Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e7b932-fc21-4a61-aef0-15a093e2bb8f/1/OmeM_n0y_6-zOQ1ggpf3SAaIYGM.roa
File:                     OmeM_n0y_6-zOQ1ggpf3SAaIYGM.roa (raw, json)
Hash identifier:          nPLGIcarXsWhg9mWE06KhP99Y61Hg7uEiGrRbDzptwU=
Subject key identifier:   3A:67:8C:FE:7D:32:FF:AF:B3:39:0D:60:82:97:F7:48:06:88:60:63
Certificate issuer:       /CN=b292094d691df4a7c38f16b75557e9c26d4ac692
Certificate serial:       019427487104A3CB15357252650CB7048F65
Authority key identifier: B2:92:09:4D:69:1D:F4:A7:C3:8F:16:B7:55:57:E9:C2:6D:4A:C6:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/spIJTWkd9KfDjxa3VVfpwm1KxpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e7b932-fc21-4a61-aef0-15a093e2bb8f/1/OmeM_n0y_6-zOQ1ggpf3SAaIYGM.roa
Signing time:             Thu 02 Jan 2025 13:50:46 +0000
ROA not before:           Thu 02 Jan 2025 13:50:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213245
IP address blocks:        185.204.228.0/24 maxlen: 24
                          185.204.229.0/24 maxlen: 24
                          185.204.230.0/24 maxlen: 24
                          185.204.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e7b932-fc21-4a61-aef0-15a093e2bb8f/1/spIJTWkd9KfDjxa3VVfpwm1KxpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e7b932-fc21-4a61-aef0-15a093e2bb8f/1/spIJTWkd9KfDjxa3VVfpwm1KxpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/spIJTWkd9KfDjxa3VVfpwm1KxpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:71:04:a3:cb:15:35:72:52:65:0c:b7:04:8f:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b292094d691df4a7c38f16b75557e9c26d4ac692
        Validity
            Not Before: Jan  2 13:50:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a678cfe7d32ffafb3390d608297f74806886063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:09:6f:ab:c6:39:c2:56:6c:46:76:81:fc:70:
                    13:d0:2d:68:d7:a2:5b:d9:1b:47:8b:d4:14:c1:93:
                    65:7a:7e:6f:20:de:98:90:85:d1:3b:5b:37:89:ca:
                    b2:a4:27:fb:57:17:32:df:16:40:48:bc:cc:ec:68:
                    e4:09:89:80:b9:a9:0f:bb:a7:5d:a1:c4:1c:60:16:
                    d5:ea:40:be:8b:d1:a2:9f:4b:f1:bf:f8:3c:c8:2b:
                    3b:f5:a8:77:14:9b:6c:6a:50:d7:5e:9b:b9:af:20:
                    78:70:8c:58:c1:6f:f1:5b:f9:45:a1:d4:a0:1f:9f:
                    f3:74:53:4a:26:f2:f7:2f:f8:38:97:f0:d1:f6:a6:
                    e7:03:e8:20:ba:f5:5f:ce:c4:6c:f8:87:30:78:7a:
                    e7:e6:4d:db:49:fd:47:1e:b9:34:b0:ae:fb:fd:22:
                    45:6b:93:26:be:cd:19:85:76:fe:f5:0d:91:52:32:
                    6c:82:14:a5:df:d6:9f:35:8f:6a:f3:d2:45:2c:d9:
                    d1:90:7f:79:c9:2a:89:36:30:ac:e9:f0:c2:ed:a8:
                    db:a5:c5:70:13:97:0a:3c:33:a2:f7:91:72:8a:03:
                    c5:67:91:9e:3b:02:63:16:7e:48:c5:b8:3f:6a:63:
                    84:e7:fc:7f:d6:cb:58:df:7a:2f:a8:cb:86:80:c0:
                    16:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:67:8C:FE:7D:32:FF:AF:B3:39:0D:60:82:97:F7:48:06:88:60:63
            X509v3 Authority Key Identifier:
                keyid:B2:92:09:4D:69:1D:F4:A7:C3:8F:16:B7:55:57:E9:C2:6D:4A:C6:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/spIJTWkd9KfDjxa3VVfpwm1KxpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e7b932-fc21-4a61-aef0-15a093e2bb8f/1/OmeM_n0y_6-zOQ1ggpf3SAaIYGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e7b932-fc21-4a61-aef0-15a093e2bb8f/1/spIJTWkd9KfDjxa3VVfpwm1KxpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:79:72:0e:b8:d9:3a:50:ce:be:5b:6c:4d:74:8a:3d:df:25:
         72:cb:16:9d:74:46:bc:9e:69:cc:1f:01:67:9c:5f:2c:21:b7:
         84:fa:bd:77:46:f7:d5:5b:47:75:d1:b6:97:c5:39:bf:6a:c3:
         ad:8a:df:da:76:5a:ae:de:60:8f:50:5a:d6:75:4b:ce:65:d2:
         cc:08:da:a4:3a:ac:bb:24:38:d2:0a:9e:64:18:73:e6:d1:3c:
         6a:af:e5:89:12:ae:f5:f1:98:5d:8e:7b:b7:5f:1d:e5:a2:16:
         71:c7:1c:c0:5b:bc:3a:f4:d2:8d:a5:2e:d8:b0:96:c6:41:02:
         ca:b9:93:b5:e6:eb:9d:ba:de:19:80:d1:af:d0:fa:a8:18:e9:
         ea:25:40:10:bd:2a:ab:df:ca:15:85:74:27:15:01:c1:e4:43:
         4a:83:de:fc:60:3d:d9:e1:0f:53:e0:b7:7a:84:5e:29:4f:66:
         e9:69:79:b2:6d:2d:84:56:29:5c:6b:c1:d6:42:0f:00:84:8c:
         f1:6a:47:09:7e:ab:a8:3b:9d:3b:03:43:c3:01:26:6d:f9:2d:
         24:76:16:d8:04:7c:0c:7e:ee:09:c2:25:f1:6a:df:0f:e5:72:
         6b:d1:31:19:30:7f:5e:05:1b:7a:3b:55:b8:b5:c9:e0:6b:c0:
         96:61:4f:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSHEEo8sVNXJSZQy3BI9lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyOTIwOTRkNjkxZGY0YTdjMzhmMTZiNzU1NTdlOWMyNmQ0
YWM2OTIwHhcNMjUwMTAyMTM1MDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTY3OGNmZTdkMzJmZmFmYjMzOTBkNjA4Mjk3Zjc0ODA2ODg2MDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Alvq8Y5wlZsRnaB/HAT0C1o16Jb
2RtHi9QUwZNlen5vIN6YkIXRO1s3icqypCf7Vxcy3xZASLzM7GjkCYmAuakPu6dd
ocQcYBbV6kC+i9Gin0vxv/g8yCs79ah3FJtsalDXXpu5ryB4cIxYwW/xW/lFodSg
H5/zdFNKJvL3L/g4l/DR9qbnA+gguvVfzsRs+IcweHrn5k3bSf1HHrk0sK77/SJF
a5Mmvs0ZhXb+9Q2RUjJsghSl39afNY9q89JFLNnRkH95ySqJNjCs6fDC7ajbpcVw
E5cKPDOi95FyigPFZ5GeOwJjFn5Ixbg/amOE5/x/1stY33ovqMuGgMAWFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpnjP59Mv+vszkNYIKX90gGiGBjMB8GA1UdIwQY
MBaAFLKSCU1pHfSnw48Wt1VX6cJtSsaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3BJSlRXa2Q5S2ZEanhhM1ZWZnB3bTFLeHBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lN2I5MzItZmMyMS00YTYxLWFlZjAt
MTVhMDkzZTJiYjhmLzEvT21lTV9uMHlfNi16T1ExZ2dwZjNTQWFJWUdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lN2I5MzItZmMyMS00YTYxLWFlZjAtMTVhMDkzZTJiYjhm
LzEvc3BJSlRXa2Q5S2ZEanhhM1ZWZnB3bTFLeHBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuczkMA0G
CSqGSIb3DQEBCwUAA4IBAQBIeXIOuNk6UM6+W2xNdIo93yVyyxaddEa8nmnMHwFn
nF8sIbeE+r13RvfVW0d10baXxTm/asOtit/adlqu3mCPUFrWdUvOZdLMCNqkOqy7
JDjSCp5kGHPm0Txqr+WJEq718Zhdjnu3Xx3lohZxxxzAW7w69NKNpS7YsJbGQQLK
uZO15uudut4ZgNGv0PqoGOnqJUAQvSqr38oVhXQnFQHB5ENKg978YD3Z4Q9T4Ld6
hF4pT2bpaXmybS2EVilca8HWQg8AhIzxakcJfquoO507A0PDASZt+S0kdhbYBHwM
fu4JwiXxat8P5XJr0TEZMH9eBRt6O1W4tcnga8CWYU/t
-----END CERTIFICATE-----