Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/C2gBvSwO0AhgdAajAF5TGKrxeEc.roa
File:                     C2gBvSwO0AhgdAajAF5TGKrxeEc.roa (raw, json)
Hash identifier:          qBYNOlNZkt3/8Hh37NyPy++ymm0leEZL3DWk8n4AQ8I=
Subject key identifier:   0B:68:01:BD:2C:0E:D0:08:60:74:06:A3:00:5E:53:18:AA:F1:78:47
Certificate issuer:       /CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
Certificate serial:       018CC2DB0767C38D031FC09B2F5E49B88384
Authority key identifier: 11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/C2gBvSwO0AhgdAajAF5TGKrxeEc.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42168
IP address blocks:        194.230.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:07:67:c3:8d:03:1f:c0:9b:2f:5e:49:b8:83:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b6801bd2c0ed008607406a3005e5318aaf17847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e8:62:1b:01:4a:2d:d1:04:86:d9:ba:77:be:
                    0c:35:da:a5:e5:c0:9a:01:a9:17:15:e0:e1:5d:bd:
                    13:62:03:2a:f5:ea:27:64:9d:f2:25:a7:91:1d:87:
                    64:6a:de:78:89:7c:40:fc:4f:9a:9b:5c:21:4c:ba:
                    09:1a:ce:a3:8e:b6:0d:c6:54:51:3f:56:d5:c6:6c:
                    7a:3e:55:c7:aa:b1:30:aa:bd:92:17:4c:ba:d7:35:
                    a9:0f:d3:7c:f0:d5:24:a7:84:08:d0:97:2f:7c:e6:
                    9b:d4:25:9c:44:8a:ed:69:c0:51:24:00:99:96:c8:
                    ff:15:a0:06:95:e2:e9:d3:a5:23:8a:28:60:cf:ef:
                    3f:85:22:67:df:9b:10:e9:a8:50:6d:ec:50:26:0e:
                    0c:b9:eb:06:85:50:9b:86:76:37:eb:ed:60:ad:24:
                    f7:08:68:e1:bb:f7:7d:6d:2d:2a:d0:ed:cc:e4:83:
                    cc:9c:81:7b:ab:f3:b1:0e:bd:51:a5:80:ed:71:ce:
                    40:53:f0:71:42:70:8f:a8:29:59:43:f9:a8:56:36:
                    87:bc:6a:05:ff:1f:30:32:58:d2:a8:5f:f7:5b:31:
                    fb:99:91:91:39:ba:1b:72:b8:41:1c:ee:df:0a:5e:
                    5f:c2:3b:3c:5b:ab:15:ad:c3:ff:cb:4b:52:75:8a:
                    1c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:68:01:BD:2C:0E:D0:08:60:74:06:A3:00:5E:53:18:AA:F1:78:47
            X509v3 Authority Key Identifier:
                keyid:11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/C2gBvSwO0AhgdAajAF5TGKrxeEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.230.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:30:87:d0:a2:73:10:9a:9a:75:19:62:37:1e:49:8a:ad:22:
         83:ec:3b:31:07:39:2a:ee:e8:62:33:e3:76:1d:fe:7f:fb:6d:
         a5:56:02:a9:31:eb:d3:3f:44:e3:4a:8d:a3:36:90:86:32:a9:
         7f:b4:b4:b5:63:a7:c0:b6:bc:e6:3b:d6:13:2f:75:05:b6:dc:
         64:62:e4:9d:4c:27:0a:5d:53:22:d6:f4:5a:ad:98:00:cd:62:
         d3:d9:16:ca:6f:42:4a:1f:98:6a:65:3f:9f:ab:f0:79:41:68:
         0f:e2:58:40:05:2f:bb:d6:98:45:fd:bb:46:c5:8c:7b:14:51:
         29:ab:9e:f8:ab:f5:85:0f:df:6f:33:cf:53:9a:72:24:a2:63:
         72:40:33:23:80:a7:77:a0:9a:6c:b9:41:48:c4:5d:22:6d:df:
         cf:0a:2e:f8:75:81:bb:62:89:65:0a:87:f3:d2:d8:a9:72:00:
         fc:d7:34:5c:0d:b2:4b:b0:63:f7:a8:b1:6f:e8:4e:a0:a1:91:
         a9:09:f9:05:48:14:0b:65:ee:48:0f:7b:78:33:4e:50:c3:5e:
         4b:d2:62:c9:d2:4d:d6:07:25:73:cf:01:07:75:e2:22:0a:6d:
         80:1c:51:df:58:5c:d9:f1:40:e3:5e:87:a7:4f:64:8f:fe:8a:
         68:cc:f7:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wdnw40DH8CbL15JuIOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNWRiYzAwNDMzZTI5ZjJhZGViMDM4ZmVhMmZiZDcwNDhm
YjYzMmYwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjY4MDFiZDJjMGVkMDA4NjA3NDA2YTMwMDVlNTMxOGFhZjE3ODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOhiGwFKLdEEhtm6d74MNdql5cCa
AakXFeDhXb0TYgMq9eonZJ3yJaeRHYdkat54iXxA/E+am1whTLoJGs6jjrYNxlRR
P1bVxmx6PlXHqrEwqr2SF0y61zWpD9N88NUkp4QI0JcvfOab1CWcRIrtacBRJACZ
lsj/FaAGleLp06Ujiihgz+8/hSJn35sQ6ahQbexQJg4MuesGhVCbhnY36+1grST3
CGjhu/d9bS0q0O3M5IPMnIF7q/OxDr1RpYDtcc5AU/BxQnCPqClZQ/moVjaHvGoF
/x8wMljSqF/3WzH7mZGRObobcrhBHO7fCl5fwjs8W6sVrcP/y0tSdYocKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAtoAb0sDtAIYHQGowBeUxiq8XhHMB8GA1UdIwQY
MBaAFBFdvABDPinyresDj+ovvXBI+2MvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTkt
MjI5YjRhZTc0MmRlLzEvQzJnQnZTd08wQWhnZEFhakFGNVRHS3J4ZUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTktMjI5YjRhZTc0MmRl
LzEvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuZuMA0G
CSqGSIb3DQEBCwUAA4IBAQCDMIfQonMQmpp1GWI3HkmKrSKD7DsxBzkq7uhiM+N2
Hf5/+22lVgKpMevTP0TjSo2jNpCGMql/tLS1Y6fAtrzmO9YTL3UFttxkYuSdTCcK
XVMi1vRarZgAzWLT2RbKb0JKH5hqZT+fq/B5QWgP4lhABS+71phF/btGxYx7FFEp
q574q/WFD99vM89TmnIkomNyQDMjgKd3oJpsuUFIxF0ibd/PCi74dYG7YollCofz
0tipcgD81zRcDbJLsGP3qLFv6E6goZGpCfkFSBQLZe5ID3t4M05Qw15L0mLJ0k3W
ByVzzwEHdeIiCm2AHFHfWFzZ8UDjXoenT2SP/opozPfk
-----END CERTIFICATE-----