Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3CFrMyEqoG5gAAaCCAPvE4htmE4.roa
File:                     3CFrMyEqoG5gAAaCCAPvE4htmE4.roa (raw, json)
Hash identifier:          ZWl4BZYZ7BhoeH2bwsna6P1//K0hIyOrDV42NKf04NU=
Subject key identifier:   DC:21:6B:33:21:2A:A0:6E:60:00:06:82:08:03:EF:13:88:6D:98:4E
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB24D0A0E5B37FFF0AAF190E6CFD2D
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3CFrMyEqoG5gAAaCCAPvE4htmE4.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        45.67.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:24:d0:a0:e5:b3:7f:ff:0a:af:19:0e:6c:fd:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc216b33212aa06e600006820803ef13886d984e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c9:36:9c:89:8c:3d:1c:95:db:64:92:5e:60:
                    33:09:f6:d1:a9:97:e3:50:c4:b6:30:08:32:2e:cd:
                    59:3e:7d:fd:f4:37:c9:b3:ca:85:84:6f:48:15:28:
                    5a:90:4f:14:3b:85:03:1e:5a:a1:a2:3f:84:e8:f8:
                    21:67:be:d4:88:65:44:04:fe:8b:a7:70:e5:9e:b2:
                    53:fd:65:61:38:f1:49:9f:24:66:8c:26:9a:8f:8b:
                    10:10:53:54:a2:dd:4a:72:cc:cd:02:96:1a:67:11:
                    65:86:8e:c0:ab:20:db:82:f0:64:f9:4b:6b:c6:67:
                    af:8e:f1:19:b5:5b:02:96:6f:aa:d7:0d:78:eb:0c:
                    88:71:78:af:d9:f3:5d:fc:df:60:54:92:91:1b:66:
                    7a:88:81:71:15:d7:c7:6b:95:40:a0:62:70:e3:d7:
                    54:6e:72:5a:26:f6:28:13:e0:23:a9:f6:7c:d9:92:
                    2a:e1:cb:f5:7a:14:b4:28:a7:40:9a:25:8e:53:57:
                    33:94:98:8e:5e:4c:62:94:c9:fb:0c:7e:9c:11:0b:
                    d7:db:3a:bc:a0:7b:11:26:54:24:70:db:32:e7:ec:
                    64:04:86:e9:ae:35:4e:6a:e1:0d:09:9a:16:1c:40:
                    01:71:c2:ab:16:05:d8:fe:b2:b8:b8:41:9a:67:c7:
                    0d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:21:6B:33:21:2A:A0:6E:60:00:06:82:08:03:EF:13:88:6D:98:4E
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3CFrMyEqoG5gAAaCCAPvE4htmE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:17:35:0e:e9:ef:b5:9c:f9:8a:73:82:a3:88:23:ee:e2:36:
         6f:8c:e0:3f:26:47:bd:69:f1:a7:35:b9:a8:e5:11:d4:35:e3:
         dd:16:18:e8:d4:e1:1b:72:6d:d7:4a:00:35:a9:d7:fb:c0:28:
         f7:b5:bd:66:b8:af:eb:40:1e:aa:21:8c:b3:41:bf:13:ef:f4:
         e2:ef:68:15:92:10:43:9b:31:89:c3:1a:f0:64:aa:83:30:23:
         c5:d8:88:9d:72:c0:48:93:48:8f:fa:1e:3e:ac:49:67:f9:21:
         d7:54:31:19:5f:62:42:f3:42:5a:0a:94:e4:c5:6c:e0:31:f8:
         5a:20:1a:9d:be:30:26:5c:ee:b7:27:4d:24:d1:c0:15:58:b5:
         d8:48:0a:fd:e9:d7:d7:01:8a:c1:18:11:ce:36:5d:a3:e1:c0:
         cb:d0:64:c0:20:37:90:0a:5f:b2:44:d9:f2:1c:bc:71:8d:4d:
         b4:bf:d8:0e:92:cb:0c:66:db:34:ef:de:1c:e8:75:46:8f:98:
         b2:10:b8:15:6c:24:5f:48:f2:30:24:df:3f:33:03:b5:e0:aa:
         0c:97:d2:08:75:79:e1:14:1e:d1:39:ed:6e:cc:fe:8b:96:7e:
         80:75:10:ef:93:96:61:80:38:3a:4d:b4:89:52:1d:5d:0d:a4:
         0f:ed:6c:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yTQoOWzf/8KrxkObP0tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzIxNmIzMzIxMmFhMDZlNjAwMDA2ODIwODAzZWYxMzg4NmQ5ODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8k2nImMPRyV22SSXmAzCfbRqZfj
UMS2MAgyLs1ZPn399DfJs8qFhG9IFShakE8UO4UDHlqhoj+E6PghZ77UiGVEBP6L
p3DlnrJT/WVhOPFJnyRmjCaaj4sQEFNUot1KcszNApYaZxFlho7AqyDbgvBk+Utr
xmevjvEZtVsClm+q1w146wyIcXiv2fNd/N9gVJKRG2Z6iIFxFdfHa5VAoGJw49dU
bnJaJvYoE+AjqfZ82ZIq4cv1ehS0KKdAmiWOU1czlJiOXkxilMn7DH6cEQvX2zq8
oHsRJlQkcNsy5+xkBIbprjVOauENCZoWHEABccKrFgXY/rK4uEGaZ8cN1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwhazMhKqBuYAAGgggD7xOIbZhOMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvM0NGck15RXFvRzVnQUFhQ0NBUHZFNGh0bUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUPEMA0G
CSqGSIb3DQEBCwUAA4IBAQBnFzUO6e+1nPmKc4KjiCPu4jZvjOA/Jke9afGnNbmo
5RHUNePdFhjo1OEbcm3XSgA1qdf7wCj3tb1muK/rQB6qIYyzQb8T7/Ti72gVkhBD
mzGJwxrwZKqDMCPF2IidcsBIk0iP+h4+rEln+SHXVDEZX2JC80JaCpTkxWzgMfha
IBqdvjAmXO63J00k0cAVWLXYSAr96dfXAYrBGBHONl2j4cDL0GTAIDeQCl+yRNny
HLxxjU20v9gOkssMZts0794c6HVGj5iyELgVbCRfSPIwJN8/MwO14KoMl9IIdXnh
FB7ROe1uzP6Lln6AdRDvk5ZhgDg6TbSJUh1dDaQP7Wzw
-----END CERTIFICATE-----