Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/LbMg4K4jM2SUGk4Hq2Z88_mKVtA.roa
File:                     LbMg4K4jM2SUGk4Hq2Z88_mKVtA.roa (raw, json)
Hash identifier:          d3P/efJ26Y9kQ9ajmo1r2SNRREyIrDqHcvaqVXVU4/8=
Subject key identifier:   2D:B3:20:E0:AE:23:33:64:94:1A:4E:07:AB:66:7C:F3:F9:8A:56:D0
Certificate issuer:       /CN=c15e7d7bb69efacb0c73902972c74d72d29bf77f
Certificate serial:       018FBD676C9ADF88AABD83D3B53EE277C30B
Authority key identifier: C1:5E:7D:7B:B6:9E:FA:CB:0C:73:90:29:72:C7:4D:72:D2:9B:F7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/LbMg4K4jM2SUGk4Hq2Z88_mKVtA.roa
Signing time:             Tue 28 May 2024 04:13:42 +0000
ROA not before:           Tue 28 May 2024 04:13:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39855
IP address blocks:        45.144.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 01:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bd:67:6c:9a:df:88:aa:bd:83:d3:b5:3e:e2:77:c3:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c15e7d7bb69efacb0c73902972c74d72d29bf77f
        Validity
            Not Before: May 28 04:13:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2db320e0ae233364941a4e07ab667cf3f98a56d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:20:67:6f:ac:65:f4:a5:8b:7d:e8:3d:49:67:
                    fd:c0:26:10:6e:09:fe:59:91:50:41:3f:51:97:28:
                    94:57:ec:f3:af:bb:d9:bd:cd:0e:65:74:de:1b:ad:
                    3d:03:17:fa:38:57:47:7c:b8:3b:50:c9:f4:7f:cd:
                    f7:fb:98:5a:d8:a3:1b:ad:23:36:ea:57:af:ca:a2:
                    19:6f:2a:a5:29:ca:f7:ad:2f:ba:e0:1b:9d:33:de:
                    c6:f5:3b:75:e0:c4:e8:b4:8e:4b:99:7d:4c:e7:1b:
                    df:58:48:57:bf:29:10:b5:2f:6f:fa:dc:2e:35:17:
                    0d:cd:a9:6f:5a:87:7a:2f:db:0c:24:3a:3c:de:17:
                    b9:a3:cf:d7:06:4e:c4:bc:9f:e7:f1:35:dd:fa:ea:
                    e7:bc:53:86:bd:e5:7d:66:ef:68:d8:85:3c:01:8a:
                    7c:9e:32:b7:7a:d7:61:b3:46:1e:93:3e:47:26:1a:
                    77:82:f9:c1:4b:1c:02:bf:e4:4c:c9:07:28:93:15:
                    4b:ad:9e:0d:18:ab:31:76:de:38:69:75:96:ee:a4:
                    8c:17:06:3b:72:cc:14:b5:5c:9a:59:54:c9:b8:c1:
                    57:d5:de:fe:ee:6f:50:3a:94:e4:71:79:e6:57:65:
                    47:2e:a1:0e:7b:45:43:63:d2:c2:fe:1c:a7:43:77:
                    84:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B3:20:E0:AE:23:33:64:94:1A:4E:07:AB:66:7C:F3:F9:8A:56:D0
            X509v3 Authority Key Identifier:
                keyid:C1:5E:7D:7B:B6:9E:FA:CB:0C:73:90:29:72:C7:4D:72:D2:9B:F7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wV59e7ae-ssMc5ApcsdNctKb938.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/LbMg4K4jM2SUGk4Hq2Z88_mKVtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ea402a-0ff6-47d9-9cd0-347a0f7c5b08/1/wV59e7ae-ssMc5ApcsdNctKb938.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:ef:c5:1d:87:24:4d:ea:7c:e9:98:3c:ad:79:1c:e9:d4:4c:
         51:4a:14:e1:51:58:c7:53:99:9e:1e:0b:09:9f:a2:0a:07:9b:
         f9:a0:75:e3:d3:86:74:5c:6b:dd:d2:24:52:52:22:81:a4:a2:
         18:8c:f3:8e:7b:f5:c5:63:c2:eb:e7:b9:a9:88:98:54:99:e8:
         7a:4e:e8:c3:5b:c6:1c:87:e7:86:59:40:fa:85:5f:64:82:d1:
         e6:12:29:d8:cd:42:20:db:1b:31:fc:15:b6:c0:bb:03:61:43:
         29:d5:46:3c:26:a3:20:0a:fa:b6:5f:27:56:aa:e7:8d:d2:ec:
         be:64:80:14:37:b1:c2:f8:36:bb:79:4a:27:e9:65:a2:df:af:
         b0:7f:8f:2a:7f:a5:61:38:1c:32:71:e5:1e:47:1f:47:0a:3b:
         11:92:64:16:93:23:22:7e:10:2a:b5:fc:6b:4c:a7:fb:84:f9:
         53:69:2f:20:4e:ad:5d:3d:d0:8a:96:b9:b7:f5:5c:a1:e2:41:
         55:5a:04:fb:08:51:10:60:ed:0e:26:6c:b0:a5:7f:8e:63:45:
         9f:7c:f3:a0:9a:56:c5:b9:28:57:39:2b:57:5f:e1:03:d8:e5:
         7d:a2:4d:9b:d4:fc:65:02:1e:c8:df:4a:ab:b0:1d:eb:30:dd:
         d2:30:b6:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+9Z2ya34iqvYPTtT7id8MLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNWU3ZDdiYjY5ZWZhY2IwYzczOTAyOTcyYzc0ZDcyZDI5
YmY3N2YwHhcNMjQwNTI4MDQxMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGIzMjBlMGFlMjMzMzY0OTQxYTRlMDdhYjY2N2NmM2Y5OGE1NmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSBnb6xl9KWLfeg9SWf9wCYQbgn+
WZFQQT9RlyiUV+zzr7vZvc0OZXTeG609Axf6OFdHfLg7UMn0f833+5ha2KMbrSM2
6levyqIZbyqlKcr3rS+64BudM97G9Tt14MTotI5LmX1M5xvfWEhXvykQtS9v+twu
NRcNzalvWod6L9sMJDo83he5o8/XBk7EvJ/n8TXd+urnvFOGveV9Zu9o2IU8AYp8
njK3etdhs0Yekz5HJhp3gvnBSxwCv+RMyQcokxVLrZ4NGKsxdt44aXWW7qSMFwY7
cswUtVyaWVTJuMFX1d7+7m9QOpTkcXnmV2VHLqEOe0VDY9LC/hynQ3eEkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2zIOCuIzNklBpOB6tmfPP5ilbQMB8GA1UdIwQY
MBaAFMFefXu2nvrLDHOQKXLHTXLSm/d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1Y1OWU3YWUtc3NNYzVBcGNzZE5jdEtiOTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9lYTQwMmEtMGZmNi00N2Q5LTljZDAt
MzQ3YTBmN2M1YjA4LzEvTGJNZzRLNGpNMlNVR2s0SHEyWjg4X21LVnRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9lYTQwMmEtMGZmNi00N2Q5LTljZDAtMzQ3YTBmN2M1YjA4
LzEvd1Y1OWU3YWUtc3NNYzVBcGNzZE5jdEtiOTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZDFMA0G
CSqGSIb3DQEBCwUAA4IBAQCh78UdhyRN6nzpmDyteRzp1ExRShThUVjHU5meHgsJ
n6IKB5v5oHXj04Z0XGvd0iRSUiKBpKIYjPOOe/XFY8Lr57mpiJhUmeh6TujDW8Yc
h+eGWUD6hV9kgtHmEinYzUIg2xsx/BW2wLsDYUMp1UY8JqMgCvq2XydWqueN0uy+
ZIAUN7HC+Da7eUon6WWi36+wf48qf6VhOBwyceUeRx9HCjsRkmQWkyMifhAqtfxr
TKf7hPlTaS8gTq1dPdCKlrm39Vyh4kFVWgT7CFEQYO0OJmywpX+OY0WffPOgmlbF
uShXOStXX+ED2OV9ok2b1PxlAh7I30qrsB3rMN3SMLZG
-----END CERTIFICATE-----