Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/LxfoQE72V51EHBTLDvnuYBXhJz8.roa
File:                     LxfoQE72V51EHBTLDvnuYBXhJz8.roa (raw, json)
Hash identifier:          HwsSGyQ8DrVthdqJQakfqmFGqaJoHJxyOTvKTDs/7r4=
Subject key identifier:   2F:17:E8:40:4E:F6:57:9D:44:1C:14:CB:0E:F9:EE:60:15:E1:27:3F
Certificate issuer:       /CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
Certificate serial:       018CC8DEC8859DF0C888FEB5B6016DEB20C0
Authority key identifier: 4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/LxfoQE72V51EHBTLDvnuYBXhJz8.roa
Signing time:             Tue 02 Jan 2024 06:31:32 +0000
ROA not before:           Tue 02 Jan 2024 06:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        45.82.201.0/24 maxlen: 24
                          185.208.139.0/24 maxlen: 24
                          185.208.136.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 06:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:c8:85:9d:f0:c8:88:fe:b5:b6:01:6d:eb:20:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
        Validity
            Not Before: Jan  2 06:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f17e8404ef6579d441c14cb0ef9ee6015e1273f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5c:5a:91:6e:aa:58:40:09:43:aa:e0:00:54:
                    fa:7c:c6:e3:d9:53:9e:fb:e8:ff:c1:4b:18:ef:9e:
                    1c:aa:6a:2b:14:f5:24:98:87:ad:dd:8c:a2:60:be:
                    2b:d6:ad:c0:7b:4b:51:6e:c0:0a:e3:33:bf:d8:69:
                    17:31:10:45:14:c4:99:53:cb:f8:b5:0b:7f:52:fa:
                    2e:a3:47:ba:ea:ff:01:25:40:b0:3d:32:1d:ae:e8:
                    83:d5:8d:29:b8:42:4a:a8:67:e6:b5:fb:fe:d6:7c:
                    4e:02:8b:a3:8f:ad:d7:cb:7f:91:22:d6:bf:ea:53:
                    53:ec:de:fa:8d:57:77:ca:ad:bd:49:4e:2d:a7:6e:
                    22:c6:3a:7c:32:64:25:da:b1:b6:61:b1:a4:1c:f7:
                    99:6b:2a:55:37:ee:a4:e2:64:ec:ed:6a:e5:cd:3b:
                    d4:1f:cd:be:75:9a:02:cb:d1:d7:82:ea:10:c0:a2:
                    86:02:e1:84:63:1f:fd:1c:c2:7e:14:5f:c2:3a:1c:
                    bd:cf:b9:ce:06:0c:b0:06:36:b5:f8:ba:d2:0f:ff:
                    13:1b:48:e3:70:4d:2e:67:dd:a8:a4:65:ed:a7:f2:
                    42:9f:c8:93:48:bf:dc:56:a4:0c:f8:7b:47:47:0f:
                    b1:8f:d8:d6:32:43:97:c0:8a:d0:46:9e:d5:28:53:
                    bb:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:17:E8:40:4E:F6:57:9D:44:1C:14:CB:0E:F9:EE:60:15:E1:27:3F
            X509v3 Authority Key Identifier:
                keyid:4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/LxfoQE72V51EHBTLDvnuYBXhJz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.201.0/24
                  185.208.136.0/23
                  185.208.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:3f:10:8b:c0:1d:64:4c:3c:22:43:c2:79:93:33:bb:f3:88:
         b5:e5:09:f4:f1:c4:46:75:dd:6b:c7:18:b8:6b:87:d8:e8:24:
         81:35:97:a4:10:ab:7a:75:05:31:a1:47:b8:30:4e:25:51:46:
         1f:de:07:87:fa:c1:ba:34:85:d5:86:c3:0a:b6:71:7f:ee:30:
         19:9f:ce:11:bd:74:c5:3b:cf:70:fe:fd:b8:25:fd:7f:5e:48:
         5f:12:50:5d:c1:9d:c1:db:47:41:6b:9d:53:7d:74:dd:a3:fc:
         cf:88:8f:22:28:0b:7c:16:9d:68:01:6c:7d:42:79:02:67:21:
         b1:d6:dd:56:12:3a:b0:66:94:70:fa:8b:41:4e:b4:df:2e:13:
         b2:77:0c:3c:5f:b3:83:35:09:85:e8:41:07:ef:fe:0d:ec:e0:
         53:4e:e7:95:f4:46:d5:e9:59:02:d9:8d:5f:11:9f:92:f8:8a:
         9e:bb:fe:04:5a:f5:b7:fd:d6:4a:fe:d2:8a:53:de:78:09:81:
         91:02:0a:0e:5f:3f:01:64:44:2b:7e:87:8b:c4:5f:fc:de:b7:
         bd:ef:61:64:d7:b4:eb:0e:8c:ae:85:19:c7:bf:02:9e:da:36:
         76:dc:dd:bb:e3:68:21:cb:9a:9d:80:92:36:e1:fe:1e:40:80:
         12:9d:a9:93
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3siFnfDIiP61tgFt6yDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZWNjYzlkMWE3NmU5MTQ2OWNiNjNiMTJiZjcyNWQ3ZGVi
YWZiMWIwHhcNMjQwMTAyMDYzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjE3ZTg0MDRlZjY1NzlkNDQxYzE0Y2IwZWY5ZWU2MDE1ZTEyNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1xakW6qWEAJQ6rgAFT6fMbj2VOe
++j/wUsY754cqmorFPUkmIet3YyiYL4r1q3Ae0tRbsAK4zO/2GkXMRBFFMSZU8v4
tQt/Uvouo0e66v8BJUCwPTIdruiD1Y0puEJKqGfmtfv+1nxOAoujj63Xy3+RIta/
6lNT7N76jVd3yq29SU4tp24ixjp8MmQl2rG2YbGkHPeZaypVN+6k4mTs7WrlzTvU
H82+dZoCy9HXguoQwKKGAuGEYx/9HMJ+FF/COhy9z7nOBgywBja1+LrSD/8TG0jj
cE0uZ92opGXtp/JCn8iTSL/cVqQM+HtHRw+xj9jWMkOXwIrQRp7VKFO7/QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC8X6EBO9ledRBwUyw757mAV4Sc/MB8GA1UdIwQY
MBaAFEvszJ0adukUactjsSv3JdfeuvsbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTkt
NGY0Yjk5NGUwZWIyLzEvTHhmb1FFNzJWNTFFSEJUTER2bnVZQlhoSno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTktNGY0Yjk5NGUwZWIy
LzEvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVLJAwQB
udCIAwQAudCLMA0GCSqGSIb3DQEBCwUAA4IBAQA6PxCLwB1kTDwiQ8J5kzO784i1
5Qn08cRGdd1rxxi4a4fY6CSBNZekEKt6dQUxoUe4ME4lUUYf3geH+sG6NIXVhsMK
tnF/7jAZn84RvXTFO89w/v24Jf1/XkhfElBdwZ3B20dBa51TfXTdo/zPiI8iKAt8
Fp1oAWx9QnkCZyGx1t1WEjqwZpRw+otBTrTfLhOydww8X7ODNQmF6EEH7/4N7OBT
TueV9EbV6VkC2Y1fEZ+S+Iqeu/4EWvW3/dZK/tKKU954CYGRAgoOXz8BZEQrfoeL
xF/83re972Fk17TrDoyuhRnHvwKe2jZ23N2742ghy5qdgJI24f4eQIASnamT
-----END CERTIFICATE-----