Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LtOlX44cCXDr2ALs0dH_sM-UJaw.roa
File:                     LtOlX44cCXDr2ALs0dH_sM-UJaw.roa (raw, json)
Hash identifier:          AFTPZKwwZ8PWVOQYg+b2Pp2U1zRvapND3yQDJsOgg1o=
Subject key identifier:   2E:D3:A5:5F:8E:1C:09:70:EB:D8:02:EC:D1:D1:FF:B0:CF:94:25:AC
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC3496570B3FBF5D7C161768233A6F31F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LtOlX44cCXDr2ALs0dH_sM-UJaw.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216200
IP address blocks:        109.176.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:50:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:65:70:b3:fb:f5:d7:c1:61:76:82:33:a6:f3:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ed3a55f8e1c0970ebd802ecd1d1ffb0cf9425ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:65:30:0e:73:d3:2c:73:c9:4c:49:a9:41:c1:
                    74:3e:0b:05:b1:75:4a:98:6e:d9:a5:e4:7f:ea:b8:
                    dd:30:b4:a5:a2:df:d1:97:87:58:a2:cf:16:02:09:
                    ec:af:8a:b4:db:be:ac:e2:23:71:0c:ce:ff:92:3e:
                    fb:34:b5:4b:53:f0:d6:20:69:37:4b:47:7a:b5:d8:
                    13:c3:d2:e9:78:69:7d:d4:9b:43:39:1c:48:14:6e:
                    69:7a:7d:9a:f2:d1:c1:b4:69:7e:94:c9:08:53:ca:
                    ba:87:96:f0:fd:a4:7a:2f:a5:27:e4:d5:32:90:96:
                    0f:91:6d:d9:50:9a:0d:50:19:8e:6a:f5:d5:c7:fa:
                    55:cf:d5:28:2b:d1:b3:6b:b6:27:09:fc:90:aa:66:
                    69:24:78:69:f4:35:a4:7c:6f:ac:e6:ce:4d:9c:b2:
                    7b:3e:d9:fd:0e:73:1e:4f:2a:b8:e0:a1:4f:fe:20:
                    4c:96:9b:de:e1:c4:1e:32:18:09:56:a1:a4:05:d7:
                    79:b4:4a:ee:71:d5:e6:06:f5:d9:ef:61:c6:f2:21:
                    c2:68:27:c9:26:d7:08:96:e2:f2:a3:30:c6:87:bf:
                    bf:f8:e0:55:2a:f6:3c:93:e2:ab:0f:b9:db:72:ef:
                    37:c5:6c:db:42:c3:bc:b3:63:23:a5:cf:04:20:9b:
                    fc:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D3:A5:5F:8E:1C:09:70:EB:D8:02:EC:D1:D1:FF:B0:CF:94:25:AC
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LtOlX44cCXDr2ALs0dH_sM-UJaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:db:94:cb:26:a6:c9:d5:35:3a:fd:90:63:da:b9:bf:a4:c5:
         55:db:23:6f:7d:1d:61:ff:4d:f8:33:a9:b6:38:00:40:77:2b:
         73:76:f6:91:a8:be:64:e9:42:dc:14:7e:d2:95:e1:f5:2a:42:
         9a:be:79:fa:69:75:b9:02:9d:4f:60:c5:0e:e7:81:83:d0:8b:
         77:2a:8c:0f:70:98:2a:08:60:fc:4d:75:34:3e:28:32:2b:47:
         49:33:39:51:74:0d:12:99:97:3f:5f:ec:a1:59:5b:bc:bd:12:
         f2:93:b7:a3:e0:10:9e:cd:cb:4d:3f:ac:d9:56:09:a8:08:2b:
         67:37:23:26:02:56:af:c0:65:28:32:3c:a4:4b:5a:e5:bc:44:
         b2:3a:53:ba:a5:65:7c:5d:b6:69:06:81:a0:48:ec:56:14:d9:
         51:1a:99:bb:cd:ae:fa:f8:14:ac:4b:13:c1:01:98:50:da:5e:
         cd:1c:f9:16:1c:5f:af:b2:48:67:3c:fa:be:4d:36:ac:0f:5b:
         45:37:0f:af:4d:35:08:d0:0a:70:e6:40:e5:8b:1a:4b:d3:c2:
         72:cb:5b:8b:6e:af:6b:be:a0:66:7c:30:dc:ef:33:d6:9a:7a:
         ec:68:c5:ff:88:2c:c7:20:fa:f9:05:a8:02:f4:a6:57:fa:42:
         39:40:7c:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWVws/v118FhdoIzpvMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQzYTU1ZjhlMWMwOTcwZWJkODAyZWNkMWQxZmZiMGNmOTQyNWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimUwDnPTLHPJTEmpQcF0PgsFsXVK
mG7ZpeR/6rjdMLSlot/Rl4dYos8WAgnsr4q0276s4iNxDM7/kj77NLVLU/DWIGk3
S0d6tdgTw9LpeGl91JtDORxIFG5pen2a8tHBtGl+lMkIU8q6h5bw/aR6L6Un5NUy
kJYPkW3ZUJoNUBmOavXVx/pVz9UoK9Gza7YnCfyQqmZpJHhp9DWkfG+s5s5NnLJ7
Ptn9DnMeTyq44KFP/iBMlpve4cQeMhgJVqGkBdd5tErucdXmBvXZ72HG8iHCaCfJ
JtcIluLyozDGh7+/+OBVKvY8k+KrD7nbcu83xWzbQsO8s2Mjpc8EIJv80QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7TpV+OHAlw69gC7NHR/7DPlCWsMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTHRPbFg0NGNDWERyMkFMczBkSF9zTS1VSmF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDwMA0G
CSqGSIb3DQEBCwUAA4IBAQA725TLJqbJ1TU6/ZBj2rm/pMVV2yNvfR1h/034M6m2
OABAdytzdvaRqL5k6ULcFH7SleH1KkKavnn6aXW5Ap1PYMUO54GD0It3KowPcJgq
CGD8TXU0PigyK0dJMzlRdA0SmZc/X+yhWVu8vRLyk7ej4BCezctNP6zZVgmoCCtn
NyMmAlavwGUoMjykS1rlvESyOlO6pWV8XbZpBoGgSOxWFNlRGpm7za76+BSsSxPB
AZhQ2l7NHPkWHF+vskhnPPq+TTasD1tFNw+vTTUI0Apw5kDlixpL08Jyy1uLbq9r
vqBmfDDc7zPWmnrsaMX/iCzHIPr5BagC9KZX+kI5QHw3
-----END CERTIFICATE-----