Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/L_jbXJY_Ef1T0LlgFaHcsGkt6Go.roa
File:                     L_jbXJY_Ef1T0LlgFaHcsGkt6Go.roa (raw, json)
Hash identifier:          3twhBBWpizNts4ScIQkW6WxXkhj3TFkg6bidOHxk2QM=
Subject key identifier:   2F:F8:DB:5C:96:3F:11:FD:53:D0:B9:60:15:A1:DC:B0:69:2D:E8:6A
Certificate issuer:       /CN=f6516d7f28cdbe8b3f55d75372aad4d3b10be09f
Certificate serial:       018CC726C568EE23F88AB3EF8A1497763DFC
Authority key identifier: F6:51:6D:7F:28:CD:BE:8B:3F:55:D7:53:72:AA:D4:D3:B1:0B:E0:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9lFtfyjNvos_VddTcqrU07EL4J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/L_jbXJY_Ef1T0LlgFaHcsGkt6Go.roa
Signing time:             Mon 01 Jan 2024 22:30:56 +0000
ROA not before:           Mon 01 Jan 2024 22:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     565
IP address blocks:        130.188.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/9lFtfyjNvos_VddTcqrU07EL4J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/9lFtfyjNvos_VddTcqrU07EL4J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9lFtfyjNvos_VddTcqrU07EL4J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:c5:68:ee:23:f8:8a:b3:ef:8a:14:97:76:3d:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6516d7f28cdbe8b3f55d75372aad4d3b10be09f
        Validity
            Not Before: Jan  1 22:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ff8db5c963f11fd53d0b96015a1dcb0692de86a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:93:c8:69:0e:df:51:94:73:5f:10:a7:c4:42:
                    75:a7:00:7b:a8:1a:10:63:d8:a9:0d:ee:77:83:f1:
                    e3:da:03:01:03:b2:92:05:8a:0f:e8:30:fa:9f:21:
                    95:99:73:4b:a0:28:c9:89:60:e5:6f:4d:9d:85:d3:
                    41:b9:7b:f6:b8:04:d7:65:25:ee:9d:ae:d4:81:42:
                    58:5c:39:dd:ab:5d:f2:0a:9e:2b:17:ae:3b:a4:43:
                    5b:5b:ef:28:c9:53:9b:d5:b8:0d:30:b4:fc:0d:4a:
                    f5:41:86:8e:66:6e:ca:ce:0a:f8:5c:5f:ba:1c:ca:
                    5d:58:54:0f:34:86:42:c1:5e:74:28:4c:e6:56:2e:
                    e5:bc:4e:87:83:a7:b3:cf:a8:ba:26:26:ff:e3:f1:
                    5d:55:d9:3a:42:04:87:37:54:6b:85:b1:63:7c:3a:
                    89:97:63:25:96:b0:1b:3c:85:ac:19:f8:8e:40:1a:
                    05:57:47:98:a1:1b:7e:0d:bc:29:14:bd:8a:b0:b8:
                    61:66:26:aa:f7:7e:e8:4a:e1:c5:34:f4:16:d7:30:
                    4c:34:b8:95:2e:56:d3:b3:51:55:88:af:d8:4d:33:
                    43:30:68:aa:47:93:58:d4:e9:6c:d8:06:c1:09:34:
                    00:5b:3e:4f:90:01:37:af:2a:61:1b:e7:6a:13:a4:
                    a8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:F8:DB:5C:96:3F:11:FD:53:D0:B9:60:15:A1:DC:B0:69:2D:E8:6A
            X509v3 Authority Key Identifier:
                keyid:F6:51:6D:7F:28:CD:BE:8B:3F:55:D7:53:72:AA:D4:D3:B1:0B:E0:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9lFtfyjNvos_VddTcqrU07EL4J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/L_jbXJY_Ef1T0LlgFaHcsGkt6Go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a8c318-338d-4932-8acb-e97ae5c60568/1/9lFtfyjNvos_VddTcqrU07EL4J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.188.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         90:48:63:08:cb:4a:c1:b1:5b:65:bf:a7:91:7b:f9:08:93:e4:
         39:6c:23:93:c5:70:20:9b:c0:a8:a2:4b:24:f0:b0:63:a2:07:
         60:24:54:ca:dd:31:ec:65:c0:14:f1:3d:be:70:19:f6:56:c3:
         dd:b9:43:d8:e3:b9:21:fc:20:be:4b:16:98:25:5c:44:11:75:
         03:9c:ca:9a:ad:a0:74:fe:c9:dc:ef:10:aa:20:81:84:69:a5:
         4c:64:38:f8:b7:82:eb:9e:54:cb:18:94:be:db:78:8b:bb:13:
         8f:c8:83:e4:bd:3a:a8:3a:e0:bf:ee:83:fa:c2:51:13:8c:28:
         f5:73:38:be:b0:61:88:af:7e:ba:44:2b:ab:c3:c1:a6:5e:07:
         77:ad:88:e5:87:4a:62:9c:ed:81:ce:04:a5:f8:8a:79:ce:6d:
         aa:79:5a:4d:d5:d0:97:b2:52:7d:39:19:ec:91:07:df:f5:a1:
         07:99:ba:74:82:10:66:c1:00:b7:a8:af:fb:61:0e:64:fc:5c:
         bc:09:31:b0:3f:18:4a:2c:6c:12:1a:85:85:d6:55:c8:07:c4:
         0e:1d:c4:eb:dc:43:3c:c6:4f:a8:70:bd:92:66:6d:16:a7:bf:
         29:97:04:3e:45:e0:37:87:aa:1a:04:14:63:1a:75:a0:c3:a1:
         d6:3b:34:a7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHJsVo7iP4irPvihSXdj38MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NTE2ZDdmMjhjZGJlOGIzZjU1ZDc1MzcyYWFkNGQzYjEw
YmUwOWYwHhcNMjQwMTAxMjIzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmY4ZGI1Yzk2M2YxMWZkNTNkMGI5NjAxNWExZGNiMDY5MmRlODZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspPIaQ7fUZRzXxCnxEJ1pwB7qBoQ
Y9ipDe53g/Hj2gMBA7KSBYoP6DD6nyGVmXNLoCjJiWDlb02dhdNBuXv2uATXZSXu
na7UgUJYXDndq13yCp4rF647pENbW+8oyVOb1bgNMLT8DUr1QYaOZm7Kzgr4XF+6
HMpdWFQPNIZCwV50KEzmVi7lvE6Hg6ezz6i6Jib/4/FdVdk6QgSHN1RrhbFjfDqJ
l2MllrAbPIWsGfiOQBoFV0eYoRt+DbwpFL2KsLhhZiaq937oSuHFNPQW1zBMNLiV
LlbTs1FViK/YTTNDMGiqR5NY1Ols2AbBCTQAWz5PkAE3ryphG+dqE6SoTQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFC/421yWPxH9U9C5YBWh3LBpLehqMB8GA1UdIwQY
MBaAFPZRbX8ozb6LP1XXU3Kq1NOxC+CfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWxGdGZ5ak52b3NfVmRkVGNxclUwN0VMNEo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9hOGMzMTgtMzM4ZC00OTMyLThhY2It
ZTk3YWU1YzYwNTY4LzEvTF9qYlhKWV9FZjFUMExsZ0ZhSGNzR2t0NkdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9hOGMzMTgtMzM4ZC00OTMyLThhY2ItZTk3YWU1YzYwNTY4
LzEvOWxGdGZ5ak52b3NfVmRkVGNxclUwN0VMNEo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgrwwDQYJ
KoZIhvcNAQELBQADggEBAJBIYwjLSsGxW2W/p5F7+QiT5DlsI5PFcCCbwKiiSyTw
sGOiB2AkVMrdMexlwBTxPb5wGfZWw925Q9jjuSH8IL5LFpglXEQRdQOcypqtoHT+
ydzvEKoggYRppUxkOPi3guueVMsYlL7beIu7E4/Ig+S9Oqg64L/ug/rCUROMKPVz
OL6wYYivfrpEK6vDwaZeB3etiOWHSmKc7YHOBKX4innObap5Wk3V0JeyUn05GeyR
B9/1oQeZunSCEGbBALeor/thDmT8XLwJMbA/GEosbBIahYXWVcgHxA4dxOvcQzzG
T6hwvZJmbRanvymXBD5F4DeHqhoEFGMadaDDodY7NKc=
-----END CERTIFICATE-----