Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/LtWg3mMELQp7vlWsE2ETHV9tMYk.roa
File:                     LtWg3mMELQp7vlWsE2ETHV9tMYk.roa (raw, json)
Hash identifier:          K136ciMkWEmWPa4pRRNKPxS0HvnU+NBcqDEMFSuEppc=
Subject key identifier:   2E:D5:A0:DE:63:04:2D:0A:7B:BE:55:AC:13:61:13:1D:5F:6D:31:89
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018CC56DFA26E24E32B48D4D3052608BDB5B
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/LtWg3mMELQp7vlWsE2ETHV9tMYk.roa
Signing time:             Mon 01 Jan 2024 14:29:28 +0000
ROA not before:           Mon 01 Jan 2024 14:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210512
IP address blocks:        31.129.21.0/24 maxlen: 24
                          194.5.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fa:26:e2:4e:32:b4:8d:4d:30:52:60:8b:db:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ed5a0de63042d0a7bbe55ac1361131d5f6d3189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:31:83:a5:09:be:5d:08:94:19:6f:a2:c3:fc:
                    ea:e1:f2:12:0e:46:12:3f:fd:9d:1e:d0:a3:47:29:
                    2b:8e:6f:2b:3f:61:c8:00:fb:10:7d:eb:bd:61:2d:
                    b9:18:8b:1b:ca:6d:a6:67:4d:80:ce:81:5b:3d:74:
                    7d:9c:a1:ca:b7:ed:74:ca:17:94:9e:7a:24:0e:48:
                    db:b6:1c:42:b6:13:e6:d1:0f:07:58:f8:5e:b7:ae:
                    6f:ff:51:47:34:ae:18:a2:a3:82:a5:70:69:66:6c:
                    65:71:84:bc:64:59:62:f6:a4:e0:90:4b:39:70:41:
                    48:7e:be:4b:3b:98:93:0f:d1:9c:bb:1e:a2:e2:f1:
                    a4:63:af:11:a7:2a:e4:eb:5d:1d:e4:e6:55:a5:2c:
                    e1:0c:6f:36:ba:4b:e8:42:57:52:0b:9c:38:e3:02:
                    da:00:57:0d:6c:43:8f:a7:76:ec:df:3a:b8:bb:44:
                    72:01:4e:dd:c7:36:d5:0a:29:90:e2:84:94:65:de:
                    9a:ae:5b:8a:76:c8:ef:70:3d:38:fc:70:63:ae:07:
                    bb:a7:9b:0d:fc:27:a2:60:0f:0a:2b:ee:a8:90:99:
                    ae:2b:ee:d3:08:db:92:f1:79:5b:46:e3:a4:f4:2c:
                    c3:b4:18:59:fa:0b:9a:2d:76:c3:c0:71:1c:ba:53:
                    e5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D5:A0:DE:63:04:2D:0A:7B:BE:55:AC:13:61:13:1D:5F:6D:31:89
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/LtWg3mMELQp7vlWsE2ETHV9tMYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.21.0/24
                  194.5.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:01:92:53:4e:2c:e0:27:d7:97:51:5b:62:dd:9a:fa:50:e8:
         95:d1:53:bb:4a:41:20:c5:85:96:e6:f1:4f:06:5e:35:76:9d:
         57:a9:24:ef:cf:d8:5f:d9:52:d9:d1:9a:53:e2:60:36:4f:f8:
         a6:a5:2f:a7:7b:cc:74:b8:1e:93:97:11:14:72:d3:34:4a:0e:
         6d:74:71:e5:9f:1c:1c:d2:1e:e5:7d:0a:54:a7:14:ac:21:a1:
         39:8c:c5:3b:9f:97:e8:e8:97:b5:8f:cb:26:ae:33:0b:4b:df:
         4b:81:0d:78:e2:b9:22:8e:25:67:53:9c:8f:d8:04:8b:41:c3:
         55:55:41:ae:07:37:82:c4:61:75:76:54:b5:51:d2:09:a6:ce:
         bb:72:90:5a:07:28:62:b5:93:07:b8:75:54:ae:fe:41:b0:5f:
         d4:c8:f7:3b:b8:a4:63:3b:2c:12:8f:74:19:47:b2:47:a2:96:
         91:08:64:5c:66:d2:b6:c5:bd:68:b1:bd:6c:f8:78:c6:f1:06:
         19:8c:9a:0b:70:92:30:e9:90:b8:d2:e5:35:54:c0:c9:2d:19:
         e6:67:50:8c:fe:2c:b0:57:c9:d9:2e:69:83:69:c6:f0:c4:32:
         15:5e:c1:c1:82:a1:a3:bb:e6:ea:e2:f7:d4:7f:05:99:12:83:
         e1:23:15:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbfom4k4ytI1NMFJgi9tbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQ1YTBkZTYzMDQyZDBhN2JiZTU1YWMxMzYxMTMxZDVmNmQzMTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTGDpQm+XQiUGW+iw/zq4fISDkYS
P/2dHtCjRykrjm8rP2HIAPsQfeu9YS25GIsbym2mZ02AzoFbPXR9nKHKt+10yheU
nnokDkjbthxCthPm0Q8HWPhet65v/1FHNK4YoqOCpXBpZmxlcYS8ZFli9qTgkEs5
cEFIfr5LO5iTD9Gcux6i4vGkY68Rpyrk610d5OZVpSzhDG82ukvoQldSC5w44wLa
AFcNbEOPp3bs3zq4u0RyAU7dxzbVCimQ4oSUZd6arluKdsjvcD04/HBjrge7p5sN
/CeiYA8KK+6okJmuK+7TCNuS8XlbRuOk9CzDtBhZ+guaLXbDwHEculPlGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC7VoN5jBC0Ke75VrBNhEx1fbTGJMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvTHRXZzNtTUVMUXA3dmxXc0UyRVRIVjl0TVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH4EVAwQA
wgVeMA0GCSqGSIb3DQEBCwUAA4IBAQBgAZJTTizgJ9eXUVti3Zr6UOiV0VO7SkEg
xYWW5vFPBl41dp1XqSTvz9hf2VLZ0ZpT4mA2T/impS+ne8x0uB6TlxEUctM0Sg5t
dHHlnxwc0h7lfQpUpxSsIaE5jMU7n5fo6Je1j8smrjMLS99LgQ144rkijiVnU5yP
2ASLQcNVVUGuBzeCxGF1dlS1UdIJps67cpBaByhitZMHuHVUrv5BsF/UyPc7uKRj
OywSj3QZR7JHopaRCGRcZtK2xb1osb1s+HjG8QYZjJoLcJIw6ZC40uU1VMDJLRnm
Z1CM/iywV8nZLmmDacbwxDIVXsHBgqGju+bq4vfUfwWZEoPhIxU/
-----END CERTIFICATE-----