Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/K95q3UVtycP0UcLd3mwx5VXYdz4.roa
File:                     K95q3UVtycP0UcLd3mwx5VXYdz4.roa (raw, json)
Hash identifier:          yXl06wAgV38Rc+wuKo/e364EnaoRyiXYQXFXwZz0/4o=
Subject key identifier:   2B:DE:6A:DD:45:6D:C9:C3:F4:51:C2:DD:DE:6C:31:E5:55:D8:77:3E
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB2C546DC9B4415730D21D612F9747
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/K95q3UVtycP0UcLd3mwx5VXYdz4.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49527
IP address blocks:        194.15.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2c:54:6d:c9:b4:41:57:30:d2:1d:61:2f:97:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bde6add456dc9c3f451c2ddde6c31e555d8773e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:4c:e6:76:0e:ff:da:d9:44:86:45:01:97:71:
                    24:0c:52:b1:38:dd:fb:1a:64:7e:eb:20:51:85:f0:
                    70:78:fb:54:cc:a5:c5:d1:2f:6f:d2:29:85:e8:57:
                    5b:d1:fc:6c:4a:bb:ad:2a:9a:d7:ec:25:e3:d3:e5:
                    50:44:06:60:34:5e:2a:bd:ef:7a:cc:86:5b:7d:4c:
                    e4:71:48:fe:2a:6f:55:98:fa:ec:d6:0c:4e:b6:c3:
                    ca:4e:8f:1e:1b:f7:ac:02:5d:df:9d:e8:b1:f3:95:
                    1d:21:fd:4c:62:ec:2b:20:dc:56:9b:e2:f0:e8:c6:
                    59:da:9e:fd:49:d9:5b:de:87:7b:d7:c4:27:4c:29:
                    68:af:26:1c:a8:61:9c:10:26:f8:56:97:4f:98:f0:
                    b8:d6:6d:52:1e:80:13:c5:80:e7:96:62:fa:13:da:
                    f5:91:d2:e0:ba:91:f7:1d:f0:46:a3:ed:be:4d:c0:
                    b2:0e:bd:ab:a4:fa:31:0e:fb:e7:76:8f:99:b7:35:
                    96:c2:90:d3:e1:dc:41:9e:92:6e:52:e2:fe:52:d5:
                    17:7d:15:91:4d:b7:ba:25:62:54:2c:8c:5e:5e:c5:
                    b9:80:ed:e4:e2:c7:40:49:e2:c0:2c:a0:b3:05:ba:
                    d1:88:ca:b5:4a:54:6e:b8:5b:80:be:da:6d:3e:d6:
                    a9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:DE:6A:DD:45:6D:C9:C3:F4:51:C2:DD:DE:6C:31:E5:55:D8:77:3E
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/K95q3UVtycP0UcLd3mwx5VXYdz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:b4:2b:6a:30:d3:c5:4a:69:7d:f6:ea:5d:fe:03:55:d3:88:
         ae:2e:32:55:ce:05:ff:39:76:32:1f:ba:35:fa:01:50:0b:9b:
         17:92:f3:1c:28:6e:02:5c:7a:93:32:04:2b:a2:a6:ac:94:e8:
         05:d4:09:c7:68:65:0f:7e:c0:f9:be:b5:ab:d7:d2:97:34:b4:
         5d:74:b5:70:1d:bc:d5:6a:69:01:5e:71:8f:01:21:b3:21:a3:
         2f:3f:f2:35:65:19:23:ec:d7:62:32:d4:8f:12:ce:ca:19:7a:
         6b:73:b2:d2:40:eb:b2:b6:37:46:98:27:5e:cc:94:f3:3a:c7:
         14:f8:43:e5:a5:17:6a:8e:2d:b6:c4:f3:5c:b5:8c:e1:cc:4b:
         02:1d:14:a2:0d:f2:58:d0:b7:81:8e:5f:3c:8a:c8:06:93:04:
         88:7d:09:61:5f:b7:16:d2:e3:0d:82:0f:52:ac:df:3e:08:66:
         e0:94:dd:0a:33:0c:e5:f2:d0:75:96:00:f4:42:da:b9:0e:50:
         e7:dc:a5:19:79:d1:a9:6e:c4:5d:cf:55:b7:95:60:e7:ea:17:
         63:1c:c0:3e:26:df:bd:bb:0a:47:cd:a1:55:bd:f0:a1:41:b2:
         3e:4b:8c:67:89:80:a6:69:fc:07:a6:5b:15:8e:e9:29:e4:7d:
         af:61:3d:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yxUbcm0QVcw0h1hL5dHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmRlNmFkZDQ1NmRjOWMzZjQ1MWMyZGRkZTZjMzFlNTU1ZDg3NzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0zmdg7/2tlEhkUBl3EkDFKxON37
GmR+6yBRhfBwePtUzKXF0S9v0imF6Fdb0fxsSrutKprX7CXj0+VQRAZgNF4qve96
zIZbfUzkcUj+Km9VmPrs1gxOtsPKTo8eG/esAl3fneix85UdIf1MYuwrINxWm+Lw
6MZZ2p79Sdlb3od718QnTCloryYcqGGcECb4VpdPmPC41m1SHoATxYDnlmL6E9r1
kdLgupH3HfBGo+2+TcCyDr2rpPoxDvvndo+ZtzWWwpDT4dxBnpJuUuL+UtUXfRWR
Tbe6JWJULIxeXsW5gO3k4sdASeLALKCzBbrRiMq1SlRuuFuAvtptPtapTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCveat1FbcnD9FHC3d5sMeVV2Hc+MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvSzk1cTNVVnR5Y1AwVWNMZDNtd3g1VlhZZHo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg8vMA0G
CSqGSIb3DQEBCwUAA4IBAQCrtCtqMNPFSml99upd/gNV04iuLjJVzgX/OXYyH7o1
+gFQC5sXkvMcKG4CXHqTMgQroqaslOgF1AnHaGUPfsD5vrWr19KXNLRddLVwHbzV
amkBXnGPASGzIaMvP/I1ZRkj7NdiMtSPEs7KGXprc7LSQOuytjdGmCdezJTzOscU
+EPlpRdqji22xPNctYzhzEsCHRSiDfJY0LeBjl88isgGkwSIfQlhX7cW0uMNgg9S
rN8+CGbglN0KMwzl8tB1lgD0Qtq5DlDn3KUZedGpbsRdz1W3lWDn6hdjHMA+Jt+9
uwpHzaFVvfChQbI+S4xniYCmafwHplsVjukp5H2vYT3J
-----END CERTIFICATE-----