Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/RBSy28YXOG_ezEND8nFqVWkcVDE.roa
File:                     RBSy28YXOG_ezEND8nFqVWkcVDE.roa (raw, json)
Hash identifier:          8aWxt/JazPPW8MguCsbz8Rh6mZ+SL8ZQqVe9kmOW8KI=
Subject key identifier:   44:14:B2:DB:C6:17:38:6F:DE:CC:43:43:F2:71:6A:55:69:1C:54:31
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB307A713FE666B17FFDA01082672B
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/RBSy28YXOG_ezEND8nFqVWkcVDE.roa
Signing time:             Mon 01 Jan 2024 02:29:53 +0000
ROA not before:           Mon 01 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201813
IP address blocks:        185.147.48.0/24 maxlen: 24
                          45.67.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:30:7a:71:3f:e6:66:b1:7f:fd:a0:10:82:67:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4414b2dbc617386fdecc4343f2716a55691c5431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:62:9a:5a:cd:6f:f5:d9:8c:73:c1:f5:df:9e:
                    71:05:95:8c:e3:1e:92:70:54:b6:2c:3e:ee:2a:9a:
                    72:d7:2d:66:74:e1:6d:3e:91:44:20:d7:b5:dd:02:
                    6a:84:c6:ee:7d:30:73:23:01:64:83:f8:16:81:36:
                    14:32:36:01:4d:04:33:88:aa:c2:ca:ee:33:01:60:
                    99:8f:1d:e8:a8:a1:bf:ee:87:44:f8:db:dd:2f:c0:
                    fc:11:46:36:21:f1:9d:04:de:1a:18:3a:7f:23:29:
                    ee:f7:15:91:c0:b3:51:db:06:bd:c5:72:41:89:d6:
                    ab:3e:87:06:4c:21:f5:62:7a:fd:29:cc:5d:70:35:
                    3a:36:8d:c3:8e:65:10:f0:9d:b7:27:b9:f2:95:02:
                    5f:7d:c2:39:39:02:6b:53:e8:31:52:b8:72:81:eb:
                    d2:76:6a:ff:f2:8f:b6:4d:1e:05:26:da:bf:4e:7d:
                    26:bf:17:94:91:f6:41:8e:ee:ac:8b:cb:c7:fe:68:
                    c2:bc:19:b2:ab:f5:c7:ec:ef:58:33:45:b9:c8:e0:
                    e5:69:de:f6:6a:2f:f2:6a:fc:02:05:c1:01:df:ec:
                    67:9c:90:08:bc:04:24:80:78:8a:fb:73:17:6c:b1:
                    b8:10:1d:1c:3d:c5:90:2d:fd:42:3f:ed:12:95:ad:
                    eb:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:14:B2:DB:C6:17:38:6F:DE:CC:43:43:F2:71:6A:55:69:1C:54:31
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/RBSy28YXOG_ezEND8nFqVWkcVDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.196.0/22
                  185.147.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:ef:be:47:f0:b1:06:a2:92:2d:dc:be:27:2d:3e:9b:d9:22:
         05:8d:4d:d1:1e:8a:c6:9b:c2:55:64:c6:fa:fd:30:81:18:9f:
         de:38:71:91:0b:3c:70:d6:2e:ef:79:ca:56:d7:57:91:8f:42:
         56:0a:83:29:bb:77:41:3d:9a:eb:d2:f0:16:2d:e6:78:3a:45:
         67:d4:60:f9:ba:81:8e:6a:5f:ee:8d:4a:42:e8:8c:bc:ea:4a:
         e3:02:d7:57:71:bf:a9:b9:c4:e0:6b:e1:d6:02:1d:24:c0:0a:
         7d:9d:16:fc:80:66:07:56:8c:66:18:0f:cc:0c:0e:f2:17:58:
         68:f2:92:5b:30:83:76:26:09:bc:df:61:a5:46:7f:9f:d8:40:
         52:33:3a:f5:1b:77:c0:1a:9d:11:88:af:bc:6d:37:8c:21:be:
         5f:09:65:6d:f1:fb:59:bc:3d:f9:2d:b4:18:77:ad:d5:08:95:
         0e:1e:27:a2:4f:cd:84:4f:89:3e:ca:cd:83:50:06:70:a4:d2:
         7e:1c:41:c7:c2:20:23:57:b4:8f:0e:09:7f:f4:88:69:33:80:
         4e:53:24:d5:17:2a:a1:ee:1f:2e:11:f7:12:2d:b5:22:5f:32:
         b0:f5:a1:80:5c:74:58:96:ca:80:2c:24:1c:f1:75:4a:7b:b4:
         7f:6b:31:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2zB6cT/mZrF//aAQgmcrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDE0YjJkYmM2MTczODZmZGVjYzQzNDNmMjcxNmE1NTY5MWM1NDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2KaWs1v9dmMc8H1355xBZWM4x6S
cFS2LD7uKppy1y1mdOFtPpFEINe13QJqhMbufTBzIwFkg/gWgTYUMjYBTQQziKrC
yu4zAWCZjx3oqKG/7odE+NvdL8D8EUY2IfGdBN4aGDp/Iynu9xWRwLNR2wa9xXJB
idarPocGTCH1Ynr9KcxdcDU6No3DjmUQ8J23J7nylQJffcI5OQJrU+gxUrhygevS
dmr/8o+2TR4FJtq/Tn0mvxeUkfZBju6si8vH/mjCvBmyq/XH7O9YM0W5yODlad72
ai/yavwCBcEB3+xnnJAIvAQkgHiK+3MXbLG4EB0cPcWQLf1CP+0Sla3rbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEQUstvGFzhv3sxDQ/JxalVpHFQxMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUkJTeTI4WVhPR19lekVORDhuRnFWV2tjVkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLUPEAwQA
uZMwMA0GCSqGSIb3DQEBCwUAA4IBAQC0775H8LEGopIt3L4nLT6b2SIFjU3RHorG
m8JVZMb6/TCBGJ/eOHGRCzxw1i7vecpW11eRj0JWCoMpu3dBPZrr0vAWLeZ4OkVn
1GD5uoGOal/ujUpC6Iy86krjAtdXcb+pucTga+HWAh0kwAp9nRb8gGYHVoxmGA/M
DA7yF1ho8pJbMIN2Jgm832GlRn+f2EBSMzr1G3fAGp0RiK+8bTeMIb5fCWVt8ftZ
vD35LbQYd63VCJUOHieiT82ET4k+ys2DUAZwpNJ+HEHHwiAjV7SPDgl/9IhpM4BO
UyTVFyqh7h8uEfcSLbUiXzKw9aGAXHRYlsqALCQc8XVKe7R/azG+
-----END CERTIFICATE-----