Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/LrVzLqOZP8hTz-k_094gljYxS7I.roa
File:                     LrVzLqOZP8hTz-k_094gljYxS7I.roa (raw, json)
Hash identifier:          UXABy/A4nIL6VbDmEw1Zh8i2wLA+HBsyJgg3MvpfLMk=
Subject key identifier:   2E:B5:73:2E:A3:99:3F:C8:53:CF:E9:3F:D3:DE:20:96:36:31:4B:B2
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       018DE84F9DFB41D7D1B6D9E23A4789159EF4
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/LrVzLqOZP8hTz-k_094gljYxS7I.roa
Signing time:             Tue 27 Feb 2024 02:05:48 +0000
ROA not before:           Tue 27 Feb 2024 02:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        62.122.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e8:4f:9d:fb:41:d7:d1:b6:d9:e2:3a:47:89:15:9e:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Feb 27 02:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2eb5732ea3993fc853cfe93fd3de209636314bb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:8f:c0:77:7d:44:a7:e0:5e:24:98:dc:b3:1c:
                    0c:f4:1e:2d:1f:49:dc:44:59:09:0f:6f:7b:18:ed:
                    42:ba:57:4a:f5:3d:fa:9e:4d:c2:ff:02:38:f5:da:
                    90:17:77:67:22:7c:18:ce:a7:ae:75:7d:02:d4:d0:
                    2d:cf:7a:4b:2d:9c:0d:d1:ae:42:22:23:82:31:79:
                    c9:3b:90:44:fa:69:be:c8:6c:0c:43:4d:99:fd:39:
                    5a:e1:11:24:53:6a:ce:4d:ae:fb:9a:c6:de:e5:24:
                    e5:48:b3:8e:e0:a5:93:d7:bd:d8:c7:7e:02:ab:18:
                    30:d8:97:f8:76:e4:59:67:20:a4:04:b8:9c:07:96:
                    d4:c8:60:a7:5c:59:2d:67:f3:b1:cc:16:c2:6c:16:
                    93:77:3e:06:c7:4b:3f:af:ef:10:51:40:89:b5:cf:
                    86:9b:57:7c:fe:4c:b4:31:f8:d4:a1:0f:1b:4e:89:
                    08:d3:a4:02:25:29:45:0d:2a:05:eb:e4:ab:44:64:
                    25:83:dd:00:02:f3:55:25:79:4f:86:61:86:22:70:
                    06:b0:aa:57:b3:dd:5f:d0:b9:3c:95:9f:61:59:46:
                    50:46:0c:75:e2:f9:a3:29:5b:93:90:de:9b:5e:60:
                    6d:19:a1:8d:55:32:d5:b0:7a:08:cd:11:2e:40:f9:
                    06:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B5:73:2E:A3:99:3F:C8:53:CF:E9:3F:D3:DE:20:96:36:31:4B:B2
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/LrVzLqOZP8hTz-k_094gljYxS7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.122.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:50:86:6f:8d:1a:d1:64:9d:ce:fa:65:63:64:f5:24:b7:25:
         68:38:2b:04:3c:2e:e7:dc:c5:c1:a4:3e:ba:14:74:75:fb:7b:
         e3:93:c7:02:68:84:92:8d:09:c0:d1:c2:8d:72:02:50:8a:a7:
         8e:fc:f3:74:d7:aa:04:66:d9:da:86:f2:e7:b7:35:bd:0e:d3:
         52:bd:90:04:22:37:f1:c1:f3:e9:8c:3c:17:47:4a:0d:4b:1a:
         5c:be:96:63:3b:7f:b4:ab:22:f5:c2:6f:0c:0f:7f:fa:b0:8a:
         fe:4b:51:0e:b2:df:53:8a:36:04:f7:58:ab:6f:ce:18:c5:08:
         30:3f:5e:9a:87:e5:fc:ed:3f:35:26:33:b9:dd:25:8e:67:dc:
         b1:00:e8:d0:a2:74:bd:23:40:d3:b8:6f:53:39:b8:87:16:aa:
         8a:66:9d:41:4d:2b:87:f1:a9:72:c2:44:f1:23:33:d0:86:78:
         9c:0a:d2:bd:ae:2d:b6:49:39:35:ab:72:7b:4d:f2:98:26:0f:
         33:db:f9:e9:48:dd:42:39:e0:25:a6:f1:22:6b:ea:62:a3:8e:
         bc:7c:bd:f9:49:b1:a7:f6:80:cf:43:e9:e8:e3:8e:35:c5:de:
         64:b3:93:58:46:84:7e:b4:ed:01:19:d6:ef:4a:b2:f9:5f:c8:
         2b:5e:46:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3oT537QdfRttniOkeJFZ70MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwMjI3MDIwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWI1NzMyZWEzOTkzZmM4NTNjZmU5M2ZkM2RlMjA5NjM2MzE0YmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgo/Ad31Ep+BeJJjcsxwM9B4tH0nc
RFkJD297GO1CuldK9T36nk3C/wI49dqQF3dnInwYzqeudX0C1NAtz3pLLZwN0a5C
IiOCMXnJO5BE+mm+yGwMQ02Z/Tla4REkU2rOTa77msbe5STlSLOO4KWT173Yx34C
qxgw2Jf4duRZZyCkBLicB5bUyGCnXFktZ/OxzBbCbBaTdz4Gx0s/r+8QUUCJtc+G
m1d8/ky0MfjUoQ8bTokI06QCJSlFDSoF6+SrRGQlg90AAvNVJXlPhmGGInAGsKpX
s91f0Lk8lZ9hWUZQRgx14vmjKVuTkN6bXmBtGaGNVTLVsHoIzREuQPkG9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC61cy6jmT/IU8/pP9PeIJY2MUuyMB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvTHJWekxxT1pQOGhUei1rXzA5NGdsall4UzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPnq8MA0G
CSqGSIb3DQEBCwUAA4IBAQCMUIZvjRrRZJ3O+mVjZPUktyVoOCsEPC7n3MXBpD66
FHR1+3vjk8cCaISSjQnA0cKNcgJQiqeO/PN016oEZtnahvLntzW9DtNSvZAEIjfx
wfPpjDwXR0oNSxpcvpZjO3+0qyL1wm8MD3/6sIr+S1EOst9TijYE91irb84YxQgw
P16ah+X87T81JjO53SWOZ9yxAOjQonS9I0DTuG9TObiHFqqKZp1BTSuH8alywkTx
IzPQhnicCtK9ri22STk1q3J7TfKYJg8z2/npSN1COeAlpvEia+pio468fL35SbGn
9oDPQ+no4441xd5ks5NYRoR+tO0BGdbvSrL5X8grXkat
-----END CERTIFICATE-----