Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/oYkhZTLQrnvl-IttxzifaAlw7V0.roa
File:                     oYkhZTLQrnvl-IttxzifaAlw7V0.roa (raw, json)
Hash identifier:          QiFAHpz1St3NeW4jjfgoztvBboy2Q91P0n4+GCcROlY=
Subject key identifier:   A1:89:21:65:32:D0:AE:7B:E5:F8:8B:6D:C7:38:9F:68:09:70:ED:5D
Certificate issuer:       /CN=ac0cd1a338ebf5c7952eb9a1f0060549f9340ad6
Certificate serial:       0194244482A176E77475A97F5B18C4F5A754
Authority key identifier: AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/oYkhZTLQrnvl-IttxzifaAlw7V0.roa
Signing time:             Wed 01 Jan 2025 23:47:37 +0000
ROA not before:           Wed 01 Jan 2025 23:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28757
IP address blocks:        185.27.196.0/22 maxlen: 22
                          185.27.196.0/23 maxlen: 23
                          185.27.198.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 08:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:82:a1:76:e7:74:75:a9:7f:5b:18:c4:f5:a7:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac0cd1a338ebf5c7952eb9a1f0060549f9340ad6
        Validity
            Not Before: Jan  1 23:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a189216532d0ae7be5f88b6dc7389f680970ed5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d8:9e:06:59:c0:fe:73:97:33:0a:f6:43:99:
                    1d:cb:62:e8:83:58:50:8e:85:a3:66:c3:77:eb:9a:
                    90:0d:5c:6f:93:7c:c0:9a:cd:dd:21:fe:52:e5:1f:
                    c5:4c:73:92:73:00:8a:02:02:07:53:f4:e1:92:bd:
                    e1:3c:39:c5:a4:d2:0b:4b:14:8b:60:2d:87:df:9a:
                    14:fd:0a:d7:0e:c5:e4:98:c9:c3:c0:c3:6f:aa:b0:
                    c9:44:e1:aa:3e:52:3e:e7:a3:f1:df:c5:dc:97:25:
                    90:3e:40:20:40:41:42:52:7a:f0:87:b8:d6:85:b0:
                    cb:ff:26:a6:ee:f2:86:a1:38:a4:0c:1b:45:13:b1:
                    0d:f7:05:9d:8a:f6:8c:57:1c:9b:96:f5:c7:58:8e:
                    9a:53:f2:96:c1:09:39:01:e1:29:3a:41:9f:ca:23:
                    39:3f:41:70:7c:37:e3:01:01:41:31:94:25:96:7c:
                    85:77:89:47:a3:e3:f3:81:da:fa:5b:1c:64:73:41:
                    cc:59:c1:14:d8:84:3b:a8:73:c4:12:b7:93:64:fa:
                    8c:19:ea:52:20:29:ee:ec:6b:90:82:0b:2c:41:17:
                    41:7c:01:65:78:b7:ef:7b:12:95:54:4c:70:90:55:
                    19:ca:68:aa:6b:d9:f8:7f:1c:a8:2f:3a:7f:61:04:
                    d1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:89:21:65:32:D0:AE:7B:E5:F8:8B:6D:C7:38:9F:68:09:70:ED:5D
            X509v3 Authority Key Identifier:
                keyid:AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/oYkhZTLQrnvl-IttxzifaAlw7V0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:8b:dc:c6:56:07:79:2a:ba:de:aa:a0:f2:77:3b:b6:68:46:
         0c:31:3c:bc:3d:cd:1c:2d:7d:f4:5a:1d:95:12:26:34:59:0e:
         b6:fa:0c:71:6a:7a:05:33:7a:9f:ae:b7:39:b2:bb:eb:de:25:
         ff:f5:fc:39:c7:05:06:f2:3a:6f:5b:7f:29:9a:bb:e2:2a:46:
         26:4c:0f:92:f0:97:a3:73:f0:26:05:0b:11:8c:19:39:c6:d7:
         9a:12:26:12:10:3b:f1:80:fd:72:55:ee:27:d6:9b:16:cc:83:
         4f:d5:c7:bc:ac:cf:59:ae:1d:01:01:63:dc:cb:15:30:cf:2a:
         74:1f:d3:68:0b:5e:ad:1e:08:8d:88:e2:48:b7:b1:24:ff:f9:
         90:68:0f:4a:34:d8:42:b3:56:49:9c:a6:b2:08:bb:97:6c:c5:
         39:e4:38:c5:03:11:c4:f7:88:fd:64:61:e8:00:0d:95:f7:70:
         4b:95:a3:12:bb:5a:ac:a7:d2:11:bf:18:bc:ee:5d:3e:a9:43:
         0e:31:f0:e7:05:13:ac:7b:8a:26:7e:de:61:f2:d9:40:ba:e7:
         a0:c5:70:2c:82:95:16:81:75:7f:7d:fc:b1:34:98:7f:5e:9d:
         77:ed:07:46:a0:fa:fb:fc:31:00:c4:17:4f:9a:e6:f1:fb:29:
         45:dc:bb:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRIKhdud0dal/WxjE9adUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMGNkMWEzMzhlYmY1Yzc5NTJlYjlhMWYwMDYwNTQ5Zjkz
NDBhZDYwHhcNMjUwMTAxMjM0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTg5MjE2NTMyZDBhZTdiZTVmODhiNmRjNzM4OWY2ODA5NzBlZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNieBlnA/nOXMwr2Q5kdy2Log1hQ
joWjZsN365qQDVxvk3zAms3dIf5S5R/FTHOScwCKAgIHU/Thkr3hPDnFpNILSxSL
YC2H35oU/QrXDsXkmMnDwMNvqrDJROGqPlI+56Px38XclyWQPkAgQEFCUnrwh7jW
hbDL/yam7vKGoTikDBtFE7EN9wWdivaMVxyblvXHWI6aU/KWwQk5AeEpOkGfyiM5
P0FwfDfjAQFBMZQllnyFd4lHo+Pzgdr6Wxxkc0HMWcEU2IQ7qHPEEreTZPqMGepS
ICnu7GuQggssQRdBfAFleLfvexKVVExwkFUZymiqa9n4fxyoLzp/YQTR5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGJIWUy0K575fiLbcc4n2gJcO1dMB8GA1UdIwQY
MBaAFKwM0aM46/XHlS65ofAGBUn5NArWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckF6Um96anI5Y2VWTHJtaDhBWUZTZmswQ3RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wYzVlYzEtOWMzZC00MTYyLTk4MDQt
YTMzNTE4YmRkOGZlLzEvb1lraFpUTFFybnZsLUl0dHh6aWZhQWx3N1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wYzVlYzEtOWMzZC00MTYyLTk4MDQtYTMzNTE4YmRkOGZl
LzEvckF6Um96anI5Y2VWTHJtaDhBWUZTZmswQ3RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRvEMA0G
CSqGSIb3DQEBCwUAA4IBAQBwi9zGVgd5KrreqqDydzu2aEYMMTy8Pc0cLX30Wh2V
EiY0WQ62+gxxanoFM3qfrrc5srvr3iX/9fw5xwUG8jpvW38pmrviKkYmTA+S8Jej
c/AmBQsRjBk5xteaEiYSEDvxgP1yVe4n1psWzINP1ce8rM9Zrh0BAWPcyxUwzyp0
H9NoC16tHgiNiOJIt7Ek//mQaA9KNNhCs1ZJnKayCLuXbMU55DjFAxHE94j9ZGHo
AA2V93BLlaMSu1qsp9IRvxi87l0+qUMOMfDnBROse4omft5h8tlAuuegxXAsgpUW
gXV/ffyxNJh/Xp137QdGoPr7/DEAxBdPmubx+ylF3LsB
-----END CERTIFICATE-----