Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/27a1bc-b258-405f-9f93-6eea12205720/1/CF2zTsUFTkirniuPESCfIwVGX8A.roa
File:                     CF2zTsUFTkirniuPESCfIwVGX8A.roa (raw, json)
Hash identifier:          lhsadmi0EMTClpSmcHocXNZXRWQzRbrqLYg+b14VL/8=
Subject key identifier:   08:5D:B3:4E:C5:05:4E:48:AB:9E:2B:8F:11:20:9F:23:05:46:5F:C0
Certificate issuer:       /CN=d9968029f124096eab955df9b7a81c88cb333a05
Certificate serial:       018CC3B66F7FE04135E66ED43160FDE4547A
Authority key identifier: D9:96:80:29:F1:24:09:6E:AB:95:5D:F9:B7:A8:1C:88:CB:33:3A:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ZaAKfEkCW6rlV35t6gciMszOgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/27a1bc-b258-405f-9f93-6eea12205720/1/CF2zTsUFTkirniuPESCfIwVGX8A.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        193.177.180.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/27a1bc-b258-405f-9f93-6eea12205720/1/2ZaAKfEkCW6rlV35t6gciMszOgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/27a1bc-b258-405f-9f93-6eea12205720/1/2ZaAKfEkCW6rlV35t6gciMszOgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ZaAKfEkCW6rlV35t6gciMszOgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:6f:7f:e0:41:35:e6:6e:d4:31:60:fd:e4:54:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9968029f124096eab955df9b7a81c88cb333a05
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=085db34ec5054e48ab9e2b8f11209f2305465fc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a2:f8:7d:e7:48:d8:95:09:c3:d5:d8:8f:75:
                    ad:07:2a:f6:01:da:85:04:65:f2:93:ba:48:34:bb:
                    24:a1:3d:60:29:6e:e7:57:6d:d8:ce:63:e5:57:ae:
                    9b:c6:90:ba:7e:eb:aa:31:d7:a3:9f:1b:8e:b4:14:
                    15:15:08:fa:8d:6a:3e:98:b5:e8:50:64:44:1c:b2:
                    1d:02:2f:21:f1:99:d0:cc:da:bd:97:9f:fc:2f:5a:
                    1d:45:c7:e5:1c:4a:19:1a:85:df:cb:d2:4e:9a:2c:
                    c7:6a:db:2a:0b:34:df:0d:01:06:21:8f:63:1d:2e:
                    52:89:66:06:b0:a7:59:f1:e4:34:d2:cb:44:af:68:
                    77:55:39:03:82:72:9c:a0:39:78:0b:66:c3:5f:98:
                    5c:6b:7d:51:8f:d0:0b:0b:f7:0d:0c:08:76:f0:6e:
                    e4:36:0f:8a:10:b8:1c:b3:f4:81:c2:76:e7:e6:a2:
                    5c:92:0c:76:24:3b:0b:b7:f5:05:bd:18:17:ed:69:
                    ec:db:73:48:9a:59:d5:10:03:91:67:ab:1f:b8:b7:
                    3f:37:52:b4:ba:7f:ed:e4:32:87:77:98:56:c5:bc:
                    e6:c0:3c:7f:fd:7d:9c:52:9b:03:65:32:a4:13:82:
                    b4:f8:d4:9b:4b:2a:40:66:fb:87:13:9c:0e:19:15:
                    02:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:5D:B3:4E:C5:05:4E:48:AB:9E:2B:8F:11:20:9F:23:05:46:5F:C0
            X509v3 Authority Key Identifier:
                keyid:D9:96:80:29:F1:24:09:6E:AB:95:5D:F9:B7:A8:1C:88:CB:33:3A:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ZaAKfEkCW6rlV35t6gciMszOgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/27a1bc-b258-405f-9f93-6eea12205720/1/CF2zTsUFTkirniuPESCfIwVGX8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/27a1bc-b258-405f-9f93-6eea12205720/1/2ZaAKfEkCW6rlV35t6gciMszOgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.177.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:22:3c:ef:3f:20:6b:89:c5:1d:ff:f5:13:24:47:c0:10:49:
         a2:55:e5:17:7a:35:aa:cf:31:14:3a:e9:92:7f:48:ea:4d:dc:
         b3:d6:79:e0:c2:f8:05:2c:64:5f:89:d8:f5:dc:c2:21:2e:96:
         68:2f:c9:43:22:de:dd:8f:85:35:5c:0a:09:00:6c:d7:17:e9:
         3b:73:6a:36:ad:10:5b:8c:94:99:2b:81:be:93:f9:18:0e:c8:
         68:ad:a6:53:1c:91:62:3b:4e:e0:f0:ff:3c:99:9b:5b:6d:53:
         9e:00:01:76:e4:54:b2:a3:c0:a6:43:30:76:76:11:86:6c:ba:
         19:3e:1b:62:35:54:50:99:b1:c9:3f:89:14:14:76:f0:6b:18:
         12:e8:eb:32:6b:61:37:87:85:1e:bc:45:b6:ac:66:bf:94:0e:
         11:19:68:1a:bd:93:02:4d:2b:e0:b0:2d:8d:58:b3:5f:40:2f:
         dc:0c:5a:5a:5e:0e:16:b4:48:11:18:85:a3:fc:7d:38:9f:48:
         d9:cf:24:aa:dd:65:04:e1:20:0b:6b:32:d9:bc:fc:85:fd:8b:
         30:2b:a7:30:62:5a:d7:7d:21:51:7f:45:a9:b1:ad:ba:f1:92:
         cd:10:29:6d:7a:9f:d2:09:a9:cd:5f:e0:61:63:22:68:c7:49:
         04:c4:73:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtm9/4EE15m7UMWD95FR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5OTY4MDI5ZjEyNDA5NmVhYjk1NWRmOWI3YTgxYzg4Y2Iz
MzNhMDUwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODVkYjM0ZWM1MDU0ZTQ4YWI5ZTJiOGYxMTIwOWYyMzA1NDY1ZmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaL4fedI2JUJw9XYj3WtByr2AdqF
BGXyk7pINLskoT1gKW7nV23YzmPlV66bxpC6fuuqMdejnxuOtBQVFQj6jWo+mLXo
UGREHLIdAi8h8ZnQzNq9l5/8L1odRcflHEoZGoXfy9JOmizHatsqCzTfDQEGIY9j
HS5SiWYGsKdZ8eQ00stEr2h3VTkDgnKcoDl4C2bDX5hca31Rj9ALC/cNDAh28G7k
Ng+KELgcs/SBwnbn5qJckgx2JDsLt/UFvRgX7Wns23NImlnVEAORZ6sfuLc/N1K0
un/t5DKHd5hWxbzmwDx//X2cUpsDZTKkE4K0+NSbSypAZvuHE5wOGRUCsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhds07FBU5Iq54rjxEgnyMFRl/AMB8GA1UdIwQY
MBaAFNmWgCnxJAluq5Vd+beoHIjLMzoFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlphQUtmRWtDVzZybFYzNXQ2Z2NpTXN6T2dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yN2ExYmMtYjI1OC00MDVmLTlmOTMt
NmVlYTEyMjA1NzIwLzEvQ0YyelRzVUZUa2lybml1UEVTQ2ZJd1ZHWDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yN2ExYmMtYjI1OC00MDVmLTlmOTMtNmVlYTEyMjA1NzIw
LzEvMlphQUtmRWtDVzZybFYzNXQ2Z2NpTXN6T2dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbG0MA0G
CSqGSIb3DQEBCwUAA4IBAQBnIjzvPyBricUd//UTJEfAEEmiVeUXejWqzzEUOumS
f0jqTdyz1nngwvgFLGRfidj13MIhLpZoL8lDIt7dj4U1XAoJAGzXF+k7c2o2rRBb
jJSZK4G+k/kYDshoraZTHJFiO07g8P88mZtbbVOeAAF25FSyo8CmQzB2dhGGbLoZ
PhtiNVRQmbHJP4kUFHbwaxgS6Osya2E3h4UevEW2rGa/lA4RGWgavZMCTSvgsC2N
WLNfQC/cDFpaXg4WtEgRGIWj/H04n0jZzySq3WUE4SALazLZvPyF/YswK6cwYlrX
fSFRf0Wpsa268ZLNECltep/SCanNX+BhYyJox0kExHM7
-----END CERTIFICATE-----