Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/9e22a2-9365-4956-8e66-ce4f25ace252/1/k7a8hlJKBGxObCNz1lrhwHkh1XA.roa
File:                     k7a8hlJKBGxObCNz1lrhwHkh1XA.roa (raw, json)
Hash identifier:          etq9+uakUYxI8r8RlxfFYOkKYfmMZaOhTGfLFVldB7w=
Subject key identifier:   93:B6:BC:86:52:4A:04:6C:4E:6C:23:73:D6:5A:E1:C0:79:21:D5:70
Certificate issuer:       /CN=27ce1e9a6522616ab30b0f123e09d305a82304af
Certificate serial:       018CC64B2A8517163E0A4FD4E6C530968C6E
Authority key identifier: 27:CE:1E:9A:65:22:61:6A:B3:0B:0F:12:3E:09:D3:05:A8:23:04:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J84emmUiYWqzCw8SPgnTBagjBK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/9e22a2-9365-4956-8e66-ce4f25ace252/1/k7a8hlJKBGxObCNz1lrhwHkh1XA.roa
Signing time:             Mon 01 Jan 2024 18:31:03 +0000
ROA not before:           Mon 01 Jan 2024 18:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39739
IP address blocks:        37.77.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/9e22a2-9365-4956-8e66-ce4f25ace252/1/J84emmUiYWqzCw8SPgnTBagjBK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/9e22a2-9365-4956-8e66-ce4f25ace252/1/J84emmUiYWqzCw8SPgnTBagjBK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J84emmUiYWqzCw8SPgnTBagjBK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2a:85:17:16:3e:0a:4f:d4:e6:c5:30:96:8c:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27ce1e9a6522616ab30b0f123e09d305a82304af
        Validity
            Not Before: Jan  1 18:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93b6bc86524a046c4e6c2373d65ae1c07921d570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:df:9e:31:bb:30:b2:15:35:77:a1:a5:3f:41:
                    69:b2:f3:ac:00:8c:c6:a2:6c:61:94:d6:96:85:e8:
                    ef:75:99:58:e8:ff:17:6f:c4:57:d9:7f:3f:35:70:
                    84:50:1f:99:4b:7d:c4:fb:db:41:fc:70:db:4a:3b:
                    b7:bb:5a:aa:59:56:76:e1:c2:c1:13:ed:a3:79:3f:
                    27:56:62:ce:a1:57:83:6d:0f:9d:8f:af:8b:d8:6f:
                    aa:2d:cd:99:d2:59:4d:bc:01:45:ee:0a:aa:d2:d2:
                    07:71:54:cf:00:99:6f:c6:44:39:95:88:84:ab:d9:
                    54:22:ce:16:c1:ba:c3:c9:a9:8a:ca:15:0f:3f:08:
                    4d:94:e9:28:00:0e:c6:16:11:3f:25:99:9a:a0:28:
                    50:15:f6:92:7f:77:ee:77:b5:ff:7f:1f:3e:e4:b2:
                    f4:14:92:e6:ab:21:d5:1f:78:1c:7d:35:ec:2e:77:
                    69:83:20:29:4f:de:9f:8f:ec:28:bd:f0:44:25:0e:
                    dc:b8:27:eb:95:e9:75:23:b8:12:6c:dc:b5:6e:26:
                    c6:89:e0:3f:ff:50:83:40:48:09:f0:85:82:63:47:
                    8f:c1:a0:4b:52:17:ff:b3:c4:21:8c:4b:92:35:17:
                    dd:16:91:93:47:10:3d:29:33:a7:dc:fa:74:d5:09:
                    4a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:B6:BC:86:52:4A:04:6C:4E:6C:23:73:D6:5A:E1:C0:79:21:D5:70
            X509v3 Authority Key Identifier:
                keyid:27:CE:1E:9A:65:22:61:6A:B3:0B:0F:12:3E:09:D3:05:A8:23:04:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J84emmUiYWqzCw8SPgnTBagjBK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9e22a2-9365-4956-8e66-ce4f25ace252/1/k7a8hlJKBGxObCNz1lrhwHkh1XA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9e22a2-9365-4956-8e66-ce4f25ace252/1/J84emmUiYWqzCw8SPgnTBagjBK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:56:8c:b3:8f:9a:e7:df:26:df:83:81:a6:83:c3:6e:0f:34:
         7d:3c:82:11:33:55:97:91:b3:66:3c:fc:70:4c:28:1b:9c:00:
         7d:90:d1:28:20:c5:0c:d4:ae:7e:fa:eb:74:7b:3f:cd:69:6b:
         86:8e:76:7f:86:b3:4f:d4:80:6a:50:99:df:6a:aa:c1:95:1a:
         e1:54:5e:d7:fc:85:0d:9d:94:31:e3:e4:b2:34:f8:c0:c5:e8:
         d6:b6:e5:a8:f8:68:9c:d4:21:8d:fa:f3:f3:ba:9d:c6:18:3a:
         2d:ce:7a:32:de:1b:69:9a:13:29:c0:68:1d:52:d6:8c:39:9a:
         b1:b7:7b:14:e1:c4:17:4c:55:2c:db:a5:81:cf:ef:c8:94:b3:
         17:93:ce:0b:fb:30:e2:1c:72:b4:0b:75:d7:ac:fe:4e:8c:00:
         89:4f:cd:2c:7d:ac:a3:72:85:9e:37:b6:4b:da:db:20:7c:0a:
         5c:b7:c8:fd:d4:7d:ed:07:28:64:99:ce:a6:72:dc:6d:3a:dd:
         fc:f5:0b:0d:01:03:26:7f:32:c1:f7:76:89:6e:27:f1:33:bb:
         21:ae:cf:6d:76:9c:65:60:f2:8e:7c:6d:14:5a:c8:20:de:2f:
         51:3b:e0:8d:76:8b:6d:38:a3:43:fa:7e:29:63:bc:5d:fc:7f:
         e5:14:a8:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyqFFxY+Ck/U5sUwloxuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3Y2UxZTlhNjUyMjYxNmFiMzBiMGYxMjNlMDlkMzA1YTgy
MzA0YWYwHhcNMjQwMTAxMTgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2I2YmM4NjUyNGEwNDZjNGU2YzIzNzNkNjVhZTFjMDc5MjFkNTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9+eMbswshU1d6GlP0FpsvOsAIzG
omxhlNaWhejvdZlY6P8Xb8RX2X8/NXCEUB+ZS33E+9tB/HDbSju3u1qqWVZ24cLB
E+2jeT8nVmLOoVeDbQ+dj6+L2G+qLc2Z0llNvAFF7gqq0tIHcVTPAJlvxkQ5lYiE
q9lUIs4WwbrDyamKyhUPPwhNlOkoAA7GFhE/JZmaoChQFfaSf3fud7X/fx8+5LL0
FJLmqyHVH3gcfTXsLndpgyApT96fj+wovfBEJQ7cuCfrlel1I7gSbNy1bibGieA/
/1CDQEgJ8IWCY0ePwaBLUhf/s8QhjEuSNRfdFpGTRxA9KTOn3Pp01QlK9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJO2vIZSSgRsTmwjc9Za4cB5IdVwMB8GA1UdIwQY
MBaAFCfOHpplImFqswsPEj4J0wWoIwSvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjg0ZW1tVWlZV3F6Q3c4U1BnblRCYWdqQks4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85ZTIyYTItOTM2NS00OTU2LThlNjYt
Y2U0ZjI1YWNlMjUyLzEvazdhOGhsSktCR3hPYkNOejFscmh3SGtoMVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85ZTIyYTItOTM2NS00OTU2LThlNjYtY2U0ZjI1YWNlMjUy
LzEvSjg0ZW1tVWlZV3F6Q3c4U1BnblRCYWdqQks4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJU1nMA0G
CSqGSIb3DQEBCwUAA4IBAQB/Voyzj5rn3ybfg4Gmg8NuDzR9PIIRM1WXkbNmPPxw
TCgbnAB9kNEoIMUM1K5++ut0ez/NaWuGjnZ/hrNP1IBqUJnfaqrBlRrhVF7X/IUN
nZQx4+SyNPjAxejWtuWo+Gic1CGN+vPzup3GGDotznoy3htpmhMpwGgdUtaMOZqx
t3sU4cQXTFUs26WBz+/IlLMXk84L+zDiHHK0C3XXrP5OjACJT80sfayjcoWeN7ZL
2tsgfApct8j91H3tByhkmc6mctxtOt389QsNAQMmfzLB93aJbifxM7shrs9tdpxl
YPKOfG0UWsgg3i9RO+CNdottOKND+n4pY7xd/H/lFKgC
-----END CERTIFICATE-----