Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/odRKllkZREJfrmU8OamWO17xwIk.roa
File:                     odRKllkZREJfrmU8OamWO17xwIk.roa (raw, json)
Hash identifier:          doDhAh+pMCIootQQh2HTsZ/dZy3KMCuCK7Z2WGe48wk=
Subject key identifier:   A1:D4:4A:96:59:19:44:42:5F:AE:65:3C:39:A9:96:3B:5E:F1:C0:89
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019092A6CB583027188ADDE668E28BE11084
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/odRKllkZREJfrmU8OamWO17xwIk.roa
Signing time:             Mon 08 Jul 2024 14:02:02 +0000
ROA not before:           Mon 08 Jul 2024 14:02:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64470
IP address blocks:        193.46.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:92:a6:cb:58:30:27:18:8a:dd:e6:68:e2:8b:e1:10:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jul  8 14:02:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1d44a96591944425fae653c39a9963b5ef1c089
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:8a:05:bf:a4:84:82:34:92:a7:37:2e:0a:48:
                    8a:9e:1a:e3:61:8f:7d:33:75:c7:13:66:db:fd:63:
                    22:ca:52:0a:cb:d8:c9:70:33:94:b3:59:26:03:74:
                    7e:65:d0:16:70:90:a5:96:02:f8:70:a3:f0:12:2b:
                    c3:a1:93:91:d3:fc:e9:f7:d6:a5:ca:53:f7:85:5d:
                    30:a6:7b:b8:a6:ef:60:f3:4c:b1:c7:0c:09:0b:29:
                    0f:63:fc:97:c8:c2:67:2f:78:c2:8e:4a:ee:4d:50:
                    07:a9:24:cb:6f:c9:35:7d:1b:5d:6f:36:a9:ef:56:
                    ba:2a:10:f3:ec:58:9c:5f:3f:9d:81:e3:54:94:80:
                    9c:05:32:4b:47:82:bc:c2:4f:60:36:c7:8e:29:53:
                    a4:bf:64:9d:a6:f3:60:89:d7:7d:14:fd:96:b7:1a:
                    74:63:f3:83:f7:58:1b:73:38:8d:74:24:07:d9:59:
                    f1:34:14:2e:67:3d:ba:6c:cd:57:23:f0:f5:09:f4:
                    7e:73:5a:5f:46:6e:5b:ca:68:0f:e7:a9:ac:52:99:
                    4d:08:df:5a:70:e2:90:7b:df:2d:11:32:92:68:e2:
                    6c:23:06:1e:4b:c3:73:7e:bb:ba:59:d1:a9:de:3e:
                    5f:97:15:93:48:1f:1e:9c:71:98:ba:78:39:86:51:
                    b3:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:D4:4A:96:59:19:44:42:5F:AE:65:3C:39:A9:96:3B:5E:F1:C0:89
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/odRKllkZREJfrmU8OamWO17xwIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:22:e7:d0:d2:57:58:da:18:8a:7e:71:fd:6f:28:db:ad:3f:
         f0:6f:61:3a:ac:bd:65:17:75:31:f2:e8:60:3d:6f:17:88:a3:
         d2:e5:b8:0e:42:28:fd:4e:84:58:fd:07:e0:ce:84:b4:ea:40:
         01:43:7e:1e:c7:54:70:9f:1f:44:6f:bb:18:83:70:1b:63:96:
         62:fe:8c:0b:a3:00:38:ef:fa:75:56:a0:ff:6b:e6:15:a7:15:
         9a:51:8f:37:6b:e0:72:d4:32:98:fc:49:5a:cc:09:ac:ab:fc:
         da:75:c0:24:ff:e9:37:0c:c5:4f:f7:e5:ca:93:e1:7f:60:c2:
         5f:23:27:2c:7a:6f:1e:78:ea:6e:00:a3:ef:35:f3:3a:52:32:
         31:57:33:11:09:a9:ed:ce:09:fe:71:bb:94:f8:1c:0c:81:d6:
         7f:a9:9e:47:22:13:69:fc:80:dc:93:4a:50:cc:7c:15:d2:e5:
         a6:1c:bb:35:fb:5b:f3:a6:10:45:b7:da:53:d0:9f:31:06:10:
         74:d9:9e:00:b5:f5:d6:01:5d:a1:aa:0c:51:d0:2d:6d:01:89:
         be:b5:71:10:76:30:62:8c:94:af:b8:49:a8:1a:e2:c6:ce:b6:
         9f:a0:b9:78:86:be:e7:53:fd:90:a7:1f:d4:b5:43:ca:48:df:
         ed:97:b2:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCSpstYMCcYit3maOKL4RCEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNzA4MTQwMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWQ0NGE5NjU5MTk0NDQyNWZhZTY1M2MzOWE5OTYzYjVlZjFjMDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4oFv6SEgjSSpzcuCkiKnhrjYY99
M3XHE2bb/WMiylIKy9jJcDOUs1kmA3R+ZdAWcJCllgL4cKPwEivDoZOR0/zp99al
ylP3hV0wpnu4pu9g80yxxwwJCykPY/yXyMJnL3jCjkruTVAHqSTLb8k1fRtdbzap
71a6KhDz7FicXz+dgeNUlICcBTJLR4K8wk9gNseOKVOkv2SdpvNgidd9FP2Wtxp0
Y/OD91gbcziNdCQH2VnxNBQuZz26bM1XI/D1CfR+c1pfRm5bymgP56msUplNCN9a
cOKQe98tETKSaOJsIwYeS8Nzfru6WdGp3j5flxWTSB8enHGYung5hlGz5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHUSpZZGURCX65lPDmpljte8cCJMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvb2RSS2xsa1pSRUpmcm1VOE9hbVdPMTd4d0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS7WMA0G
CSqGSIb3DQEBCwUAA4IBAQBTIufQ0ldY2hiKfnH9byjbrT/wb2E6rL1lF3Ux8uhg
PW8XiKPS5bgOQij9ToRY/QfgzoS06kABQ34ex1Rwnx9Eb7sYg3AbY5Zi/owLowA4
7/p1VqD/a+YVpxWaUY83a+By1DKY/ElazAmsq/zadcAk/+k3DMVP9+XKk+F/YMJf
Iycsem8eeOpuAKPvNfM6UjIxVzMRCantzgn+cbuU+BwMgdZ/qZ5HIhNp/IDck0pQ
zHwV0uWmHLs1+1vzphBFt9pT0J8xBhB02Z4AtfXWAV2hqgxR0C1tAYm+tXEQdjBi
jJSvuEmoGuLGzrafoLl4hr7nU/2Qpx/UtUPKSN/tl7IW
-----END CERTIFICATE-----