Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/CgBNGq2vvpW1xEBq_J8TTjYOWu0.roa
File:                     CgBNGq2vvpW1xEBq_J8TTjYOWu0.roa (raw, json)
Hash identifier:          CfZUCA05oFbMMXS/ui8XIHr2JUyCob7FGarrcgeEvE0=
Subject key identifier:   0A:00:4D:1A:AD:AF:BE:95:B5:C4:40:6A:FC:9F:13:4E:36:0E:5A:ED
Certificate issuer:       /CN=726b350e9f4f1259e2f9c609b22e65fbd186206b
Certificate serial:       019427B6721F1FCFFED3A4762D80FA78222A
Authority key identifier: 72:6B:35:0E:9F:4F:12:59:E2:F9:C6:09:B2:2E:65:FB:D1:86:20:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cms1Dp9PElni-cYJsi5l-9GGIGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/CgBNGq2vvpW1xEBq_J8TTjYOWu0.roa
Signing time:             Thu 02 Jan 2025 15:50:55 +0000
ROA not before:           Thu 02 Jan 2025 15:50:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216239
IP address blocks:        149.232.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/cms1Dp9PElni-cYJsi5l-9GGIGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/cms1Dp9PElni-cYJsi5l-9GGIGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cms1Dp9PElni-cYJsi5l-9GGIGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:72:1f:1f:cf:fe:d3:a4:76:2d:80:fa:78:22:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=726b350e9f4f1259e2f9c609b22e65fbd186206b
        Validity
            Not Before: Jan  2 15:50:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a004d1aadafbe95b5c4406afc9f134e360e5aed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:9e:2b:72:10:e4:bb:77:ab:30:a8:ea:ea:c6:
                    a9:5f:f5:ff:20:01:71:5b:51:03:44:09:2f:2f:92:
                    50:a1:d0:84:44:ce:8c:0a:03:d6:24:6e:0b:c3:a2:
                    94:55:01:b2:bc:58:8f:32:9c:70:28:79:71:49:9c:
                    06:16:4b:51:cc:0a:f2:3d:f5:68:d6:35:a2:66:36:
                    3c:ae:74:09:68:3d:24:f0:5c:e0:eb:b9:7a:d9:cc:
                    6b:4e:e7:de:10:4e:dc:a2:4c:35:79:52:d6:dd:bc:
                    4b:01:13:21:df:f8:a8:ea:1c:3a:3d:a8:9e:84:bd:
                    7f:81:1d:a6:40:f0:c6:1f:dd:e5:bb:62:f1:b5:8c:
                    92:57:b5:15:89:d0:e5:ba:75:cc:d6:87:5f:bf:1c:
                    67:23:b7:cb:db:a7:a3:16:e5:8e:58:19:5d:b5:4b:
                    79:65:8e:5f:aa:07:71:62:d6:7f:33:61:ee:9b:bb:
                    b1:bc:05:af:d3:25:a6:f4:d9:c7:e1:20:c7:b2:5c:
                    33:60:52:73:3e:ca:ed:ec:83:ac:6f:69:48:e1:fb:
                    34:3e:41:f9:79:85:04:e1:9e:20:ce:0f:a8:89:44:
                    4a:de:36:b4:a7:a6:2e:ac:e2:67:a6:fa:c3:d8:dc:
                    5d:17:88:9f:d9:61:52:6e:00:41:0f:2e:55:d7:70:
                    ec:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:00:4D:1A:AD:AF:BE:95:B5:C4:40:6A:FC:9F:13:4E:36:0E:5A:ED
            X509v3 Authority Key Identifier:
                keyid:72:6B:35:0E:9F:4F:12:59:E2:F9:C6:09:B2:2E:65:FB:D1:86:20:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cms1Dp9PElni-cYJsi5l-9GGIGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/CgBNGq2vvpW1xEBq_J8TTjYOWu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/cms1Dp9PElni-cYJsi5l-9GGIGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.232.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:2c:f5:be:4d:9a:06:68:57:c1:a7:19:71:86:ec:db:a5:21:
         16:09:2d:4f:25:d5:c3:94:02:18:96:39:f6:cb:38:ec:21:ce:
         fd:31:c2:79:e8:69:92:54:0b:94:0d:37:b3:8c:13:7b:ed:29:
         61:7d:0d:c7:41:fc:b1:a2:19:88:3d:2d:49:00:79:0c:85:f6:
         3a:cf:e4:7f:07:99:1d:32:17:c4:f6:42:59:33:cc:a7:62:1c:
         68:e4:c5:33:37:52:f8:4e:55:d3:d5:07:e7:da:10:d4:d6:f1:
         02:36:ad:19:04:2c:dc:37:d1:68:0b:d5:90:84:dc:e9:1b:c2:
         6e:c0:4c:29:3c:22:d5:69:66:a4:ae:85:b1:2f:28:0d:93:62:
         f0:2b:66:eb:35:4d:8c:f7:68:61:61:39:2f:02:28:7d:fd:83:
         c0:41:e2:66:e8:b9:b1:79:ab:00:e5:fb:c3:10:7a:79:a9:bf:
         0a:69:3b:2d:1c:7f:b4:2f:4b:aa:26:ab:a0:fa:b5:13:66:96:
         c3:7a:8e:64:0f:af:97:95:fd:44:50:ce:f7:35:f3:fd:ae:96:
         08:e8:1d:ef:9a:26:99:7f:96:8b:d1:b2:0e:a9:29:a5:9c:e0:
         b6:c5:4d:0c:30:2f:bb:7b:b0:2a:88:a9:3d:9e:19:a1:01:e5:
         9d:e6:8c:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntnIfH8/+06R2LYD6eCIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNmIzNTBlOWY0ZjEyNTllMmY5YzYwOWIyMmU2NWZiZDE4
NjIwNmIwHhcNMjUwMTAyMTU1MDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTAwNGQxYWFkYWZiZTk1YjVjNDQwNmFmYzlmMTM0ZTM2MGU1YWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA854rchDku3erMKjq6sapX/X/IAFx
W1EDRAkvL5JQodCERM6MCgPWJG4Lw6KUVQGyvFiPMpxwKHlxSZwGFktRzAryPfVo
1jWiZjY8rnQJaD0k8Fzg67l62cxrTufeEE7cokw1eVLW3bxLARMh3/io6hw6Paie
hL1/gR2mQPDGH93lu2LxtYySV7UVidDlunXM1odfvxxnI7fL26ejFuWOWBldtUt5
ZY5fqgdxYtZ/M2Hum7uxvAWv0yWm9NnH4SDHslwzYFJzPsrt7IOsb2lI4fs0PkH5
eYUE4Z4gzg+oiURK3ja0p6YurOJnpvrD2NxdF4if2WFSbgBBDy5V13DsVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAoATRqtr76VtcRAavyfE042DlrtMB8GA1UdIwQY
MBaAFHJrNQ6fTxJZ4vnGCbIuZfvRhiBrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY21zMURwOVBFbG5pLWNZSnNpNWwtOUdHSUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS80NzdjODYtYzdkNi00ZTM3LWJmZjYt
YTAwNzJiYWM5ZjQ4LzEvQ2dCTkdxMnZ2cFcxeEVCcV9KOFRUallPV3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS80NzdjODYtYzdkNi00ZTM3LWJmZjYtYTAwNzJiYWM5ZjQ4
LzEvY21zMURwOVBFbG5pLWNZSnNpNWwtOUdHSUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlei8MA0G
CSqGSIb3DQEBCwUAA4IBAQAFLPW+TZoGaFfBpxlxhuzbpSEWCS1PJdXDlAIYljn2
yzjsIc79McJ56GmSVAuUDTezjBN77SlhfQ3HQfyxohmIPS1JAHkMhfY6z+R/B5kd
MhfE9kJZM8ynYhxo5MUzN1L4TlXT1Qfn2hDU1vECNq0ZBCzcN9FoC9WQhNzpG8Ju
wEwpPCLVaWakroWxLygNk2LwK2brNU2M92hhYTkvAih9/YPAQeJm6LmxeasA5fvD
EHp5qb8KaTstHH+0L0uqJqug+rUTZpbDeo5kD6+Xlf1EUM73NfP9rpYI6B3vmiaZ
f5aL0bIOqSmlnOC2xU0MMC+7e7AqiKk9nhmhAeWd5owr
-----END CERTIFICATE-----