Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/fvurfAhhRWubS3j5dWdc7KBgviM.roa
File:                     fvurfAhhRWubS3j5dWdc7KBgviM.roa (raw, json)
Hash identifier:          /NCThnAAbuoDZQkmKmV8AphAUzo6hhPJOCL+RLuROsM=
Subject key identifier:   7E:FB:AB:7C:08:61:45:6B:9B:4B:78:F9:75:67:5C:EC:A0:60:BE:23
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB341CC14EF8E6CD2A754044CE6EA9
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/fvurfAhhRWubS3j5dWdc7KBgviM.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204868
IP address blocks:        2.59.204.0/22 maxlen: 24
                          5.253.228.0/22 maxlen: 22
                          185.145.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:34:1c:c1:4e:f8:e6:cd:2a:75:40:44:ce:6e:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7efbab7c0861456b9b4b78f975675ceca060be23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:33:d3:92:8e:a3:ff:2f:46:1f:ea:1d:d4:a7:
                    2d:67:2a:15:0b:b5:5f:74:34:7f:f3:3f:61:5a:6a:
                    5a:ba:f8:30:c9:16:58:15:0c:e0:11:e1:0d:a3:f4:
                    aa:5e:67:90:b1:34:9b:ac:d4:d2:83:d5:23:e0:9b:
                    78:11:39:43:46:1f:62:81:d7:c4:eb:b6:a9:e3:93:
                    46:44:af:d1:65:e2:51:bb:65:74:7e:7b:8d:89:86:
                    25:cd:65:58:03:43:9e:2b:18:be:dd:60:6d:cd:44:
                    8c:7c:21:82:0c:5d:c5:16:13:fe:fa:b1:10:8a:ba:
                    2e:94:af:67:fc:e1:ba:01:39:84:55:b1:43:6d:9d:
                    0c:23:41:1a:25:95:85:65:d5:f1:60:1b:2d:6e:46:
                    6f:d9:5a:95:f7:6d:f2:4f:99:95:95:3c:31:95:f7:
                    35:43:14:4a:14:15:1e:2f:c8:bb:4a:6f:de:f1:44:
                    45:a4:30:e4:1c:37:1f:0c:36:84:d0:02:80:52:3b:
                    88:59:ef:fc:3a:7b:29:cf:f7:cf:45:27:d4:28:42:
                    9f:ff:e2:02:ae:3b:21:eb:f1:c8:cd:e9:d3:de:b3:
                    01:b7:c6:66:85:50:63:b1:9d:2c:b5:92:b7:c0:6b:
                    c2:95:c6:40:20:18:fd:e0:03:ac:e0:a5:dc:b2:49:
                    16:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:FB:AB:7C:08:61:45:6B:9B:4B:78:F9:75:67:5C:EC:A0:60:BE:23
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/fvurfAhhRWubS3j5dWdc7KBgviM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.204.0/22
                  5.253.228.0/22
                  185.145.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:fc:a9:db:e9:31:9d:f2:5b:2a:81:01:c3:d3:61:88:41:37:
         7c:8a:d1:20:bd:41:43:40:cf:30:ce:e1:0a:c5:c6:a6:22:fe:
         46:3c:73:57:23:7f:c3:96:da:0b:9f:42:2a:9f:14:21:43:40:
         74:2b:54:f7:48:a4:cf:35:3a:23:f6:0c:d4:19:40:84:3a:66:
         17:f0:69:eb:e3:45:1c:87:a8:6e:58:51:85:4f:d4:d7:6c:c1:
         3c:3d:96:d6:ef:c4:bf:b6:e0:67:1f:81:b0:e7:ae:f8:08:46:
         fd:be:05:26:8d:7a:3b:e4:aa:2e:65:dd:25:1f:e7:7f:e7:67:
         ea:ca:b5:0e:9a:29:60:10:b3:c8:ff:16:5a:41:72:09:3d:71:
         8f:1a:7b:be:05:12:72:ba:a3:bf:d8:18:c7:51:62:94:42:b5:
         32:90:1d:9a:c0:92:3b:75:f3:d2:cd:d2:09:40:ad:e0:46:2d:
         69:9c:18:62:b7:92:59:6d:bc:5f:5f:a5:fc:98:9f:97:e2:b7:
         e9:af:d0:8f:29:07:39:14:2a:6d:5d:ef:3a:39:cf:96:ec:6c:
         d5:ab:1d:e6:6c:d9:24:50:c8:b7:6e:f2:fe:cb:06:61:1b:8b:
         ea:b1:e6:0a:32:2f:eb:f5:6f:f5:4f:fa:55:ff:3e:4f:78:80:
         ca:04:6a:77
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2zQcwU745s0qdUBEzm6pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWZiYWI3YzA4NjE0NTZiOWI0Yjc4Zjk3NTY3NWNlY2EwNjBiZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4TPTko6j/y9GH+od1KctZyoVC7Vf
dDR/8z9hWmpauvgwyRZYFQzgEeENo/SqXmeQsTSbrNTSg9Uj4Jt4ETlDRh9igdfE
67ap45NGRK/RZeJRu2V0fnuNiYYlzWVYA0OeKxi+3WBtzUSMfCGCDF3FFhP++rEQ
iroulK9n/OG6ATmEVbFDbZ0MI0EaJZWFZdXxYBstbkZv2VqV923yT5mVlTwxlfc1
QxRKFBUeL8i7Sm/e8URFpDDkHDcfDDaE0AKAUjuIWe/8Onspz/fPRSfUKEKf/+IC
rjsh6/HIzenT3rMBt8ZmhVBjsZ0stZK3wGvClcZAIBj94AOs4KXcskkWzQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH77q3wIYUVrm0t4+XVnXOygYL4jMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvZnZ1cmZBaGhSV3ViUzNqNWRXZGM3S0JndmlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjvMAwQC
Bf3kAwQCuZFQMA0GCSqGSIb3DQEBCwUAA4IBAQAA/Knb6TGd8lsqgQHD02GIQTd8
itEgvUFDQM8wzuEKxcamIv5GPHNXI3/DltoLn0IqnxQhQ0B0K1T3SKTPNToj9gzU
GUCEOmYX8Gnr40Uch6huWFGFT9TXbME8PZbW78S/tuBnH4Gw5674CEb9vgUmjXo7
5KouZd0lH+d/52fqyrUOmilgELPI/xZaQXIJPXGPGnu+BRJyuqO/2BjHUWKUQrUy
kB2awJI7dfPSzdIJQK3gRi1pnBhit5JZbbxfX6X8mJ+X4rfpr9CPKQc5FCptXe86
Oc+W7GzVqx3mbNkkUMi3bvL+ywZhG4vqseYKMi/r9W/1T/pV/z5PeIDKBGp3
-----END CERTIFICATE-----