Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/VFDqQrcIkRdM6qDnN1UrRisHFW8.roa
File:                     VFDqQrcIkRdM6qDnN1UrRisHFW8.roa (raw, json)
Hash identifier:          Zd6BcT1UnFtYaDcL294cMSwJfWCRC3qI23xlwEkxr4c=
Subject key identifier:   54:50:EA:42:B7:08:91:17:4C:EA:A0:E7:37:55:2B:46:2B:07:15:6F
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       0192964CDBAFF89CCF0C7324A7FE04D0FFAE
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/VFDqQrcIkRdM6qDnN1UrRisHFW8.roa
Signing time:             Wed 16 Oct 2024 17:07:52 +0000
ROA not before:           Wed 16 Oct 2024 17:07:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8474
IP address blocks:        194.50.206.0/23 maxlen: 24
                          195.138.96.0/19 maxlen: 24
                          195.138.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:96:4c:db:af:f8:9c:cf:0c:73:24:a7:fe:04:d0:ff:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Oct 16 17:07:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5450ea42b70891174ceaa0e737552b462b07156f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:58:df:9f:dc:23:18:10:c0:bf:14:a9:42:97:
                    cb:9c:76:8f:b7:b7:57:fd:d0:39:0e:db:f4:c7:65:
                    bd:ff:e1:6f:c1:ed:2a:72:a0:54:f4:21:98:6a:fb:
                    e2:2a:a3:70:a5:82:8e:e6:e7:aa:70:8b:57:68:0b:
                    19:0d:4d:da:0a:01:22:ef:b2:ea:30:b3:c1:13:2b:
                    73:9b:cd:d1:83:1e:0e:4f:42:36:79:ae:80:bb:d9:
                    b0:0e:e0:33:81:c8:ae:a9:3a:e0:1c:90:90:ba:10:
                    e8:d0:7e:d4:b2:cd:69:bc:fd:46:c0:19:a8:2c:b9:
                    52:f7:53:b7:1f:98:94:17:c6:70:e1:ed:96:b6:e1:
                    27:a5:c7:01:66:d5:ed:17:1e:0e:d6:3d:c4:78:bc:
                    b9:2a:3f:37:a1:8c:a5:4e:3f:70:2f:97:f5:ce:d8:
                    04:b7:a0:81:e8:64:29:a9:9f:db:3e:62:01:0c:c6:
                    b6:60:79:b5:3d:be:3c:e0:a7:15:ef:18:8f:e0:df:
                    d2:2b:f9:82:4c:ba:11:30:78:da:d5:ef:cd:55:4f:
                    9d:27:31:9c:c5:ad:5d:3c:c0:72:4b:1e:31:31:f3:
                    de:e5:4e:3d:d0:07:33:88:5a:12:3b:df:11:52:5e:
                    5f:1b:61:8a:6f:84:5e:ee:c9:10:ec:14:39:63:7e:
                    49:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:50:EA:42:B7:08:91:17:4C:EA:A0:E7:37:55:2B:46:2B:07:15:6F
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/VFDqQrcIkRdM6qDnN1UrRisHFW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.206.0/23
                  195.138.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         54:c1:9b:11:49:26:60:05:e0:0f:18:02:c3:a3:dc:10:a7:05:
         23:0a:69:2a:fd:c1:9f:29:88:e2:88:69:2a:57:22:fe:22:3f:
         ac:a3:fd:6a:48:99:4a:85:d4:9e:0e:46:18:40:53:b1:bc:07:
         c1:ab:7d:6e:41:97:46:aa:1d:dc:d7:06:73:9d:61:bd:f9:3b:
         a5:70:0d:2f:07:bd:3a:b5:9b:d8:23:d8:65:f2:cc:91:b5:91:
         ee:4c:a1:62:6c:d5:8b:1d:49:cb:87:a5:dd:5a:a6:be:e0:9d:
         8b:bb:9b:fc:e7:26:4a:45:94:77:d8:e2:c7:7f:91:e6:94:bc:
         83:3f:7a:4b:69:aa:05:11:05:c3:50:7f:ee:7f:47:98:dd:7e:
         52:5b:22:e9:57:d8:cb:ab:35:4a:8b:02:4e:7f:e6:69:9e:86:
         32:ae:cc:aa:7c:ca:8a:b8:43:e2:86:84:af:8d:38:a1:2d:5b:
         c7:7e:30:a6:fb:a2:2f:59:0b:94:a8:f9:12:bd:4d:e5:44:cc:
         c1:27:44:a7:4e:90:09:dd:ec:3c:71:80:03:87:f6:6f:7c:34:
         b4:16:e7:f3:ef:4d:b9:d6:01:84:0e:7a:a7:26:35:58:47:89:
         50:33:93:7f:1f:35:8a:0e:ba:11:b0:14:2a:2a:85:1c:bf:1a:
         70:ad:37:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKWTNuv+JzPDHMkp/4E0P+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQxMDE2MTcwNzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDUwZWE0MmI3MDg5MTE3NGNlYWEwZTczNzU1MmI0NjJiMDcxNTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVjfn9wjGBDAvxSpQpfLnHaPt7dX
/dA5Dtv0x2W9/+Fvwe0qcqBU9CGYavviKqNwpYKO5ueqcItXaAsZDU3aCgEi77Lq
MLPBEytzm83Rgx4OT0I2ea6Au9mwDuAzgciuqTrgHJCQuhDo0H7Uss1pvP1GwBmo
LLlS91O3H5iUF8Zw4e2WtuEnpccBZtXtFx4O1j3EeLy5Kj83oYylTj9wL5f1ztgE
t6CB6GQpqZ/bPmIBDMa2YHm1Pb484KcV7xiP4N/SK/mCTLoRMHja1e/NVU+dJzGc
xa1dPMBySx4xMfPe5U490AcziFoSO98RUl5fG2GKb4Re7skQ7BQ5Y35JOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFRQ6kK3CJEXTOqg5zdVK0YrBxVvMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvVkZEcVFyY0lrUmRNNnFEbk4xVXJSaXNIRlc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwjLOAwQF
w4pgMA0GCSqGSIb3DQEBCwUAA4IBAQBUwZsRSSZgBeAPGALDo9wQpwUjCmkq/cGf
KYjiiGkqVyL+Ij+so/1qSJlKhdSeDkYYQFOxvAfBq31uQZdGqh3c1wZznWG9+Tul
cA0vB706tZvYI9hl8syRtZHuTKFibNWLHUnLh6XdWqa+4J2Lu5v85yZKRZR32OLH
f5HmlLyDP3pLaaoFEQXDUH/uf0eY3X5SWyLpV9jLqzVKiwJOf+ZpnoYyrsyqfMqK
uEPihoSvjTihLVvHfjCm+6IvWQuUqPkSvU3lRMzBJ0SnTpAJ3ew8cYADh/ZvfDS0
Fufz70251gGEDnqnJjVYR4lQM5N/HzWKDroRsBQqKoUcvxpwrTfH
-----END CERTIFICATE-----