Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ndGBBI5eA2vs4MpN17kym72D2aY.roa
File:                     ndGBBI5eA2vs4MpN17kym72D2aY.roa (raw, json)
Hash identifier:          Y2DYKVHKnRvEeIu1HXCyZz0jMDttLbO7HWB7ga1QoRc=
Subject key identifier:   9D:D1:81:04:8E:5E:03:6B:EC:E0:CA:4D:D7:B9:32:9B:BD:83:D9:A6
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CD587FE7205631EC5622E30EE75EB076A
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ndGBBI5eA2vs4MpN17kym72D2aY.roa
Signing time:             Thu 04 Jan 2024 17:31:48 +0000
ROA not before:           Thu 04 Jan 2024 17:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205911
IP address blocks:        185.51.120.0/24 maxlen: 24
                          2a13:4800::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d5:87:fe:72:05:63:1e:c5:62:2e:30:ee:75:eb:07:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  4 17:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dd181048e5e036bece0ca4dd7b9329bbd83d9a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e1:87:d3:57:79:04:5c:9f:43:7b:2f:2a:a0:
                    b8:24:05:01:60:16:2a:63:93:ea:fa:4b:b5:6f:c2:
                    bf:8e:e4:1f:2c:0b:e1:00:e4:0d:00:d5:c4:94:d9:
                    86:b1:3f:8a:a6:25:a5:2e:df:13:a8:17:95:4d:9f:
                    59:da:d1:95:94:49:7a:73:8c:50:06:5c:3c:92:e4:
                    6d:71:32:f4:52:e7:4d:bf:58:b9:a9:4d:f1:d0:fc:
                    ca:78:89:60:46:eb:35:d0:09:23:ad:85:29:5a:d4:
                    28:c4:62:f3:b2:a7:0e:e7:e3:8d:7d:ff:4b:e0:4d:
                    8e:ee:97:2d:e3:e5:56:1c:bf:22:45:00:17:0f:6f:
                    75:77:f2:63:33:4e:fa:07:eb:eb:4f:0c:60:84:e6:
                    22:f7:dd:22:12:f5:fa:99:37:19:6f:18:e3:0d:3d:
                    de:2b:a4:fb:e2:d1:62:7f:1e:45:56:35:26:01:a9:
                    e9:a6:2f:28:85:cf:47:ae:6a:13:02:dc:bb:77:2a:
                    48:31:47:32:a1:73:f0:ee:d5:3f:79:40:03:f5:4d:
                    bb:90:75:da:22:2c:2c:dc:40:c3:30:05:70:cd:9f:
                    d4:4f:99:89:75:93:43:19:2d:2f:ac:0f:4d:9d:29:
                    25:87:47:fd:65:a2:95:b0:00:7e:65:5c:47:c0:0e:
                    6e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:D1:81:04:8E:5E:03:6B:EC:E0:CA:4D:D7:B9:32:9B:BD:83:D9:A6
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ndGBBI5eA2vs4MpN17kym72D2aY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.120.0/24
                IPv6:
                  2a13:4800::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:d9:dc:13:77:04:1e:b7:12:3b:66:3e:20:8e:e0:b5:ba:5c:
         a9:a5:4c:9b:df:63:9c:48:a3:9a:44:53:df:e8:95:23:06:1d:
         7b:1e:49:13:08:ef:b6:8a:5c:3f:09:f4:d2:6f:5f:30:73:68:
         ae:91:a4:b4:e6:24:0a:20:11:d2:02:fb:8e:fc:22:65:51:8d:
         06:34:5b:5c:d1:7e:8f:5d:c9:dd:2c:69:4e:85:7b:fd:5f:e5:
         fe:aa:c4:96:fc:cf:7c:65:9f:f8:7d:de:6f:bb:4d:9b:86:c2:
         c8:fe:a7:10:e0:f2:07:0c:f7:c3:5c:ae:c9:79:70:d4:b1:84:
         c2:1c:b4:fc:ee:52:fd:db:18:7a:d2:36:eb:1e:56:aa:76:78:
         5a:77:47:79:a4:0b:b2:50:a0:ca:7a:6e:1b:af:20:c8:d1:64:
         98:c1:cc:4e:4e:e7:ca:3a:70:fc:7d:de:55:b8:e1:81:53:d9:
         a4:8e:f4:33:67:34:f6:36:34:bd:89:df:31:78:25:fe:7a:18:
         4d:f0:7e:d2:c7:e5:0e:2a:4b:f3:14:ea:23:f4:76:c1:3d:e9:
         1d:4a:62:33:52:8c:2f:b2:3e:1f:0a:de:66:17:07:4f:ff:cb:
         28:0e:d1:e7:cc:48:b4:9e:b8:7d:60:9a:a8:ff:53:7b:22:91:
         03:05:09:72
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzVh/5yBWMexWIuMO516wdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTA0MTczMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGQxODEwNDhlNWUwMzZiZWNlMGNhNGRkN2I5MzI5YmJkODNkOWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeGH01d5BFyfQ3svKqC4JAUBYBYq
Y5Pq+ku1b8K/juQfLAvhAOQNANXElNmGsT+KpiWlLt8TqBeVTZ9Z2tGVlEl6c4xQ
Blw8kuRtcTL0UudNv1i5qU3x0PzKeIlgRus10AkjrYUpWtQoxGLzsqcO5+ONff9L
4E2O7pct4+VWHL8iRQAXD291d/JjM076B+vrTwxghOYi990iEvX6mTcZbxjjDT3e
K6T74tFifx5FVjUmAanppi8ohc9HrmoTAty7dypIMUcyoXPw7tU/eUAD9U27kHXa
Iiws3EDDMAVwzZ/UT5mJdZNDGS0vrA9NnSklh0f9ZaKVsAB+ZVxHwA5uyQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ3RgQSOXgNr7ODKTde5Mpu9g9mmMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvbmRHQkJJNWVBMnZzNE1wTjE3a3ltNzJEMmFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTN4MA0E
AgACMAcDBQMqE0gAMA0GCSqGSIb3DQEBCwUAA4IBAQAx2dwTdwQetxI7Zj4gjuC1
ulyppUyb32OcSKOaRFPf6JUjBh17HkkTCO+2ilw/CfTSb18wc2iukaS05iQKIBHS
AvuO/CJlUY0GNFtc0X6PXcndLGlOhXv9X+X+qsSW/M98ZZ/4fd5vu02bhsLI/qcQ
4PIHDPfDXK7JeXDUsYTCHLT87lL92xh60jbrHlaqdnhad0d5pAuyUKDKem4bryDI
0WSYwcxOTufKOnD8fd5VuOGBU9mkjvQzZzT2NjS9id8xeCX+ehhN8H7Sx+UOKkvz
FOoj9HbBPekdSmIzUowvsj4fCt5mFwdP/8soDtHnzEi0nrh9YJqo/1N7IpEDBQly
-----END CERTIFICATE-----