Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/XmniicAoB9W3p4MS18jKkTdpJU4.roa
File:                     XmniicAoB9W3p4MS18jKkTdpJU4.roa (raw, json)
Hash identifier:          XgCIebeYs8wnorVo4XdenbxaUzPSvQpqZGwmxo0O4Jc=
Subject key identifier:   5E:69:E2:89:C0:28:07:D5:B7:A7:83:12:D7:C8:CA:91:37:69:25:4E
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB2D7729697672451B5D1DE91BC729
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/XmniicAoB9W3p4MS18jKkTdpJU4.roa
Signing time:             Mon 01 Jan 2024 02:29:53 +0000
ROA not before:           Mon 01 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60127
IP address blocks:        185.147.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2d:77:29:69:76:72:45:1b:5d:1d:e9:1b:c7:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e69e289c02807d5b7a78312d7c8ca913769254e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:1f:28:06:94:7b:96:79:1a:d2:3a:25:0a:cb:
                    f0:69:21:51:76:07:0c:75:bc:90:24:94:ff:df:4b:
                    6e:c9:1e:d3:78:8b:08:e0:b3:93:91:43:f6:f2:52:
                    62:a4:65:5a:15:52:22:33:28:b9:5e:08:0b:8c:5a:
                    a1:2e:19:05:da:ca:3c:6e:79:cd:b5:ce:1a:32:af:
                    19:37:eb:ef:19:19:82:78:52:f5:62:1b:0b:ae:a9:
                    bf:76:40:a8:2f:20:9b:55:f2:df:52:90:90:85:de:
                    4b:7e:e2:f5:3f:76:f5:57:2f:4c:30:20:bd:ba:84:
                    6f:50:e5:87:4a:83:5a:6b:31:cf:17:7b:33:30:29:
                    74:73:c3:14:d5:6a:1c:2c:af:dc:57:a2:14:cc:f1:
                    26:fb:bc:92:50:b2:ae:c9:6d:3c:59:c3:1b:4e:45:
                    7b:c0:10:03:66:1d:7f:d7:0d:5a:a8:6f:bd:65:d6:
                    d6:1e:b4:80:27:b4:2e:13:a2:5c:38:fb:e2:10:15:
                    51:19:8e:da:bd:53:b5:24:3a:49:24:2d:ef:df:8e:
                    b1:a0:69:4b:3d:99:95:53:28:a2:90:14:d4:be:0b:
                    28:c0:ae:ab:43:1c:55:fa:25:38:cc:a5:0b:4e:34:
                    a1:f6:55:8f:4a:88:1e:f9:96:06:36:b8:f4:b7:a0:
                    fa:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:69:E2:89:C0:28:07:D5:B7:A7:83:12:D7:C8:CA:91:37:69:25:4E
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/XmniicAoB9W3p4MS18jKkTdpJU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:45:9e:44:89:27:63:95:c3:53:da:20:08:8c:b4:1e:08:97:
         ac:b6:15:9f:48:28:37:1e:1f:24:7c:29:e7:26:72:26:50:78:
         b9:fb:68:4d:3c:78:7e:7b:7e:9d:ac:8b:34:62:c1:8f:62:f3:
         1d:7d:1b:eb:f6:e6:08:95:0b:3b:65:38:5b:13:c4:d1:a2:9a:
         be:ed:d1:3f:e1:7e:62:d4:49:b5:78:a7:52:0f:a0:aa:8b:e5:
         07:98:44:3d:75:c5:4b:d2:54:54:74:4d:d6:fc:88:41:5f:2a:
         2d:dc:19:f9:ef:59:b9:b8:4c:64:c1:03:db:5b:98:4e:be:ee:
         76:98:b0:a6:7f:8e:29:76:be:55:97:44:c0:81:ed:fa:fe:ef:
         dd:d3:c0:58:58:05:fb:2b:ae:eb:15:15:69:94:4c:f2:4b:df:
         1b:7a:f2:aa:cb:fb:d0:d5:34:e3:48:50:0c:9a:b0:f8:5f:84:
         80:2a:80:0c:0a:06:27:e7:35:67:e4:fc:07:65:16:9e:9e:f8:
         6d:8d:bc:15:72:bf:29:07:84:79:26:83:39:f5:1f:fc:d0:68:
         81:56:f4:bc:6b:67:a4:5f:b0:84:d1:63:c4:74:5a:bd:24:5f:
         30:af:73:7b:81:ea:44:4e:46:3b:e3:11:69:59:2f:51:71:a2:
         5f:31:14:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2y13KWl2ckUbXR3pG8cpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTY5ZTI4OWMwMjgwN2Q1YjdhNzgzMTJkN2M4Y2E5MTM3NjkyNTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2x8oBpR7lnka0jolCsvwaSFRdgcM
dbyQJJT/30tuyR7TeIsI4LOTkUP28lJipGVaFVIiMyi5XggLjFqhLhkF2so8bnnN
tc4aMq8ZN+vvGRmCeFL1YhsLrqm/dkCoLyCbVfLfUpCQhd5LfuL1P3b1Vy9MMCC9
uoRvUOWHSoNaazHPF3szMCl0c8MU1WocLK/cV6IUzPEm+7ySULKuyW08WcMbTkV7
wBADZh1/1w1aqG+9ZdbWHrSAJ7QuE6JcOPviEBVRGY7avVO1JDpJJC3v346xoGlL
PZmVUyiikBTUvgsowK6rQxxV+iU4zKULTjSh9lWPSoge+ZYGNrj0t6D6pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5p4onAKAfVt6eDEtfIypE3aSVOMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvWG1uaWljQW9COVczcDRNUzE4aktrVGRwSlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZMzMA0G
CSqGSIb3DQEBCwUAA4IBAQADRZ5EiSdjlcNT2iAIjLQeCJesthWfSCg3Hh8kfCnn
JnImUHi5+2hNPHh+e36drIs0YsGPYvMdfRvr9uYIlQs7ZThbE8TRopq+7dE/4X5i
1Em1eKdSD6Cqi+UHmEQ9dcVL0lRUdE3W/IhBXyot3Bn571m5uExkwQPbW5hOvu52
mLCmf44pdr5Vl0TAge36/u/d08BYWAX7K67rFRVplEzyS98bevKqy/vQ1TTjSFAM
mrD4X4SAKoAMCgYn5zVn5PwHZRaenvhtjbwVcr8pB4R5JoM59R/80GiBVvS8a2ek
X7CE0WPEdFq9JF8wr3N7gepETkY74xFpWS9RcaJfMRSk
-----END CERTIFICATE-----