Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/_DE8jBpnVZ36FaQjKKqWbHiWbvo.roa
File:                     _DE8jBpnVZ36FaQjKKqWbHiWbvo.roa (raw, json)
Hash identifier:          nj3mkL3pbPWWGWLOVhi9o9i9dXTzVhaJgzjUgFTiKuo=
Subject key identifier:   FC:31:3C:8C:1A:67:55:9D:FA:15:A4:23:28:AA:96:6C:78:96:6E:FA
Certificate issuer:       /CN=726b350e9f4f1259e2f9c609b22e65fbd186206b
Certificate serial:       019427B671D0242A272801CA2EDF524DB390
Authority key identifier: 72:6B:35:0E:9F:4F:12:59:E2:F9:C6:09:B2:2E:65:FB:D1:86:20:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cms1Dp9PElni-cYJsi5l-9GGIGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/_DE8jBpnVZ36FaQjKKqWbHiWbvo.roa
Signing time:             Thu 02 Jan 2025 15:50:55 +0000
ROA not before:           Thu 02 Jan 2025 15:50:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        149.232.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/cms1Dp9PElni-cYJsi5l-9GGIGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/cms1Dp9PElni-cYJsi5l-9GGIGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cms1Dp9PElni-cYJsi5l-9GGIGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:71:d0:24:2a:27:28:01:ca:2e:df:52:4d:b3:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=726b350e9f4f1259e2f9c609b22e65fbd186206b
        Validity
            Not Before: Jan  2 15:50:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc313c8c1a67559dfa15a42328aa966c78966efa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4c:ba:68:32:52:5b:e9:f5:45:15:11:68:a0:
                    43:62:13:f3:83:ed:48:ac:f5:3a:df:aa:6c:28:f8:
                    ce:c6:c3:bb:52:cb:a4:05:ff:87:ec:23:f7:85:c1:
                    ae:65:82:65:c2:fe:10:1d:d7:42:fb:fd:5e:7c:a7:
                    10:7b:1b:9d:f3:f9:83:68:d4:a2:b1:df:d4:e6:9d:
                    7b:1c:ff:33:b3:c1:87:bf:e3:55:64:9b:e6:5d:1a:
                    cb:e4:5f:82:09:83:5c:ef:a7:d2:9d:40:06:8a:5c:
                    a2:84:5d:c5:1a:05:6f:38:43:f3:48:7f:38:8d:3a:
                    ee:07:c6:8d:2a:07:e3:a6:db:c4:98:a3:8b:fe:b6:
                    d2:99:69:76:26:88:21:a2:c7:9c:c2:52:75:2f:00:
                    43:fb:b7:f1:be:7f:be:38:7f:56:b9:de:d7:f1:61:
                    4b:d0:cc:2b:4e:b8:41:24:c5:64:da:11:f8:aa:d4:
                    b1:f4:63:2e:a8:c1:35:ac:9e:81:29:8a:80:a3:88:
                    74:9c:96:9f:ea:8a:d2:be:c6:d3:dd:43:59:be:08:
                    91:d9:22:82:74:fc:8e:93:26:f5:ae:dc:b5:b8:93:
                    dc:87:1c:cd:03:10:8e:31:d1:d5:e6:2b:4c:39:fa:
                    45:f0:76:2b:92:c9:74:ec:af:29:20:fd:62:6d:56:
                    84:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:31:3C:8C:1A:67:55:9D:FA:15:A4:23:28:AA:96:6C:78:96:6E:FA
            X509v3 Authority Key Identifier:
                keyid:72:6B:35:0E:9F:4F:12:59:E2:F9:C6:09:B2:2E:65:FB:D1:86:20:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cms1Dp9PElni-cYJsi5l-9GGIGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/_DE8jBpnVZ36FaQjKKqWbHiWbvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/477c86-c7d6-4e37-bff6-a0072bac9f48/1/cms1Dp9PElni-cYJsi5l-9GGIGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.232.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:5b:6f:7c:f8:b0:42:51:0b:ec:a0:5e:d4:7f:75:ee:ae:19:
         78:f6:48:bf:c7:0c:df:bb:09:5d:e9:bf:6a:5e:41:8e:49:3b:
         83:5f:ea:3c:a3:77:67:94:17:95:9d:be:d4:72:d5:b4:31:81:
         07:13:f8:0b:80:17:21:65:c4:ae:84:bc:3c:f9:12:32:6b:c1:
         46:bc:dd:2e:be:bc:1d:05:e1:24:9e:b2:6a:66:d2:57:0c:ce:
         4d:13:11:fd:ba:db:09:db:0d:c7:5c:73:2b:b2:17:f2:70:82:
         1d:52:96:e9:81:ab:1a:d9:2b:10:27:0a:99:b8:fc:52:a6:22:
         f6:6e:ee:2e:eb:7a:e4:8c:01:ff:74:a6:1b:3f:c5:d3:cc:10:
         13:b6:6f:68:c4:76:f7:ac:1c:63:f1:67:ff:7e:0b:25:3e:c4:
         66:34:a0:05:6d:65:0a:90:2b:53:dc:f5:90:d8:20:d6:c4:2a:
         3a:82:14:8d:f7:1b:da:2f:a2:51:39:a7:20:de:09:78:cb:41:
         e6:fc:a4:38:15:bd:f6:c8:53:73:08:d4:8d:be:b6:a7:bb:eb:
         ad:ed:5a:c9:7e:b5:c3:2e:53:d3:c9:41:df:d7:ce:bb:f6:b0:
         7a:fd:b0:06:37:b0:22:d9:7c:f0:84:48:e6:8a:5a:97:33:7c:
         23:09:fb:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntnHQJConKAHKLt9STbOQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNmIzNTBlOWY0ZjEyNTllMmY5YzYwOWIyMmU2NWZiZDE4
NjIwNmIwHhcNMjUwMTAyMTU1MDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzMxM2M4YzFhNjc1NTlkZmExNWE0MjMyOGFhOTY2Yzc4OTY2ZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtky6aDJSW+n1RRURaKBDYhPzg+1I
rPU636psKPjOxsO7UsukBf+H7CP3hcGuZYJlwv4QHddC+/1efKcQexud8/mDaNSi
sd/U5p17HP8zs8GHv+NVZJvmXRrL5F+CCYNc76fSnUAGilyihF3FGgVvOEPzSH84
jTruB8aNKgfjptvEmKOL/rbSmWl2JoghosecwlJ1LwBD+7fxvn++OH9Wud7X8WFL
0MwrTrhBJMVk2hH4qtSx9GMuqME1rJ6BKYqAo4h0nJaf6orSvsbT3UNZvgiR2SKC
dPyOkyb1rty1uJPchxzNAxCOMdHV5itMOfpF8HYrksl07K8pIP1ibVaEKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwxPIwaZ1Wd+hWkIyiqlmx4lm76MB8GA1UdIwQY
MBaAFHJrNQ6fTxJZ4vnGCbIuZfvRhiBrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY21zMURwOVBFbG5pLWNZSnNpNWwtOUdHSUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS80NzdjODYtYzdkNi00ZTM3LWJmZjYt
YTAwNzJiYWM5ZjQ4LzEvX0RFOGpCcG5WWjM2RmFRaktLcVdiSGlXYnZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS80NzdjODYtYzdkNi00ZTM3LWJmZjYtYTAwNzJiYWM5ZjQ4
LzEvY21zMURwOVBFbG5pLWNZSnNpNWwtOUdHSUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlei8MA0G
CSqGSIb3DQEBCwUAA4IBAQA3W298+LBCUQvsoF7Uf3Xurhl49ki/xwzfuwld6b9q
XkGOSTuDX+o8o3dnlBeVnb7UctW0MYEHE/gLgBchZcSuhLw8+RIya8FGvN0uvrwd
BeEknrJqZtJXDM5NExH9utsJ2w3HXHMrshfycIIdUpbpgasa2SsQJwqZuPxSpiL2
bu4u63rkjAH/dKYbP8XTzBATtm9oxHb3rBxj8Wf/fgslPsRmNKAFbWUKkCtT3PWQ
2CDWxCo6ghSN9xvaL6JROacg3gl4y0Hm/KQ4Fb32yFNzCNSNvranu+ut7VrJfrXD
LlPTyUHf18679rB6/bAGN7Ai2XzwhEjmilqXM3wjCftO
-----END CERTIFICATE-----