Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/LPOYGcyMozu6XVbWQO12F9qIwDs.roa
File:                     LPOYGcyMozu6XVbWQO12F9qIwDs.roa (raw, json)
Hash identifier:          62CKuItStp9z1NjZVBvJFw8GhZqsOnaQSyCbHjsKUeM=
Subject key identifier:   2C:F3:98:19:CC:8C:A3:3B:BA:5D:56:D6:40:ED:76:17:DA:88:C0:3B
Certificate issuer:       /CN=7c835498f35199a1571964d855c3877751681ab9
Certificate serial:       018CCA2BA74F72079CFF94C4F493A6AEF171
Authority key identifier: 7C:83:54:98:F3:51:99:A1:57:19:64:D8:55:C3:87:77:51:68:1A:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fINUmPNRmaFXGWTYVcOHd1FoGrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/LPOYGcyMozu6XVbWQO12F9qIwDs.roa
Signing time:             Tue 02 Jan 2024 12:35:07 +0000
ROA not before:           Tue 02 Jan 2024 12:35:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29024
IP address blocks:        185.3.48.0/22 maxlen: 22
                          91.189.40.0/21 maxlen: 21
                          185.187.252.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/fINUmPNRmaFXGWTYVcOHd1FoGrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/fINUmPNRmaFXGWTYVcOHd1FoGrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fINUmPNRmaFXGWTYVcOHd1FoGrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a7:4f:72:07:9c:ff:94:c4:f4:93:a6:ae:f1:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c835498f35199a1571964d855c3877751681ab9
        Validity
            Not Before: Jan  2 12:35:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cf39819cc8ca33bba5d56d640ed7617da88c03b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:56:a0:c0:cd:38:c7:f3:7f:85:ae:72:74:24:
                    a0:b8:db:d1:d0:ba:68:0b:17:7f:bc:b8:2f:0f:86:
                    22:77:e9:54:26:94:34:f3:f5:c2:92:de:68:6b:cf:
                    73:0d:42:a8:0d:35:4a:6b:a5:c0:90:6c:98:f4:e3:
                    ff:0f:49:fa:04:d2:7d:ae:02:89:f1:67:89:d3:d9:
                    12:c4:c4:83:26:aa:00:7e:57:e2:8e:ad:44:fb:5f:
                    5e:11:e8:13:44:70:a8:90:34:99:f4:a1:af:bd:64:
                    07:f3:8a:d9:b5:5c:d6:77:a8:ac:57:4a:66:75:11:
                    aa:61:48:3d:a3:95:b6:ce:f4:a1:ed:7a:2b:bc:67:
                    49:23:37:14:89:75:15:d9:a4:95:71:88:2f:19:83:
                    56:08:00:1e:67:4b:cf:7a:ae:3a:4b:fa:22:81:0b:
                    7c:e0:13:90:af:41:0d:07:12:ad:89:76:e2:de:57:
                    2b:07:8a:e3:3c:52:aa:71:20:be:58:f9:a7:1b:34:
                    26:c6:53:32:4f:c3:47:f6:20:18:56:d9:14:8d:1b:
                    42:f2:a8:db:5a:2f:3c:50:b8:4b:0e:d2:78:67:29:
                    99:d6:70:70:71:04:e8:e8:55:0b:de:b1:84:9a:82:
                    30:89:45:99:c8:00:67:5d:c8:b1:d0:c5:8c:2a:e3:
                    0a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:F3:98:19:CC:8C:A3:3B:BA:5D:56:D6:40:ED:76:17:DA:88:C0:3B
            X509v3 Authority Key Identifier:
                keyid:7C:83:54:98:F3:51:99:A1:57:19:64:D8:55:C3:87:77:51:68:1A:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fINUmPNRmaFXGWTYVcOHd1FoGrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/LPOYGcyMozu6XVbWQO12F9qIwDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9f8ae2-0fb5-4c04-ad93-4ce477dbb407/1/fINUmPNRmaFXGWTYVcOHd1FoGrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.189.40.0/21
                  185.3.48.0/22
                  185.187.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:24:bb:6d:70:04:d7:1f:20:65:1d:29:eb:78:65:af:0a:e6:
         9d:c8:c8:7d:34:f8:4f:cd:28:7d:b9:b5:22:43:d8:64:48:1a:
         82:53:96:f4:7a:a3:4f:46:b1:4f:b8:45:1d:e4:ff:6a:4c:89:
         47:e5:38:5e:4a:5c:c8:06:97:3c:c6:81:55:d8:14:b6:5c:d2:
         fb:af:e0:12:00:0f:f8:28:a2:04:3c:0f:15:1c:48:9f:f0:18:
         5a:45:ed:e5:9e:45:c8:e2:82:db:11:30:e8:e7:2f:5f:8a:5b:
         78:1a:9f:d0:ee:75:ac:97:2a:5f:de:59:c2:f1:9d:2b:73:5f:
         6d:60:e1:0b:fe:25:33:54:09:ee:5f:e3:9c:b5:fe:1b:1e:63:
         c0:f6:b9:aa:d8:15:69:9b:31:a7:95:68:ca:cb:b3:67:40:c3:
         30:2f:e3:32:84:b6:55:21:77:ce:79:b4:86:de:94:df:de:60:
         46:c1:25:4d:b7:e3:88:3f:d3:dd:d8:bc:cd:a8:6c:ba:b6:a5:
         b1:3e:79:ac:cb:04:72:8a:4e:c3:34:90:00:39:1f:51:bb:b2:
         ef:18:20:00:2a:84:3b:18:6c:e2:ff:54:6b:a9:3e:34:3a:80:
         c1:ac:2c:95:83:28:82:71:a9:80:3a:b6:69:54:ba:94:d6:b7:
         96:44:b6:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKK6dPcgec/5TE9JOmrvFxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjODM1NDk4ZjM1MTk5YTE1NzE5NjRkODU1YzM4Nzc3NTE2
ODFhYjkwHhcNMjQwMTAyMTIzNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2YzOTgxOWNjOGNhMzNiYmE1ZDU2ZDY0MGVkNzYxN2RhODhjMDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1agwM04x/N/ha5ydCSguNvR0Lpo
Cxd/vLgvD4Yid+lUJpQ08/XCkt5oa89zDUKoDTVKa6XAkGyY9OP/D0n6BNJ9rgKJ
8WeJ09kSxMSDJqoAflfijq1E+19eEegTRHCokDSZ9KGvvWQH84rZtVzWd6isV0pm
dRGqYUg9o5W2zvSh7XorvGdJIzcUiXUV2aSVcYgvGYNWCAAeZ0vPeq46S/oigQt8
4BOQr0ENBxKtiXbi3lcrB4rjPFKqcSC+WPmnGzQmxlMyT8NH9iAYVtkUjRtC8qjb
Wi88ULhLDtJ4ZymZ1nBwcQTo6FUL3rGEmoIwiUWZyABnXcix0MWMKuMKgQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCzzmBnMjKM7ul1W1kDtdhfaiMA7MB8GA1UdIwQY
MBaAFHyDVJjzUZmhVxlk2FXDh3dRaBq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZklOVW1QTlJtYUZYR1dUWVZjT0hkMUZvR3JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy85ZjhhZTItMGZiNS00YzA0LWFkOTMt
NGNlNDc3ZGJiNDA3LzEvTFBPWUdjeU1venU2WFZiV1FPMTJGOXFJd0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy85ZjhhZTItMGZiNS00YzA0LWFkOTMtNGNlNDc3ZGJiNDA3
LzEvZklOVW1QTlJtYUZYR1dUWVZjT0hkMUZvR3JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDW70oAwQC
uQMwAwQCubv8MA0GCSqGSIb3DQEBCwUAA4IBAQAhJLttcATXHyBlHSnreGWvCuad
yMh9NPhPzSh9ubUiQ9hkSBqCU5b0eqNPRrFPuEUd5P9qTIlH5TheSlzIBpc8xoFV
2BS2XNL7r+ASAA/4KKIEPA8VHEif8BhaRe3lnkXI4oLbETDo5y9filt4Gp/Q7nWs
lypf3lnC8Z0rc19tYOEL/iUzVAnuX+Octf4bHmPA9rmq2BVpmzGnlWjKy7NnQMMw
L+MyhLZVIXfOebSG3pTf3mBGwSVNt+OIP9Pd2LzNqGy6tqWxPnmsywRyik7DNJAA
OR9Ru7LvGCAAKoQ7GGzi/1RrqT40OoDBrCyVgyiCcamAOrZpVLqU1reWRLZb
-----END CERTIFICATE-----