Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/LMqWnujholvDnvzU2BrphA8qgmk.roa
File:                     LMqWnujholvDnvzU2BrphA8qgmk.roa (raw, json)
Hash identifier:          weiHoxsYHMy8rgAm5sX797PlhKXN5Z+wkQh7LhWh4Bc=
Subject key identifier:   2C:CA:96:9E:E8:E1:A2:5B:C3:9E:FC:D4:D8:1A:E9:84:0F:2A:82:69
Certificate issuer:       /CN=e783b62ab8aea520770c57404be7771f679ec0b5
Certificate serial:       018CC5DD099428F3746BD5565126E157754A
Authority key identifier: E7:83:B6:2A:B8:AE:A5:20:77:0C:57:40:4B:E7:77:1F:67:9E:C0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/LMqWnujholvDnvzU2BrphA8qgmk.roa
Signing time:             Mon 01 Jan 2024 16:30:46 +0000
ROA not before:           Mon 01 Jan 2024 16:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50419
IP address blocks:        109.95.184.0/24 maxlen: 24
                          109.95.185.0/24 maxlen: 24
                          2001:67c:118::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:09:94:28:f3:74:6b:d5:56:51:26:e1:57:75:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e783b62ab8aea520770c57404be7771f679ec0b5
        Validity
            Not Before: Jan  1 16:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cca969ee8e1a25bc39efcd4d81ae9840f2a8269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d2:6c:7a:b0:5c:ce:74:50:27:1a:63:fe:f0:
                    e7:ab:55:c9:1b:f3:00:82:11:85:aa:18:e0:93:21:
                    7e:e4:1a:21:76:f5:6a:7a:bd:57:2b:76:ed:bb:b3:
                    28:a1:c5:52:e0:64:ff:a4:b3:c8:89:d4:c5:20:83:
                    49:df:e9:8e:72:01:09:07:7f:86:20:90:55:da:9b:
                    53:33:e7:34:1c:4c:a5:03:75:2e:fe:21:b7:db:2f:
                    a2:ef:7a:a9:b3:9b:6a:71:1a:d8:1c:58:03:42:67:
                    ff:6e:61:7a:83:af:88:0b:8d:82:1d:a1:35:8e:a8:
                    e9:75:a6:fa:1e:13:20:de:74:c6:ea:d2:4d:4f:05:
                    05:65:d8:88:fa:ee:f5:a0:11:0e:30:2e:10:69:3f:
                    4c:0d:79:0e:81:21:40:13:a5:ed:b7:d9:79:f2:c1:
                    7a:e3:f6:e8:63:85:ed:89:06:e9:0c:6a:0f:b2:16:
                    ab:66:22:4f:ba:68:c0:f6:3a:e4:ab:e1:72:6a:fe:
                    c8:59:b7:eb:d5:b9:92:a1:c7:6d:ca:82:1d:44:59:
                    c0:09:92:aa:55:ed:3f:b8:19:ad:c8:a3:04:4c:cf:
                    d1:9a:b1:8f:22:45:e1:60:e7:91:11:1c:84:d1:cc:
                    98:fd:fb:a5:b9:d5:fb:81:d4:b2:eb:2a:9a:7e:14:
                    b7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:CA:96:9E:E8:E1:A2:5B:C3:9E:FC:D4:D8:1A:E9:84:0F:2A:82:69
            X509v3 Authority Key Identifier:
                keyid:E7:83:B6:2A:B8:AE:A5:20:77:0C:57:40:4B:E7:77:1F:67:9E:C0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/LMqWnujholvDnvzU2BrphA8qgmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.184.0/23
                IPv6:
                  2001:67c:118::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:33:ac:b5:fb:d4:48:08:af:ad:2d:b8:ec:95:13:9e:69:2b:
         8a:5d:f6:88:26:75:c8:f7:01:e0:2d:18:23:06:3c:bb:93:33:
         06:a4:18:1d:c6:d8:0b:3e:b2:93:fa:eb:79:92:74:b3:67:f4:
         7f:85:e6:21:05:4c:97:5a:05:3c:bb:e3:bc:4a:e0:56:4f:42:
         1c:80:ca:50:bf:65:25:67:96:32:1a:08:c6:14:e1:30:39:82:
         16:7e:e0:af:40:84:ba:a1:64:63:14:41:04:b5:c5:4a:6f:40:
         6d:71:68:4e:3e:d5:b1:b1:8a:f7:be:5b:27:38:7e:e8:61:16:
         2e:4a:69:c9:34:ee:f7:08:96:84:b1:b3:ac:d3:b0:12:03:72:
         69:18:6c:20:0a:e4:5e:09:f4:6d:33:d5:c9:51:d9:97:07:0e:
         35:23:69:8f:f8:95:ba:34:53:0d:38:c7:ed:9c:cd:5e:47:7d:
         88:d5:9c:29:c4:b2:b2:39:d5:64:af:9c:06:7f:88:4c:16:75:
         a9:fe:d1:4f:5b:85:80:98:f3:aa:d5:e6:c1:25:89:f8:83:15:
         ee:ce:a8:34:68:1d:7c:af:b7:9d:91:60:06:de:45:bf:22:dc:
         25:65:12:36:c7:da:4b:e8:04:0e:c3:6c:b8:14:ad:86:88:54:
         d3:e9:95:7f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3QmUKPN0a9VWUSbhV3VKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ODNiNjJhYjhhZWE1MjA3NzBjNTc0MDRiZTc3NzFmNjc5
ZWMwYjUwHhcNMjQwMTAxMTYzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2NhOTY5ZWU4ZTFhMjViYzM5ZWZjZDRkODFhZTk4NDBmMmE4MjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNJserBcznRQJxpj/vDnq1XJG/MA
ghGFqhjgkyF+5BohdvVqer1XK3btu7MoocVS4GT/pLPIidTFIINJ3+mOcgEJB3+G
IJBV2ptTM+c0HEylA3Uu/iG32y+i73qps5tqcRrYHFgDQmf/bmF6g6+IC42CHaE1
jqjpdab6HhMg3nTG6tJNTwUFZdiI+u71oBEOMC4QaT9MDXkOgSFAE6Xtt9l58sF6
4/boY4XtiQbpDGoPsharZiJPumjA9jrkq+Fyav7IWbfr1bmSocdtyoIdRFnACZKq
Ve0/uBmtyKMETM/RmrGPIkXhYOeRERyE0cyY/fuludX7gdSy6yqafhS33QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCzKlp7o4aJbw5781Nga6YQPKoJpMB8GA1UdIwQY
MBaAFOeDtiq4rqUgdwxXQEvndx9nnsC1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTRPMktyaXVwU0IzREZkQVMtZDNIMmVld0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9mYWRiM2YtZGM5Ni00OTAyLTg2ZWIt
MTlkZjViNGQxMDE0LzEvTE1xV251amhvbHZEbnZ6VTJCcnBoQThxZ21rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9mYWRiM2YtZGM5Ni00OTAyLTg2ZWItMTlkZjViNGQxMDE0
LzEvNTRPMktyaXVwU0IzREZkQVMtZDNIMmVld0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBbV+4MA8E
AgACMAkDBwAgAQZ8ARgwDQYJKoZIhvcNAQELBQADggEBAE4zrLX71EgIr60tuOyV
E55pK4pd9ogmdcj3AeAtGCMGPLuTMwakGB3G2As+spP663mSdLNn9H+F5iEFTJda
BTy747xK4FZPQhyAylC/ZSVnljIaCMYU4TA5ghZ+4K9AhLqhZGMUQQS1xUpvQG1x
aE4+1bGxive+Wyc4fuhhFi5Kack07vcIloSxs6zTsBIDcmkYbCAK5F4J9G0z1clR
2ZcHDjUjaY/4lbo0Uw04x+2czV5HfYjVnCnEsrI51WSvnAZ/iEwWdan+0U9bhYCY
86rV5sElifiDFe7OqDRoHXyvt52RYAbeRb8i3CVlEjbH2kvoBA7DbLgUrYaIVNPp
lX8=
-----END CERTIFICATE-----