Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6cF6Iv42nJaIHDwovk1mXaDCbg.roa
File:                     i6cF6Iv42nJaIHDwovk1mXaDCbg.roa (raw, json)
Hash identifier:          5qcH87g+U4SyQp+ZIcfWfk9ZioIp8lkBVuqtLygxPf8=
Subject key identifier:   8B:A7:05:E8:8B:F8:DA:72:5A:20:70:F0:A2:F9:35:99:76:83:09:B8
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB3CD75116BD68A0229B2DD97723E0
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6cF6Iv42nJaIHDwovk1mXaDCbg.roa
Signing time:             Mon 01 Jan 2024 02:29:57 +0000
ROA not before:           Mon 01 Jan 2024 02:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209963
IP address blocks:        185.147.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3c:d7:51:16:bd:68:a0:22:9b:2d:d9:77:23:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ba705e88bf8da725a2070f0a2f93599768309b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:25:34:e5:45:a8:4c:4f:df:c5:75:c1:f8:28:
                    57:55:2d:64:28:a3:d8:ad:a7:04:1c:91:6e:4b:52:
                    f7:81:35:58:f6:77:16:7f:a5:5c:2a:34:c8:42:bc:
                    09:b5:84:fe:23:92:7a:d5:59:77:a3:23:8e:aa:3e:
                    d7:e1:a5:22:44:47:4d:01:39:5a:25:81:72:4f:4f:
                    2d:d4:da:b3:78:e2:19:4b:58:33:02:00:57:61:10:
                    c3:d3:6a:b6:01:76:3b:77:ed:f7:d7:03:72:2b:26:
                    63:41:67:77:8d:aa:9b:01:2b:89:56:19:aa:21:13:
                    9a:c8:d9:03:c2:dc:65:c6:18:b5:f3:61:17:64:59:
                    ef:eb:d1:2e:4c:08:ad:6c:a4:e7:61:da:65:36:ca:
                    d4:fc:2e:58:a4:b7:ce:20:86:19:c4:24:37:40:7b:
                    14:da:b4:a2:db:36:75:03:f4:5d:19:97:47:75:73:
                    a6:a9:fd:46:66:a7:7b:1d:f3:ce:a5:72:44:fd:db:
                    25:bf:52:d3:92:e5:f6:62:17:3c:0f:60:d5:e1:7e:
                    80:47:f8:14:da:17:1f:e4:8b:86:ef:d7:35:3f:e5:
                    50:a2:4c:fc:2e:ce:6a:a9:e4:45:e9:a4:ff:56:f1:
                    25:fb:fe:44:c9:73:d3:c5:06:d0:f4:33:05:44:3d:
                    1f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A7:05:E8:8B:F8:DA:72:5A:20:70:F0:A2:F9:35:99:76:83:09:B8
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6cF6Iv42nJaIHDwovk1mXaDCbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:59:8b:6f:51:63:cb:41:72:c3:96:04:98:9a:a0:9a:0e:e4:
         d9:90:99:7a:ce:76:2c:a5:d1:f1:ee:60:9f:a3:ea:a6:7d:ae:
         04:c0:bc:b3:f5:e8:3c:68:e4:28:c9:70:b4:a5:aa:4c:15:53:
         69:53:35:6a:4f:9c:72:08:05:66:8f:d8:14:02:67:e7:42:21:
         75:fa:ab:45:93:b9:2c:5a:34:ab:e6:a3:13:21:95:23:41:41:
         fe:84:5f:17:59:c6:cf:89:c4:37:be:f6:28:d5:10:1b:e2:67:
         ab:db:55:38:49:cb:2c:33:32:34:4b:58:8e:56:9f:4a:cc:1a:
         ce:37:32:f3:f0:e1:ee:2d:41:99:4e:d0:dd:99:a3:fd:61:14:
         42:a4:ad:68:a6:23:d6:f2:5a:6b:f2:1e:f1:d9:47:99:13:40:
         da:f6:88:78:94:45:26:59:79:f6:83:b3:60:92:eb:cf:ef:4d:
         d4:09:4a:16:33:f7:f9:4b:ea:62:30:1a:b2:98:1a:fe:3a:d7:
         e3:3e:7e:98:7e:d5:e6:07:1f:aa:bf:5c:c2:54:4d:97:f8:43:
         01:62:37:ae:08:c0:23:9f:7e:81:41:2c:37:de:39:cd:84:79:
         bc:86:73:4d:84:04:29:a7:9e:44:62:a1:0b:4a:1e:46:41:86:
         87:d5:5e:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zzXURa9aKAimy3ZdyPgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE3MDVlODhiZjhkYTcyNWEyMDcwZjBhMmY5MzU5OTc2ODMwOWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iU05UWoTE/fxXXB+ChXVS1kKKPY
racEHJFuS1L3gTVY9ncWf6VcKjTIQrwJtYT+I5J61Vl3oyOOqj7X4aUiREdNATla
JYFyT08t1NqzeOIZS1gzAgBXYRDD02q2AXY7d+331wNyKyZjQWd3jaqbASuJVhmq
IROayNkDwtxlxhi182EXZFnv69EuTAitbKTnYdplNsrU/C5YpLfOIIYZxCQ3QHsU
2rSi2zZ1A/RdGZdHdXOmqf1GZqd7HfPOpXJE/dslv1LTkuX2Yhc8D2DV4X6AR/gU
2hcf5IuG79c1P+VQokz8Ls5qqeRF6aT/VvEl+/5EyXPTxQbQ9DMFRD0fSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIunBeiL+NpyWiBw8KL5NZl2gwm4MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvaTZjRjZJdjQybkphSUhEd292azFtWGFEQ2JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZMxMA0G
CSqGSIb3DQEBCwUAA4IBAQCcWYtvUWPLQXLDlgSYmqCaDuTZkJl6znYspdHx7mCf
o+qmfa4EwLyz9eg8aOQoyXC0papMFVNpUzVqT5xyCAVmj9gUAmfnQiF1+qtFk7ks
WjSr5qMTIZUjQUH+hF8XWcbPicQ3vvYo1RAb4mer21U4ScssMzI0S1iOVp9KzBrO
NzLz8OHuLUGZTtDdmaP9YRRCpK1opiPW8lpr8h7x2UeZE0Da9oh4lEUmWXn2g7Ng
kuvP703UCUoWM/f5S+piMBqymBr+OtfjPn6YftXmBx+qv1zCVE2X+EMBYjeuCMAj
n36BQSw33jnNhHm8hnNNhAQpp55EYqELSh5GQYaH1V7c
-----END CERTIFICATE-----