Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ixUkpUNhtV9KkWNweKmWA5yb-Xk.roa
File:                     ixUkpUNhtV9KkWNweKmWA5yb-Xk.roa (raw, json)
Hash identifier:          9w3FDH4A7XLSYBz6NoPGQlOAqhdWq7/qCHjynoQdSik=
Subject key identifier:   8B:15:24:A5:43:61:B5:5F:4A:91:63:70:78:A9:96:03:9C:9B:F9:79
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CD587FDC6958C46331840B29A7214B87B
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ixUkpUNhtV9KkWNweKmWA5yb-Xk.roa
Signing time:             Thu 04 Jan 2024 17:31:48 +0000
ROA not before:           Thu 04 Jan 2024 17:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205124
IP address blocks:        147.78.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d5:87:fd:c6:95:8c:46:33:18:40:b2:9a:72:14:b8:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  4 17:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b1524a54361b55f4a91637078a996039c9bf979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:be:cd:41:9d:fc:ac:99:77:02:7e:d8:97:f8:
                    cc:ee:41:55:0d:b3:07:0f:52:87:bd:92:58:94:63:
                    11:7b:fa:ce:d3:9e:d9:4f:e3:8b:af:20:9a:9b:90:
                    8e:96:99:c7:ce:a5:a1:75:5f:b9:38:18:33:09:55:
                    82:ed:da:b9:03:2d:c2:17:f7:a9:dc:4c:2c:53:0c:
                    63:88:7d:36:b7:db:89:e4:30:7f:bb:77:5c:26:bf:
                    28:02:f5:85:0c:b9:b8:07:8a:dd:ab:48:6a:b2:d2:
                    31:8f:3b:24:c2:4e:bb:ee:7e:f0:db:11:b5:4d:3c:
                    9e:f2:67:77:b3:53:37:38:fe:b5:9d:6f:07:c8:8c:
                    8c:b1:79:b5:29:67:0d:94:40:28:76:1e:f1:e6:fd:
                    88:1c:65:95:1a:7c:cf:5d:d7:dd:b5:1a:ff:82:2c:
                    9d:db:c2:c6:96:22:c6:72:56:65:33:ec:c1:39:da:
                    62:b4:c4:f9:3d:9a:36:44:56:79:c1:cf:f2:b9:87:
                    a9:7c:43:d7:a8:79:d8:04:67:2c:35:74:7b:74:21:
                    70:2d:ba:0c:0e:d8:71:ee:a6:ee:05:ee:50:28:08:
                    81:16:9f:ca:9a:19:59:74:58:85:fb:48:c0:48:18:
                    58:be:41:87:62:6a:4d:e0:bb:ac:cc:08:95:1e:6e:
                    41:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:15:24:A5:43:61:B5:5F:4A:91:63:70:78:A9:96:03:9C:9B:F9:79
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ixUkpUNhtV9KkWNweKmWA5yb-Xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:80:b0:7f:34:81:d1:11:8c:4b:ad:3a:ee:b0:d0:3f:41:4c:
         2e:57:29:53:87:1d:76:99:76:c2:55:09:b3:b0:fe:1f:36:3f:
         72:ab:28:3e:46:ab:a6:5a:24:b8:7a:5c:1a:d4:4f:d2:c1:2f:
         2b:05:6d:92:d4:34:fd:c1:5b:f7:ec:3c:ac:aa:3d:d9:88:a2:
         44:7c:a1:b5:b6:df:a1:fa:fa:da:3d:e4:f9:57:0d:39:65:b0:
         2a:ba:38:66:fe:2d:35:c7:ee:bd:5a:ea:02:19:45:76:d6:fb:
         9e:fc:d8:29:dc:bc:b8:e5:e6:d8:4d:65:d6:b1:60:f7:bf:00:
         91:f5:d7:76:a5:92:1b:13:4c:c9:ab:e0:50:37:47:3e:e7:89:
         be:fd:55:d8:8e:bd:8a:a9:ba:86:1f:fe:4d:78:ab:64:cb:06:
         7b:0d:b0:54:92:92:e7:2b:9a:fe:1e:64:8b:4e:5b:b4:0c:19:
         f9:23:6a:59:eb:d1:22:7b:5f:a7:bc:ac:3a:e4:aa:51:3c:ef:
         88:47:07:91:a6:2b:fc:07:f5:8a:30:a9:c2:d8:2b:2e:64:2d:
         70:d1:82:3a:2d:d0:3b:a8:c2:d2:ab:b3:e2:71:f5:6f:9e:79:
         b6:b5:ce:a6:85:dc:cc:7b:4c:e2:7b:30:2c:fc:8e:48:41:78:
         cf:9f:48:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzVh/3GlYxGMxhAsppyFLh7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTA0MTczMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjE1MjRhNTQzNjFiNTVmNGE5MTYzNzA3OGE5OTYwMzljOWJmOTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAur7NQZ38rJl3An7Yl/jM7kFVDbMH
D1KHvZJYlGMRe/rO057ZT+OLryCam5COlpnHzqWhdV+5OBgzCVWC7dq5Ay3CF/ep
3EwsUwxjiH02t9uJ5DB/u3dcJr8oAvWFDLm4B4rdq0hqstIxjzskwk677n7w2xG1
TTye8md3s1M3OP61nW8HyIyMsXm1KWcNlEAodh7x5v2IHGWVGnzPXdfdtRr/giyd
28LGliLGclZlM+zBOdpitMT5PZo2RFZ5wc/yuYepfEPXqHnYBGcsNXR7dCFwLboM
Dthx7qbuBe5QKAiBFp/KmhlZdFiF+0jASBhYvkGHYmpN4LuszAiVHm5BqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIsVJKVDYbVfSpFjcHiplgOcm/l5MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvaXhVa3BVTmh0VjlLa1dOd2VLbVdBNXliLVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCk04UMA0G
CSqGSIb3DQEBCwUAA4IBAQAtgLB/NIHREYxLrTrusNA/QUwuVylThx12mXbCVQmz
sP4fNj9yqyg+RqumWiS4elwa1E/SwS8rBW2S1DT9wVv37Dysqj3ZiKJEfKG1tt+h
+vraPeT5Vw05ZbAqujhm/i01x+69WuoCGUV21vue/Ngp3Ly45ebYTWXWsWD3vwCR
9dd2pZIbE0zJq+BQN0c+54m+/VXYjr2KqbqGH/5NeKtkywZ7DbBUkpLnK5r+HmSL
Tlu0DBn5I2pZ69Eie1+nvKw65KpRPO+IRweRpiv8B/WKMKnC2CsuZC1w0YI6LdA7
qMLSq7PicfVvnnm2tc6mhdzMe0ziezAs/I5IQXjPn0gR
-----END CERTIFICATE-----