Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/OURdlMYb0iQE2jlIFUS32BVVEMM.roa
File:                     OURdlMYb0iQE2jlIFUS32BVVEMM.roa (raw, json)
Hash identifier:          CewS8712sXoGUYC0kIXQMdS5AWdfXRfiDxBKHpohkjA=
Subject key identifier:   39:44:5D:94:C6:1B:D2:24:04:DA:39:48:15:44:B7:D8:15:55:10:C3
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0193453B3C6DC1E5E45621A05409308C4B9F
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/OURdlMYb0iQE2jlIFUS32BVVEMM.roa
Signing time:             Tue 19 Nov 2024 16:22:10 +0000
ROA not before:           Tue 19 Nov 2024 16:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210027
IP address blocks:        91.236.195.0/24 maxlen: 24
                          176.126.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:45:3b:3c:6d:c1:e5:e4:56:21:a0:54:09:30:8c:4b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Nov 19 16:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39445d94c61bd22404da39481544b7d8155510c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b8:f2:be:89:bb:95:99:01:9e:2d:7d:13:60:
                    71:ec:9c:40:e3:fa:ba:01:5d:d7:98:48:d3:c5:4d:
                    ce:3f:f5:46:8b:30:0c:bd:da:9b:f3:fc:0e:79:b6:
                    20:84:71:db:62:d8:40:d0:3d:df:61:d9:df:f8:e2:
                    bf:44:46:87:b6:15:95:7c:9a:d1:bf:2e:a0:e7:0f:
                    7b:72:41:4e:1c:09:ed:d0:5e:62:fe:e3:e9:6f:2d:
                    2b:49:bb:30:4a:bd:ca:e6:9a:e3:87:e8:36:8a:0d:
                    98:c7:89:09:56:3e:c6:8e:44:d8:10:10:fc:c1:23:
                    d7:9b:bc:35:16:dd:19:a3:bb:ab:bf:17:aa:41:25:
                    00:70:a4:41:b5:e1:5e:de:8a:61:1c:8a:8d:c2:47:
                    f4:69:cf:6e:9a:cb:40:0e:dc:51:81:02:fb:6d:e8:
                    ad:07:30:08:b8:57:ee:ab:72:b3:fb:56:8a:fb:07:
                    63:8b:bc:a3:0e:1e:c8:c2:36:f1:38:6b:25:01:65:
                    4b:d7:10:9c:09:45:3f:64:01:e1:19:f8:52:d4:aa:
                    20:d9:fd:ab:fc:12:69:9e:a0:2d:09:e2:fd:3e:2b:
                    2a:41:19:44:e8:03:c7:3f:22:c9:5b:ab:f8:3d:80:
                    04:9a:51:11:c2:16:32:65:3c:0e:81:13:fd:86:5d:
                    17:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:44:5D:94:C6:1B:D2:24:04:DA:39:48:15:44:B7:D8:15:55:10:C3
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/OURdlMYb0iQE2jlIFUS32BVVEMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.195.0/24
                  176.126.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:3f:1c:3b:ec:b8:c7:fc:8b:4e:81:1d:e5:7c:ff:90:a7:b3:
         e9:bc:99:00:03:cb:9e:cd:d5:e2:27:e7:e0:41:b1:fa:20:d6:
         d3:87:2d:01:e8:80:4d:bf:73:77:5c:f1:20:a0:d9:6e:81:8f:
         78:fd:1e:e4:05:b4:9a:2f:dd:33:d5:a9:c0:fa:86:c7:2a:4c:
         84:08:0a:9d:2d:3b:53:1f:2d:d4:3f:e5:1e:04:76:54:2f:ab:
         6a:fd:9f:c0:7e:f3:79:c2:6b:bc:5f:29:53:ab:0a:25:06:80:
         b3:e3:f2:27:03:e4:74:b6:dc:af:fb:59:57:5d:2a:d3:de:8b:
         76:7d:63:c7:61:c1:77:39:72:55:5b:bd:17:f0:e6:92:20:dd:
         aa:1a:ab:82:51:9d:3d:bb:11:fe:5d:0a:b8:50:c2:92:c7:e0:
         37:df:9f:5d:23:33:f9:94:a3:59:68:99:77:fa:22:d6:3a:22:
         4b:ec:08:97:2a:90:93:66:3b:95:7b:0c:22:12:25:45:71:f0:
         61:60:91:9a:32:db:11:fc:83:14:f3:3f:54:79:3f:04:54:d4:
         82:ec:33:c7:fe:1b:34:8b:3d:46:b4:d1:3a:bd:f0:07:58:c9:
         cc:bb:74:af:9e:6c:b1:33:0e:1c:a2:97:89:a8:ec:f6:33:ed:
         c6:b1:15:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNFOzxtweXkViGgVAkwjEufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQxMTE5MTYyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQ0NWQ5NGM2MWJkMjI0MDRkYTM5NDgxNTQ0YjdkODE1NTUxMGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrjyvom7lZkBni19E2Bx7JxA4/q6
AV3XmEjTxU3OP/VGizAMvdqb8/wOebYghHHbYthA0D3fYdnf+OK/REaHthWVfJrR
vy6g5w97ckFOHAnt0F5i/uPpby0rSbswSr3K5prjh+g2ig2Yx4kJVj7GjkTYEBD8
wSPXm7w1Ft0Zo7urvxeqQSUAcKRBteFe3ophHIqNwkf0ac9umstADtxRgQL7beit
BzAIuFfuq3Kz+1aK+wdji7yjDh7IwjbxOGslAWVL1xCcCUU/ZAHhGfhS1Kog2f2r
/BJpnqAtCeL9PisqQRlE6APHPyLJW6v4PYAEmlERwhYyZTwOgRP9hl0XLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDlEXZTGG9IkBNo5SBVEt9gVVRDDMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvT1VSZGxNWWIwaVFFMmpsSUZVUzMyQlZWRU1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+zDAwQA
sH7fMA0GCSqGSIb3DQEBCwUAA4IBAQBCPxw77LjH/ItOgR3lfP+Qp7PpvJkAA8ue
zdXiJ+fgQbH6INbThy0B6IBNv3N3XPEgoNlugY94/R7kBbSaL90z1anA+obHKkyE
CAqdLTtTHy3UP+UeBHZUL6tq/Z/AfvN5wmu8XylTqwolBoCz4/InA+R0ttyv+1lX
XSrT3ot2fWPHYcF3OXJVW70X8OaSIN2qGquCUZ09uxH+XQq4UMKSx+A3359dIzP5
lKNZaJl3+iLWOiJL7AiXKpCTZjuVewwiEiVFcfBhYJGaMtsR/IMU8z9UeT8EVNSC
7DPH/hs0iz1GtNE6vfAHWMnMu3SvnmyxMw4copeJqOz2M+3GsRWd
-----END CERTIFICATE-----