Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/1-9SABYnwMQkkdocZMpDgk04HB5Q.roa
File:                     1-9SABYnwMQkkdocZMpDgk04HB5Q.roa (raw, json)
Hash identifier:          ivhGrY6dVROHvjc23uBf0n2ImYmhbwgwQvkfII2VHXg=
Subject key identifier:   FB:D4:80:05:89:F0:31:09:24:76:87:19:32:90:E0:93:4E:07:07:94
Certificate issuer:       /CN=27b8dbd97de4cd4059b52e513dcf35cd381a32b3
Certificate serial:       018CC9BCE73B1992E6926388908CED6487F3
Authority key identifier: 27:B8:DB:D9:7D:E4:CD:40:59:B5:2E:51:3D:CF:35:CD:38:1A:32:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J7jb2X3kzUBZtS5RPc81zTgaMrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/1-9SABYnwMQkkdocZMpDgk04HB5Q.roa
Signing time:             Tue 02 Jan 2024 10:34:09 +0000
ROA not before:           Tue 02 Jan 2024 10:34:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197981
IP address blocks:        185.204.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/J7jb2X3kzUBZtS5RPc81zTgaMrM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/J7jb2X3kzUBZtS5RPc81zTgaMrM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J7jb2X3kzUBZtS5RPc81zTgaMrM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e7:3b:19:92:e6:92:63:88:90:8c:ed:64:87:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27b8dbd97de4cd4059b52e513dcf35cd381a32b3
        Validity
            Not Before: Jan  2 10:34:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbd4800589f03109247687193290e0934e070794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:36:0b:79:66:f0:6d:ac:9f:9c:db:29:2a:12:
                    c5:c0:a4:2e:ba:51:8f:9a:ea:1e:32:07:67:69:62:
                    bf:08:a3:2c:0f:f3:8e:25:0a:74:69:5f:ac:ab:e5:
                    2c:8a:2e:6f:fc:d7:19:4a:14:89:3c:cd:9f:07:ff:
                    20:79:7a:c7:e5:15:d6:f7:88:d0:3a:2e:99:aa:8f:
                    83:ff:30:94:b2:fc:ce:6c:2d:76:c0:06:4d:ed:0f:
                    33:03:57:62:5a:31:2e:f1:dc:10:db:44:ad:24:d6:
                    a1:75:a5:e0:ca:37:c7:61:be:bf:25:7c:35:8a:1d:
                    61:f4:ca:98:c0:6e:41:ab:65:a4:82:f0:cc:15:95:
                    36:17:79:9e:c8:78:db:b5:13:d1:41:5c:df:9c:59:
                    9d:5c:6b:83:b4:3e:ef:4f:d8:5b:dd:f1:05:c8:18:
                    c8:11:57:90:dd:26:36:43:08:f4:c6:ce:32:d2:f9:
                    7f:28:0b:1d:b7:ad:44:cc:2b:22:bd:ad:c3:05:53:
                    8c:20:80:18:d8:22:80:d6:1a:6e:1b:dc:55:8c:12:
                    74:ea:dd:94:fe:d2:7a:52:eb:a3:e3:a2:6c:bd:bb:
                    d3:d9:e8:4f:ff:15:e0:b4:e1:25:1a:d9:57:47:22:
                    5e:e9:b9:ce:96:a3:11:59:8d:52:3a:d3:4b:d2:46:
                    98:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:D4:80:05:89:F0:31:09:24:76:87:19:32:90:E0:93:4E:07:07:94
            X509v3 Authority Key Identifier:
                keyid:27:B8:DB:D9:7D:E4:CD:40:59:B5:2E:51:3D:CF:35:CD:38:1A:32:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J7jb2X3kzUBZtS5RPc81zTgaMrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/1-9SABYnwMQkkdocZMpDgk04HB5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/J7jb2X3kzUBZtS5RPc81zTgaMrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:2d:90:25:12:15:97:3b:d5:59:0f:84:76:54:9c:a6:bd:46:
         fd:22:fa:52:69:f2:27:89:b4:f2:24:88:5b:d2:e2:4f:44:8d:
         af:d8:07:43:92:0f:24:2c:80:b3:04:4e:1e:ac:e1:1c:fb:3f:
         9a:82:88:0d:c0:4a:51:8b:c4:a7:25:5b:53:de:46:ee:9b:df:
         c2:f8:29:f6:19:60:23:11:2c:0e:7f:b5:cc:60:9d:bf:ad:5d:
         84:32:44:65:ac:04:5b:f1:b2:fc:94:14:0a:50:a3:37:f3:36:
         10:1f:e9:81:11:df:57:fe:aa:e9:c1:15:ba:ed:95:71:ae:fb:
         0d:00:be:29:f5:f7:99:45:64:d0:48:ba:b0:a5:7a:3b:cc:4e:
         8d:cb:de:52:cc:43:d2:81:50:d2:2b:55:de:48:22:ff:d0:fe:
         bd:98:f5:51:9a:4a:f3:72:5e:9d:a7:ac:3d:bb:ba:f3:c3:11:
         67:2b:f6:4f:fc:20:bf:3d:66:a8:bf:22:d7:06:0d:21:3e:b1:
         92:c2:0e:33:35:36:a9:b4:84:90:0d:9d:6b:3c:8f:b1:2b:ef:
         ed:05:3f:a3:d9:76:ae:5a:e6:1c:e3:21:7e:e6:b4:49:26:e2:
         c3:fe:80:64:3e:ab:be:5a:86:ec:b3:cb:f5:64:75:81:8b:f5:
         ae:05:cf:2a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvOc7GZLmkmOIkIztZIfzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YjhkYmQ5N2RlNGNkNDA1OWI1MmU1MTNkY2YzNWNkMzgx
YTMyYjMwHhcNMjQwMTAyMTAzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmQ0ODAwNTg5ZjAzMTA5MjQ3Njg3MTkzMjkwZTA5MzRlMDcwNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzYLeWbwbayfnNspKhLFwKQuulGP
muoeMgdnaWK/CKMsD/OOJQp0aV+sq+Usii5v/NcZShSJPM2fB/8geXrH5RXW94jQ
Oi6Zqo+D/zCUsvzObC12wAZN7Q8zA1diWjEu8dwQ20StJNahdaXgyjfHYb6/JXw1
ih1h9MqYwG5Bq2WkgvDMFZU2F3meyHjbtRPRQVzfnFmdXGuDtD7vT9hb3fEFyBjI
EVeQ3SY2Qwj0xs4y0vl/KAsdt61EzCsiva3DBVOMIIAY2CKA1hpuG9xVjBJ06t2U
/tJ6Uuuj46JsvbvT2ehP/xXgtOElGtlXRyJe6bnOlqMRWY1SOtNL0kaYVwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvUgAWJ8DEJJHaHGTKQ4JNOBweUMB8GA1UdIwQY
MBaAFCe429l95M1AWbUuUT3PNc04GjKzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjdqYjJYM2t6VUJadFM1UlBjODF6VGdhTXJNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy84NTkyOGYtNWYxOS00MWQ5LTgyMzgt
NWM1NGNkYWQxOWYxLzEvMS05U0FCWW53TVFra2RvY1pNcERnazA0SEI1US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWMvODU5MjhmLTVmMTktNDFkOS04MjM4LTVjNTRjZGFkMTlm
MS8xL0o3amIyWDNrelVCWnRTNVJQYzgxelRnYU1yTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnMKDAN
BgkqhkiG9w0BAQsFAAOCAQEA0S2QJRIVlzvVWQ+EdlScpr1G/SL6UmnyJ4m08iSI
W9LiT0SNr9gHQ5IPJCyAswROHqzhHPs/moKIDcBKUYvEpyVbU95G7pvfwvgp9hlg
IxEsDn+1zGCdv61dhDJEZawEW/Gy/JQUClCjN/M2EB/pgRHfV/6q6cEVuu2Vca77
DQC+KfX3mUVk0Ei6sKV6O8xOjcveUsxD0oFQ0itV3kgi/9D+vZj1UZpK83Jenaes
Pbu688MRZyv2T/wgvz1mqL8i1wYNIT6xksIOMzU2qbSEkA2dazyPsSvv7QU/o9l2
rlrmHOMhfua0SSbiw/6AZD6rvlqG7LPL9WR1gYv1rgXPKg==
-----END CERTIFICATE-----