Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/be306f-0f8c-4674-93ff-2a9712bf603c/1/x0gusjZxaAiftvAcjczux1Ius_E.roa
File:                     x0gusjZxaAiftvAcjczux1Ius_E.roa (raw, json)
Hash identifier:          HFa+GGzqn2pKQb0OIJEk/YaY1MmpeAOG1mYH0pjtvqc=
Subject key identifier:   C7:48:2E:B2:36:71:68:08:9F:B6:F0:1C:8D:CC:EE:C7:52:2E:B3:F1
Certificate issuer:       /CN=c00935185c68036a0faedeeaaa6bfef4e62a0c93
Certificate serial:       019421B25BEC5CAFBB594A8437E9C3629FFC
Authority key identifier: C0:09:35:18:5C:68:03:6A:0F:AE:DE:EA:AA:6B:FE:F4:E6:2A:0C:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wAk1GFxoA2oPrt7qqmv-9OYqDJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/be306f-0f8c-4674-93ff-2a9712bf603c/1/x0gusjZxaAiftvAcjczux1Ius_E.roa
Signing time:             Wed 01 Jan 2025 11:48:44 +0000
ROA not before:           Wed 01 Jan 2025 11:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42697
IP address blocks:        185.27.0.0/22 maxlen: 22
                          185.27.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/be306f-0f8c-4674-93ff-2a9712bf603c/1/wAk1GFxoA2oPrt7qqmv-9OYqDJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/be306f-0f8c-4674-93ff-2a9712bf603c/1/wAk1GFxoA2oPrt7qqmv-9OYqDJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wAk1GFxoA2oPrt7qqmv-9OYqDJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:5b:ec:5c:af:bb:59:4a:84:37:e9:c3:62:9f:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c00935185c68036a0faedeeaaa6bfef4e62a0c93
        Validity
            Not Before: Jan  1 11:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7482eb2367168089fb6f01c8dcceec7522eb3f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ee:8c:ab:6d:76:d1:9d:b5:09:8a:22:4f:e6:
                    d5:66:12:3e:b5:c7:06:a7:01:d3:ad:30:84:05:20:
                    79:0f:40:7d:9d:2e:46:a7:4c:59:16:3c:8a:c0:ca:
                    5b:c5:fc:82:54:b9:91:b8:87:0c:de:0f:60:94:a6:
                    f5:1b:63:5a:c1:f9:be:75:d5:21:73:bc:3d:b4:d0:
                    2b:05:26:e5:fd:b3:07:04:94:e6:10:d3:bc:62:85:
                    d9:0a:df:6e:92:c2:de:b9:13:e2:53:41:f7:3f:3c:
                    80:5c:bd:6f:c4:89:b9:c3:b3:99:4b:df:c1:0d:10:
                    cf:01:a9:03:b6:37:b5:cf:50:3a:29:c8:0e:74:72:
                    58:a3:39:dd:ea:af:65:50:ad:ca:2a:38:06:c1:16:
                    44:67:2f:ee:b9:00:53:bf:16:59:03:65:7c:e7:4b:
                    f0:9c:6e:ed:46:43:89:60:49:0f:18:9f:4c:82:0b:
                    7e:98:57:06:40:90:94:36:0f:ea:52:ec:71:a7:79:
                    48:b2:34:27:36:66:2f:3a:4b:0c:01:74:00:3b:f8:
                    91:40:37:4b:ad:c8:bd:30:cd:bc:6c:f5:23:bb:8d:
                    61:56:91:03:ad:f0:39:c4:a4:cd:e5:a1:64:52:b2:
                    5d:53:30:54:47:22:fb:16:65:fa:5f:29:2e:fd:7d:
                    4d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:48:2E:B2:36:71:68:08:9F:B6:F0:1C:8D:CC:EE:C7:52:2E:B3:F1
            X509v3 Authority Key Identifier:
                keyid:C0:09:35:18:5C:68:03:6A:0F:AE:DE:EA:AA:6B:FE:F4:E6:2A:0C:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wAk1GFxoA2oPrt7qqmv-9OYqDJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/be306f-0f8c-4674-93ff-2a9712bf603c/1/x0gusjZxaAiftvAcjczux1Ius_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/be306f-0f8c-4674-93ff-2a9712bf603c/1/wAk1GFxoA2oPrt7qqmv-9OYqDJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:2a:eb:87:46:92:83:74:80:7f:68:34:dd:21:8d:29:4b:48:
         b5:fb:b3:bd:59:95:65:2e:15:6a:fe:4d:51:8f:4e:e5:2a:c2:
         59:3e:61:1d:79:92:f2:44:38:10:e8:bf:bf:6d:cd:11:23:bd:
         71:d0:0f:bd:08:07:af:2f:01:98:9b:9b:a5:27:fe:73:5a:7f:
         de:76:0a:b9:5b:af:f4:ae:f4:bc:3d:e4:0b:91:9d:0b:95:4f:
         67:97:af:54:ce:fb:2a:d7:13:71:fb:e6:40:20:c9:96:ba:4a:
         8c:af:99:be:fa:9a:57:75:11:a5:5b:a6:49:9f:92:4c:1f:1c:
         99:47:93:9d:5f:ab:16:09:d1:a4:f4:63:17:0e:66:73:8f:77:
         7c:8d:e2:53:44:6c:4a:8d:a2:ed:18:04:d4:a0:32:16:56:d7:
         4c:7c:2c:33:07:fd:65:2a:62:10:9a:f8:73:4b:8b:6a:7d:b4:
         2e:7b:36:dd:ad:0a:41:a8:c2:66:fa:d7:c3:8b:71:ad:50:ba:
         e9:57:9f:e7:88:39:9d:33:56:5a:77:2b:be:38:95:27:9c:0c:
         ae:fd:0b:70:ec:94:70:f4:37:8c:4d:b5:36:e3:f5:47:8f:f2:
         63:84:95:1d:00:51:f7:66:e9:63:ac:0e:c0:f0:6b:96:b4:e3:
         49:bb:af:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslvsXK+7WUqEN+nDYp/8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMDkzNTE4NWM2ODAzNmEwZmFlZGVlYWFhNmJmZWY0ZTYy
YTBjOTMwHhcNMjUwMTAxMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzQ4MmViMjM2NzE2ODA4OWZiNmYwMWM4ZGNjZWVjNzUyMmViM2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvu6Mq2120Z21CYoiT+bVZhI+tccG
pwHTrTCEBSB5D0B9nS5Gp0xZFjyKwMpbxfyCVLmRuIcM3g9glKb1G2Nawfm+ddUh
c7w9tNArBSbl/bMHBJTmENO8YoXZCt9uksLeuRPiU0H3PzyAXL1vxIm5w7OZS9/B
DRDPAakDtje1z1A6KcgOdHJYoznd6q9lUK3KKjgGwRZEZy/uuQBTvxZZA2V850vw
nG7tRkOJYEkPGJ9Mggt+mFcGQJCUNg/qUuxxp3lIsjQnNmYvOksMAXQAO/iRQDdL
rci9MM28bPUju41hVpEDrfA5xKTN5aFkUrJdUzBURyL7FmX6Xyku/X1NwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdILrI2cWgIn7bwHI3M7sdSLrPxMB8GA1UdIwQY
MBaAFMAJNRhcaANqD67e6qpr/vTmKgyTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0FrMUdGeG9BMm9QcnQ3cXFtdi05T1lxREpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iZTMwNmYtMGY4Yy00Njc0LTkzZmYt
MmE5NzEyYmY2MDNjLzEveDBndXNqWnhhQWlmdHZBY2pjenV4MUl1c19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iZTMwNmYtMGY4Yy00Njc0LTkzZmYtMmE5NzEyYmY2MDNj
LzEvd0FrMUdGeG9BMm9QcnQ3cXFtdi05T1lxREpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRsAMA0G
CSqGSIb3DQEBCwUAA4IBAQCjKuuHRpKDdIB/aDTdIY0pS0i1+7O9WZVlLhVq/k1R
j07lKsJZPmEdeZLyRDgQ6L+/bc0RI71x0A+9CAevLwGYm5ulJ/5zWn/edgq5W6/0
rvS8PeQLkZ0LlU9nl69Uzvsq1xNx++ZAIMmWukqMr5m++ppXdRGlW6ZJn5JMHxyZ
R5OdX6sWCdGk9GMXDmZzj3d8jeJTRGxKjaLtGATUoDIWVtdMfCwzB/1lKmIQmvhz
S4tqfbQuezbdrQpBqMJm+tfDi3GtULrpV5/niDmdM1Zadyu+OJUnnAyu/Qtw7JRw
9DeMTbU24/VHj/JjhJUdAFH3ZuljrA7A8GuWtONJu69j
-----END CERTIFICATE-----