Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CXgFOaKfGqsGBFFGwjXZkQPRoOU.roa
File:                     CXgFOaKfGqsGBFFGwjXZkQPRoOU.roa (raw, json)
Hash identifier:          CDqybegpuJy3xDkS0NqAE8lVxqHKL4QVF5ykKfDBpbk=
Subject key identifier:   09:78:05:39:A2:9F:1A:AB:06:04:51:46:C2:35:D9:91:03:D1:A0:E5
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB3DD6B646E5734FA00EA9A2256B27
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CXgFOaKfGqsGBFFGwjXZkQPRoOU.roa
Signing time:             Mon 01 Jan 2024 02:29:57 +0000
ROA not before:           Mon 01 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213400
IP address blocks:        194.180.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3d:d6:b6:46:e5:73:4f:a0:0e:a9:a2:25:6b:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09780539a29f1aab06045146c235d99103d1a0e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b9:28:12:03:28:40:0e:21:90:6d:0e:b4:5a:
                    47:ff:48:44:96:8e:25:6e:ea:33:b0:59:10:60:8f:
                    ef:7c:39:22:db:eb:e6:8b:b9:f6:f4:38:51:66:26:
                    da:d2:d8:7e:57:4b:0b:23:6e:cd:95:9b:b3:26:dd:
                    62:5d:56:eb:c1:df:54:63:fb:7c:10:df:82:a1:bb:
                    15:47:8e:02:0d:d7:38:7b:ea:00:a9:af:f5:ea:7f:
                    fa:12:2c:a9:48:fa:83:93:19:75:f6:d2:19:c3:9d:
                    d5:4e:84:e8:24:9e:c0:1b:71:0f:cd:f4:d7:68:e0:
                    6d:db:dc:73:ee:15:da:23:97:71:f5:cb:cd:33:9f:
                    d6:51:c5:98:95:43:2d:51:58:f3:64:98:dd:2e:ba:
                    88:80:b9:fa:78:8a:95:8b:ce:70:bd:d9:09:4b:b0:
                    7d:f5:8b:7e:b8:57:fc:98:29:37:6b:2e:74:68:78:
                    d1:c4:e3:cb:76:99:b6:b7:a4:38:3c:f8:6a:66:08:
                    66:30:e3:c1:1e:35:4a:54:f7:7f:4f:83:96:a4:4a:
                    50:a2:5b:42:5d:9e:cb:76:79:f0:0b:56:6e:65:29:
                    ec:5f:96:9f:27:d5:8a:76:36:cc:4f:27:ca:93:96:
                    fb:60:09:e0:2f:48:d2:bc:59:59:cc:18:cf:95:ee:
                    b5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:78:05:39:A2:9F:1A:AB:06:04:51:46:C2:35:D9:91:03:D1:A0:E5
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CXgFOaKfGqsGBFFGwjXZkQPRoOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:6f:a7:10:da:f9:2b:87:8f:65:58:73:72:37:07:96:22:32:
         ed:08:89:d0:ce:bc:9f:ce:c3:ff:c9:86:1a:34:95:df:48:ee:
         b5:94:66:00:4a:df:e4:ec:1f:a4:f9:4f:69:6f:79:8f:f1:73:
         b7:ad:31:70:f3:f8:aa:20:e0:a5:78:db:d3:93:16:46:32:72:
         02:b9:48:b5:d8:b0:de:af:06:29:7b:fd:fe:ac:87:51:07:c1:
         b8:7e:fe:cd:a8:1f:be:66:ce:24:80:97:89:2f:d8:d7:2f:ae:
         1e:23:5c:12:ae:13:fd:8f:57:5e:ec:2a:6f:fe:11:48:f6:d4:
         e4:80:da:ea:03:83:d9:44:d9:dd:77:d3:92:ab:ab:28:bc:23:
         8a:85:90:b5:7f:30:5d:f3:cd:1c:a9:0b:29:61:46:7f:78:6f:
         46:2a:1d:ac:fe:5d:17:4d:b9:c8:70:d6:46:c5:2c:5d:37:c5:
         00:69:c8:1d:ff:25:11:29:1d:07:03:d3:c5:ac:8f:18:63:57:
         21:0c:09:a0:d8:f5:f0:e8:e3:03:02:dc:1d:f6:b1:49:60:ab:
         5e:0f:60:b8:b9:3e:af:a8:d9:09:6b:74:d5:db:67:f5:22:8d:
         0a:26:6c:31:62:cf:d5:b8:41:6d:24:19:48:86:ff:ab:45:98:
         f3:f5:84:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2z3Wtkblc0+gDqmiJWsnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTc4MDUzOWEyOWYxYWFiMDYwNDUxNDZjMjM1ZDk5MTAzZDFhMGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLkoEgMoQA4hkG0OtFpH/0hElo4l
buozsFkQYI/vfDki2+vmi7n29DhRZiba0th+V0sLI27NlZuzJt1iXVbrwd9UY/t8
EN+CobsVR44CDdc4e+oAqa/16n/6EiypSPqDkxl19tIZw53VToToJJ7AG3EPzfTX
aOBt29xz7hXaI5dx9cvNM5/WUcWYlUMtUVjzZJjdLrqIgLn6eIqVi85wvdkJS7B9
9Yt+uFf8mCk3ay50aHjRxOPLdpm2t6Q4PPhqZghmMOPBHjVKVPd/T4OWpEpQoltC
XZ7LdnnwC1ZuZSnsX5afJ9WKdjbMTyfKk5b7YAngL0jSvFlZzBjPle61lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAl4BTminxqrBgRRRsI12ZED0aDlMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvQ1hnRk9hS2ZHcXNHQkZGR3dqWFprUVBSb09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrT7MA0G
CSqGSIb3DQEBCwUAA4IBAQCbb6cQ2vkrh49lWHNyNweWIjLtCInQzryfzsP/yYYa
NJXfSO61lGYASt/k7B+k+U9pb3mP8XO3rTFw8/iqIOCleNvTkxZGMnICuUi12LDe
rwYpe/3+rIdRB8G4fv7NqB++Zs4kgJeJL9jXL64eI1wSrhP9j1de7Cpv/hFI9tTk
gNrqA4PZRNndd9OSq6sovCOKhZC1fzBd880cqQspYUZ/eG9GKh2s/l0XTbnIcNZG
xSxdN8UAacgd/yURKR0HA9PFrI8YY1chDAmg2PXw6OMDAtwd9rFJYKteD2C4uT6v
qNkJa3TV22f1Io0KJmwxYs/VuEFtJBlIhv+rRZjz9YS9
-----END CERTIFICATE-----