Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LcaOL3Wea52SrrJMiZ7QNYJg1Rc.roa
File:                     LcaOL3Wea52SrrJMiZ7QNYJg1Rc.roa (raw, json)
Hash identifier:          ORaPSZibjTNZoCsWYBBP46sv9KKxF27au+++pqAMa4s=
Subject key identifier:   2D:C6:8E:2F:75:9E:6B:9D:92:AE:B2:4C:89:9E:D0:35:82:60:D5:17
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCDDEF57D58BA90CC3816BFD7FF992
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LcaOL3Wea52SrrJMiZ7QNYJg1Rc.roa
Signing time:             Tue 02 Jan 2024 06:29:26 +0000
ROA not before:           Tue 02 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39368
IP address blocks:        185.218.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:dd:ef:57:d5:8b:a9:0c:c3:81:6b:fd:7f:f9:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dc68e2f759e6b9d92aeb24c899ed0358260d517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:36:1b:ea:50:76:8d:9b:7b:e8:51:ff:ab:cc:
                    d0:3b:40:75:23:83:3d:79:0d:2e:97:28:ce:ac:09:
                    c9:d7:ba:5e:cf:07:4d:03:ff:2d:7b:2b:f5:53:55:
                    3d:ef:e1:60:04:12:f5:5b:26:6d:21:d0:62:37:ff:
                    f6:bf:ba:0f:00:71:29:d6:f4:5e:55:33:cc:75:b8:
                    78:f1:56:2e:6a:0a:b9:59:2e:54:bf:98:72:03:15:
                    4a:d5:1b:e4:00:17:26:16:12:21:fe:52:5e:7a:11:
                    fd:3e:e1:26:7b:8d:62:23:8d:fc:8c:24:39:df:57:
                    af:28:17:18:ff:48:5c:0d:a5:d9:c6:56:b6:aa:e4:
                    b3:35:98:5a:4c:54:cc:87:f2:ab:7a:90:31:93:90:
                    b8:e9:2c:09:5c:a6:92:3c:d0:1f:5c:6b:05:aa:64:
                    9c:02:76:fe:ae:99:10:86:39:d2:2b:36:e8:65:a3:
                    81:d4:b7:1b:e9:0f:b6:7b:dc:da:37:33:cc:31:8a:
                    f6:8d:25:c1:11:5b:aa:c8:0c:43:f0:0e:6f:26:47:
                    e3:96:02:ee:f7:bc:24:1f:3f:2c:5f:ac:c3:d1:a0:
                    5d:12:53:0d:c3:e4:44:ee:ea:60:a0:1e:7b:cc:03:
                    f8:5a:4a:8d:60:43:cf:0a:8e:22:09:2c:fd:06:94:
                    12:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:C6:8E:2F:75:9E:6B:9D:92:AE:B2:4C:89:9E:D0:35:82:60:D5:17
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LcaOL3Wea52SrrJMiZ7QNYJg1Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:02:8a:22:68:b8:c5:c4:20:02:0f:fc:3d:00:53:91:5a:62:
         50:c3:6a:ee:81:d6:87:4a:c6:02:9a:6b:38:bb:ba:17:0c:d5:
         68:ed:00:a2:b9:ff:f4:37:23:fa:e3:1a:aa:90:7e:fd:a9:8d:
         a6:f6:40:a0:db:56:78:22:d5:ca:1d:e3:8c:9c:01:30:c1:12:
         92:0a:b3:49:78:64:08:a7:c7:b6:58:65:77:a2:4b:e1:47:63:
         ba:2b:80:9f:4d:bb:55:f8:99:ca:49:e0:8c:6b:76:17:a7:15:
         21:c2:2a:f8:63:6f:1e:a2:1b:0e:b3:cd:3d:49:d2:f3:18:46:
         f5:73:e9:ce:1e:27:67:26:55:05:30:70:38:de:b9:ca:96:3e:
         e1:14:19:71:20:d0:74:33:dc:52:20:6f:3f:45:18:ce:31:ba:
         8d:dc:76:3d:e4:38:cb:34:84:33:a1:d2:3b:83:4b:9b:b1:3f:
         ae:f3:45:91:ec:79:f8:b6:93:73:ee:cf:d9:a1:e5:c8:ce:dd:
         04:d4:de:f0:ae:50:b8:2a:62:9f:8e:37:f6:65:82:13:de:87:
         8d:2f:93:31:b4:f0:a2:08:d4:4f:ee:5e:c2:5e:6f:e4:60:1a:
         49:a5:57:76:ee:07:74:a7:7e:4f:70:4e:af:a3:60:02:41:30:
         e2:fc:2d:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3N3vV9WLqQzDgWv9f/mSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGM2OGUyZjc1OWU2YjlkOTJhZWIyNGM4OTllZDAzNTgyNjBkNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzYb6lB2jZt76FH/q8zQO0B1I4M9
eQ0ulyjOrAnJ17pezwdNA/8teyv1U1U97+FgBBL1WyZtIdBiN//2v7oPAHEp1vRe
VTPMdbh48VYuagq5WS5Uv5hyAxVK1RvkABcmFhIh/lJeehH9PuEme41iI438jCQ5
31evKBcY/0hcDaXZxla2quSzNZhaTFTMh/KrepAxk5C46SwJXKaSPNAfXGsFqmSc
Anb+rpkQhjnSKzboZaOB1Lcb6Q+2e9zaNzPMMYr2jSXBEVuqyAxD8A5vJkfjlgLu
97wkHz8sX6zD0aBdElMNw+RE7upgoB57zAP4WkqNYEPPCo4iCSz9BpQSTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3Gji91nmudkq6yTIme0DWCYNUXMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTGNhT0wzV2VhNTJTcnJKTWlaN1FOWUpnMVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudqLMA0G
CSqGSIb3DQEBCwUAA4IBAQBKAooiaLjFxCACD/w9AFORWmJQw2rugdaHSsYCmms4
u7oXDNVo7QCiuf/0NyP64xqqkH79qY2m9kCg21Z4ItXKHeOMnAEwwRKSCrNJeGQI
p8e2WGV3okvhR2O6K4CfTbtV+JnKSeCMa3YXpxUhwir4Y28eohsOs809SdLzGEb1
c+nOHidnJlUFMHA43rnKlj7hFBlxINB0M9xSIG8/RRjOMbqN3HY95DjLNIQzodI7
g0ubsT+u80WR7Hn4tpNz7s/ZoeXIzt0E1N7wrlC4KmKfjjf2ZYIT3oeNL5MxtPCi
CNRP7l7CXm/kYBpJpVd27gd0p35PcE6vo2ACQTDi/C2I
-----END CERTIFICATE-----