Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/393d36-77bf-4ae2-9324-340f433584d2/1/LRfPva0k2oMOx3GCnDbTeeGyq8I.roa
File:                     LRfPva0k2oMOx3GCnDbTeeGyq8I.roa (raw, json)
Hash identifier:          KFzGMEjtjzgaz/CTbnF+zbi2TPwMg49Y0OnpeoXgiLQ=
Subject key identifier:   2D:17:CF:BD:AD:24:DA:83:0E:C7:71:82:9C:36:D3:79:E1:B2:AB:C2
Certificate issuer:       /CN=106c0f395410f286c8576576d7d2f78304b5e83a
Certificate serial:       018CCA2BD7C900B5862A85C16A7284122043
Authority key identifier: 10:6C:0F:39:54:10:F2:86:C8:57:65:76:D7:D2:F7:83:04:B5:E8:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EGwPOVQQ8obIV2V219L3gwS16Do.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/393d36-77bf-4ae2-9324-340f433584d2/1/LRfPva0k2oMOx3GCnDbTeeGyq8I.roa
Signing time:             Tue 02 Jan 2024 12:35:20 +0000
ROA not before:           Tue 02 Jan 2024 12:35:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50802
IP address blocks:        46.151.104.0/21 maxlen: 24
                          195.135.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/393d36-77bf-4ae2-9324-340f433584d2/1/EGwPOVQQ8obIV2V219L3gwS16Do.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/393d36-77bf-4ae2-9324-340f433584d2/1/EGwPOVQQ8obIV2V219L3gwS16Do.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EGwPOVQQ8obIV2V219L3gwS16Do.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d7:c9:00:b5:86:2a:85:c1:6a:72:84:12:20:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=106c0f395410f286c8576576d7d2f78304b5e83a
        Validity
            Not Before: Jan  2 12:35:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d17cfbdad24da830ec771829c36d379e1b2abc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:5b:34:f7:2b:95:76:e7:2e:44:55:cc:05:bb:
                    28:08:77:e5:95:bf:69:78:30:54:13:6e:d6:98:81:
                    23:6b:bb:da:b6:8d:9c:d5:ad:cf:a4:59:d8:e0:7f:
                    ba:bd:a7:63:18:6c:71:be:00:90:f5:4c:09:e7:f0:
                    9c:a0:62:f9:c7:89:61:31:de:2a:5d:ef:5e:c5:bb:
                    7d:8a:29:fa:9e:4f:24:f0:19:57:06:e2:fe:50:2a:
                    65:9e:ab:29:0a:f0:ff:cc:b3:54:cb:9a:77:89:17:
                    dc:ba:94:e8:02:db:fd:78:cf:e6:91:ab:89:9a:00:
                    65:b8:51:3d:cc:28:e0:fb:b9:fd:a8:02:5e:d6:e5:
                    aa:6d:4f:c8:e0:d7:c8:04:af:87:47:8b:9c:9c:f4:
                    4c:cd:31:f0:40:d6:a9:13:63:b3:20:a2:38:55:e6:
                    7e:e6:e6:88:de:13:1d:ab:05:47:01:89:8a:62:0b:
                    f1:59:6f:a4:27:64:9b:c2:08:69:87:db:ef:4f:33:
                    13:f9:39:aa:ff:00:d6:23:a2:0f:48:67:0b:23:e1:
                    06:8a:f2:e7:aa:4b:98:79:77:f5:04:3b:bc:03:36:
                    e2:3c:ec:64:ff:a3:e7:e2:99:f3:02:d3:0b:89:a2:
                    da:59:e2:f6:b1:22:db:cf:78:f4:08:cb:4d:d6:29:
                    c3:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:17:CF:BD:AD:24:DA:83:0E:C7:71:82:9C:36:D3:79:E1:B2:AB:C2
            X509v3 Authority Key Identifier:
                keyid:10:6C:0F:39:54:10:F2:86:C8:57:65:76:D7:D2:F7:83:04:B5:E8:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EGwPOVQQ8obIV2V219L3gwS16Do.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/393d36-77bf-4ae2-9324-340f433584d2/1/LRfPva0k2oMOx3GCnDbTeeGyq8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/393d36-77bf-4ae2-9324-340f433584d2/1/EGwPOVQQ8obIV2V219L3gwS16Do.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.104.0/21
                  195.135.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:bd:e5:40:3a:65:65:b7:47:aa:1b:ce:ea:f8:4c:ae:07:0c:
         f0:c9:ff:46:41:5f:6e:b9:6d:21:e0:fa:ad:38:03:03:4e:f5:
         6d:cf:0b:15:62:36:a4:bd:fd:80:83:ae:f8:44:03:71:6d:c1:
         cd:73:52:8f:b6:4d:00:28:9c:1e:52:e0:7c:7f:a3:d1:78:8f:
         78:c8:5f:c0:8c:a1:ff:dc:8c:a3:61:6c:ce:50:0b:4d:d4:8d:
         9d:54:41:12:2c:5c:dc:7a:18:ae:9e:06:b5:80:4c:08:d2:1f:
         68:d6:10:4d:76:00:f4:8d:56:e9:bd:0a:a6:00:46:86:b5:3d:
         f0:23:8f:48:32:b8:e0:6a:12:e2:5b:06:c0:b0:ba:46:d0:b5:
         5b:ff:9a:00:9d:18:c2:f3:75:90:de:15:69:6b:4d:e7:0c:14:
         a2:fa:6d:0e:51:92:9e:ec:d3:83:45:5a:91:bd:cd:53:42:17:
         e2:65:7a:7d:93:2b:05:f0:9c:93:c2:ad:98:cf:18:1a:f9:a5:
         42:94:a0:f9:b8:09:6a:03:2b:54:ef:de:5f:5f:1d:e3:dd:e8:
         95:9b:b2:fc:d0:e3:6a:2d:60:ec:22:66:f3:e3:48:36:8c:70:
         d7:4a:78:10:8e:10:fc:de:51:e2:36:73:9d:af:ac:bf:2d:bd:
         84:19:60:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK9fJALWGKoXBanKEEiBDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNmMwZjM5NTQxMGYyODZjODU3NjU3NmQ3ZDJmNzgzMDRi
NWU4M2EwHhcNMjQwMTAyMTIzNTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDE3Y2ZiZGFkMjRkYTgzMGVjNzcxODI5YzM2ZDM3OWUxYjJhYmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhVs09yuVducuRFXMBbsoCHfllb9p
eDBUE27WmIEja7vato2c1a3PpFnY4H+6vadjGGxxvgCQ9UwJ5/CcoGL5x4lhMd4q
Xe9exbt9iin6nk8k8BlXBuL+UCplnqspCvD/zLNUy5p3iRfcupToAtv9eM/mkauJ
mgBluFE9zCjg+7n9qAJe1uWqbU/I4NfIBK+HR4ucnPRMzTHwQNapE2OzIKI4VeZ+
5uaI3hMdqwVHAYmKYgvxWW+kJ2Sbwghph9vvTzMT+Tmq/wDWI6IPSGcLI+EGivLn
qkuYeXf1BDu8AzbiPOxk/6Pn4pnzAtMLiaLaWeL2sSLbz3j0CMtN1inDYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC0Xz72tJNqDDsdxgpw203nhsqvCMB8GA1UdIwQY
MBaAFBBsDzlUEPKGyFdldtfS94MEteg6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUd3UE9WUVE4b2JJVjJWMjE5TDNnd1MxNkRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8zOTNkMzYtNzdiZi00YWUyLTkzMjQt
MzQwZjQzMzU4NGQyLzEvTFJmUHZhMGsyb01PeDNHQ25EYlRlZUd5cThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8zOTNkMzYtNzdiZi00YWUyLTkzMjQtMzQwZjQzMzU4NGQy
LzEvRUd3UE9WUVE4b2JJVjJWMjE5TDNnd1MxNkRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLpdoAwQC
w4fwMA0GCSqGSIb3DQEBCwUAA4IBAQA3veVAOmVlt0eqG87q+EyuBwzwyf9GQV9u
uW0h4PqtOAMDTvVtzwsVYjakvf2Ag674RANxbcHNc1KPtk0AKJweUuB8f6PReI94
yF/AjKH/3IyjYWzOUAtN1I2dVEESLFzcehiunga1gEwI0h9o1hBNdgD0jVbpvQqm
AEaGtT3wI49IMrjgahLiWwbAsLpG0LVb/5oAnRjC83WQ3hVpa03nDBSi+m0OUZKe
7NODRVqRvc1TQhfiZXp9kysF8JyTwq2Yzxga+aVClKD5uAlqAytU795fXx3j3eiV
m7L80ONqLWDsImbz40g2jHDXSngQjhD83lHiNnOdr6y/Lb2EGWCV
-----END CERTIFICATE-----