Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hSTbgn_Xhyg11LwsIrFUpRLpSZg.roa
File:                     hSTbgn_Xhyg11LwsIrFUpRLpSZg.roa (raw, json)
Hash identifier:          w0W4uLuNX0RHZKPs8nhiVNIQPOdxIA9IE1TkRhVp+1w=
Subject key identifier:   85:24:DB:82:7F:D7:87:28:35:D4:BC:2C:22:B1:54:A5:12:E9:49:98
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019092A6CB9555A12FDCD8EBDF4D6523C23B
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hSTbgn_Xhyg11LwsIrFUpRLpSZg.roa
Signing time:             Mon 08 Jul 2024 14:02:02 +0000
ROA not before:           Mon 08 Jul 2024 14:02:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205301
IP address blocks:        194.242.22.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:92:a6:cb:95:55:a1:2f:dc:d8:eb:df:4d:65:23:c2:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jul  8 14:02:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8524db827fd7872835d4bc2c22b154a512e94998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c0:26:09:84:26:d9:d4:a2:aa:18:72:76:ec:
                    49:24:f0:93:92:d1:07:ed:6b:52:f0:81:40:1e:42:
                    9d:0c:df:b3:99:d7:6b:46:a5:8a:e7:9f:d1:fb:9d:
                    20:e1:0f:c2:b2:17:a3:dc:79:5a:24:f0:42:46:d2:
                    b2:4b:f0:a0:79:37:e4:cc:af:80:bc:37:68:28:ad:
                    58:77:a8:27:38:f2:41:c7:e4:90:b1:99:89:07:5f:
                    a0:e6:a3:e2:98:27:4e:74:70:ed:14:59:66:7b:e0:
                    a6:b6:1c:d0:39:69:16:f5:a3:92:3d:1d:93:2f:ed:
                    cd:b5:f0:77:f0:6e:29:a7:85:1f:41:20:e6:4b:f0:
                    e8:46:80:96:f3:0c:23:f9:06:19:98:16:50:53:b5:
                    3b:e5:05:55:4d:45:82:92:4b:80:28:3d:03:21:99:
                    bb:0a:c0:ea:13:62:e2:43:97:90:68:8b:c8:f9:ba:
                    ce:49:a3:ff:4d:f8:f1:84:73:7d:60:95:ec:34:8e:
                    94:b8:ed:91:a2:6d:2b:a7:33:21:93:22:bd:0f:1a:
                    b1:dd:a1:dc:dd:45:58:77:17:04:8d:76:3a:95:dd:
                    32:d8:dd:db:66:f1:8b:38:ae:64:ae:20:33:bc:d8:
                    81:60:87:c9:2b:59:95:5e:d0:1d:c2:ba:30:7a:b3:
                    e0:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:24:DB:82:7F:D7:87:28:35:D4:BC:2C:22:B1:54:A5:12:E9:49:98
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hSTbgn_Xhyg11LwsIrFUpRLpSZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:ed:43:99:52:54:b1:b6:3c:99:4c:0d:d3:84:62:27:d3:77:
         6e:a9:c9:8f:6c:f1:fe:d8:29:26:2b:46:6b:fb:c6:6d:47:81:
         49:a4:cd:0c:66:4a:eb:1c:06:08:85:22:64:d3:da:9d:70:29:
         b2:ac:af:36:a1:c5:ce:3e:18:9b:0e:79:49:6d:62:28:28:d0:
         0d:2f:42:10:2c:7a:ef:cc:a5:c7:98:5a:bb:a1:71:97:e1:3d:
         49:cf:2c:a0:0e:46:0f:9c:47:1e:7f:0d:ba:4a:ca:e8:78:51:
         6c:e3:07:84:3b:99:09:27:d5:a0:1f:6f:a3:d3:2b:1f:d1:8a:
         45:4b:36:db:eb:be:a7:97:03:63:c8:1e:ef:46:66:48:a2:ad:
         fb:fa:92:33:ac:dc:fc:d3:a5:5f:45:9c:1a:05:5e:83:e6:1a:
         8a:01:91:4b:96:71:8f:da:8c:49:9a:59:90:6d:49:84:14:d8:
         ba:28:04:65:c3:e8:2f:ad:1d:b2:ea:18:96:41:fd:76:9a:f5:
         c5:cd:6e:b0:86:8f:1a:ae:5f:7b:46:30:7c:8a:47:8e:be:1f:
         43:41:55:c3:7d:77:f3:af:43:82:11:a0:17:44:6b:d1:56:83:
         08:bb:29:14:56:12:41:4b:7a:f7:01:40:4e:a5:2a:de:fe:3a:
         8f:7a:0c:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCSpsuVVaEv3Njr301lI8I7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNzA4MTQwMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTI0ZGI4MjdmZDc4NzI4MzVkNGJjMmMyMmIxNTRhNTEyZTk0OTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8AmCYQm2dSiqhhyduxJJPCTktEH
7WtS8IFAHkKdDN+zmddrRqWK55/R+50g4Q/Cshej3HlaJPBCRtKyS/CgeTfkzK+A
vDdoKK1Yd6gnOPJBx+SQsZmJB1+g5qPimCdOdHDtFFlme+CmthzQOWkW9aOSPR2T
L+3NtfB38G4pp4UfQSDmS/DoRoCW8wwj+QYZmBZQU7U75QVVTUWCkkuAKD0DIZm7
CsDqE2LiQ5eQaIvI+brOSaP/TfjxhHN9YJXsNI6UuO2Rom0rpzMhkyK9Dxqx3aHc
3UVYdxcEjXY6ld0y2N3bZvGLOK5kriAzvNiBYIfJK1mVXtAdwrowerPg1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUk24J/14coNdS8LCKxVKUS6UmYMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvaFNUYmduX1hoeWcxMUx3c0lyRlVwUkxwU1pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwvIWMA0G
CSqGSIb3DQEBCwUAA4IBAQBo7UOZUlSxtjyZTA3ThGIn03duqcmPbPH+2CkmK0Zr
+8ZtR4FJpM0MZkrrHAYIhSJk09qdcCmyrK82ocXOPhibDnlJbWIoKNANL0IQLHrv
zKXHmFq7oXGX4T1JzyygDkYPnEcefw26SsroeFFs4weEO5kJJ9WgH2+j0ysf0YpF
Szbb676nlwNjyB7vRmZIoq37+pIzrNz806VfRZwaBV6D5hqKAZFLlnGP2oxJmlmQ
bUmEFNi6KARlw+gvrR2y6hiWQf12mvXFzW6who8arl97RjB8ikeOvh9DQVXDfXfz
r0OCEaAXRGvRVoMIuykUVhJBS3r3AUBOpSre/jqPegxE
-----END CERTIFICATE-----