Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i0oqdkNUROhbiET56laNL1tRD88.roa
File:                     i0oqdkNUROhbiET56laNL1tRD88.roa (raw, json)
Hash identifier:          iUAzxXKbjCK3MaCNMSLzdK2h1Rc3rQdTGWxUlwup+r8=
Subject key identifier:   8B:4A:2A:76:43:54:44:E8:5B:88:44:F9:EA:56:8D:2F:5B:51:0F:CF
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB3F2EDA680287E972EC2C5FEE92C7
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i0oqdkNUROhbiET56laNL1tRD88.roa
Signing time:             Mon 01 Jan 2024 02:29:57 +0000
ROA not before:           Mon 01 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398465
IP address blocks:        194.180.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 15:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3f:2e:da:68:02:87:e9:72:ec:2c:5f:ee:92:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b4a2a76435444e85b8844f9ea568d2f5b510fcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:60:5d:b1:2b:20:b2:d7:49:ef:c4:81:cf:8f:
                    ce:bb:cf:18:7d:91:23:15:74:b1:02:30:6a:51:f4:
                    aa:ff:fb:65:1f:06:be:ef:5a:5d:a4:fb:86:9c:04:
                    fe:b4:bf:c2:4e:1e:28:b3:8f:59:69:b8:3a:63:2e:
                    e2:16:5e:c5:77:49:63:5f:d8:a0:e0:8b:a2:0a:d1:
                    33:98:be:de:1b:a0:5b:e1:74:32:41:9a:43:da:21:
                    6a:4d:39:88:a6:3a:1d:84:ba:a8:3e:2c:f0:6d:ce:
                    96:c4:61:bd:ed:6d:61:ef:03:92:18:dc:c6:d1:2c:
                    1b:5a:5d:91:0d:f6:52:af:93:aa:0d:96:49:bf:79:
                    26:12:75:9b:3c:4b:a8:3c:34:65:d4:27:69:c6:58:
                    de:93:09:55:1b:8f:4b:87:1e:bf:72:59:4e:b3:d8:
                    9d:15:3d:c0:dc:ac:d0:6e:3c:45:00:7b:2f:fa:5d:
                    f2:99:c2:d8:75:da:d4:49:21:b2:e8:fd:5a:f3:19:
                    31:f2:2a:27:aa:6b:c6:54:d9:5f:3b:74:e5:15:53:
                    a7:a7:2c:0f:33:08:bf:7c:2f:ac:fb:21:11:ef:a2:
                    5a:3c:97:a2:a2:8f:29:f4:cc:ab:40:27:af:cf:d6:
                    bc:22:85:7f:5d:ee:6c:02:40:d4:b5:8f:ef:8e:f6:
                    81:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:4A:2A:76:43:54:44:E8:5B:88:44:F9:EA:56:8D:2F:5B:51:0F:CF
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i0oqdkNUROhbiET56laNL1tRD88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:0c:8a:45:38:80:db:d6:61:c6:62:2b:1b:2c:25:ed:89:96:
         9f:ff:8c:e2:53:33:d0:65:fa:1e:ef:91:80:54:af:43:43:a2:
         60:44:be:27:a6:3c:c9:0d:d5:b4:e5:05:4f:a7:f7:4c:a9:c3:
         4b:82:ba:d6:07:5d:75:e2:c3:88:14:0d:07:0c:14:67:2b:83:
         43:33:fb:f7:22:b5:be:a2:fc:ad:b4:7b:bc:da:8e:3b:5c:b0:
         1a:bf:78:e9:1d:15:d8:38:04:16:5c:9b:38:f5:d0:6d:2e:c2:
         22:c6:d3:e3:10:a2:63:dd:a1:cd:1e:ef:9e:25:d1:15:fd:70:
         24:d9:01:96:05:94:a9:a4:c0:b2:76:5e:1a:b3:97:f6:c7:11:
         65:96:e2:f4:54:56:50:85:f6:97:e9:52:bb:14:07:31:7a:cf:
         b4:c1:a7:ab:b0:1e:4f:3d:35:13:44:16:58:ec:66:12:01:79:
         26:7b:87:00:fa:af:f3:59:74:17:de:8c:79:32:d6:ad:cb:eb:
         50:6f:25:87:06:99:7d:9d:77:8b:f2:34:00:1d:19:2f:44:61:
         77:42:f1:4f:62:8f:9c:1d:fc:1a:46:12:1a:40:db:ab:0d:26:
         2a:1a:6d:6f:b4:31:7a:24:4d:d9:03:e7:e3:38:ee:49:6e:6c:
         36:1e:13:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2z8u2mgCh+ly7Cxf7pLHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjRhMmE3NjQzNTQ0NGU4NWI4ODQ0ZjllYTU2OGQyZjViNTEwZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWBdsSsgstdJ78SBz4/Ou88YfZEj
FXSxAjBqUfSq//tlHwa+71pdpPuGnAT+tL/CTh4os49Zabg6Yy7iFl7Fd0ljX9ig
4IuiCtEzmL7eG6Bb4XQyQZpD2iFqTTmIpjodhLqoPizwbc6WxGG97W1h7wOSGNzG
0SwbWl2RDfZSr5OqDZZJv3kmEnWbPEuoPDRl1CdpxljekwlVG49Lhx6/cllOs9id
FT3A3KzQbjxFAHsv+l3ymcLYddrUSSGy6P1a8xkx8ionqmvGVNlfO3TlFVOnpywP
Mwi/fC+s+yER76JaPJeioo8p9MyrQCevz9a8IoV/Xe5sAkDUtY/vjvaBqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFItKKnZDVEToW4hE+epWjS9bUQ/PMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvaTBvcWRrTlVST2hiaUVUNTZsYU5MMXRSRDg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrTuMA0G
CSqGSIb3DQEBCwUAA4IBAQBADIpFOIDb1mHGYisbLCXtiZaf/4ziUzPQZfoe75GA
VK9DQ6JgRL4npjzJDdW05QVPp/dMqcNLgrrWB1114sOIFA0HDBRnK4NDM/v3IrW+
ovyttHu82o47XLAav3jpHRXYOAQWXJs49dBtLsIixtPjEKJj3aHNHu+eJdEV/XAk
2QGWBZSppMCydl4as5f2xxFlluL0VFZQhfaX6VK7FAcxes+0waersB5PPTUTRBZY
7GYSAXkme4cA+q/zWXQX3ox5Mtaty+tQbyWHBpl9nXeL8jQAHRkvRGF3QvFPYo+c
HfwaRhIaQNurDSYqGm1vtDF6JE3ZA+fjOO5Jbmw2HhOT
-----END CERTIFICATE-----