----END CERTIFICATE-----