Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/2c0971-aeef-417e-8b54-121d2cbb21d6/1/lEvl7FYEE5cP4FeYSihM_VI8sf4.roa
File:                     lEvl7FYEE5cP4FeYSihM_VI8sf4.roa (raw, json)
Hash identifier:          8vpQ7bwyXlks2op3JNzzAGD2ihX0DZk+8hHGvH97rdU=
Subject key identifier:   94:4B:E5:EC:56:04:13:97:0F:E0:57:98:4A:28:4C:FD:52:3C:B1:FE
Certificate issuer:       /CN=86963d003134ccda56fedfeb278f7a768a7f402f
Certificate serial:       018EF23FB898135C80D53EDAD49316DA5C78
Authority key identifier: 86:96:3D:00:31:34:CC:DA:56:FE:DF:EB:27:8F:7A:76:8A:7F:40:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hpY9ADE0zNpW_t_rJ496dop_QC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/2c0971-aeef-417e-8b54-121d2cbb21d6/1/lEvl7FYEE5cP4FeYSihM_VI8sf4.roa
Signing time:             Thu 18 Apr 2024 17:27:26 +0000
ROA not before:           Thu 18 Apr 2024 17:27:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48257
IP address blocks:        185.187.188.0/22 maxlen: 24
                          195.138.232.0/21 maxlen: 24
                          217.71.224.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/2c0971-aeef-417e-8b54-121d2cbb21d6/1/hpY9ADE0zNpW_t_rJ496dop_QC8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/2c0971-aeef-417e-8b54-121d2cbb21d6/1/hpY9ADE0zNpW_t_rJ496dop_QC8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hpY9ADE0zNpW_t_rJ496dop_QC8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f2:3f:b8:98:13:5c:80:d5:3e:da:d4:93:16:da:5c:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86963d003134ccda56fedfeb278f7a768a7f402f
        Validity
            Not Before: Apr 18 17:27:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=944be5ec560413970fe057984a284cfd523cb1fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:da:c2:d5:ce:fe:09:a0:3e:1c:9e:ef:20:e0:
                    4c:0d:a1:75:3c:ff:f9:62:57:ef:4b:47:ed:f0:b6:
                    de:27:34:4d:69:24:6b:c9:a5:4c:c8:f4:0a:11:6c:
                    7d:cb:bc:9b:73:55:9a:b5:f3:f2:4f:ad:be:72:aa:
                    06:41:ff:d8:7c:29:f9:e3:34:80:4f:ca:7c:b2:03:
                    0b:93:ac:48:a1:d2:4a:f1:7a:3c:ba:e3:e3:54:e3:
                    7d:b2:a2:8b:ad:14:e5:95:d2:78:d6:35:0b:f2:aa:
                    fd:8e:4d:32:de:76:db:e2:68:8a:f9:29:70:f5:d3:
                    00:67:a6:a3:9d:91:ac:64:6f:cd:44:ab:56:c2:2c:
                    26:e1:79:07:28:4e:8d:e8:c0:93:43:4e:99:4b:5e:
                    79:46:e1:cf:a3:31:b1:35:50:40:9f:05:89:85:68:
                    cd:17:6b:04:94:1b:c2:6b:39:ff:ea:3b:40:4e:a2:
                    68:f0:64:48:eb:d1:7b:8a:11:08:7a:ae:8c:7a:b2:
                    e8:98:ed:c6:23:74:33:7d:79:e4:b4:52:db:77:25:
                    fc:77:ef:97:d7:54:77:72:38:73:26:7a:2b:df:2d:
                    f9:e2:4f:bf:91:8b:4b:e6:59:45:08:ef:fb:82:4f:
                    eb:89:fd:91:2c:8d:bd:6e:f0:d3:80:e2:90:e1:17:
                    be:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:4B:E5:EC:56:04:13:97:0F:E0:57:98:4A:28:4C:FD:52:3C:B1:FE
            X509v3 Authority Key Identifier:
                keyid:86:96:3D:00:31:34:CC:DA:56:FE:DF:EB:27:8F:7A:76:8A:7F:40:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hpY9ADE0zNpW_t_rJ496dop_QC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/2c0971-aeef-417e-8b54-121d2cbb21d6/1/lEvl7FYEE5cP4FeYSihM_VI8sf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/2c0971-aeef-417e-8b54-121d2cbb21d6/1/hpY9ADE0zNpW_t_rJ496dop_QC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.188.0/22
                  195.138.232.0/21
                  217.71.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         c0:8a:cf:19:b1:62:69:b5:c8:71:d8:74:9d:73:43:1a:c8:03:
         17:86:d3:87:3c:9c:0a:66:c0:21:a4:0e:51:e9:40:ac:a7:26:
         2c:8c:e8:f6:d5:bc:b1:8b:c6:78:53:78:65:3a:fd:8d:44:c5:
         9c:69:af:2f:32:23:7b:bd:eb:34:ce:70:04:50:cf:32:2c:ae:
         b4:21:dc:f9:46:e9:22:d8:c0:9d:94:8d:6f:f3:20:d6:d6:97:
         e8:82:f4:aa:ce:88:04:42:2a:a1:76:79:b6:8a:36:22:21:80:
         1f:c8:51:b6:65:9f:b7:43:15:de:f5:48:9b:40:a4:91:7b:77:
         d4:b3:44:d6:73:ae:66:80:84:fc:1a:db:80:86:97:44:2e:86:
         8c:1c:22:35:41:10:52:a8:c3:74:28:1f:c4:c0:2c:b8:4e:f9:
         ef:f4:40:09:4f:6b:5f:94:41:a0:90:fe:50:50:ec:b7:93:f6:
         69:bd:42:67:2f:ab:b7:b6:87:cd:18:0e:81:ed:20:61:ac:57:
         19:a3:e6:cb:57:8e:2e:88:c7:df:1b:18:53:2d:e8:de:7b:9b:
         b1:c8:e7:dc:60:13:7f:91:a5:8b:6e:88:30:ad:f5:aa:9b:58:
         12:42:7e:14:d1:3f:e4:65:62:87:e5:a0:5f:37:8f:a1:60:ed:
         30:ed:e7:86
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7yP7iYE1yA1T7a1JMW2lx4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2OTYzZDAwMzEzNGNjZGE1NmZlZGZlYjI3OGY3YTc2OGE3
ZjQwMmYwHhcNMjQwNDE4MTcyNzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDRiZTVlYzU2MDQxMzk3MGZlMDU3OTg0YTI4NGNmZDUyM2NiMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNrC1c7+CaA+HJ7vIOBMDaF1PP/5
YlfvS0ft8LbeJzRNaSRryaVMyPQKEWx9y7ybc1WatfPyT62+cqoGQf/YfCn54zSA
T8p8sgMLk6xIodJK8Xo8uuPjVON9sqKLrRTlldJ41jUL8qr9jk0y3nbb4miK+Slw
9dMAZ6ajnZGsZG/NRKtWwiwm4XkHKE6N6MCTQ06ZS155RuHPozGxNVBAnwWJhWjN
F2sElBvCazn/6jtATqJo8GRI69F7ihEIeq6MerLomO3GI3QzfXnktFLbdyX8d++X
11R3cjhzJnor3y354k+/kYtL5llFCO/7gk/rif2RLI29bvDTgOKQ4Re+VwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJRL5exWBBOXD+BXmEooTP1SPLH+MB8GA1UdIwQY
MBaAFIaWPQAxNMzaVv7f6yePenaKf0AvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHBZOUFERTB6TnBXX3Rfcko0OTZkb3BfUUM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8yYzA5NzEtYWVlZi00MTdlLThiNTQt
MTIxZDJjYmIyMWQ2LzEvbEV2bDdGWUVFNWNQNEZlWVNpaE1fVkk4c2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8yYzA5NzEtYWVlZi00MTdlLThiNTQtMTIxZDJjYmIyMWQ2
LzEvaHBZOUFERTB6TnBXX3Rfcko0OTZkb3BfUUM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCubu8AwQD
w4roAwQE2UfgMA0GCSqGSIb3DQEBCwUAA4IBAQDAis8ZsWJptchx2HSdc0MayAMX
htOHPJwKZsAhpA5R6UCspyYsjOj21byxi8Z4U3hlOv2NRMWcaa8vMiN7ves0znAE
UM8yLK60Idz5Ruki2MCdlI1v8yDW1pfogvSqzogEQiqhdnm2ijYiIYAfyFG2ZZ+3
QxXe9UibQKSRe3fUs0TWc65mgIT8GtuAhpdELoaMHCI1QRBSqMN0KB/EwCy4Tvnv
9EAJT2tflEGgkP5QUOy3k/ZpvUJnL6u3tofNGA6B7SBhrFcZo+bLV44uiMffGxhT
Lejee5uxyOfcYBN/kaWLbogwrfWqm1gSQn4U0T/kZWKH5aBfN4+hYO0w7eeG
-----END CERTIFICATE-----