Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/o4qbcCQCij_4lrM4fuG-GZzDpjs.roa
File:                     o4qbcCQCij_4lrM4fuG-GZzDpjs.roa (raw, json)
Hash identifier:          OQOBy/7xXgD89cYeKeQCwe26Q3oYa0ii7bEbJEXvS2M=
Subject key identifier:   A3:8A:9B:70:24:02:8A:3F:F8:96:B3:38:7E:E1:BE:19:9C:C3:A6:3B
Certificate issuer:       /CN=c2a29cc518010f7676353ff296644d9bd4a355cb
Certificate serial:       0194274838E8BD4173C32B39BB01609C7F06
Authority key identifier: C2:A2:9C:C5:18:01:0F:76:76:35:3F:F2:96:64:4D:9B:D4:A3:55:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/o4qbcCQCij_4lrM4fuG-GZzDpjs.roa
Signing time:             Thu 02 Jan 2025 13:50:32 +0000
ROA not before:           Thu 02 Jan 2025 13:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205146
IP address blocks:        185.227.188.0/23 maxlen: 23
                          185.227.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:38:e8:bd:41:73:c3:2b:39:bb:01:60:9c:7f:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2a29cc518010f7676353ff296644d9bd4a355cb
        Validity
            Not Before: Jan  2 13:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a38a9b7024028a3ff896b3387ee1be199cc3a63b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2f:1e:78:92:12:22:49:c1:78:57:49:62:43:
                    65:fd:b3:a6:57:b1:9c:88:3b:88:7d:56:81:c7:69:
                    d6:7e:a0:07:19:fd:f9:bf:3b:73:04:55:19:b8:b6:
                    74:ff:6a:98:24:90:15:ed:e8:08:c5:d5:e0:e8:be:
                    b1:50:8d:00:a7:7f:33:09:79:04:c7:89:df:5b:fa:
                    f8:fb:e6:e4:e0:61:04:54:ef:d9:b1:a3:a4:f3:23:
                    61:79:88:c4:33:f1:b2:e9:19:3c:fb:40:f0:bd:be:
                    d6:d9:cc:9d:2a:33:e5:e0:2c:6b:75:3e:d3:16:87:
                    bd:cc:33:b1:ca:96:6f:b3:37:64:c8:62:df:8b:cf:
                    96:27:36:74:15:7e:27:28:b6:81:c7:1b:52:08:6e:
                    82:e5:16:cf:e3:c0:2a:f7:2b:e4:6c:4a:ee:f2:ef:
                    b7:82:b5:e1:e2:51:b8:39:9a:8a:7d:91:b6:29:30:
                    0d:50:b2:86:65:4a:17:2a:fe:a2:75:49:e9:02:64:
                    4e:b9:00:ad:cb:fc:6d:1b:cb:7c:9f:48:36:aa:09:
                    28:a0:d8:15:48:8d:d9:44:35:43:54:15:8a:58:61:
                    d4:77:0f:53:56:03:7f:36:0d:9b:f4:dc:b8:3f:ad:
                    b1:09:c8:79:3d:18:e9:11:fe:ce:2b:43:7b:58:94:
                    53:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:8A:9B:70:24:02:8A:3F:F8:96:B3:38:7E:E1:BE:19:9C:C3:A6:3B
            X509v3 Authority Key Identifier:
                keyid:C2:A2:9C:C5:18:01:0F:76:76:35:3F:F2:96:64:4D:9B:D4:A3:55:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/o4qbcCQCij_4lrM4fuG-GZzDpjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/39ede1-bfe1-472e-874c-7c1f0cdfce77/1/wqKcxRgBD3Z2NT_ylmRNm9SjVcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.188.0/23
                  185.227.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:30:49:ff:8b:0f:14:7b:70:bc:fe:e4:92:ec:6d:23:c6:86:
         08:0f:06:1c:65:ed:84:79:ac:56:ce:d3:53:33:54:f3:22:cd:
         3d:7c:f3:a3:73:33:5d:fb:e0:ad:16:c0:7f:fa:fc:2b:af:25:
         f0:1e:e8:6e:7b:73:1a:7a:b0:c7:3b:62:f6:05:63:68:d5:6f:
         8c:ee:8e:1e:ac:15:ef:b3:08:ec:a1:2b:49:e4:e2:89:c0:6a:
         0b:23:11:4a:dc:ab:cb:b8:e3:2c:03:75:96:57:fa:89:15:59:
         18:c9:9f:97:0b:de:95:5f:a2:57:b7:21:c5:20:98:6c:a1:06:
         32:7f:c5:95:d4:33:63:d9:0b:e2:36:41:dc:f2:63:92:56:34:
         ae:9b:82:3c:24:d1:dd:61:3e:ed:a6:8b:50:00:9d:61:3d:32:
         55:65:89:37:7e:3d:a5:be:d5:c2:e2:27:ed:c4:99:fa:b2:44:
         d1:eb:9b:cf:b7:72:49:38:64:6b:d0:0a:94:e2:c8:bd:6e:ec:
         83:86:5e:69:da:30:d8:d2:dd:e6:7d:f3:d6:e8:a0:f4:a2:1b:
         c3:ba:54:6e:71:20:26:66:d3:cc:06:b4:4e:74:33:ca:45:11:
         02:44:bf:34:d5:88:1f:32:f2:f0:ce:5f:62:36:c6:f3:c3:1f:
         5a:bd:27:0f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSDjovUFzwys5uwFgnH8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYTI5Y2M1MTgwMTBmNzY3NjM1M2ZmMjk2NjQ0ZDliZDRh
MzU1Y2IwHhcNMjUwMTAyMTM1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzhhOWI3MDI0MDI4YTNmZjg5NmIzMzg3ZWUxYmUxOTljYzNhNjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmy8eeJISIknBeFdJYkNl/bOmV7Gc
iDuIfVaBx2nWfqAHGf35vztzBFUZuLZ0/2qYJJAV7egIxdXg6L6xUI0Ap38zCXkE
x4nfW/r4++bk4GEEVO/ZsaOk8yNheYjEM/Gy6Rk8+0Dwvb7W2cydKjPl4CxrdT7T
Foe9zDOxypZvszdkyGLfi8+WJzZ0FX4nKLaBxxtSCG6C5RbP48Aq9yvkbEru8u+3
grXh4lG4OZqKfZG2KTANULKGZUoXKv6idUnpAmROuQCty/xtG8t8n0g2qgkooNgV
SI3ZRDVDVBWKWGHUdw9TVgN/Ng2b9Ny4P62xCch5PRjpEf7OK0N7WJRTqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKOKm3AkAoo/+JazOH7hvhmcw6Y7MB8GA1UdIwQY
MBaAFMKinMUYAQ92djU/8pZkTZvUo1XLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3FLY3hSZ0JEM1oyTlRfeWxtUk5tOVNqVmNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zOWVkZTEtYmZlMS00NzJlLTg3NGMt
N2MxZjBjZGZjZTc3LzEvbzRxYmNDUUNpal80bHJNNGZ1Ry1HWnpEcGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zOWVkZTEtYmZlMS00NzJlLTg3NGMtN2MxZjBjZGZjZTc3
LzEvd3FLY3hSZ0JEM1oyTlRfeWxtUk5tOVNqVmNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBueO8AwQA
ueO/MA0GCSqGSIb3DQEBCwUAA4IBAQAiMEn/iw8Ue3C8/uSS7G0jxoYIDwYcZe2E
eaxWztNTM1TzIs09fPOjczNd++CtFsB/+vwrryXwHuhue3MaerDHO2L2BWNo1W+M
7o4erBXvswjsoStJ5OKJwGoLIxFK3KvLuOMsA3WWV/qJFVkYyZ+XC96VX6JXtyHF
IJhsoQYyf8WV1DNj2QviNkHc8mOSVjSum4I8JNHdYT7tpotQAJ1hPTJVZYk3fj2l
vtXC4iftxJn6skTR65vPt3JJOGRr0AqU4si9buyDhl5p2jDY0t3mffPW6KD0ohvD
ulRucSAmZtPMBrROdDPKRRECRL801YgfMvLwzl9iNsbzwx9avScP
-----END CERTIFICATE-----