Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zLQaIIlb4NxG1h0JjIZ5R1FRyZ4.roa
File:                     zLQaIIlb4NxG1h0JjIZ5R1FRyZ4.roa (raw, json)
Hash identifier:          pkWpR3/D+zqKTwij+N0FzuxkitGUPOQnsKOrkDAJdg4=
Subject key identifier:   CC:B4:1A:20:89:5B:E0:DC:46:D6:1D:09:8C:86:79:47:51:51:C9:9E
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB33D890E8971A3E7FC72C6273EE56
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zLQaIIlb4NxG1h0JjIZ5R1FRyZ4.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204421
IP address blocks:        185.212.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:33:d8:90:e8:97:1a:3e:7f:c7:2c:62:73:ee:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccb41a20895be0dc46d61d098c8679475151c99e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a5:96:a4:b0:27:aa:6c:2d:5c:89:41:e0:70:
                    70:ff:cc:ec:57:ee:fe:bb:5a:48:a6:54:10:fb:9c:
                    51:de:59:9b:99:97:4b:25:44:6e:af:98:30:fd:1e:
                    64:ec:11:ca:7e:d6:79:c0:20:8a:40:74:17:8a:1b:
                    f3:c9:3b:62:8d:bb:92:2a:82:b7:e6:62:b7:d3:bb:
                    cd:54:01:d6:83:59:27:e4:36:d3:cf:1b:ca:ec:8b:
                    82:7e:75:1d:5d:b0:90:8f:9b:98:92:27:c0:51:8a:
                    2c:06:9d:62:8d:82:b3:ec:6c:6e:c5:69:e2:3e:00:
                    50:46:99:61:9c:cf:e5:85:06:08:a0:9b:1f:b9:72:
                    22:6e:01:82:77:ee:fe:ce:1c:49:12:3a:53:02:90:
                    6d:af:32:63:ed:48:a0:93:af:69:7a:03:2f:04:eb:
                    04:e7:5f:98:a4:7c:61:80:33:c3:c8:f2:68:ae:05:
                    31:2f:f5:39:78:d8:bb:86:29:a0:41:80:66:7c:90:
                    de:f6:e1:58:db:e1:8e:b9:ef:4e:ba:26:c0:a6:cb:
                    e4:e8:28:3d:d7:97:31:ca:51:d1:db:4d:0d:a5:7d:
                    e9:69:79:8c:f3:ae:b7:54:e1:6a:61:94:79:b1:c7:
                    9a:d9:1b:d2:1f:48:76:11:9a:e2:9e:3c:81:34:ab:
                    d9:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B4:1A:20:89:5B:E0:DC:46:D6:1D:09:8C:86:79:47:51:51:C9:9E
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zLQaIIlb4NxG1h0JjIZ5R1FRyZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:8d:66:2f:6c:2a:a4:9f:12:a8:20:d4:75:64:77:78:63:1e:
         d8:ed:fb:5d:29:a7:2e:7f:d8:1a:f4:03:ee:0c:c4:16:ef:97:
         ef:88:eb:cf:73:c5:9e:7b:21:eb:be:89:91:b2:c5:69:c6:5c:
         4b:ec:b5:d4:ab:49:f6:31:d1:cf:4d:b8:b9:b6:22:6d:db:ff:
         d1:b2:02:c7:6c:48:e9:54:61:d4:bf:36:21:ba:90:d7:cc:bc:
         1a:ff:bc:46:47:fe:93:9d:38:a0:ca:3e:f5:49:66:da:b0:49:
         88:05:f6:77:e8:cc:1c:11:06:10:20:09:72:9e:ec:50:b7:01:
         34:3e:d7:6d:8b:03:b5:b0:0a:6d:95:23:1e:c4:6f:50:c8:ab:
         df:43:0d:05:61:a1:39:46:27:79:d9:7f:9d:af:f1:44:bd:2a:
         e7:dc:77:cf:f0:c2:0a:27:bf:07:cc:62:68:9a:a1:77:cb:d8:
         34:2e:cb:5a:2d:b9:1e:61:38:20:f2:58:bc:a9:b6:ae:73:51:
         9e:6d:e7:54:3f:7b:ed:6b:e9:7d:20:d1:a0:e5:4f:12:9f:92:
         93:44:f7:c6:dd:a6:4d:0e:55:57:a9:bf:6d:e4:43:d8:ab:49:
         f1:94:eb:60:ec:ce:44:1b:72:59:cd:ca:88:4e:8e:c9:0b:6c:
         93:86:73:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zPYkOiXGj5/xyxic+5WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2I0MWEyMDg5NWJlMGRjNDZkNjFkMDk4Yzg2Nzk0NzUxNTFjOTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqWWpLAnqmwtXIlB4HBw/8zsV+7+
u1pIplQQ+5xR3lmbmZdLJURur5gw/R5k7BHKftZ5wCCKQHQXihvzyTtijbuSKoK3
5mK307vNVAHWg1kn5DbTzxvK7IuCfnUdXbCQj5uYkifAUYosBp1ijYKz7GxuxWni
PgBQRplhnM/lhQYIoJsfuXIibgGCd+7+zhxJEjpTApBtrzJj7Uigk69pegMvBOsE
51+YpHxhgDPDyPJorgUxL/U5eNi7himgQYBmfJDe9uFY2+GOue9OuibApsvk6Cg9
15cxylHR200NpX3paXmM8663VOFqYZR5scea2RvSH0h2EZrinjyBNKvZ4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMy0GiCJW+DcRtYdCYyGeUdRUcmeMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvekxRYUlJbGI0TnhHMWgwSmpJWjVSMUZSeVo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudQKMA0G
CSqGSIb3DQEBCwUAA4IBAQA5jWYvbCqknxKoINR1ZHd4Yx7Y7ftdKacuf9ga9APu
DMQW75fviOvPc8WeeyHrvomRssVpxlxL7LXUq0n2MdHPTbi5tiJt2//RsgLHbEjp
VGHUvzYhupDXzLwa/7xGR/6TnTigyj71SWbasEmIBfZ36MwcEQYQIAlynuxQtwE0
PtdtiwO1sAptlSMexG9QyKvfQw0FYaE5Rid52X+dr/FEvSrn3HfP8MIKJ78HzGJo
mqF3y9g0LstaLbkeYTgg8li8qbauc1GebedUP3vta+l9INGg5U8Sn5KTRPfG3aZN
DlVXqb9t5EPYq0nxlOtg7M5EG3JZzcqITo7JC2yThnPm
-----END CERTIFICATE-----