Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/K13HtBfUpPWfJ8ULBPOQgSVnEVg.roa
File:                     K13HtBfUpPWfJ8ULBPOQgSVnEVg.roa (raw, json)
Hash identifier:          3vyMT9LOoq9OXvYXNgG49yF4MlXVDuTVFg3/b8DPPI8=
Subject key identifier:   2B:5D:C7:B4:17:D4:A4:F5:9F:27:C5:0B:04:F3:90:81:25:67:11:58
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       01902F1C7CB810D2793C60A67505D25B0478
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/K13HtBfUpPWfJ8ULBPOQgSVnEVg.roa
Signing time:             Wed 19 Jun 2024 06:08:34 +0000
ROA not before:           Wed 19 Jun 2024 06:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201010
IP address blocks:        195.4.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2f:1c:7c:b8:10:d2:79:3c:60:a6:75:05:d2:5b:04:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Jun 19 06:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b5dc7b417d4a4f59f27c50b04f3908125671158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8a:b5:08:04:ea:9d:13:55:f9:c6:c5:11:a5:
                    2d:62:a0:bf:63:2f:64:a4:3b:21:77:65:de:9b:0e:
                    4f:71:71:b3:91:d4:9d:5e:78:1f:5d:d6:2a:99:2e:
                    f2:25:a2:f3:55:76:5f:0d:79:8c:ae:a7:f7:fc:5f:
                    0a:10:eb:1f:4d:72:3e:8e:7c:17:f6:70:1a:f9:f3:
                    51:e2:61:6e:f0:39:2b:33:d2:6d:7a:19:d4:1b:70:
                    4d:9e:9a:65:75:a0:d8:98:7d:9c:52:49:e1:47:a8:
                    01:d4:b6:64:68:89:04:d2:44:f3:53:be:d8:27:ca:
                    a4:98:a8:73:ba:9c:62:a9:9c:cf:4a:ca:33:85:38:
                    cc:2e:a8:c6:2c:51:6b:99:46:7e:94:98:23:7f:3c:
                    d3:ca:4a:1e:f4:1b:f0:7d:27:05:c8:08:5a:c0:44:
                    28:8e:ec:11:be:81:d6:63:9c:b0:bc:e8:f3:33:dc:
                    c1:31:7e:77:05:a5:27:a9:c4:b6:99:a3:d3:a9:64:
                    8d:8b:fe:2d:08:61:7d:cd:c4:b4:d9:2c:f6:9f:3e:
                    52:fb:57:6c:67:85:99:cd:ca:b8:bc:26:0f:95:c1:
                    c4:8a:d6:52:ea:a1:5f:d8:0b:d4:ab:28:be:ac:90:
                    d1:24:99:ad:ce:20:02:3e:c6:2f:c5:d6:e7:f0:e9:
                    13:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:5D:C7:B4:17:D4:A4:F5:9F:27:C5:0B:04:F3:90:81:25:67:11:58
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/K13HtBfUpPWfJ8ULBPOQgSVnEVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.4.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:4e:81:61:e9:1a:15:88:ef:65:1a:b9:d6:2e:ee:69:c1:cb:
         46:b4:09:16:86:d0:82:3b:83:e7:42:24:ba:e4:87:0c:a9:c9:
         85:ff:cc:93:2e:82:67:37:0a:21:8d:45:15:a5:f7:41:45:ec:
         8f:5c:9e:b6:5d:6a:ba:1d:01:b1:1e:fb:9f:af:af:21:08:65:
         a4:ec:06:37:de:11:a2:fc:5d:73:a5:26:d3:65:f3:0b:3c:58:
         dc:fd:ed:43:be:f4:a0:4a:99:81:36:0b:3e:db:27:f0:a9:8f:
         1d:a8:4c:f1:3c:03:83:a0:38:c2:9e:3e:d9:11:fd:a8:11:08:
         ed:bd:15:3c:27:fe:4d:f4:21:8b:03:be:ef:e7:3c:2b:31:2a:
         e0:72:4b:2b:9f:db:21:f2:b2:c4:7a:5f:3a:c4:b6:ca:5a:9b:
         3c:98:29:28:a3:a6:29:89:25:25:6d:8b:6d:89:ae:e3:36:1f:
         fc:22:fc:60:50:02:d9:b5:2f:f5:8e:b6:94:8e:84:a1:bb:09:
         5f:a4:07:1a:4a:37:a1:f8:a7:6c:4e:00:4c:55:93:7c:d6:d3:
         48:70:f1:1c:82:bb:24:48:6f:6b:e4:a7:82:d4:3d:b8:61:23:
         b0:35:5c:93:4d:e6:48:7b:17:e8:5e:33:d2:f1:84:bc:4c:d4:
         7b:0c:7a:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAvHHy4ENJ5PGCmdQXSWwR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjQwNjE5MDYwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjVkYzdiNDE3ZDRhNGY1OWYyN2M1MGIwNGYzOTA4MTI1NjcxMTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4q1CATqnRNV+cbFEaUtYqC/Yy9k
pDshd2Xemw5PcXGzkdSdXngfXdYqmS7yJaLzVXZfDXmMrqf3/F8KEOsfTXI+jnwX
9nAa+fNR4mFu8DkrM9JtehnUG3BNnppldaDYmH2cUknhR6gB1LZkaIkE0kTzU77Y
J8qkmKhzupxiqZzPSsozhTjMLqjGLFFrmUZ+lJgjfzzTykoe9BvwfScFyAhawEQo
juwRvoHWY5ywvOjzM9zBMX53BaUnqcS2maPTqWSNi/4tCGF9zcS02Sz2nz5S+1ds
Z4WZzcq4vCYPlcHEitZS6qFf2AvUqyi+rJDRJJmtziACPsYvxdbn8OkT0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtdx7QX1KT1nyfFCwTzkIElZxFYMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvSzEzSHRCZlVwUFdmSjhVTEJQT1FnU1ZuRVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwQbMA0G
CSqGSIb3DQEBCwUAA4IBAQBHToFh6RoViO9lGrnWLu5pwctGtAkWhtCCO4PnQiS6
5IcMqcmF/8yTLoJnNwohjUUVpfdBReyPXJ62XWq6HQGxHvufr68hCGWk7AY33hGi
/F1zpSbTZfMLPFjc/e1DvvSgSpmBNgs+2yfwqY8dqEzxPAODoDjCnj7ZEf2oEQjt
vRU8J/5N9CGLA77v5zwrMSrgcksrn9sh8rLEel86xLbKWps8mCkoo6YpiSUlbYtt
ia7jNh/8IvxgUALZtS/1jraUjoShuwlfpAcaSjeh+KdsTgBMVZN81tNIcPEcgrsk
SG9r5KeC1D24YSOwNVyTTeZIexfoXjPS8YS8TNR7DHrk
-----END CERTIFICATE-----