Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/voX6NtFAGSz-Ugo7TPI8c427IMk.roa
File:                     voX6NtFAGSz-Ugo7TPI8c427IMk.roa (raw, json)
Hash identifier:          +uCML9+GTTpkSUrmQ3BPnWbGJYNmNMhb4t9N4Bq8EyM=
Subject key identifier:   BE:85:FA:36:D1:40:19:2C:FE:52:0A:3B:4C:F2:3C:73:8D:BB:20:C9
Certificate issuer:       /CN=ac0cd1a338ebf5c7952eb9a1f0060549f9340ad6
Certificate serial:       0194244482EB821369185BF48E5CD3F96E95
Authority key identifier: AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/voX6NtFAGSz-Ugo7TPI8c427IMk.roa
Signing time:             Wed 01 Jan 2025 23:47:37 +0000
ROA not before:           Wed 01 Jan 2025 23:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60688
IP address blocks:        185.27.196.0/22 maxlen: 22
                          185.27.196.0/23 maxlen: 23
                          185.27.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:82:eb:82:13:69:18:5b:f4:8e:5c:d3:f9:6e:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac0cd1a338ebf5c7952eb9a1f0060549f9340ad6
        Validity
            Not Before: Jan  1 23:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be85fa36d140192cfe520a3b4cf23c738dbb20c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:57:99:77:1d:25:92:1c:f4:2b:30:ee:86:c8:
                    87:42:25:9f:cc:d9:6d:5d:ac:c0:85:8d:bb:94:f1:
                    c0:c8:61:34:e6:8a:0a:88:04:59:77:77:7d:bb:68:
                    7c:d8:92:80:f1:2c:fc:9f:d3:af:ad:6f:1c:09:a8:
                    be:6c:5a:39:d8:69:73:36:e2:d3:1b:83:6f:3f:23:
                    3d:3d:28:60:e6:aa:27:e8:1b:4e:87:48:f6:7a:04:
                    f3:b5:22:60:7d:e7:12:73:d3:59:8a:f2:a7:d9:f1:
                    89:c8:bb:50:14:c9:ed:1f:e4:23:dd:09:41:76:ca:
                    82:b4:38:6e:fc:c8:d4:9f:d4:71:08:72:f1:db:24:
                    77:db:f7:26:64:43:84:86:cd:66:4c:47:6e:34:1d:
                    7d:47:ac:2e:eb:af:00:d1:74:f7:7c:19:91:82:d6:
                    35:92:39:80:c9:27:b7:a1:5b:44:bf:ad:4e:8a:f2:
                    b9:12:2f:44:bd:89:df:4c:dd:cc:8f:5b:34:67:31:
                    36:71:33:a7:4f:ce:dd:a6:2f:29:22:a8:65:81:aa:
                    bd:99:18:90:df:8d:82:cd:6f:64:88:fc:2c:6e:68:
                    14:b6:b5:a3:fe:81:9c:6c:45:f4:1f:95:5d:15:9c:
                    d3:70:8e:5a:ac:49:50:b2:b5:ab:e1:b4:a5:83:3c:
                    56:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:85:FA:36:D1:40:19:2C:FE:52:0A:3B:4C:F2:3C:73:8D:BB:20:C9
            X509v3 Authority Key Identifier:
                keyid:AC:0C:D1:A3:38:EB:F5:C7:95:2E:B9:A1:F0:06:05:49:F9:34:0A:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAzRozjr9ceVLrmh8AYFSfk0CtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/voX6NtFAGSz-Ugo7TPI8c427IMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0c5ec1-9c3d-4162-9804-a33518bdd8fe/1/rAzRozjr9ceVLrmh8AYFSfk0CtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:c9:67:3b:fc:fc:b2:74:c3:bf:e3:02:dc:94:c2:95:a8:69:
         91:e8:c8:00:17:d7:55:5a:39:a2:94:3f:38:df:58:75:b1:94:
         f7:61:a6:20:70:fc:3b:ec:ae:40:be:1d:3b:cb:9c:ea:28:1b:
         9c:06:4f:a1:e7:e9:57:72:ce:c5:4b:60:a6:47:1c:7e:7f:21:
         67:83:9b:3d:b3:85:8e:dc:2e:37:b3:ef:df:fd:5e:d8:95:9c:
         eb:5a:4b:72:0e:a8:8f:49:69:e4:f5:d9:20:cc:6e:d8:65:6d:
         53:5b:d2:5b:79:9a:82:e2:43:97:61:34:f1:50:22:13:6d:b1:
         8e:da:95:36:2f:2f:8b:0b:b2:9a:f4:00:72:68:e7:11:f9:25:
         65:cf:94:9c:36:6f:d2:d8:04:5a:2e:34:af:4c:8a:65:25:f0:
         2b:45:a4:03:bd:58:9d:02:da:87:2e:ac:ac:6a:e9:ef:59:91:
         9e:1a:2f:45:8f:f6:a7:1f:5b:0b:a3:0d:7b:fd:cf:45:03:8c:
         89:a5:51:81:5b:42:d6:5e:a3:7b:d4:39:ff:ae:a1:4f:61:00:
         81:8c:e9:20:be:9e:95:ac:96:01:d9:e8:ad:06:93:a5:50:50:
         0d:33:21:c3:9a:47:b1:df:24:ed:b4:c6:78:d5:a7:bc:c6:c2:
         9e:af:8d:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRILrghNpGFv0jlzT+W6VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMGNkMWEzMzhlYmY1Yzc5NTJlYjlhMWYwMDYwNTQ5Zjkz
NDBhZDYwHhcNMjUwMTAxMjM0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTg1ZmEzNmQxNDAxOTJjZmU1MjBhM2I0Y2YyM2M3MzhkYmIyMGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7VeZdx0lkhz0KzDuhsiHQiWfzNlt
XazAhY27lPHAyGE05ooKiARZd3d9u2h82JKA8Sz8n9OvrW8cCai+bFo52GlzNuLT
G4NvPyM9PShg5qon6BtOh0j2egTztSJgfecSc9NZivKn2fGJyLtQFMntH+Qj3QlB
dsqCtDhu/MjUn9RxCHLx2yR32/cmZEOEhs1mTEduNB19R6wu668A0XT3fBmRgtY1
kjmAySe3oVtEv61OivK5Ei9EvYnfTN3Mj1s0ZzE2cTOnT87dpi8pIqhlgaq9mRiQ
342CzW9kiPwsbmgUtrWj/oGcbEX0H5VdFZzTcI5arElQsrWr4bSlgzxWmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL6F+jbRQBks/lIKO0zyPHONuyDJMB8GA1UdIwQY
MBaAFKwM0aM46/XHlS65ofAGBUn5NArWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckF6Um96anI5Y2VWTHJtaDhBWUZTZmswQ3RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wYzVlYzEtOWMzZC00MTYyLTk4MDQt
YTMzNTE4YmRkOGZlLzEvdm9YNk50RkFHU3otVWdvN1RQSThjNDI3SU1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wYzVlYzEtOWMzZC00MTYyLTk4MDQtYTMzNTE4YmRkOGZl
LzEvckF6Um96anI5Y2VWTHJtaDhBWUZTZmswQ3RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRvEMA0G
CSqGSIb3DQEBCwUAA4IBAQATyWc7/PyydMO/4wLclMKVqGmR6MgAF9dVWjmilD84
31h1sZT3YaYgcPw77K5Avh07y5zqKBucBk+h5+lXcs7FS2CmRxx+fyFng5s9s4WO
3C43s+/f/V7YlZzrWktyDqiPSWnk9dkgzG7YZW1TW9JbeZqC4kOXYTTxUCITbbGO
2pU2Ly+LC7Ka9AByaOcR+SVlz5ScNm/S2ARaLjSvTIplJfArRaQDvVidAtqHLqys
aunvWZGeGi9Fj/anH1sLow17/c9FA4yJpVGBW0LWXqN71Dn/rqFPYQCBjOkgvp6V
rJYB2eitBpOlUFANMyHDmkex3yTttMZ41ae8xsKer40t
-----END CERTIFICATE-----