Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/LKCZsWDbNwEw43L4VS9eBSzpi-o.roa
File:                     LKCZsWDbNwEw43L4VS9eBSzpi-o.roa (raw, json)
Hash identifier:          cSF6VwQOk7r8vzD90yi2k5grVvKJ0liE5b843LUrEtk=
Subject key identifier:   2C:A0:99:B1:60:DB:37:01:30:E3:72:F8:55:2F:5E:05:2C:E9:8B:EA
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018E85A19DB26BD147B3C8D70533712104FA
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/LKCZsWDbNwEw43L4VS9eBSzpi-o.roa
Signing time:             Thu 28 Mar 2024 15:15:45 +0000
ROA not before:           Thu 28 Mar 2024 15:15:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6939
IP address blocks:        77.47.144.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:85:a1:9d:b2:6b:d1:47:b3:c8:d7:05:33:71:21:04:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Mar 28 15:15:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ca099b160db370130e372f8552f5e052ce98bea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:1f:b5:03:b8:a9:0a:bf:6f:08:a2:b2:ad:a7:
                    b7:72:2a:f5:38:24:7e:5f:cf:a6:17:f3:33:77:a2:
                    00:0b:b0:c6:5b:23:2c:49:b0:4f:c4:a6:1d:97:69:
                    02:b4:7b:6a:73:7d:1e:62:a9:4c:95:d9:93:4d:6e:
                    89:a6:df:a6:f4:93:80:82:49:ec:13:94:85:b8:b5:
                    d2:9a:b9:19:6c:38:f6:a5:0d:5e:f8:4b:7e:64:97:
                    57:84:b5:a4:8b:f2:cb:d3:4e:f4:c7:54:46:dd:38:
                    98:f8:82:15:b7:f5:2e:6c:d2:24:ee:67:4f:3b:70:
                    7d:e6:cd:25:0c:09:67:e9:79:cf:25:50:db:fb:95:
                    ac:a9:48:f7:6e:f0:2a:84:e2:8d:92:cb:0d:dd:13:
                    d3:82:7e:91:ed:f5:28:bf:03:44:e5:70:93:ac:c4:
                    9b:47:91:10:32:38:30:b8:c2:17:97:a6:b9:74:6b:
                    9b:52:c3:27:f7:6c:b2:62:89:4d:a6:cb:d8:ff:16:
                    49:3a:7b:12:e0:78:8c:ab:78:7d:c1:2b:3f:a0:f3:
                    99:c5:fa:6b:40:b4:44:f5:a1:3f:d7:38:ef:2f:23:
                    aa:ab:14:f9:fa:d1:75:07:f7:6b:42:1f:32:56:4e:
                    82:7a:5a:d7:d6:ce:7a:af:e8:83:34:32:bd:32:79:
                    f9:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:A0:99:B1:60:DB:37:01:30:E3:72:F8:55:2F:5E:05:2C:E9:8B:EA
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/LKCZsWDbNwEw43L4VS9eBSzpi-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:b5:49:38:1f:99:53:ce:eb:ea:49:2e:70:41:2d:07:df:47:
         c2:d8:8f:21:9f:27:58:fb:df:0a:59:d9:eb:c7:10:a8:7a:c2:
         e4:b2:29:54:35:f1:b3:e3:b6:ed:2f:7d:74:1d:ac:52:ff:32:
         15:01:6f:d6:04:a1:d7:fc:03:a8:4c:08:0d:9e:b3:7b:9b:90:
         fa:6f:b4:ac:d2:b1:b6:81:93:34:4e:18:16:d0:61:07:47:bc:
         b6:d4:d9:56:4b:8e:24:f6:3c:32:e4:06:40:d1:dc:e9:82:90:
         d5:c6:5d:db:b1:e7:16:80:de:e9:6f:8e:18:95:1a:97:d3:72:
         55:4b:5d:cd:30:94:02:12:7c:a4:0c:25:b5:40:51:88:4d:91:
         d4:d5:9f:cc:59:16:6e:17:74:1b:8e:cd:72:75:d1:da:5b:ac:
         48:29:d5:63:58:ee:23:4c:e9:13:7a:15:eb:cd:ef:25:c7:f5:
         e8:36:f2:51:76:5a:80:bb:fc:1b:9d:2f:0f:09:aa:e7:d4:97:
         a8:4b:51:86:7c:c3:b2:73:c1:ca:58:4f:70:28:25:c6:e1:a5:
         0a:d6:ef:14:10:29:0f:15:90:ff:26:14:01:88:f7:b2:57:e3:
         47:07:ec:47:32:b2:09:b6:53:b7:39:54:12:a4:5c:0a:6c:73:
         09:9e:87:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6FoZ2ya9FHs8jXBTNxIQT6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMzI4MTUxNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2EwOTliMTYwZGIzNzAxMzBlMzcyZjg1NTJmNWUwNTJjZTk4YmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgR+1A7ipCr9vCKKyrae3cir1OCR+
X8+mF/Mzd6IAC7DGWyMsSbBPxKYdl2kCtHtqc30eYqlMldmTTW6Jpt+m9JOAgkns
E5SFuLXSmrkZbDj2pQ1e+Et+ZJdXhLWki/LL0070x1RG3TiY+IIVt/UubNIk7mdP
O3B95s0lDAln6XnPJVDb+5WsqUj3bvAqhOKNkssN3RPTgn6R7fUovwNE5XCTrMSb
R5EQMjgwuMIXl6a5dGubUsMn92yyYolNpsvY/xZJOnsS4HiMq3h9wSs/oPOZxfpr
QLRE9aE/1zjvLyOqqxT5+tF1B/drQh8yVk6CelrX1s56r+iDNDK9Mnn5xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCygmbFg2zcBMONy+FUvXgUs6YvqMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvTEtDWnNXRGJOd0V3NDNMNFZTOWVCU3pwaS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTS+QMA0G
CSqGSIb3DQEBCwUAA4IBAQBbtUk4H5lTzuvqSS5wQS0H30fC2I8hnydY+98KWdnr
xxCoesLksilUNfGz47btL310HaxS/zIVAW/WBKHX/AOoTAgNnrN7m5D6b7Ss0rG2
gZM0ThgW0GEHR7y21NlWS44k9jwy5AZA0dzpgpDVxl3bsecWgN7pb44YlRqX03JV
S13NMJQCEnykDCW1QFGITZHU1Z/MWRZuF3Qbjs1yddHaW6xIKdVjWO4jTOkTehXr
ze8lx/XoNvJRdlqAu/wbnS8PCarn1JeoS1GGfMOyc8HKWE9wKCXG4aUK1u8UECkP
FZD/JhQBiPeyV+NHB+xHMrIJtlO3OVQSpFwKbHMJnodT
-----END CERTIFICATE-----