Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/rF9ioiD9h3KdLfytZCCDDYSMXsw.roa
File:                     rF9ioiD9h3KdLfytZCCDDYSMXsw.roa (raw, json)
Hash identifier:          a08ycubKMLJJKFEoJNOUjo4XEzD2u8pug7NQmxeEmbw=
Subject key identifier:   AC:5F:62:A2:20:FD:87:72:9D:2D:FC:AD:64:20:83:0D:84:8C:5E:CC
Certificate issuer:       /CN=e11aa92850ebfe648ad3d89add8e736ec3675a11
Certificate serial:       018CC5009A08726FB2F50FB4A741115FD7F4
Authority key identifier: E1:1A:A9:28:50:EB:FE:64:8A:D3:D8:9A:DD:8E:73:6E:C3:67:5A:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4RqpKFDr_mSK09ia3Y5zbsNnWhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/rF9ioiD9h3KdLfytZCCDDYSMXsw.roa
Signing time:             Mon 01 Jan 2024 12:30:00 +0000
ROA not before:           Mon 01 Jan 2024 12:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3209
IP address blocks:        194.180.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/4RqpKFDr_mSK09ia3Y5zbsNnWhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/4RqpKFDr_mSK09ia3Y5zbsNnWhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4RqpKFDr_mSK09ia3Y5zbsNnWhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:9a:08:72:6f:b2:f5:0f:b4:a7:41:11:5f:d7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e11aa92850ebfe648ad3d89add8e736ec3675a11
        Validity
            Not Before: Jan  1 12:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac5f62a220fd87729d2dfcad6420830d848c5ecc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2f:30:82:af:12:01:ad:31:30:44:40:3c:74:
                    76:1c:0b:c2:e9:07:b0:20:ac:b4:cf:dd:46:45:57:
                    26:a5:5c:aa:4f:0f:ae:b3:ed:85:e5:65:76:d3:35:
                    a4:57:b8:ae:54:46:38:ad:d4:69:8c:f1:48:c3:fb:
                    b5:27:a4:32:0e:e7:22:55:78:25:2b:ca:fc:89:44:
                    94:f0:a5:0f:9e:44:e8:fc:7a:41:25:02:e3:3c:1f:
                    28:26:5d:34:d9:e3:75:83:25:16:f4:80:00:8f:ca:
                    5f:91:11:0a:45:95:b6:bc:cc:e7:61:99:28:50:72:
                    16:cf:f6:3c:4f:1a:2d:72:51:29:4e:42:a3:21:53:
                    33:36:72:98:8e:42:de:93:b9:44:45:64:a3:7f:23:
                    e7:97:b9:34:be:04:18:41:77:ec:a2:1a:8a:b2:16:
                    af:43:36:31:a2:c9:c9:08:a6:ef:68:af:83:42:10:
                    ed:8f:90:90:ef:f1:47:96:67:51:76:4d:a7:1f:f0:
                    98:10:0e:43:1a:5c:f0:6a:d9:52:07:9d:78:8f:60:
                    fa:bc:85:03:b4:0f:42:ab:be:d6:01:92:72:b5:31:
                    d5:9f:f2:7b:0e:b1:25:fe:ae:62:0d:cb:7e:9a:cc:
                    6a:df:03:4f:cf:b2:cb:2d:d0:47:df:d5:93:57:b7:
                    df:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:5F:62:A2:20:FD:87:72:9D:2D:FC:AD:64:20:83:0D:84:8C:5E:CC
            X509v3 Authority Key Identifier:
                keyid:E1:1A:A9:28:50:EB:FE:64:8A:D3:D8:9A:DD:8E:73:6E:C3:67:5A:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4RqpKFDr_mSK09ia3Y5zbsNnWhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/rF9ioiD9h3KdLfytZCCDDYSMXsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/2ebba5-7a0d-4333-b911-0f88d16e1afe/1/4RqpKFDr_mSK09ia3Y5zbsNnWhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:c6:fb:65:1f:8a:29:89:10:f3:f1:c8:74:4c:e9:f0:5a:b0:
         a8:25:32:fb:69:fe:e9:d6:ef:32:d3:5f:17:2e:e0:90:23:e7:
         08:4e:ec:c8:43:b2:b6:54:21:62:09:b3:f4:8b:f2:2f:81:79:
         30:72:18:5b:0d:42:6b:c3:33:a6:80:28:88:ce:93:14:c2:74:
         cf:2d:37:59:9e:96:f3:cb:be:80:bb:74:0b:dd:fd:89:46:5d:
         39:3e:5a:1e:ea:59:19:ff:44:b2:c3:ff:bc:ae:9a:9c:24:1f:
         20:8d:52:c6:92:44:fd:2c:3e:06:12:ab:73:4e:4d:19:41:b5:
         60:cd:88:3d:f7:92:39:39:09:da:cd:8c:f7:bb:11:df:22:ee:
         fd:cf:d1:9d:c1:03:0b:5b:8e:a0:be:fb:16:ba:9d:c5:d4:40:
         8f:da:95:d7:aa:84:ad:83:e7:35:56:51:c9:88:39:aa:c2:fd:
         ea:c8:cc:af:b3:81:0d:a0:c8:31:d4:f7:76:09:dc:5c:12:93:
         ed:60:95:32:27:49:33:1a:32:c8:fa:1f:b2:a1:94:2a:c3:5b:
         b5:03:b4:a1:1f:1f:13:da:25:9d:39:40:4b:6d:ef:66:25:88:
         1d:bb:7b:cf:b5:2d:28:cc:60:1d:12:c8:48:3e:f9:05:10:62:
         8d:e7:48:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJoIcm+y9Q+0p0ERX9f0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMWFhOTI4NTBlYmZlNjQ4YWQzZDg5YWRkOGU3MzZlYzM2
NzVhMTEwHhcNMjQwMTAxMTIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzVmNjJhMjIwZmQ4NzcyOWQyZGZjYWQ2NDIwODMwZDg0OGM1ZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuC8wgq8SAa0xMERAPHR2HAvC6Qew
IKy0z91GRVcmpVyqTw+us+2F5WV20zWkV7iuVEY4rdRpjPFIw/u1J6QyDuciVXgl
K8r8iUSU8KUPnkTo/HpBJQLjPB8oJl002eN1gyUW9IAAj8pfkREKRZW2vMznYZko
UHIWz/Y8TxotclEpTkKjIVMzNnKYjkLek7lERWSjfyPnl7k0vgQYQXfsohqKshav
QzYxosnJCKbvaK+DQhDtj5CQ7/FHlmdRdk2nH/CYEA5DGlzwatlSB514j2D6vIUD
tA9Cq77WAZJytTHVn/J7DrEl/q5iDct+msxq3wNPz7LLLdBH39WTV7ffdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxfYqIg/YdynS38rWQggw2EjF7MMB8GA1UdIwQY
MBaAFOEaqShQ6/5kitPYmt2Oc27DZ1oRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFJxcEtGRHJfbVNLMDlpYTNZNXpic05uV2hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8yZWJiYTUtN2EwZC00MzMzLWI5MTEt
MGY4OGQxNmUxYWZlLzEvckY5aW9pRDloM0tkTGZ5dFpDQ0REWVNNWHN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8yZWJiYTUtN2EwZC00MzMzLWI5MTEtMGY4OGQxNmUxYWZl
LzEvNFJxcEtGRHJfbVNLMDlpYTNZNXpic05uV2hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrSCMA0G
CSqGSIb3DQEBCwUAA4IBAQAnxvtlH4opiRDz8ch0TOnwWrCoJTL7af7p1u8y018X
LuCQI+cITuzIQ7K2VCFiCbP0i/IvgXkwchhbDUJrwzOmgCiIzpMUwnTPLTdZnpbz
y76Au3QL3f2JRl05Ploe6lkZ/0Syw/+8rpqcJB8gjVLGkkT9LD4GEqtzTk0ZQbVg
zYg995I5OQnazYz3uxHfIu79z9GdwQMLW46gvvsWup3F1ECP2pXXqoStg+c1VlHJ
iDmqwv3qyMyvs4ENoMgx1Pd2CdxcEpPtYJUyJ0kzGjLI+h+yoZQqw1u1A7ShHx8T
2iWdOUBLbe9mJYgdu3vPtS0ozGAdEshIPvkFEGKN50g2
-----END CERTIFICATE-----