Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/9a10c3-212f-4c5e-97bb-e0d576a5450e/1/lg1clO5o2DiFpbtSZsZoK5GNJV4.roa
File:                     lg1clO5o2DiFpbtSZsZoK5GNJV4.roa (raw, json)
Hash identifier:          DEb/xDZeKFIK7leohxUCI07qU92CWL8Pye88lwwHW9c=
Subject key identifier:   96:0D:5C:94:EE:68:D8:38:85:A5:BB:52:66:C6:68:2B:91:8D:25:5E
Certificate issuer:       /CN=71986731925be8551a53091afe6d0972dfa3807e
Certificate serial:       018CC4244A9D315FB2D3EAE96182C809B9A6
Authority key identifier: 71:98:67:31:92:5B:E8:55:1A:53:09:1A:FE:6D:09:72:DF:A3:80:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cZhnMZJb6FUaUwka_m0Jct-jgH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/9a10c3-212f-4c5e-97bb-e0d576a5450e/1/lg1clO5o2DiFpbtSZsZoK5GNJV4.roa
Signing time:             Mon 01 Jan 2024 08:29:21 +0000
ROA not before:           Mon 01 Jan 2024 08:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211007
IP address blocks:        195.85.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/9a10c3-212f-4c5e-97bb-e0d576a5450e/1/cZhnMZJb6FUaUwka_m0Jct-jgH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/9a10c3-212f-4c5e-97bb-e0d576a5450e/1/cZhnMZJb6FUaUwka_m0Jct-jgH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cZhnMZJb6FUaUwka_m0Jct-jgH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4a:9d:31:5f:b2:d3:ea:e9:61:82:c8:09:b9:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71986731925be8551a53091afe6d0972dfa3807e
        Validity
            Not Before: Jan  1 08:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=960d5c94ee68d83885a5bb5266c6682b918d255e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:57:57:19:e6:9e:b5:41:bb:a6:98:c9:9c:5f:
                    ee:a6:3e:65:95:a4:65:6c:60:22:1a:95:76:3f:82:
                    5b:2d:d8:b6:f4:13:f0:63:f9:a1:9f:75:89:87:39:
                    86:a9:b7:78:35:d8:63:19:8c:42:88:45:4e:31:55:
                    14:9a:49:b1:6e:76:89:6a:9d:7c:dd:11:08:a6:77:
                    d6:17:0c:4c:82:a5:6e:eb:94:fc:06:3b:be:d2:1d:
                    92:0b:02:9e:d9:6e:9f:e8:99:ba:a1:2a:2a:d9:38:
                    08:5f:62:d5:e0:42:3c:8d:5c:63:08:cf:26:80:0e:
                    4d:f2:9b:20:53:f5:87:5b:42:90:de:4d:66:31:92:
                    26:c4:fa:a3:24:4a:9e:d2:b2:0e:64:35:e9:d2:7b:
                    ce:0e:eb:a1:48:b7:69:0d:be:2c:39:73:ec:c1:af:
                    fa:4f:75:fa:00:9b:f6:13:e4:81:34:3b:0e:67:21:
                    ff:90:b2:3c:f3:e7:0f:e9:51:17:db:3f:7a:77:eb:
                    88:64:87:1e:07:8f:fd:b1:fd:a8:7b:f6:0d:39:5e:
                    ff:2e:a4:eb:e5:5e:a9:0e:b2:cf:e2:0d:b3:72:a3:
                    82:91:67:6c:9d:ac:95:ae:20:39:b1:2e:0a:18:ec:
                    8b:68:b9:7b:0d:d4:d6:d3:c7:18:18:0a:1b:c2:4d:
                    af:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:0D:5C:94:EE:68:D8:38:85:A5:BB:52:66:C6:68:2B:91:8D:25:5E
            X509v3 Authority Key Identifier:
                keyid:71:98:67:31:92:5B:E8:55:1A:53:09:1A:FE:6D:09:72:DF:A3:80:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cZhnMZJb6FUaUwka_m0Jct-jgH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/9a10c3-212f-4c5e-97bb-e0d576a5450e/1/lg1clO5o2DiFpbtSZsZoK5GNJV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/9a10c3-212f-4c5e-97bb-e0d576a5450e/1/cZhnMZJb6FUaUwka_m0Jct-jgH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:dd:3e:15:52:05:79:bd:43:4a:97:20:1e:c9:ef:7b:e9:ac:
         b1:fc:47:34:b9:f1:df:5f:7c:c0:25:3c:33:72:50:3a:38:a6:
         eb:41:1f:47:16:3d:01:17:92:5a:56:78:7e:33:27:90:91:05:
         66:b2:9f:3f:72:d3:d1:56:b7:de:cc:3d:09:4b:da:3d:c8:92:
         04:02:8a:0b:5f:d0:36:ae:32:72:7a:63:4b:bd:60:a8:e8:53:
         6a:6a:f9:a5:01:4d:47:fd:ca:c2:6f:54:16:fd:c4:81:8b:61:
         cf:31:38:6f:b2:26:fa:83:c0:8c:c7:6b:b5:d7:49:b8:34:98:
         78:af:f4:cd:74:57:aa:11:7a:2e:da:17:06:b9:9f:9e:11:1c:
         7b:6d:4a:d5:91:d3:40:cd:60:71:a9:b3:a4:20:68:02:21:d4:
         4c:81:dd:91:8e:fb:23:65:cb:75:a0:30:91:4a:8e:b9:8f:f4:
         55:46:db:ce:ee:7b:04:09:a9:f5:a6:6a:9f:aa:e1:72:6f:37:
         ea:93:8f:4b:ad:0b:c1:64:62:c9:d2:68:60:3e:7e:1c:bc:bf:
         11:49:37:8d:84:97:c6:32:ab:2d:07:c9:e9:6c:23:16:82:19:
         2e:24:82:25:f8:88:ec:00:4f:d3:8a:6d:d2:1a:4f:6a:a1:83:
         47:c3:78:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJEqdMV+y0+rpYYLICbmmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxOTg2NzMxOTI1YmU4NTUxYTUzMDkxYWZlNmQwOTcyZGZh
MzgwN2UwHhcNMjQwMTAxMDgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjBkNWM5NGVlNjhkODM4ODVhNWJiNTI2NmM2NjgyYjkxOGQyNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVdXGeaetUG7ppjJnF/upj5llaRl
bGAiGpV2P4JbLdi29BPwY/mhn3WJhzmGqbd4NdhjGYxCiEVOMVUUmkmxbnaJap18
3REIpnfWFwxMgqVu65T8Bju+0h2SCwKe2W6f6Jm6oSoq2TgIX2LV4EI8jVxjCM8m
gA5N8psgU/WHW0KQ3k1mMZImxPqjJEqe0rIOZDXp0nvODuuhSLdpDb4sOXPswa/6
T3X6AJv2E+SBNDsOZyH/kLI88+cP6VEX2z96d+uIZIceB4/9sf2oe/YNOV7/LqTr
5V6pDrLP4g2zcqOCkWdsnayVriA5sS4KGOyLaLl7DdTW08cYGAobwk2vtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYNXJTuaNg4haW7UmbGaCuRjSVeMB8GA1UdIwQY
MBaAFHGYZzGSW+hVGlMJGv5tCXLfo4B+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1pobk1aSmI2RlVhVXdrYV9tMEpjdC1qZ0g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi85YTEwYzMtMjEyZi00YzVlLTk3YmIt
ZTBkNTc2YTU0NTBlLzEvbGcxY2xPNW8yRGlGcGJ0U1pzWm9LNUdOSlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi85YTEwYzMtMjEyZi00YzVlLTk3YmItZTBkNTc2YTU0NTBl
LzEvY1pobk1aSmI2RlVhVXdrYV9tMEpjdC1qZ0g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1XeMA0G
CSqGSIb3DQEBCwUAA4IBAQBk3T4VUgV5vUNKlyAeye976ayx/Ec0ufHfX3zAJTwz
clA6OKbrQR9HFj0BF5JaVnh+MyeQkQVmsp8/ctPRVrfezD0JS9o9yJIEAooLX9A2
rjJyemNLvWCo6FNqavmlAU1H/crCb1QW/cSBi2HPMThvsib6g8CMx2u110m4NJh4
r/TNdFeqEXou2hcGuZ+eERx7bUrVkdNAzWBxqbOkIGgCIdRMgd2RjvsjZct1oDCR
So65j/RVRtvO7nsECan1pmqfquFybzfqk49LrQvBZGLJ0mhgPn4cvL8RSTeNhJfG
MqstB8npbCMWghkuJIIl+IjsAE/Tim3SGk9qoYNHw3iS
-----END CERTIFICATE-----