Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/mjXWaAf_lye4EqzIOKn8uSjzV0E.roa
File:                     mjXWaAf_lye4EqzIOKn8uSjzV0E.roa (raw, json)
Hash identifier:          T5OUwDOXSt+dbKfSHtpQ+L2fcMZ7kdZqUfwSkv4VISw=
Subject key identifier:   9A:35:D6:68:07:FF:97:27:B8:12:AC:C8:38:A9:FC:B9:28:F3:57:41
Certificate issuer:       /CN=e11aa92850ebfe648ad3d89add8e736ec3675a11
Certificate serial:       018CC5009A9D609FE56C97B29874BF5A25B1
Authority key identifier: E1:1A:A9:28:50:EB:FE:64:8A:D3:D8:9A:DD:8E:73:6E:C3:67:5A:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4RqpKFDr_mSK09ia3Y5zbsNnWhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/mjXWaAf_lye4EqzIOKn8uSjzV0E.roa
Signing time:             Mon 01 Jan 2024 12:30:00 +0000
ROA not before:           Mon 01 Jan 2024 12:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        194.180.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/4RqpKFDr_mSK09ia3Y5zbsNnWhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/4RqpKFDr_mSK09ia3Y5zbsNnWhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4RqpKFDr_mSK09ia3Y5zbsNnWhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:9a:9d:60:9f:e5:6c:97:b2:98:74:bf:5a:25:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e11aa92850ebfe648ad3d89add8e736ec3675a11
        Validity
            Not Before: Jan  1 12:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a35d66807ff9727b812acc838a9fcb928f35741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d6:09:28:74:52:84:47:84:5b:db:1f:69:05:
                    04:b1:01:7e:a6:12:0f:f0:3e:69:ca:a0:07:0a:80:
                    13:6b:11:02:0d:28:98:5f:d1:bf:40:1c:d7:71:8f:
                    16:cc:a0:ac:00:a7:a7:cc:28:66:30:93:a4:93:7e:
                    ab:e3:39:13:37:54:eb:d5:90:4b:27:02:29:0b:1f:
                    6d:74:e4:c4:72:79:eb:33:b9:5c:7c:22:de:f8:1d:
                    a7:2d:f6:e8:d3:5f:8c:75:10:dc:69:87:7e:10:51:
                    22:2e:aa:aa:81:97:32:1c:a1:1e:db:fe:4a:68:be:
                    49:6f:a6:c3:79:05:54:43:ff:75:e2:2a:51:70:3e:
                    98:02:bc:01:50:10:e8:9f:cc:d8:23:0d:92:a9:4c:
                    72:ae:9d:36:eb:f4:ca:e3:7c:80:61:ef:b1:48:0e:
                    12:20:cf:e1:fa:c6:56:84:d0:39:e3:62:9c:fa:18:
                    e1:e7:50:8c:ef:61:3c:cc:0b:42:28:c8:d2:38:2f:
                    62:a4:b1:60:45:ae:6e:02:8e:25:c2:00:f0:47:2f:
                    78:be:4f:b0:78:77:4c:9c:a2:ec:ee:5f:9c:74:73:
                    83:e0:3b:fc:13:fe:4f:fd:ae:f6:f3:51:e8:c3:a5:
                    70:05:68:54:16:e0:09:02:33:b7:a0:e2:b0:d9:79:
                    bd:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:35:D6:68:07:FF:97:27:B8:12:AC:C8:38:A9:FC:B9:28:F3:57:41
            X509v3 Authority Key Identifier:
                keyid:E1:1A:A9:28:50:EB:FE:64:8A:D3:D8:9A:DD:8E:73:6E:C3:67:5A:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4RqpKFDr_mSK09ia3Y5zbsNnWhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/mjXWaAf_lye4EqzIOKn8uSjzV0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/4RqpKFDr_mSK09ia3Y5zbsNnWhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:0b:1e:8d:49:af:48:88:c8:ae:b5:d8:35:fa:f2:0f:61:81:
         1b:ea:af:fc:70:a6:04:a0:93:d9:81:dc:c5:e4:a1:2c:70:f7:
         e2:bb:88:5b:5f:f5:6a:c6:6b:d0:b3:2a:17:b2:d5:ae:33:5c:
         1f:b9:bc:ab:7e:7f:ca:be:16:3c:c6:a0:5e:59:94:64:d7:28:
         c3:cb:b1:1a:41:58:ad:54:1f:02:34:cb:40:91:d8:d0:99:fb:
         d2:de:11:3f:f2:11:e1:05:42:5d:b0:52:4c:6b:ae:a2:6f:f8:
         d8:a6:82:ec:05:a5:f2:ca:13:0e:ed:01:b0:13:9f:9e:52:ac:
         eb:3f:9a:4e:be:48:cf:57:e1:4c:ea:a4:70:e5:74:76:41:fb:
         2f:f9:7f:b9:62:a6:e1:ad:a2:4a:df:55:c1:1a:c1:7f:3e:79:
         23:f4:6e:5c:fa:bf:4b:dd:14:56:6f:8f:67:1f:89:5c:8f:d7:
         ea:ed:05:18:70:fc:d5:b1:76:c3:62:7e:67:5b:c6:a0:cc:82:
         af:77:c8:d6:26:d4:63:30:79:e8:5d:c9:95:80:3c:8d:f0:3a:
         1d:d2:8c:9e:1c:a1:e2:70:5e:58:21:fa:fe:48:29:73:99:1d:
         f2:bc:d2:0c:d3:fa:80:2e:39:36:b1:b0:eb:5c:61:fd:14:14:
         2e:8b:4a:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJqdYJ/lbJeymHS/WiWxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMWFhOTI4NTBlYmZlNjQ4YWQzZDg5YWRkOGU3MzZlYzM2
NzVhMTEwHhcNMjQwMTAxMTIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTM1ZDY2ODA3ZmY5NzI3YjgxMmFjYzgzOGE5ZmNiOTI4ZjM1NzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtYJKHRShEeEW9sfaQUEsQF+phIP
8D5pyqAHCoATaxECDSiYX9G/QBzXcY8WzKCsAKenzChmMJOkk36r4zkTN1Tr1ZBL
JwIpCx9tdOTEcnnrM7lcfCLe+B2nLfbo01+MdRDcaYd+EFEiLqqqgZcyHKEe2/5K
aL5Jb6bDeQVUQ/914ipRcD6YArwBUBDon8zYIw2SqUxyrp026/TK43yAYe+xSA4S
IM/h+sZWhNA542Kc+hjh51CM72E8zAtCKMjSOC9ipLFgRa5uAo4lwgDwRy94vk+w
eHdMnKLs7l+cdHOD4Dv8E/5P/a7281How6VwBWhUFuAJAjO3oOKw2Xm9jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJo11mgH/5cnuBKsyDip/Lko81dBMB8GA1UdIwQY
MBaAFOEaqShQ6/5kitPYmt2Oc27DZ1oRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFJxcEtGRHJfbVNLMDlpYTNZNXpic05uV2hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8yZWJiYTUtN2EwZC00MzMzLWI5MTEt
MGY4OGQxNmUxYWZlLzEvbWpYV2FBZl9seWU0RXF6SU9Lbjh1U2p6VjBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8yZWJiYTUtN2EwZC00MzMzLWI5MTEtMGY4OGQxNmUxYWZl
LzEvNFJxcEtGRHJfbVNLMDlpYTNZNXpic05uV2hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrSDMA0G
CSqGSIb3DQEBCwUAA4IBAQCJCx6NSa9IiMiutdg1+vIPYYEb6q/8cKYEoJPZgdzF
5KEscPfiu4hbX/VqxmvQsyoXstWuM1wfubyrfn/KvhY8xqBeWZRk1yjDy7EaQVit
VB8CNMtAkdjQmfvS3hE/8hHhBUJdsFJMa66ib/jYpoLsBaXyyhMO7QGwE5+eUqzr
P5pOvkjPV+FM6qRw5XR2Qfsv+X+5YqbhraJK31XBGsF/Pnkj9G5c+r9L3RRWb49n
H4lcj9fq7QUYcPzVsXbDYn5nW8agzIKvd8jWJtRjMHnoXcmVgDyN8Dod0oyeHKHi
cF5YIfr+SClzmR3yvNIM0/qALjk2sbDrXGH9FBQui0rV
-----END CERTIFICATE-----