Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/LvgliWlwKOYLnIL9SurKrYlAW9A.roa
File:                     LvgliWlwKOYLnIL9SurKrYlAW9A.roa (raw, json)
Hash identifier:          tII6yfde1nMHR8s9/b5EW+wqC7XaX/SLbOw9PlryIJk=
Subject key identifier:   2E:F8:25:89:69:70:28:E6:0B:9C:82:FD:4A:EA:CA:AD:89:40:5B:D0
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       018CC5008BE8CD7DA539C1C2155E65FEAD31
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/LvgliWlwKOYLnIL9SurKrYlAW9A.roa
Signing time:             Mon 01 Jan 2024 12:29:56 +0000
ROA not before:           Mon 01 Jan 2024 12:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216334
IP address blocks:        2a12:b3c0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:8b:e8:cd:7d:a5:39:c1:c2:15:5e:65:fe:ad:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Jan  1 12:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ef82589697028e60b9c82fd4aeacaad89405bd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:06:0b:01:5a:b0:39:10:de:7c:05:4e:77:f0:
                    db:70:53:66:37:77:16:d1:fc:95:4e:d0:de:e0:15:
                    01:62:ef:09:e3:16:6f:95:8e:43:ee:c5:f0:64:90:
                    0c:3f:c8:40:7b:07:18:23:e9:9a:df:13:75:28:b4:
                    5e:a5:b2:48:7c:cb:f0:7e:73:1e:56:71:bb:8b:ad:
                    34:65:4e:d6:3e:16:5b:7e:f2:6c:4d:5d:e3:dd:0b:
                    5c:2c:01:4b:bb:5c:3b:d9:66:50:d0:f2:58:c1:a8:
                    fd:64:6d:c3:40:f0:ca:50:a0:59:6f:da:7c:60:c5:
                    be:59:dd:9f:68:01:d2:76:ec:57:11:3c:59:20:9a:
                    74:0c:a3:68:33:b2:74:6b:49:73:90:52:96:e1:1e:
                    fa:ca:23:85:a6:53:60:c3:ba:67:50:59:22:f1:51:
                    ec:86:dc:89:ca:df:ff:b5:7d:6a:40:49:26:8a:9a:
                    5c:2e:7f:3d:9b:cb:8e:d8:c5:71:a6:89:20:04:1c:
                    46:c4:00:95:e5:bf:20:4b:c1:6b:93:ac:07:3f:ae:
                    0d:5d:4c:9b:f0:3b:ab:c3:49:60:ad:1f:70:59:7d:
                    ea:94:25:cc:c6:dd:97:ad:3f:fe:c9:39:3c:32:02:
                    ca:e4:f9:86:a9:29:73:ac:2e:5a:39:06:32:c4:7a:
                    a8:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:F8:25:89:69:70:28:E6:0B:9C:82:FD:4A:EA:CA:AD:89:40:5B:D0
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/LvgliWlwKOYLnIL9SurKrYlAW9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:b3c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:eb:b7:8d:a8:38:da:cb:3d:7c:13:7b:b8:bb:5b:62:1c:b1:
         dd:da:3a:fd:1a:06:7a:24:75:88:60:5d:be:d8:24:0f:dd:4d:
         fa:65:cd:32:c5:94:0c:37:29:80:2c:ef:32:32:e7:dd:c8:69:
         46:06:07:ab:01:4f:b9:96:6a:c8:28:c1:df:de:7a:3d:db:76:
         b2:0c:b8:93:b1:7a:14:e5:f4:04:b9:e7:2f:cf:9a:ec:69:0a:
         33:72:ed:13:4f:96:5a:2e:c1:39:c4:e2:29:56:2a:78:ff:35:
         42:b0:c5:15:ee:63:3c:d1:76:c8:1f:e1:0a:5c:9c:48:fd:7d:
         26:5d:43:58:37:43:75:dc:fa:25:32:75:db:ab:bc:78:b4:9e:
         cd:7e:89:73:58:b2:b6:c8:e1:05:53:6e:87:31:de:62:fd:d2:
         72:e9:8d:e1:a1:9b:7c:e4:da:75:67:a4:51:c3:08:cb:ae:19:
         81:b5:2f:4d:81:68:76:f2:43:52:85:55:13:33:03:64:0e:5c:
         ef:58:32:d5:89:9b:6e:fa:cf:bc:f7:d5:d7:73:0c:9f:31:14:
         7d:73:9f:de:68:5e:da:92:12:30:a2:44:ec:ed:96:64:8f:cf:
         91:a6:8e:f3:e1:bc:87:f7:9f:6d:b1:c0:30:2b:d8:68:5d:c4:
         0f:f8:48:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAIvozX2lOcHCFV5l/q0xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQwMTAxMTIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWY4MjU4OTY5NzAyOGU2MGI5YzgyZmQ0YWVhY2FhZDg5NDA1YmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQYLAVqwORDefAVOd/DbcFNmN3cW
0fyVTtDe4BUBYu8J4xZvlY5D7sXwZJAMP8hAewcYI+ma3xN1KLRepbJIfMvwfnMe
VnG7i600ZU7WPhZbfvJsTV3j3QtcLAFLu1w72WZQ0PJYwaj9ZG3DQPDKUKBZb9p8
YMW+Wd2faAHSduxXETxZIJp0DKNoM7J0a0lzkFKW4R76yiOFplNgw7pnUFki8VHs
htyJyt//tX1qQEkmippcLn89m8uO2MVxpokgBBxGxACV5b8gS8Frk6wHP64NXUyb
8Durw0lgrR9wWX3qlCXMxt2XrT/+yTk8MgLK5PmGqSlzrC5aOQYyxHqo2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC74JYlpcCjmC5yC/Urqyq2JQFvQMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvTHZnbGlXbHdLT1lMbklMOVN1cktyWWxBVzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKzwAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQB267eNqDjayz18E3u4u1tiHLHd2jr9GgZ6JHWI
YF2+2CQP3U36Zc0yxZQMNymALO8yMufdyGlGBgerAU+5lmrIKMHf3no923ayDLiT
sXoU5fQEuecvz5rsaQozcu0TT5ZaLsE5xOIpVip4/zVCsMUV7mM80XbIH+EKXJxI
/X0mXUNYN0N13PolMnXbq7x4tJ7NfolzWLK2yOEFU26HMd5i/dJy6Y3hoZt85Np1
Z6RRwwjLrhmBtS9NgWh28kNShVUTMwNkDlzvWDLViZtu+s+899XXcwyfMRR9c5/e
aF7akhIwokTs7ZZkj8+Rpo7z4byH959tscAwK9hoXcQP+EhP
-----END CERTIFICATE-----