Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/m8IokWXXSsnAqYI3zMwdPZ6Ixfk.roa
File:                     m8IokWXXSsnAqYI3zMwdPZ6Ixfk.roa (raw, json)
Hash identifier:          PfPTVlQUQsehNwHzlj5pw4ydjkZB/Va3s6HnI8C+g2s=
Subject key identifier:   9B:C2:28:91:65:D7:4A:C9:C0:A9:82:37:CC:CC:1D:3D:9E:88:C5:F9
Certificate issuer:       /CN=ac0cd1a338ebf5c7952eb9a1f0060549f9340ad6
Certificate serial:       01902FD482949D453FB6A1568F5BEC634519
Authority key identifier: AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/m8IokWXXSsnAqYI3zMwdPZ6Ixfk.roa
Signing time:             Wed 19 Jun 2024 09:29:34 +0000
ROA not before:           Wed 19 Jun 2024 09:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60688
IP address blocks:        185.27.196.0/22 maxlen: 22
                          185.27.196.0/23 maxlen: 23
                          185.27.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2f:d4:82:94:9d:45:3f:b6:a1:56:8f:5b:ec:63:45:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac0cd1a338ebf5c7952eb9a1f0060549f9340ad6
        Validity
            Not Before: Jun 19 09:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bc2289165d74ac9c0a98237cccc1d3d9e88c5f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f8:37:4c:62:a0:5c:96:6f:73:9c:81:be:b4:
                    de:15:50:ff:aa:fa:6f:25:70:fd:de:b6:8b:0b:38:
                    2e:34:78:8c:01:4d:3d:60:4b:1a:f4:27:93:cd:2f:
                    9a:5a:77:e3:ba:02:bc:c2:40:57:d7:f7:83:70:54:
                    89:06:f0:5a:55:e7:87:3f:84:a3:81:54:29:00:93:
                    29:de:67:37:67:71:92:dc:90:b9:0e:31:5a:22:d4:
                    52:ce:a1:7d:3c:a9:05:8b:01:12:4b:83:c3:89:50:
                    52:a5:65:1f:eb:a5:e4:bc:07:1d:c3:11:e3:72:13:
                    30:14:2b:be:7d:e4:aa:3f:ba:d2:c6:be:e2:d0:8b:
                    53:97:6c:8a:4e:f9:4e:28:7a:d4:a5:38:94:2e:63:
                    b7:28:05:dd:06:e7:35:86:3f:6a:fc:60:d0:05:51:
                    a0:c5:f4:2a:b3:cb:22:93:aa:1c:83:5f:47:cf:75:
                    f2:03:4d:81:76:08:ad:a9:46:95:e9:ef:01:ad:86:
                    b4:87:fc:62:d1:7d:51:9e:19:12:1e:60:a8:ac:0b:
                    da:cf:ed:dc:e0:a1:62:2d:4e:bf:a7:fb:a1:1e:6d:
                    5d:b1:89:48:38:d2:53:fa:68:6c:70:54:87:3c:ff:
                    71:ad:fb:f3:2e:cf:d0:24:bf:8a:88:96:6c:94:5c:
                    d9:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:C2:28:91:65:D7:4A:C9:C0:A9:82:37:CC:CC:1D:3D:9E:88:C5:F9
            X509v3 Authority Key Identifier:
                keyid:AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/m8IokWXXSsnAqYI3zMwdPZ6Ixfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:53:67:c6:6f:40:d7:2c:86:9e:6a:df:42:00:4a:c6:32:e0:
         92:92:87:2d:5a:cb:4b:52:ad:e9:87:cb:f3:80:bc:47:be:e7:
         da:08:0d:6e:3f:51:90:2f:bf:ed:98:d8:d9:1f:54:4a:eb:29:
         5a:b1:3c:7e:4e:19:26:33:ac:5c:19:b7:39:93:2a:cf:33:38:
         ee:5f:fa:1e:17:46:6c:e4:38:87:d2:ff:c1:5a:64:a4:e4:a1:
         30:14:05:8e:d0:8f:6d:83:3d:e1:51:46:d5:77:56:10:8b:85:
         cc:ff:49:2e:ab:57:12:07:87:43:76:dd:7c:74:bb:52:5c:35:
         5f:2e:23:10:1b:cf:ed:45:c7:e0:36:7c:08:1f:1f:16:d1:45:
         1b:a9:1f:c4:50:84:b0:45:11:4e:c8:a7:0a:fe:dd:12:85:3e:
         3f:b1:f8:61:a2:0f:9c:93:85:14:91:45:03:65:a9:2b:e3:a5:
         8e:78:3d:67:c6:a7:36:07:77:48:27:96:4f:bb:c1:29:ca:3c:
         ec:d2:27:db:7a:ca:af:85:3b:c5:fe:b4:41:b1:a8:1f:28:df:
         5a:6e:f6:11:9b:31:10:15:95:7a:71:b0:59:96:ac:bd:f9:10:
         69:94:06:7f:0c:20:6b:a4:7e:e4:2d:20:be:8a:e9:76:c9:3e:
         d7:41:a4:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAv1IKUnUU/tqFWj1vsY0UZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMGNkMWEzMzhlYmY1Yzc5NTJlYjlhMWYwMDYwNTQ5Zjkz
NDBhZDYwHhcNMjQwNjE5MDkyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmMyMjg5MTY1ZDc0YWM5YzBhOTgyMzdjY2NjMWQzZDllODhjNWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/g3TGKgXJZvc5yBvrTeFVD/qvpv
JXD93raLCzguNHiMAU09YEsa9CeTzS+aWnfjugK8wkBX1/eDcFSJBvBaVeeHP4Sj
gVQpAJMp3mc3Z3GS3JC5DjFaItRSzqF9PKkFiwESS4PDiVBSpWUf66XkvAcdwxHj
chMwFCu+feSqP7rSxr7i0ItTl2yKTvlOKHrUpTiULmO3KAXdBuc1hj9q/GDQBVGg
xfQqs8sik6ocg19Hz3XyA02BdgitqUaV6e8BrYa0h/xi0X1RnhkSHmCorAvaz+3c
4KFiLU6/p/uhHm1dsYlIONJT+mhscFSHPP9xrfvzLs/QJL+KiJZslFzZ1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvCKJFl10rJwKmCN8zMHT2eiMX5MB8GA1UdIwQY
MBaAFKwM0aM46/XHlS65ofAGBUn5NArWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckF6Um96anI5Y2VWTHJtaDhBWUZTZmswQ3RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wYzVlYzEtOWMzZC00MTYyLTk4MDQt
YTMzNTE4YmRkOGZlLzEvbThJb2tXWFhTc25BcVlJM3pNd2RQWjZJeGZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wYzVlYzEtOWMzZC00MTYyLTk4MDQtYTMzNTE4YmRkOGZl
LzEvckF6Um96anI5Y2VWTHJtaDhBWUZTZmswQ3RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRvEMA0G
CSqGSIb3DQEBCwUAA4IBAQBmU2fGb0DXLIaeat9CAErGMuCSkoctWstLUq3ph8vz
gLxHvufaCA1uP1GQL7/tmNjZH1RK6ylasTx+ThkmM6xcGbc5kyrPMzjuX/oeF0Zs
5DiH0v/BWmSk5KEwFAWO0I9tgz3hUUbVd1YQi4XM/0kuq1cSB4dDdt18dLtSXDVf
LiMQG8/tRcfgNnwIHx8W0UUbqR/EUISwRRFOyKcK/t0ShT4/sfhhog+ck4UUkUUD
Zakr46WOeD1nxqc2B3dIJ5ZPu8Epyjzs0ifbesqvhTvF/rRBsagfKN9abvYRmzEQ
FZV6cbBZlqy9+RBplAZ/DCBrpH7kLSC+iul2yT7XQaRU
-----END CERTIFICATE-----