Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/59fcf0-1d5c-4ecb-bf87-3bcb8bf8bbfe/1/LIj14JJC_D2A-z5Y8dyqh2LM6rs.roa
File:                     LIj14JJC_D2A-z5Y8dyqh2LM6rs.roa (raw, json)
Hash identifier:          BmrF2bCXt2PMxtCj9TQr/xyJ6r2DWi1SgI28mIog3Ag=
Subject key identifier:   2C:88:F5:E0:92:42:FC:3D:80:FB:3E:58:F1:DC:AA:87:62:CC:EA:BB
Certificate issuer:       /CN=151453f482cda78ebc99625d80b0ffc3660f95f2
Certificate serial:       018CCE579B880C711023EB6F61CAAC8023F5
Authority key identifier: 15:14:53:F4:82:CD:A7:8E:BC:99:62:5D:80:B0:FF:C3:66:0F:95:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FRRT9ILNp468mWJdgLD_w2YPlfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/59fcf0-1d5c-4ecb-bf87-3bcb8bf8bbfe/1/LIj14JJC_D2A-z5Y8dyqh2LM6rs.roa
Signing time:             Wed 03 Jan 2024 08:01:37 +0000
ROA not before:           Wed 03 Jan 2024 08:01:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61157
IP address blocks:        147.78.88.0/22 maxlen: 22
                          2a09:2040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/59fcf0-1d5c-4ecb-bf87-3bcb8bf8bbfe/1/FRRT9ILNp468mWJdgLD_w2YPlfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/59fcf0-1d5c-4ecb-bf87-3bcb8bf8bbfe/1/FRRT9ILNp468mWJdgLD_w2YPlfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FRRT9ILNp468mWJdgLD_w2YPlfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:57:9b:88:0c:71:10:23:eb:6f:61:ca:ac:80:23:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=151453f482cda78ebc99625d80b0ffc3660f95f2
        Validity
            Not Before: Jan  3 08:01:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c88f5e09242fc3d80fb3e58f1dcaa8762cceabb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ec:58:7f:de:67:ac:68:70:a0:76:9d:ce:29:
                    2a:a2:c9:dd:21:e6:a2:ac:c4:5e:7a:43:31:1b:f6:
                    57:58:53:d1:16:35:f8:62:7c:44:30:65:28:3c:35:
                    b5:bd:0e:9d:b2:5b:d0:cb:4c:ac:da:72:12:e5:ec:
                    3d:ab:87:0a:ae:3c:a9:88:ab:e7:e8:77:b0:a8:2e:
                    7c:41:c9:a8:32:92:c4:c6:b0:b1:ef:42:ac:1e:b9:
                    cb:d1:dc:6f:85:fc:ad:83:66:fb:cb:60:9c:42:21:
                    9b:03:54:7e:29:d8:11:36:6d:08:8a:57:ba:df:53:
                    4a:db:51:2d:25:b8:b1:f5:9b:9a:b8:f3:2e:0e:da:
                    02:d1:1d:ad:b0:83:db:85:fb:d1:b5:b8:89:34:a3:
                    fe:fa:aa:66:bf:a5:b5:45:86:56:b7:f9:61:c4:16:
                    b4:45:8b:95:ca:26:18:5b:cc:70:c1:cb:ae:3d:72:
                    0a:84:65:cc:1a:01:a6:43:b8:0d:fb:7a:03:5d:e2:
                    9d:86:47:1a:4a:cd:b2:09:1e:7c:49:f4:79:91:c1:
                    bd:9e:c9:a3:40:1e:b5:bb:cb:01:be:57:05:df:03:
                    19:09:87:d3:c4:73:0f:09:cc:96:f9:86:57:cc:00:
                    f6:21:1c:a4:b8:8d:73:12:40:d5:43:fc:c4:5b:7d:
                    17:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:88:F5:E0:92:42:FC:3D:80:FB:3E:58:F1:DC:AA:87:62:CC:EA:BB
            X509v3 Authority Key Identifier:
                keyid:15:14:53:F4:82:CD:A7:8E:BC:99:62:5D:80:B0:FF:C3:66:0F:95:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FRRT9ILNp468mWJdgLD_w2YPlfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/59fcf0-1d5c-4ecb-bf87-3bcb8bf8bbfe/1/LIj14JJC_D2A-z5Y8dyqh2LM6rs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/59fcf0-1d5c-4ecb-bf87-3bcb8bf8bbfe/1/FRRT9ILNp468mWJdgLD_w2YPlfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.88.0/22
                IPv6:
                  2a09:2040::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:bb:62:c5:1a:96:0b:5f:51:de:be:b1:b0:d0:46:6b:d2:63:
         04:c3:56:2f:5b:28:f7:20:0f:b5:86:1d:77:00:1d:26:88:9a:
         a0:a3:cf:02:78:6d:3c:8e:a2:40:5a:25:92:f8:12:50:20:40:
         1d:ca:71:4b:07:3e:7f:de:61:16:89:3d:18:51:a1:2d:48:77:
         0c:8d:87:2b:bd:1f:31:15:e1:9f:c1:bd:d8:b9:05:27:3b:b4:
         9c:a0:43:56:3f:57:08:0f:76:ee:e4:d3:47:f2:84:8b:f5:b1:
         0e:13:eb:70:99:ff:cb:8c:98:79:d2:25:01:66:d1:d1:63:0f:
         eb:85:17:88:c4:da:1a:54:f9:cd:f5:b2:33:d2:a1:b4:39:6f:
         1e:c7:7d:47:df:6e:84:1c:21:d4:1b:48:c2:b2:39:c3:fb:03:
         fb:19:22:30:5f:f0:1b:2a:9a:02:4b:cb:f1:6a:2c:29:9e:2f:
         17:3d:0d:7f:ab:bb:79:5b:ef:4b:03:46:ef:bc:d6:72:3b:fa:
         3f:fb:76:e2:77:a7:9a:37:88:92:ed:a9:a6:f6:3c:a1:c7:f2:
         63:59:31:17:b2:90:c4:c7:8f:28:e6:43:26:a1:45:09:30:14:
         a9:5c:81:a4:90:08:f7:8a:2b:8b:50:3a:e2:ab:72:eb:7a:cd:
         71:db:a9:bf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzOV5uIDHEQI+tvYcqsgCP1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MTQ1M2Y0ODJjZGE3OGViYzk5NjI1ZDgwYjBmZmMzNjYw
Zjk1ZjIwHhcNMjQwMTAzMDgwMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzg4ZjVlMDkyNDJmYzNkODBmYjNlNThmMWRjYWE4NzYyY2NlYWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguxYf95nrGhwoHadzikqosndIeai
rMReekMxG/ZXWFPRFjX4YnxEMGUoPDW1vQ6dslvQy0ys2nIS5ew9q4cKrjypiKvn
6HewqC58QcmoMpLExrCx70KsHrnL0dxvhfytg2b7y2CcQiGbA1R+KdgRNm0Iile6
31NK21EtJbix9ZuauPMuDtoC0R2tsIPbhfvRtbiJNKP++qpmv6W1RYZWt/lhxBa0
RYuVyiYYW8xwwcuuPXIKhGXMGgGmQ7gN+3oDXeKdhkcaSs2yCR58SfR5kcG9nsmj
QB61u8sBvlcF3wMZCYfTxHMPCcyW+YZXzAD2IRykuI1zEkDVQ/zEW30XHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCyI9eCSQvw9gPs+WPHcqodizOq7MB8GA1UdIwQY
MBaAFBUUU/SCzaeOvJliXYCw/8NmD5XyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlJSVDlJTE5wNDY4bVdKZGdMRF93MllQbGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC81OWZjZjAtMWQ1Yy00ZWNiLWJmODct
M2JjYjhiZjhiYmZlLzEvTElqMTRKSkNfRDJBLXo1WThkeXFoMkxNNnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC81OWZjZjAtMWQ1Yy00ZWNiLWJmODctM2JjYjhiZjhiYmZl
LzEvRlJSVDlJTE5wNDY4bVdKZGdMRF93MllQbGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCk05YMA0E
AgACMAcDBQMqCSBAMA0GCSqGSIb3DQEBCwUAA4IBAQCHu2LFGpYLX1HevrGw0EZr
0mMEw1YvWyj3IA+1hh13AB0miJqgo88CeG08jqJAWiWS+BJQIEAdynFLBz5/3mEW
iT0YUaEtSHcMjYcrvR8xFeGfwb3YuQUnO7ScoENWP1cID3bu5NNH8oSL9bEOE+tw
mf/LjJh50iUBZtHRYw/rhReIxNoaVPnN9bIz0qG0OW8ex31H326EHCHUG0jCsjnD
+wP7GSIwX/AbKpoCS8vxaiwpni8XPQ1/q7t5W+9LA0bvvNZyO/o/+3bid6eaN4iS
7amm9jyhx/JjWTEXspDEx48o5kMmoUUJMBSpXIGkkAj3iiuLUDriq3Lres1x26m/
-----END CERTIFICATE-----