Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/LGsOjs3yWE-FDla1bdWsVzurcs0.roa
File:                     LGsOjs3yWE-FDla1bdWsVzurcs0.roa (raw, json)
Hash identifier:          59ZskWSWomtq3lh+aLLNSVyS21P9fo8oOf/9J38okSI=
Subject key identifier:   2C:6B:0E:8E:CD:F2:58:4F:85:0E:56:B5:6D:D5:AC:57:3B:AB:72:CD
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794E9855B4BAB0A28539BC132FA3854
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/LGsOjs3yWE-FDla1bdWsVzurcs0.roa
Signing time:             Tue 02 Jan 2024 00:31:14 +0000
ROA not before:           Tue 02 Jan 2024 00:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12129
IP address blocks:        37.221.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e9:85:5b:4b:ab:0a:28:53:9b:c1:32:fa:38:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c6b0e8ecdf2584f850e56b56dd5ac573bab72cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8a:54:30:53:36:08:6f:b4:df:08:b6:af:10:
                    57:95:64:2c:ce:24:f4:39:03:44:18:10:03:fd:6d:
                    5e:8f:2b:64:57:78:3f:90:cc:a6:9d:23:bf:b0:0b:
                    07:10:f7:02:5e:c1:52:7b:3b:7a:7c:c6:76:1b:5a:
                    0e:e8:73:e8:83:05:b4:41:61:21:b0:ae:4b:04:fa:
                    97:a9:f3:f2:41:3e:37:2b:cb:9a:83:89:35:a9:d1:
                    7b:33:46:3c:26:bd:3a:93:80:d3:7e:2d:b7:60:87:
                    2c:e8:5e:1a:72:65:7b:cd:23:04:fc:25:e1:06:ee:
                    7e:9c:5a:64:c9:04:93:0e:ea:39:78:85:63:63:8d:
                    d3:56:19:13:6b:5c:bd:61:c5:46:79:56:ae:3f:b8:
                    d5:70:3e:9c:f5:35:3d:ce:1d:1b:b7:d8:da:ff:a9:
                    fa:1b:96:c8:45:76:b8:7b:1e:6b:f7:7c:e9:bc:8e:
                    7f:00:a1:99:5e:cd:16:84:fd:85:d3:0e:ff:a5:82:
                    67:ae:e9:7e:83:c2:86:c4:69:6c:07:f2:31:be:71:
                    05:e0:82:59:73:6e:f8:e7:92:7b:ba:b6:53:6f:95:
                    36:ec:43:42:f1:13:db:d5:16:a5:f1:fd:45:24:e5:
                    cd:24:ca:f4:5f:f5:73:73:e8:cf:56:df:a0:b8:3f:
                    ec:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:6B:0E:8E:CD:F2:58:4F:85:0E:56:B5:6D:D5:AC:57:3B:AB:72:CD
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/LGsOjs3yWE-FDla1bdWsVzurcs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:3a:94:4a:6d:7e:6c:f0:81:8a:ee:ea:3e:f2:45:79:0d:ca:
         43:30:14:4f:c6:ba:59:81:fb:71:e8:3c:77:c3:c2:10:38:5f:
         a8:b5:8d:3c:15:f0:9b:0a:d9:17:78:78:27:62:3f:ac:83:5a:
         cd:02:b7:49:49:fa:f9:3d:6a:0c:83:a5:af:b6:d4:10:b7:21:
         c6:28:36:fd:bf:cb:4e:9d:10:13:4f:07:f1:aa:c0:cd:80:70:
         45:88:1a:64:5e:70:b6:50:16:94:d5:f6:52:6a:46:ff:62:18:
         89:a1:07:38:28:15:15:44:42:a0:85:26:03:e6:64:a6:18:0a:
         55:ec:9f:49:a5:a3:fe:27:b4:98:28:70:bb:e1:57:2e:46:a8:
         5e:53:7e:cd:6a:82:23:52:88:84:e3:86:88:4e:e7:f9:95:55:
         d5:a3:82:36:c9:f5:0e:20:9b:a6:ad:bb:1c:ff:d3:a8:4c:f1:
         68:16:02:0c:b0:a2:02:16:e6:be:e7:cc:7f:cf:5f:36:9d:99:
         be:94:a7:dc:aa:80:3d:ea:b9:94:16:1f:07:b7:2f:6b:26:46:
         f9:b7:8a:c1:37:87:c3:df:85:5a:3a:cd:a7:3f:27:48:f3:09:
         87:41:14:ed:95:ce:55:7a:19:b0:12:c4:ae:4b:ed:f8:7e:f3:
         0d:18:a8:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlOmFW0urCihTm8Ey+jhUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzZiMGU4ZWNkZjI1ODRmODUwZTU2YjU2ZGQ1YWM1NzNiYWI3MmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4pUMFM2CG+03wi2rxBXlWQsziT0
OQNEGBAD/W1ejytkV3g/kMymnSO/sAsHEPcCXsFSezt6fMZ2G1oO6HPogwW0QWEh
sK5LBPqXqfPyQT43K8uag4k1qdF7M0Y8Jr06k4DTfi23YIcs6F4acmV7zSME/CXh
Bu5+nFpkyQSTDuo5eIVjY43TVhkTa1y9YcVGeVauP7jVcD6c9TU9zh0bt9ja/6n6
G5bIRXa4ex5r93zpvI5/AKGZXs0WhP2F0w7/pYJnrul+g8KGxGlsB/IxvnEF4IJZ
c27455J7urZTb5U27ENC8RPb1Ral8f1FJOXNJMr0X/Vzc+jPVt+guD/syQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxrDo7N8lhPhQ5WtW3VrFc7q3LNMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvTEdzT2pzM3lXRS1GRGxhMWJkV3NWenVyY3MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJd1tMA0G
CSqGSIb3DQEBCwUAA4IBAQAqOpRKbX5s8IGK7uo+8kV5DcpDMBRPxrpZgftx6Dx3
w8IQOF+otY08FfCbCtkXeHgnYj+sg1rNArdJSfr5PWoMg6WvttQQtyHGKDb9v8tO
nRATTwfxqsDNgHBFiBpkXnC2UBaU1fZSakb/YhiJoQc4KBUVREKghSYD5mSmGApV
7J9JpaP+J7SYKHC74VcuRqheU37NaoIjUoiE44aITuf5lVXVo4I2yfUOIJumrbsc
/9OoTPFoFgIMsKICFua+58x/z182nZm+lKfcqoA96rmUFh8Hty9rJkb5t4rBN4fD
34VaOs2nPydI8wmHQRTtlc5VehmwEsSuS+34fvMNGKgm
-----END CERTIFICATE-----