Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/i-EIobW_VIoQHymP2W4ULs4o-MU.roa
File:                     i-EIobW_VIoQHymP2W4ULs4o-MU.roa (raw, json)
Hash identifier:          rPPfcnNGc5DNOjWMnrH1sw6q3GZ00JmFqia4xzTXZBE=
Subject key identifier:   8B:E1:08:A1:B5:BF:54:8A:10:1F:29:8F:D9:6E:14:2E:CE:28:F8:C5
Certificate issuer:       /CN=30d8a64903cfa217379749f18b7fdcea1dab6db4
Certificate serial:       018CC493413F16A9E62CE328DFBBC8E50CC8
Authority key identifier: 30:D8:A6:49:03:CF:A2:17:37:97:49:F1:8B:7F:DC:EA:1D:AB:6D:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MNimSQPPohc3l0nxi3_c6h2rbbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/i-EIobW_VIoQHymP2W4ULs4o-MU.roa
Signing time:             Mon 01 Jan 2024 10:30:33 +0000
ROA not before:           Mon 01 Jan 2024 10:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202032
IP address blocks:        185.54.80.0/22 maxlen: 24
                          2a02:4460::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/MNimSQPPohc3l0nxi3_c6h2rbbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/MNimSQPPohc3l0nxi3_c6h2rbbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MNimSQPPohc3l0nxi3_c6h2rbbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:41:3f:16:a9:e6:2c:e3:28:df:bb:c8:e5:0c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30d8a64903cfa217379749f18b7fdcea1dab6db4
        Validity
            Not Before: Jan  1 10:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8be108a1b5bf548a101f298fd96e142ece28f8c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4f:f1:64:6e:90:bb:b4:df:26:f5:d8:24:b1:
                    39:7e:f9:8d:1e:be:a7:dd:d5:27:ee:77:9b:ca:4d:
                    cb:82:88:17:ec:b1:cb:96:13:60:62:be:d8:d5:0b:
                    1c:54:59:25:43:99:da:4f:90:4d:d1:55:a2:60:db:
                    6f:58:49:6e:4a:ab:57:97:b9:23:82:e9:a3:41:5b:
                    19:41:67:ed:a6:4f:1e:ee:fa:c1:86:26:05:0e:59:
                    f7:17:03:30:3f:74:c0:03:b3:ed:05:27:f4:b4:fa:
                    3a:c8:73:0c:eb:88:c5:1a:ba:58:ce:93:7a:3f:28:
                    40:bb:c4:0e:c8:81:ee:79:4a:32:d3:32:ec:eb:3e:
                    57:ed:b0:4e:18:af:52:f1:15:e0:a1:14:40:50:33:
                    b4:0f:e0:6d:1f:fb:52:96:a3:27:05:d9:24:fa:22:
                    92:a5:34:66:fe:f9:e7:20:56:84:17:7a:02:e3:d8:
                    c4:c9:87:06:f6:f5:7b:03:bc:be:6e:8e:1d:32:ae:
                    c0:5f:a9:bf:ff:38:94:c6:a7:5a:ba:dc:95:7e:22:
                    c2:31:62:38:cb:c1:b5:b2:26:21:d1:80:3f:16:8d:
                    b2:9b:4b:93:d0:72:5c:be:22:4c:5c:91:97:bf:18:
                    e3:e6:70:67:71:ef:2d:36:7c:e1:9e:52:ee:e1:ea:
                    24:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:E1:08:A1:B5:BF:54:8A:10:1F:29:8F:D9:6E:14:2E:CE:28:F8:C5
            X509v3 Authority Key Identifier:
                keyid:30:D8:A6:49:03:CF:A2:17:37:97:49:F1:8B:7F:DC:EA:1D:AB:6D:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNimSQPPohc3l0nxi3_c6h2rbbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/i-EIobW_VIoQHymP2W4ULs4o-MU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/MNimSQPPohc3l0nxi3_c6h2rbbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.80.0/22
                IPv6:
                  2a02:4460::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:fe:ac:12:a7:1c:a7:4e:2c:c1:38:96:2d:6e:1b:c5:27:ae:
         47:10:ce:7d:eb:4a:e7:fe:ba:1b:90:f0:47:93:66:b7:a8:53:
         ed:14:d1:69:d9:d8:98:e5:00:86:67:81:68:ea:d5:1d:f4:21:
         3c:9b:3a:00:23:12:39:af:5f:09:d0:fd:4e:6a:03:99:63:70:
         5e:f3:67:d2:77:9b:ad:21:54:79:9c:f2:21:56:bc:fd:6a:99:
         b0:76:82:1d:1c:07:d2:b6:58:c3:1c:22:a0:03:41:23:70:d7:
         52:0b:fc:90:cb:60:87:9a:0e:21:17:17:2f:85:28:63:14:9a:
         b1:be:f5:7e:2a:07:ce:56:91:1c:c1:e1:12:72:91:47:d1:4b:
         e2:2d:a7:24:6c:f2:0c:db:19:41:cf:83:9c:86:03:b1:b7:3e:
         7f:32:49:56:e3:37:80:40:cb:b7:8d:e6:8e:50:30:1f:0f:50:
         19:90:23:94:53:f1:65:cc:bc:4a:bc:4e:95:f3:68:9a:20:0a:
         b7:22:b5:4c:09:39:58:c8:61:7b:d1:fb:d3:76:64:d4:a6:df:
         ad:b6:4d:cd:64:1e:78:49:17:70:00:52:aa:77:4e:6d:65:82:
         a7:dc:39:90:fc:23:65:14:43:d4:fb:d9:1d:67:cd:73:aa:12:
         f2:cc:9d:dc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk0E/FqnmLOMo37vI5QzIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDhhNjQ5MDNjZmEyMTczNzk3NDlmMThiN2ZkY2VhMWRh
YjZkYjQwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmUxMDhhMWI1YmY1NDhhMTAxZjI5OGZkOTZlMTQyZWNlMjhmOGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE/xZG6Qu7TfJvXYJLE5fvmNHr6n
3dUn7nebyk3LgogX7LHLlhNgYr7Y1QscVFklQ5naT5BN0VWiYNtvWEluSqtXl7kj
gumjQVsZQWftpk8e7vrBhiYFDln3FwMwP3TAA7PtBSf0tPo6yHMM64jFGrpYzpN6
PyhAu8QOyIHueUoy0zLs6z5X7bBOGK9S8RXgoRRAUDO0D+BtH/tSlqMnBdkk+iKS
pTRm/vnnIFaEF3oC49jEyYcG9vV7A7y+bo4dMq7AX6m//ziUxqdautyVfiLCMWI4
y8G1siYh0YA/Fo2ym0uT0HJcviJMXJGXvxjj5nBnce8tNnzhnlLu4eokMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIvhCKG1v1SKEB8pj9luFC7OKPjFMB8GA1UdIwQY
MBaAFDDYpkkDz6IXN5dJ8Yt/3Oodq220MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5pbVNRUFBvaGMzbDBueGkzX2M2aDJyYmJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iN2EyNDktMTU1Mi00ZjEwLWIwMDgt
MWY2NmZhYWI0YWI1LzEvaS1FSW9iV19WSW9RSHltUDJXNFVMczRvLU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iN2EyNDktMTU1Mi00ZjEwLWIwMDgtMWY2NmZhYWI0YWI1
LzEvTU5pbVNRUFBvaGMzbDBueGkzX2M2aDJyYmJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTZQMA0E
AgACMAcDBQAqAkRgMA0GCSqGSIb3DQEBCwUAA4IBAQBu/qwSpxynTizBOJYtbhvF
J65HEM5960rn/robkPBHk2a3qFPtFNFp2diY5QCGZ4Fo6tUd9CE8mzoAIxI5r18J
0P1OagOZY3Be82fSd5utIVR5nPIhVrz9apmwdoIdHAfStljDHCKgA0EjcNdSC/yQ
y2CHmg4hFxcvhShjFJqxvvV+KgfOVpEcweEScpFH0UviLackbPIM2xlBz4OchgOx
tz5/MklW4zeAQMu3jeaOUDAfD1AZkCOUU/FlzLxKvE6V82iaIAq3IrVMCTlYyGF7
0fvTdmTUpt+ttk3NZB54SRdwAFKqd05tZYKn3DmQ/CNlFEPU+9kdZ81zqhLyzJ3c
-----END CERTIFICATE-----