Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/LRgEOt_yNow_KkLIzrCAutmye_o.roa
File:                     LRgEOt_yNow_KkLIzrCAutmye_o.roa (raw, json)
Hash identifier:          dd9Yw21HhP/daau3r+VrpTXib2XG1uCK/2bTbAcdeFo=
Subject key identifier:   2D:18:04:3A:DF:F2:36:8C:3F:2A:42:C8:CE:B0:80:BA:D9:B2:7B:FA
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018D692B07BFE98A67F27034525B9D082B70
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/LRgEOt_yNow_KkLIzrCAutmye_o.roa
Signing time:             Fri 02 Feb 2024 09:34:04 +0000
ROA not before:           Fri 02 Feb 2024 09:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49661
IP address blocks:        45.142.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:2b:07:bf:e9:8a:67:f2:70:34:52:5b:9d:08:2b:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb  2 09:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d18043adff2368c3f2a42c8ceb080bad9b27bfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:9b:8a:08:3c:0d:ec:85:b8:fa:98:2a:6f:fe:
                    62:0d:6d:ac:e2:5f:e2:66:76:22:9b:c8:65:6b:e1:
                    bc:58:cb:9b:21:f3:bf:6a:5e:43:26:b0:8c:3e:33:
                    9d:cb:d2:e7:a9:3d:0f:6b:65:be:be:7e:88:58:c6:
                    9c:3b:37:68:e8:9b:00:c9:23:83:6d:8c:b2:09:73:
                    eb:93:ec:3f:fb:9a:53:70:94:95:19:3c:7a:48:bd:
                    e0:86:36:f7:16:9f:34:fa:ec:92:b2:f7:a5:ca:61:
                    fe:d5:8a:50:32:8f:82:dc:84:02:37:9e:7c:e8:48:
                    9d:5b:41:f2:92:97:15:5d:2b:c1:9a:66:69:45:0e:
                    6b:1d:aa:69:96:be:36:c4:75:2d:6a:ce:4f:4d:0c:
                    29:ea:cf:3a:47:c5:45:86:9a:19:fa:8e:c3:b3:e1:
                    8a:f7:7f:3e:d6:9f:38:10:f9:1d:69:fb:88:cf:68:
                    b2:32:10:ca:34:5d:bc:e7:be:1f:91:30:5e:44:46:
                    2c:04:44:2e:96:12:dc:27:d9:1c:42:7f:e1:f8:3b:
                    6c:4d:2b:5d:50:cd:c8:9b:a4:e8:14:a5:a6:e9:b4:
                    1c:8c:6f:39:59:98:cb:6e:ca:67:e6:a8:0c:ec:b8:
                    13:0d:73:a8:93:e6:0b:02:71:19:27:c4:0a:fe:33:
                    b1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:18:04:3A:DF:F2:36:8C:3F:2A:42:C8:CE:B0:80:BA:D9:B2:7B:FA
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/LRgEOt_yNow_KkLIzrCAutmye_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:5f:7e:f4:18:d9:fe:1b:26:1d:a9:53:91:0d:cc:77:3c:e4:
         f7:cd:0a:c1:26:e3:c0:58:65:3c:29:d3:30:61:b2:11:7a:99:
         b3:f9:ca:84:25:30:f2:c1:ef:10:bd:9f:4c:23:64:8b:62:02:
         96:f3:10:83:00:21:7c:9d:9a:98:19:24:11:03:46:01:0d:64:
         90:58:6d:a4:2e:82:fd:c0:97:3d:3f:fd:60:42:0c:d3:ea:f5:
         31:62:20:bb:98:04:76:0d:9b:d6:b5:48:3e:d9:f0:70:47:df:
         8b:d3:88:ef:b1:b1:8d:25:cb:87:67:25:7d:42:e4:27:e3:d5:
         d7:1b:be:cd:03:80:a6:82:02:41:12:c5:39:d7:7f:af:34:d8:
         36:62:5c:d4:c3:df:50:57:b6:8f:a7:54:78:c2:4f:dc:18:4b:
         e3:25:6d:5e:6a:38:2a:5a:64:1a:a5:c7:e5:5a:ce:f3:07:f2:
         be:40:71:b8:dd:7b:1d:c8:0e:4e:12:04:18:44:d7:01:97:93:
         9b:0b:b8:e6:20:fa:26:22:16:c3:62:8f:57:9d:5c:94:89:e6:
         0f:6f:9f:d9:20:60:f7:4e:df:60:f8:96:5e:d5:e8:ff:8c:31:
         df:2c:86:ad:06:6d:34:c0:6c:b3:f4:81:83:c4:06:55:9f:7b:
         20:ad:a9:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1pKwe/6Ypn8nA0UludCCtwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjAyMDkzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDE4MDQzYWRmZjIzNjhjM2YyYTQyYzhjZWIwODBiYWQ5YjI3YmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpuKCDwN7IW4+pgqb/5iDW2s4l/i
ZnYim8hla+G8WMubIfO/al5DJrCMPjOdy9LnqT0Pa2W+vn6IWMacOzdo6JsAySOD
bYyyCXPrk+w/+5pTcJSVGTx6SL3ghjb3Fp80+uySsvelymH+1YpQMo+C3IQCN558
6EidW0HykpcVXSvBmmZpRQ5rHapplr42xHUtas5PTQwp6s86R8VFhpoZ+o7Ds+GK
938+1p84EPkdafuIz2iyMhDKNF28574fkTBeREYsBEQulhLcJ9kcQn/h+DtsTStd
UM3Im6ToFKWm6bQcjG85WZjLbspn5qgM7LgTDXOok+YLAnEZJ8QK/jOxjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC0YBDrf8jaMPypCyM6wgLrZsnv6MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvTFJnRU90X3lOb3dfS2tMSXpyQ0F1dG15ZV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY4mMA0G
CSqGSIb3DQEBCwUAA4IBAQA6X370GNn+GyYdqVORDcx3POT3zQrBJuPAWGU8KdMw
YbIRepmz+cqEJTDywe8QvZ9MI2SLYgKW8xCDACF8nZqYGSQRA0YBDWSQWG2kLoL9
wJc9P/1gQgzT6vUxYiC7mAR2DZvWtUg+2fBwR9+L04jvsbGNJcuHZyV9QuQn49XX
G77NA4CmggJBEsU513+vNNg2YlzUw99QV7aPp1R4wk/cGEvjJW1eajgqWmQapcfl
Ws7zB/K+QHG43XsdyA5OEgQYRNcBl5ObC7jmIPomIhbDYo9XnVyUieYPb5/ZIGD3
Tt9g+JZe1ej/jDHfLIatBm00wGyz9IGDxAZVn3sgrak7
-----END CERTIFICATE-----