Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/60447d-d305-4dea-9daa-26837038c688/1/LBCeZV4CUt43TuXJED82R83lbpY.roa
File:                     LBCeZV4CUt43TuXJED82R83lbpY.roa (raw, json)
Hash identifier:          xFb3QUmSAlRgvHSokgM5sEMWgO5u0h5koE9pGUSQ1qM=
Subject key identifier:   2C:10:9E:65:5E:02:52:DE:37:4E:E5:C9:10:3F:36:47:CD:E5:6E:96
Certificate issuer:       /CN=1bbc841b779a2bb2c28a8daee2b2d10d5a7c34d5
Certificate serial:       018CC9BB371C31CA8E34E4E74F793ABB644A
Authority key identifier: 1B:BC:84:1B:77:9A:2B:B2:C2:8A:8D:AE:E2:B2:D1:0D:5A:7C:34:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G7yEG3eaK7LCio2u4rLRDVp8NNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/60447d-d305-4dea-9daa-26837038c688/1/LBCeZV4CUt43TuXJED82R83lbpY.roa
Signing time:             Tue 02 Jan 2024 10:32:18 +0000
ROA not before:           Tue 02 Jan 2024 10:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56813
IP address blocks:        91.237.88.0/23 maxlen: 24
                          2001:67c:299c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/60447d-d305-4dea-9daa-26837038c688/1/G7yEG3eaK7LCio2u4rLRDVp8NNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/60447d-d305-4dea-9daa-26837038c688/1/G7yEG3eaK7LCio2u4rLRDVp8NNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G7yEG3eaK7LCio2u4rLRDVp8NNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:37:1c:31:ca:8e:34:e4:e7:4f:79:3a:bb:64:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bbc841b779a2bb2c28a8daee2b2d10d5a7c34d5
        Validity
            Not Before: Jan  2 10:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c109e655e0252de374ee5c9103f3647cde56e96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f8:81:e3:6c:18:9c:c4:c3:ac:79:75:fd:18:
                    2c:7e:28:85:64:92:d8:97:e3:ce:20:92:f7:67:8d:
                    60:ec:a0:dc:36:13:5d:ed:4f:0d:3a:f9:b0:c7:55:
                    35:b3:36:60:bc:19:6a:fc:11:96:78:a5:68:3e:84:
                    76:f9:9e:1a:7d:15:65:88:c6:e0:32:86:50:e9:74:
                    ba:a6:23:2d:cf:96:72:ba:9d:0e:91:78:7a:eb:22:
                    d0:37:d4:72:a8:fb:1f:8b:55:b5:32:10:40:7d:31:
                    60:f8:90:d1:4b:57:25:bc:52:c8:b8:e8:e2:3c:90:
                    9f:3e:82:cf:9c:6b:15:56:0e:12:ac:a5:37:5f:23:
                    a9:f5:e9:8b:98:d8:d4:c4:e4:7b:b0:8c:d0:d4:a4:
                    a7:70:02:b8:0a:f3:ab:8a:d6:03:36:84:21:61:05:
                    b9:ea:ad:8f:1d:f8:d0:11:d9:d0:f6:0c:27:c3:bb:
                    2d:97:88:54:c7:f5:66:e2:2c:05:a4:19:14:73:0d:
                    88:2a:b3:b4:29:9e:1b:1d:8f:39:33:0c:d8:5b:23:
                    20:f3:ed:4f:40:76:c9:57:23:22:fc:ca:11:c2:1c:
                    12:f5:a4:8a:be:6c:ec:4e:31:e5:7b:e1:64:b8:4c:
                    83:8e:67:77:55:07:f6:76:3d:45:f1:07:e3:bf:6b:
                    2c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:10:9E:65:5E:02:52:DE:37:4E:E5:C9:10:3F:36:47:CD:E5:6E:96
            X509v3 Authority Key Identifier:
                keyid:1B:BC:84:1B:77:9A:2B:B2:C2:8A:8D:AE:E2:B2:D1:0D:5A:7C:34:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G7yEG3eaK7LCio2u4rLRDVp8NNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/60447d-d305-4dea-9daa-26837038c688/1/LBCeZV4CUt43TuXJED82R83lbpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/60447d-d305-4dea-9daa-26837038c688/1/G7yEG3eaK7LCio2u4rLRDVp8NNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.88.0/23
                IPv6:
                  2001:67c:299c::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:08:bf:69:1e:3a:bc:59:4e:1a:13:52:b9:6e:1d:06:71:58:
         0b:02:96:92:e0:af:68:e0:68:3c:5e:68:05:10:aa:73:84:8b:
         ec:57:3d:a7:34:9f:4a:73:02:e2:6a:28:6e:96:d4:21:db:b8:
         ea:9a:29:33:0a:59:12:c1:3b:e4:fb:6d:8e:05:e0:b0:1b:04:
         e1:bb:7b:70:2e:3c:77:e8:26:29:eb:73:a0:b8:4f:34:cf:de:
         50:37:94:05:fc:ef:3d:3a:ce:25:ad:d4:84:9e:e3:98:29:b8:
         8d:d2:b8:cb:42:f8:3a:df:b3:22:ad:b0:83:f7:c7:e0:92:59:
         35:d0:7f:4a:92:1d:f1:88:e5:7f:89:59:32:16:de:a5:75:0c:
         94:de:61:04:6d:1e:ba:02:81:9b:f3:04:11:20:58:d2:a9:98:
         03:2f:a9:90:19:a1:49:17:c5:78:5f:b3:fa:f0:bf:53:12:6d:
         3d:8f:21:00:55:38:a1:f1:bf:21:dc:96:b1:47:f8:27:eb:89:
         74:42:25:40:81:4e:d6:85:24:57:9d:38:76:cc:1d:78:56:b9:
         2a:74:ae:36:f7:47:74:60:79:c9:1c:9c:1d:d1:b4:d7:d6:3b:
         14:02:18:52:26:10:a2:0d:c5:11:04:39:a3:ca:a5:2f:db:b0:
         82:86:36:e5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJuzccMcqONOTnT3k6u2RKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYmM4NDFiNzc5YTJiYjJjMjhhOGRhZWUyYjJkMTBkNWE3
YzM0ZDUwHhcNMjQwMTAyMTAzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzEwOWU2NTVlMDI1MmRlMzc0ZWU1YzkxMDNmMzY0N2NkZTU2ZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PiB42wYnMTDrHl1/RgsfiiFZJLY
l+POIJL3Z41g7KDcNhNd7U8NOvmwx1U1szZgvBlq/BGWeKVoPoR2+Z4afRVliMbg
MoZQ6XS6piMtz5Zyup0OkXh66yLQN9RyqPsfi1W1MhBAfTFg+JDRS1clvFLIuOji
PJCfPoLPnGsVVg4SrKU3XyOp9emLmNjUxOR7sIzQ1KSncAK4CvOritYDNoQhYQW5
6q2PHfjQEdnQ9gwnw7stl4hUx/Vm4iwFpBkUcw2IKrO0KZ4bHY85MwzYWyMg8+1P
QHbJVyMi/MoRwhwS9aSKvmzsTjHle+FkuEyDjmd3VQf2dj1F8Qfjv2ssIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCwQnmVeAlLeN07lyRA/NkfN5W6WMB8GA1UdIwQY
MBaAFBu8hBt3miuywoqNruKy0Q1afDTVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzd5RUczZWFLN0xDaW8ydTRyTFJEVnA4Tk5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS82MDQ0N2QtZDMwNS00ZGVhLTlkYWEt
MjY4MzcwMzhjNjg4LzEvTEJDZVpWNENVdDQzVHVYSkVEODJSODNsYnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS82MDQ0N2QtZDMwNS00ZGVhLTlkYWEtMjY4MzcwMzhjNjg4
LzEvRzd5RUczZWFLN0xDaW8ydTRyTFJEVnA4Tk5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW+1YMA8E
AgACMAkDBwAgAQZ8KZwwDQYJKoZIhvcNAQELBQADggEBACYIv2keOrxZThoTUrlu
HQZxWAsClpLgr2jgaDxeaAUQqnOEi+xXPac0n0pzAuJqKG6W1CHbuOqaKTMKWRLB
O+T7bY4F4LAbBOG7e3AuPHfoJinrc6C4TzTP3lA3lAX87z06ziWt1ISe45gpuI3S
uMtC+DrfsyKtsIP3x+CSWTXQf0qSHfGI5X+JWTIW3qV1DJTeYQRtHroCgZvzBBEg
WNKpmAMvqZAZoUkXxXhfs/rwv1MSbT2PIQBVOKHxvyHclrFH+CfriXRCJUCBTtaF
JFedOHbMHXhWuSp0rjb3R3RgeckcnB3RtNfWOxQCGFImEKINxREEOaPKpS/bsIKG
NuU=
-----END CERTIFICATE-----