Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/f75C-eTq_0EKgTYOGoFO4ittOsE.roa
File:                     f75C-eTq_0EKgTYOGoFO4ittOsE.roa (raw, json)
Hash identifier:          i/H4pWzbwylaFsZBa5QuEepfQLuTxubTgyGCX8GB8e0=
Subject key identifier:   7F:BE:42:F9:E4:EA:FF:41:0A:81:36:0E:1A:81:4E:E2:2B:6D:3A:C1
Certificate issuer:       /CN=ac0cd1a338ebf5c7952eb9a1f0060549f9340ad6
Certificate serial:       01902FD481E3880E9C24EE254D6E8957FCFC
Authority key identifier: AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/f75C-eTq_0EKgTYOGoFO4ittOsE.roa
Signing time:             Wed 19 Jun 2024 09:29:34 +0000
ROA not before:           Wed 19 Jun 2024 09:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28757
IP address blocks:        185.27.196.0/22 maxlen: 22
                          185.27.196.0/23 maxlen: 23
                          185.27.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 18:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2f:d4:81:e3:88:0e:9c:24:ee:25:4d:6e:89:57:fc:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac0cd1a338ebf5c7952eb9a1f0060549f9340ad6
        Validity
            Not Before: Jun 19 09:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fbe42f9e4eaff410a81360e1a814ee22b6d3ac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:dd:4b:06:0b:00:86:f7:a0:da:f8:f0:b4:e0:
                    ab:df:51:5e:1f:ae:42:05:44:45:e6:9e:78:e0:4d:
                    3e:46:fd:12:19:77:91:95:70:9b:92:15:8c:d7:5e:
                    81:4a:64:ee:5a:1e:7e:8c:9f:5b:00:b9:96:86:7f:
                    70:35:dc:d5:0f:25:38:fa:7a:a1:6e:d8:28:f5:67:
                    fc:78:d4:91:4b:3d:ca:51:02:9c:09:db:16:1e:75:
                    50:05:44:17:c8:30:10:2c:c0:95:12:d5:1d:d1:56:
                    a0:95:7c:6e:3b:ef:3a:e2:cc:1f:a4:78:bb:e7:a8:
                    36:b0:89:38:22:f3:b4:87:92:c6:8d:7d:cf:6f:79:
                    5e:db:ef:57:be:4b:28:c6:b3:4f:19:0f:5b:d3:61:
                    75:8a:9f:0c:e4:17:e2:07:de:2b:f8:24:cc:03:4f:
                    1d:f0:8a:52:fe:ef:7f:2c:dd:4d:e2:db:a0:ef:11:
                    38:74:4e:e9:12:18:ee:75:29:bf:f9:2e:51:e6:d9:
                    3f:c9:96:89:d6:02:60:8b:f3:92:39:e0:d8:5a:81:
                    d8:07:9b:f9:b8:0d:cf:c6:51:16:53:9e:5e:9b:f1:
                    c3:1b:c7:88:7f:53:7e:41:75:69:9e:0d:ef:67:bd:
                    89:cd:84:31:c7:39:00:46:3c:38:5d:1a:34:c7:94:
                    e1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:BE:42:F9:E4:EA:FF:41:0A:81:36:0E:1A:81:4E:E2:2B:6D:3A:C1
            X509v3 Authority Key Identifier:
                keyid:AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/f75C-eTq_0EKgTYOGoFO4ittOsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:d5:23:e7:6f:47:49:48:e7:bc:36:59:2d:2f:9d:b0:71:a9:
         36:cd:53:11:00:39:6a:ac:05:74:55:ae:af:cb:ab:c9:8e:cb:
         20:56:7c:10:94:b4:86:ae:14:c0:84:57:4e:35:5b:f0:cf:72:
         4b:a1:e2:4f:ae:bf:c2:44:da:13:c2:7a:ce:10:d9:65:13:f5:
         e6:9c:23:ab:e0:28:00:46:0a:5f:3f:12:63:e6:e6:66:cc:5c:
         87:8d:ba:f8:f0:74:b7:b8:89:ae:64:29:d7:f1:09:f1:5b:55:
         36:bc:f3:7e:d1:94:1d:8f:62:91:33:f8:77:f1:ef:c7:2b:7c:
         2e:83:38:b8:47:28:85:41:d8:3d:63:3b:8a:48:be:d2:f2:62:
         ea:f2:f6:b2:d3:93:12:6d:79:63:ad:74:64:59:53:6e:a0:29:
         10:4b:1e:ce:9b:e9:89:7d:b3:fd:34:be:ab:59:fd:1f:9a:d1:
         e5:9f:fa:80:4b:2f:43:47:d1:0e:87:3e:a0:b8:dd:16:b5:1e:
         eb:b6:93:be:d7:d2:03:fa:8d:46:97:4f:8e:cf:a3:27:a1:f4:
         c5:cf:e7:08:05:e6:04:94:98:88:8b:90:f8:6f:3c:bd:c8:d7:
         2e:28:6a:fe:ea:7d:f8:4a:ff:5a:7c:75:49:ea:ce:48:e9:fb:
         80:ef:9e:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAv1IHjiA6cJO4lTW6JV/z8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMGNkMWEzMzhlYmY1Yzc5NTJlYjlhMWYwMDYwNTQ5Zjkz
NDBhZDYwHhcNMjQwNjE5MDkyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmJlNDJmOWU0ZWFmZjQxMGE4MTM2MGUxYTgxNGVlMjJiNmQzYWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoN1LBgsAhveg2vjwtOCr31FeH65C
BURF5p544E0+Rv0SGXeRlXCbkhWM116BSmTuWh5+jJ9bALmWhn9wNdzVDyU4+nqh
btgo9Wf8eNSRSz3KUQKcCdsWHnVQBUQXyDAQLMCVEtUd0VaglXxuO+864swfpHi7
56g2sIk4IvO0h5LGjX3Pb3le2+9XvksoxrNPGQ9b02F1ip8M5BfiB94r+CTMA08d
8IpS/u9/LN1N4tug7xE4dE7pEhjudSm/+S5R5tk/yZaJ1gJgi/OSOeDYWoHYB5v5
uA3PxlEWU55em/HDG8eIf1N+QXVpng3vZ72JzYQxxzkARjw4XRo0x5ThcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH++Qvnk6v9BCoE2DhqBTuIrbTrBMB8GA1UdIwQY
MBaAFKwM0aM46/XHlS65ofAGBUn5NArWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckF6Um96anI5Y2VWTHJtaDhBWUZTZmswQ3RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wYzVlYzEtOWMzZC00MTYyLTk4MDQt
YTMzNTE4YmRkOGZlLzEvZjc1Qy1lVHFfMEVLZ1RZT0dvRk80aXR0T3NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wYzVlYzEtOWMzZC00MTYyLTk4MDQtYTMzNTE4YmRkOGZl
LzEvckF6Um96anI5Y2VWTHJtaDhBWUZTZmswQ3RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRvEMA0G
CSqGSIb3DQEBCwUAA4IBAQAc1SPnb0dJSOe8NlktL52wcak2zVMRADlqrAV0Va6v
y6vJjssgVnwQlLSGrhTAhFdONVvwz3JLoeJPrr/CRNoTwnrOENllE/XmnCOr4CgA
RgpfPxJj5uZmzFyHjbr48HS3uImuZCnX8QnxW1U2vPN+0ZQdj2KRM/h38e/HK3wu
gzi4RyiFQdg9YzuKSL7S8mLq8vay05MSbXljrXRkWVNuoCkQSx7Om+mJfbP9NL6r
Wf0fmtHln/qASy9DR9EOhz6guN0WtR7rtpO+19ID+o1Gl0+Oz6MnofTFz+cIBeYE
lJiIi5D4bzy9yNcuKGr+6n34Sv9afHVJ6s5I6fuA756G
-----END CERTIFICATE-----