Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/mu7QLhaqIeMXU_Vs_iCeFvjhoqM.roa
File:                     mu7QLhaqIeMXU_Vs_iCeFvjhoqM.roa (raw, json)
Hash identifier:          tC590f83DnjELObkt321wl8pzP/J/Nq0OWGhu/nR8GY=
Subject key identifier:   9A:EE:D0:2E:16:AA:21:E3:17:53:F5:6C:FE:20:9E:16:F8:E1:A2:A3
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB339D260C291801D99D052E095A07
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/mu7QLhaqIeMXU_Vs_iCeFvjhoqM.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204300
IP address blocks:        194.35.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:33:9d:26:0c:29:18:01:d9:9d:05:2e:09:5a:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9aeed02e16aa21e31753f56cfe209e16f8e1a2a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:43:8e:6d:d9:00:e7:b8:1b:68:97:e7:24:39:
                    db:61:ac:35:1d:78:43:30:d2:95:3c:68:5c:c3:24:
                    01:e9:98:96:0d:d2:a2:d1:52:56:ac:16:ee:f2:ba:
                    e9:8a:79:50:49:8a:5e:0b:5a:19:8a:9a:d1:6f:be:
                    a9:17:71:46:6d:26:5a:af:02:92:c4:0a:ec:2c:b7:
                    2b:1f:3c:be:19:1b:3f:ea:f6:7c:d5:67:48:37:25:
                    a3:da:b3:77:a3:40:57:66:2e:76:7c:f5:75:fb:e3:
                    9e:be:ea:a8:e6:12:30:43:1c:37:62:e1:b7:9e:58:
                    fc:e5:e5:89:06:1a:f1:c1:2f:ba:b7:be:46:fd:73:
                    00:fd:d4:5c:13:a8:b9:53:48:ae:99:6b:f6:04:3c:
                    a5:87:d5:42:12:c1:46:c0:49:3e:52:1b:7c:7f:a4:
                    6b:84:48:f1:10:6a:36:1e:5b:0d:ea:d7:09:34:f7:
                    5b:84:50:2a:06:03:d5:2f:6e:be:73:4c:5d:22:b0:
                    54:61:c1:6a:6f:6b:a8:22:6e:69:86:5f:2d:31:fb:
                    10:b6:3b:7b:30:b4:d1:e4:c4:41:9d:c7:07:fb:36:
                    b9:cf:00:0d:a7:3e:7f:66:88:b3:96:91:da:68:e5:
                    0a:cd:67:05:7b:15:56:27:43:04:eb:47:b0:1f:16:
                    b2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:EE:D0:2E:16:AA:21:E3:17:53:F5:6C:FE:20:9E:16:F8:E1:A2:A3
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/mu7QLhaqIeMXU_Vs_iCeFvjhoqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:fd:1a:b4:fe:79:6a:a8:39:a8:f2:fc:5a:c7:f3:1b:3c:0c:
         96:3f:85:bd:9b:1d:46:e8:e5:8e:fb:ae:9a:63:b5:7d:1a:93:
         c2:07:6f:75:64:2b:ac:ad:dd:6d:78:cb:f8:fe:20:cd:81:72:
         2b:7d:e0:15:1d:80:bd:1b:9e:03:b2:26:82:44:ea:a1:0b:66:
         c5:42:ba:ae:c0:ae:c0:a0:f8:b4:49:0c:63:f3:e8:77:fd:ac:
         3b:3b:86:8b:ce:35:81:64:75:69:c0:07:fa:c7:e7:66:30:66:
         d9:dd:0d:57:8d:b2:65:8a:7b:9c:06:91:44:63:e9:98:d1:3b:
         0a:20:bc:f3:91:cb:78:a7:57:f4:98:7c:f7:5c:02:8a:4c:e2:
         31:df:97:59:c4:cc:fc:ba:42:85:da:3b:25:69:85:8d:83:13:
         51:70:4e:7e:b7:79:0f:3e:f8:35:5e:6c:59:5a:a7:65:7c:29:
         5a:88:cc:b3:e0:29:c8:d7:73:82:2e:61:d2:00:1a:94:d7:66:
         96:bc:d1:c9:ae:59:e6:68:2b:03:56:06:ab:d9:bf:dc:13:6a:
         8d:a5:69:6a:15:42:11:cf:80:80:9c:d7:b8:9a:bd:9e:1d:0f:
         f7:a2:bd:64:5e:5b:15:15:f2:f1:a4:72:66:e0:ee:9c:fe:55:
         22:8d:57:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zOdJgwpGAHZnQUuCVoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWVlZDAyZTE2YWEyMWUzMTc1M2Y1NmNmZTIwOWUxNmY4ZTFhMmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0OObdkA57gbaJfnJDnbYaw1HXhD
MNKVPGhcwyQB6ZiWDdKi0VJWrBbu8rrpinlQSYpeC1oZiprRb76pF3FGbSZarwKS
xArsLLcrHzy+GRs/6vZ81WdINyWj2rN3o0BXZi52fPV1++Oevuqo5hIwQxw3YuG3
nlj85eWJBhrxwS+6t75G/XMA/dRcE6i5U0iumWv2BDylh9VCEsFGwEk+Uht8f6Rr
hEjxEGo2HlsN6tcJNPdbhFAqBgPVL26+c0xdIrBUYcFqb2uoIm5phl8tMfsQtjt7
MLTR5MRBnccH+za5zwANpz5/ZoizlpHaaOUKzWcFexVWJ0ME60ewHxayLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJru0C4WqiHjF1P1bP4gnhb44aKjMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvbXU3UUxoYXFJZU1YVV9Wc19pQ2VGdmpob3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiM0MA0G
CSqGSIb3DQEBCwUAA4IBAQBH/Rq0/nlqqDmo8vxax/MbPAyWP4W9mx1G6OWO+66a
Y7V9GpPCB291ZCusrd1teMv4/iDNgXIrfeAVHYC9G54DsiaCROqhC2bFQrquwK7A
oPi0SQxj8+h3/aw7O4aLzjWBZHVpwAf6x+dmMGbZ3Q1XjbJlinucBpFEY+mY0TsK
ILzzkct4p1f0mHz3XAKKTOIx35dZxMz8ukKF2jslaYWNgxNRcE5+t3kPPvg1XmxZ
WqdlfClaiMyz4CnI13OCLmHSABqU12aWvNHJrlnmaCsDVgar2b/cE2qNpWlqFUIR
z4CAnNe4mr2eHQ/3or1kXlsVFfLxpHJm4O6c/lUijVeO
-----END CERTIFICATE-----