Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/PlsLMKgpFjMiChHipkpCHyI9eb4.roa
File:                     PlsLMKgpFjMiChHipkpCHyI9eb4.roa (raw, json)
Hash identifier:          evMQKO2BLD8i7snceYoXruhfnG1tG9sObf8xhqsHMn0=
Subject key identifier:   3E:5B:0B:30:A8:29:16:33:22:0A:11:E2:A6:4A:42:1F:22:3D:79:BE
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       018CC26D7F9C293F862A0D182D11311189B5
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/PlsLMKgpFjMiChHipkpCHyI9eb4.roa
Signing time:             Mon 01 Jan 2024 00:30:05 +0000
ROA not before:           Mon 01 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.14.238.0/24 maxlen: 24
                          185.14.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7f:9c:29:3f:86:2a:0d:18:2d:11:31:11:89:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e5b0b30a8291633220a11e2a64a421f223d79be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0b:b3:a8:71:12:34:68:89:14:9f:5f:ab:f8:
                    1c:74:a2:cd:da:41:88:a2:1a:92:7c:33:a0:cc:96:
                    f6:80:1f:20:d4:0e:bc:b1:e6:1d:80:f7:42:71:1c:
                    e5:00:94:47:eb:3e:55:4f:7e:d3:89:b2:86:53:1e:
                    3c:e0:e7:ee:fe:5b:07:f8:87:5b:fb:41:9e:84:07:
                    82:31:e4:52:2e:85:92:c8:02:87:88:42:c9:67:14:
                    3b:59:17:40:d3:e9:f3:3e:5f:b8:98:78:78:91:5b:
                    4b:a9:b2:65:2b:4c:26:19:5d:7c:fc:19:36:af:f4:
                    72:c1:5d:52:1f:c5:51:92:cc:5e:95:bd:7f:ac:fb:
                    2b:a9:4c:9f:ab:d2:f3:43:f0:ed:57:54:d8:4f:fc:
                    e3:39:84:0b:bb:28:7c:2d:52:bc:8a:ae:b7:ba:30:
                    fe:1d:39:ab:d0:0d:bc:b3:4e:2f:a5:c3:21:0a:dd:
                    4d:75:e8:a5:07:f3:8b:a5:53:92:01:7d:5d:16:b4:
                    b1:0f:03:9c:fa:52:06:17:a1:c2:c4:47:21:37:21:
                    86:40:e1:a9:a9:71:fc:ff:e5:12:ac:d9:4c:34:9f:
                    0f:12:79:ff:37:49:97:71:57:5a:56:a7:21:b7:96:
                    b4:64:21:09:ba:11:cb:b5:39:aa:3c:38:e6:74:d2:
                    bd:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:5B:0B:30:A8:29:16:33:22:0A:11:E2:A6:4A:42:1F:22:3D:79:BE
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/PlsLMKgpFjMiChHipkpCHyI9eb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.236.0/24
                  185.14.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:62:f2:a6:87:01:5f:26:1a:81:9d:17:45:dd:98:15:01:5b:
         3f:36:3a:9b:ba:3b:47:cb:88:c8:22:24:20:57:9e:27:b1:92:
         e5:77:b3:48:ee:03:2b:2e:b8:27:e4:86:3b:f3:57:41:25:91:
         e0:29:f3:df:8c:b4:f5:cf:60:48:d2:a2:a9:d7:6d:ac:18:72:
         32:1b:b1:91:3b:ef:4e:47:35:4b:3c:e3:8d:d1:6b:ac:41:6e:
         42:d0:16:42:27:2d:eb:a9:b2:e2:cd:fd:40:2d:1d:03:76:dd:
         29:47:c3:4c:da:53:78:a8:a0:a8:18:cc:2c:de:18:df:11:36:
         f9:8e:b8:02:54:fe:73:38:b3:31:a4:28:77:b6:90:fd:68:a2:
         e0:10:e1:43:92:4a:ac:03:bc:86:ee:7b:cf:80:21:59:07:d3:
         96:2e:d5:de:12:44:99:ea:83:ed:94:1d:f7:ad:bd:f5:fb:33:
         d6:05:92:0f:e4:0e:87:ce:e9:c7:2b:bf:c4:87:fd:57:59:77:
         49:f2:5b:14:09:e5:98:5d:c4:f4:22:a5:dc:5f:29:6a:91:0f:
         13:90:3a:a2:02:bb:7b:29:55:25:df:a3:b8:26:af:fa:09:24:
         dc:98:75:e5:fb:5a:02:d8:15:f2:bd:7b:90:07:a1:30:5c:c2:
         c0:80:0c:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbX+cKT+GKg0YLRExEYm1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTViMGIzMGE4MjkxNjMzMjIwYTExZTJhNjRhNDIxZjIyM2Q3OWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAuzqHESNGiJFJ9fq/gcdKLN2kGI
ohqSfDOgzJb2gB8g1A68seYdgPdCcRzlAJRH6z5VT37TibKGUx484Ofu/lsH+Idb
+0GehAeCMeRSLoWSyAKHiELJZxQ7WRdA0+nzPl+4mHh4kVtLqbJlK0wmGV18/Bk2
r/RywV1SH8VRksxelb1/rPsrqUyfq9LzQ/DtV1TYT/zjOYQLuyh8LVK8iq63ujD+
HTmr0A28s04vpcMhCt1NdeilB/OLpVOSAX1dFrSxDwOc+lIGF6HCxEchNyGGQOGp
qXH8/+USrNlMNJ8PEnn/N0mXcVdaVqcht5a0ZCEJuhHLtTmqPDjmdNK9dQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD5bCzCoKRYzIgoR4qZKQh8iPXm+MB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvUGxzTE1LZ3BGak1pQ2hIaXBrcENIeUk5ZWI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuQ7sAwQA
uQ7uMA0GCSqGSIb3DQEBCwUAA4IBAQA8YvKmhwFfJhqBnRdF3ZgVAVs/NjqbujtH
y4jIIiQgV54nsZLld7NI7gMrLrgn5IY781dBJZHgKfPfjLT1z2BI0qKp122sGHIy
G7GRO+9ORzVLPOON0WusQW5C0BZCJy3rqbLizf1ALR0Ddt0pR8NM2lN4qKCoGMws
3hjfETb5jrgCVP5zOLMxpCh3tpD9aKLgEOFDkkqsA7yG7nvPgCFZB9OWLtXeEkSZ
6oPtlB33rb31+zPWBZIP5A6HzunHK7/Eh/1XWXdJ8lsUCeWYXcT0IqXcXylqkQ8T
kDqiArt7KVUl36O4Jq/6CSTcmHXl+1oC2BXyvXuQB6EwXMLAgAxK
-----END CERTIFICATE-----