Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/6e178e-9cbf-489e-aa3a-f662b0a65e8e/1/ABFoiYu2ulbSXZOEgPeJpoICeLA.roa
File:                     ABFoiYu2ulbSXZOEgPeJpoICeLA.roa (raw, json)
Hash identifier:          eadnOZQXdEuukLOX/RSPOq/ibB2JxKJTNNP28HxzyHU=
Subject key identifier:   00:11:68:89:8B:B6:BA:56:D2:5D:93:84:80:F7:89:A6:82:02:78:B0
Certificate issuer:       /CN=4e167ee5f8d2ac0d9cc0137b41912f181b0489b0
Certificate serial:       018CC8DFB138A0134FC7BF0A778717533226
Authority key identifier: 4E:16:7E:E5:F8:D2:AC:0D:9C:C0:13:7B:41:91:2F:18:1B:04:89:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ThZ-5fjSrA2cwBN7QZEvGBsEibA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/6e178e-9cbf-489e-aa3a-f662b0a65e8e/1/ABFoiYu2ulbSXZOEgPeJpoICeLA.roa
Signing time:             Tue 02 Jan 2024 06:32:32 +0000
ROA not before:           Tue 02 Jan 2024 06:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1930
IP address blocks:        192.26.231.0/24 maxlen: 24
                          192.80.20.0/24 maxlen: 24
                          192.107.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/6e178e-9cbf-489e-aa3a-f662b0a65e8e/1/ThZ-5fjSrA2cwBN7QZEvGBsEibA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/6e178e-9cbf-489e-aa3a-f662b0a65e8e/1/ThZ-5fjSrA2cwBN7QZEvGBsEibA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ThZ-5fjSrA2cwBN7QZEvGBsEibA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:b1:38:a0:13:4f:c7:bf:0a:77:87:17:53:32:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e167ee5f8d2ac0d9cc0137b41912f181b0489b0
        Validity
            Not Before: Jan  2 06:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=001168898bb6ba56d25d938480f789a6820278b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:cc:15:84:1d:f7:4e:b3:23:15:bd:b3:5d:7d:
                    da:fc:a0:6f:85:8a:a9:55:42:14:6a:a4:09:98:0f:
                    9c:ee:21:85:6f:24:c8:69:d6:7d:1d:66:f0:4b:73:
                    68:83:95:c9:15:81:90:9b:ed:39:e3:68:28:eb:a8:
                    1d:c1:d2:fb:25:fa:ed:55:39:b8:de:79:4a:15:25:
                    bb:3b:30:04:96:d4:12:56:9e:6b:a5:98:d9:24:8f:
                    13:b2:4d:f1:b5:22:73:1f:22:8d:f9:3f:a2:34:0e:
                    07:97:ca:5d:95:04:bb:68:59:b0:be:5e:00:00:f4:
                    ca:68:ef:0d:9e:f5:bf:8b:a3:94:6d:15:18:44:95:
                    06:82:e5:eb:f5:a6:59:ea:87:8d:66:af:d9:7d:2d:
                    dc:d4:40:7a:d3:e5:c9:61:83:7d:1f:be:8f:b8:7c:
                    1b:69:00:bd:03:ca:67:94:77:4f:27:d1:69:a9:55:
                    6a:54:77:c6:dc:a8:56:30:14:33:b2:ef:34:b0:ab:
                    21:1f:52:ec:ea:6c:48:20:0c:05:e7:b2:35:f8:5b:
                    f6:e0:24:b4:50:8b:e8:b5:c0:24:78:1c:5d:87:23:
                    5c:ec:61:dd:ed:ee:11:24:62:29:29:1f:6c:6e:4e:
                    9d:c7:33:e6:89:33:ff:f6:c7:61:97:32:5c:53:b6:
                    1f:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:11:68:89:8B:B6:BA:56:D2:5D:93:84:80:F7:89:A6:82:02:78:B0
            X509v3 Authority Key Identifier:
                keyid:4E:16:7E:E5:F8:D2:AC:0D:9C:C0:13:7B:41:91:2F:18:1B:04:89:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ThZ-5fjSrA2cwBN7QZEvGBsEibA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/6e178e-9cbf-489e-aa3a-f662b0a65e8e/1/ABFoiYu2ulbSXZOEgPeJpoICeLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/6e178e-9cbf-489e-aa3a-f662b0a65e8e/1/ThZ-5fjSrA2cwBN7QZEvGBsEibA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.26.231.0/24
                  192.80.20.0/24
                  192.107.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:7f:8f:e7:31:23:d8:ff:b8:6f:f8:c9:33:82:a6:a2:a5:ad:
         13:9c:bc:47:23:ba:2e:3c:ab:c3:ab:9e:25:c5:2c:a6:14:6a:
         9f:ed:70:0c:d1:c2:a1:0b:52:08:27:7e:bf:0f:e3:ff:0e:89:
         00:e5:62:16:39:40:d4:e1:10:35:d6:37:b9:a6:e2:60:7f:86:
         98:0c:50:52:04:a3:71:5d:47:80:e4:47:24:ba:4b:4d:01:33:
         10:20:0e:b9:c8:8c:55:da:5e:77:ed:96:b6:8b:18:db:a2:56:
         e2:26:a4:e7:fb:1a:f7:9e:25:66:08:45:a9:aa:d1:6d:21:8e:
         6a:65:ed:35:bb:29:99:fc:db:12:ee:0e:a3:f4:af:ed:04:97:
         08:64:44:bb:4b:6d:02:c6:70:fe:e1:c4:1b:f2:9a:ea:e6:4c:
         6d:f1:ca:53:17:c3:24:02:7f:7c:5a:ef:66:a5:4d:d6:c9:63:
         26:ba:b1:5e:85:ce:b3:16:06:bb:5c:7d:6b:53:fd:86:cf:77:
         21:a0:77:ce:e1:6b:a4:8c:72:04:4b:4c:25:65:11:a2:6e:ab:
         45:50:46:2d:a2:30:f0:63:92:7e:93:ad:d1:0c:e5:a1:df:1c:
         3d:8f:a6:01:5d:1b:7a:b7:4d:7d:32:8f:57:44:3f:36:c8:4b:
         44:5a:ec:74
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI37E4oBNPx78Kd4cXUzImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMTY3ZWU1ZjhkMmFjMGQ5Y2MwMTM3YjQxOTEyZjE4MWIw
NDg5YjAwHhcNMjQwMTAyMDYzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDExNjg4OThiYjZiYTU2ZDI1ZDkzODQ4MGY3ODlhNjgyMDI3OGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcwVhB33TrMjFb2zXX3a/KBvhYqp
VUIUaqQJmA+c7iGFbyTIadZ9HWbwS3Nog5XJFYGQm+0542go66gdwdL7JfrtVTm4
3nlKFSW7OzAEltQSVp5rpZjZJI8Tsk3xtSJzHyKN+T+iNA4Hl8pdlQS7aFmwvl4A
APTKaO8NnvW/i6OUbRUYRJUGguXr9aZZ6oeNZq/ZfS3c1EB60+XJYYN9H76PuHwb
aQC9A8pnlHdPJ9FpqVVqVHfG3KhWMBQzsu80sKshH1Ls6mxIIAwF57I1+Fv24CS0
UIvotcAkeBxdhyNc7GHd7e4RJGIpKR9sbk6dxzPmiTP/9sdhlzJcU7YfRwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAARaImLtrpW0l2ThID3iaaCAniwMB8GA1UdIwQY
MBaAFE4WfuX40qwNnMATe0GRLxgbBImwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGhaLTVmalNyQTJjd0JON1FaRXZHQnNFaWJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS82ZTE3OGUtOWNiZi00ODllLWFhM2Et
ZjY2MmIwYTY1ZThlLzEvQUJGb2lZdTJ1bGJTWFpPRWdQZUpwb0lDZUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS82ZTE3OGUtOWNiZi00ODllLWFhM2EtZjY2MmIwYTY1ZThl
LzEvVGhaLTVmalNyQTJjd0JON1FaRXZHQnNFaWJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwBrnAwQA
wFAUAwQAwGt6MA0GCSqGSIb3DQEBCwUAA4IBAQCYf4/nMSPY/7hv+Mkzgqaipa0T
nLxHI7ouPKvDq54lxSymFGqf7XAM0cKhC1IIJ36/D+P/DokA5WIWOUDU4RA11je5
puJgf4aYDFBSBKNxXUeA5EckuktNATMQIA65yIxV2l537Za2ixjbolbiJqTn+xr3
niVmCEWpqtFtIY5qZe01uymZ/NsS7g6j9K/tBJcIZES7S20CxnD+4cQb8prq5kxt
8cpTF8MkAn98Wu9mpU3WyWMmurFehc6zFga7XH1rU/2Gz3choHfO4WukjHIES0wl
ZRGibqtFUEYtojDwY5J+k63RDOWh3xw9j6YBXRt6t019Mo9XRD82yEtEWux0
-----END CERTIFICATE-----