Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/g8OvlCg4M_LLYJ6bBQfa3qDygtM.roa
File:                     g8OvlCg4M_LLYJ6bBQfa3qDygtM.roa (raw, json)
Hash identifier:          /qXBTOslZR34Pb+CWF3w3swrkdRrWHLjJPxnYymdULY=
Subject key identifier:   83:C3:AF:94:28:38:33:F2:CB:60:9E:9B:05:07:DA:DE:A0:F2:82:D3
Certificate issuer:       /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial:       019427B63ABD85DAB5C6EED48DBA2A8D23CD
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/g8OvlCg4M_LLYJ6bBQfa3qDygtM.roa
Signing time:             Thu 02 Jan 2025 15:50:41 +0000
ROA not before:           Thu 02 Jan 2025 15:50:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211439
IP address blocks:        185.169.228.0/22 maxlen: 22
                          193.37.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:3a:bd:85:da:b5:c6:ee:d4:8d:ba:2a:8d:23:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
        Validity
            Not Before: Jan  2 15:50:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83c3af94283833f2cb609e9b0507dadea0f282d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:83:34:71:69:99:8f:5f:a9:45:25:7a:00:59:
                    21:8c:ff:f6:d2:ea:09:e6:ce:95:03:ff:5b:7f:3c:
                    10:c5:6a:a7:d5:c3:7e:1d:92:31:36:15:03:7b:84:
                    8a:4b:5a:54:e1:19:46:5d:e9:35:ed:0a:55:02:cd:
                    9f:74:6c:a5:cd:9b:a8:b5:46:4f:81:84:83:ec:ff:
                    55:17:99:d2:9f:12:ea:be:79:33:72:fc:9d:11:c1:
                    9a:32:77:0a:29:43:86:b7:6a:63:97:ae:ef:62:0a:
                    f5:7e:83:43:81:df:7a:26:9a:78:ab:b2:2b:1e:21:
                    80:89:2d:5f:06:aa:4c:a3:d1:8e:00:f2:cd:22:71:
                    23:90:ff:97:fd:b2:ea:d4:0c:42:3e:09:2b:9b:ee:
                    08:00:ba:8f:f0:12:53:2c:95:51:f4:30:f4:67:d7:
                    99:cf:33:ff:60:b6:b2:b4:46:f1:d8:57:1a:f5:43:
                    3e:b2:b1:58:50:3b:cd:3f:1f:86:8a:93:3c:8e:e3:
                    f4:28:3b:b7:5d:09:ba:8b:fb:8e:ed:59:d8:5d:9b:
                    4e:e5:87:ca:6d:d5:54:ff:54:32:f4:97:43:26:0f:
                    30:bd:87:c1:72:e5:b7:23:16:8c:0a:40:cb:f7:67:
                    57:8d:da:0e:62:69:af:7b:31:be:e8:72:a7:c3:e9:
                    83:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:C3:AF:94:28:38:33:F2:CB:60:9E:9B:05:07:DA:DE:A0:F2:82:D3
            X509v3 Authority Key Identifier:
                keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/g8OvlCg4M_LLYJ6bBQfa3qDygtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.228.0/22
                  193.37.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:c3:3e:61:a5:40:84:72:38:72:dd:2b:b4:9f:65:77:ca:b4:
         f4:70:4a:83:6e:7e:87:41:bf:a8:cb:2d:69:f9:e8:4a:95:af:
         37:1a:8d:ef:ff:d3:c5:c6:75:8f:fc:6d:a4:40:ff:5e:d6:c9:
         e9:79:0e:50:dd:94:f3:0e:50:20:b1:e9:c1:67:1a:15:93:89:
         1f:a1:e6:44:8b:29:49:a6:04:a3:ac:1f:40:23:10:17:f0:d1:
         a2:cb:0b:ca:5f:c1:98:45:48:01:fa:14:77:d8:7f:94:c0:61:
         b4:cf:0a:5a:85:70:e0:47:45:4d:7c:8c:b4:7e:c1:c4:91:cf:
         a0:9d:9e:f9:7f:83:93:c2:0b:fb:50:8a:ab:c3:b0:7c:13:9c:
         b5:6d:0c:c7:87:5d:e6:50:23:7c:a1:e6:18:e8:7e:0d:0a:00:
         c7:4c:5c:a0:f6:1f:e7:36:61:4a:30:0e:34:d3:47:dc:22:91:
         da:be:b1:3e:51:5f:ef:e2:07:6b:a4:fc:38:5a:f8:b0:d0:8b:
         0e:ef:3c:7e:bd:8a:be:03:b9:06:4d:d0:f5:d0:2e:60:7d:e3:
         2c:77:53:d4:59:7a:d3:94:b9:b1:63:ff:1c:8c:8a:15:94:be:
         c7:34:2f:a3:1d:ba:6b:60:cb:e8:c0:04:3a:36:cb:a4:53:68:
         b6:1b:bd:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntjq9hdq1xu7UjboqjSPNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjUwMTAyMTU1MDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2MzYWY5NDI4MzgzM2YyY2I2MDllOWIwNTA3ZGFkZWEwZjI4MmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIM0cWmZj1+pRSV6AFkhjP/20uoJ
5s6VA/9bfzwQxWqn1cN+HZIxNhUDe4SKS1pU4RlGXek17QpVAs2fdGylzZuotUZP
gYSD7P9VF5nSnxLqvnkzcvydEcGaMncKKUOGt2pjl67vYgr1foNDgd96Jpp4q7Ir
HiGAiS1fBqpMo9GOAPLNInEjkP+X/bLq1AxCPgkrm+4IALqP8BJTLJVR9DD0Z9eZ
zzP/YLaytEbx2Fca9UM+srFYUDvNPx+GipM8juP0KDu3XQm6i/uO7VnYXZtO5YfK
bdVU/1Qy9JdDJg8wvYfBcuW3IxaMCkDL92dXjdoOYmmvezG+6HKnw+mDswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIPDr5QoODPyy2CemwUH2t6g8oLTMB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvZzhPdmxDZzRNX0xMWUo2YkJRZmEzcUR5Z3RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuankAwQC
wSXcMA0GCSqGSIb3DQEBCwUAA4IBAQBYwz5hpUCEcjhy3Su0n2V3yrT0cEqDbn6H
Qb+oyy1p+ehKla83Go3v/9PFxnWP/G2kQP9e1snpeQ5Q3ZTzDlAgsenBZxoVk4kf
oeZEiylJpgSjrB9AIxAX8NGiywvKX8GYRUgB+hR32H+UwGG0zwpahXDgR0VNfIy0
fsHEkc+gnZ75f4OTwgv7UIqrw7B8E5y1bQzHh13mUCN8oeYY6H4NCgDHTFyg9h/n
NmFKMA4000fcIpHavrE+UV/v4gdrpPw4Wviw0IsO7zx+vYq+A7kGTdD10C5gfeMs
d1PUWXrTlLmxY/8cjIoVlL7HNC+jHbprYMvowAQ6NsukU2i2G71Z
-----END CERTIFICATE-----