Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/LTBIcv-9fhkfgFNQ0dIBx6xwmeQ.roa
File:                     LTBIcv-9fhkfgFNQ0dIBx6xwmeQ.roa (raw, json)
Hash identifier:          fwIBQoJ4WYQJLZ6zo6wjYuYPXleYMe5Te/9bEU6iVAg=
Subject key identifier:   2D:30:48:72:FF:BD:7E:19:1F:80:53:50:D1:D2:01:C7:AC:70:99:E4
Certificate issuer:       /CN=1527455ea7fce17cfd0431985258d13e06bfa735
Certificate serial:       018CC801B3F3439EB41F241916B9FCAACB80
Authority key identifier: 15:27:45:5E:A7:FC:E1:7C:FD:04:31:98:52:58:D1:3E:06:BF:A7:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FSdFXqf84Xz9BDGYUljRPga_pzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/LTBIcv-9fhkfgFNQ0dIBx6xwmeQ.roa
Signing time:             Tue 02 Jan 2024 02:30:03 +0000
ROA not before:           Tue 02 Jan 2024 02:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.95.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/FSdFXqf84Xz9BDGYUljRPga_pzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/FSdFXqf84Xz9BDGYUljRPga_pzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FSdFXqf84Xz9BDGYUljRPga_pzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b3:f3:43:9e:b4:1f:24:19:16:b9:fc:aa:cb:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1527455ea7fce17cfd0431985258d13e06bfa735
        Validity
            Not Before: Jan  2 02:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d304872ffbd7e191f805350d1d201c7ac7099e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:07:b0:fd:fd:a2:53:c9:2e:39:ff:93:d2:51:
                    a9:c3:8b:c0:13:01:d3:d7:95:62:96:dc:e7:aa:db:
                    d7:79:8d:e2:9c:97:39:56:15:7d:3a:48:52:82:bb:
                    95:46:1b:53:37:a6:a2:d6:cc:6f:0b:e2:64:5a:e4:
                    5a:f0:64:ee:b0:6b:e3:e4:85:02:c5:a1:44:15:f3:
                    ec:76:41:55:69:ff:a0:8e:a9:2d:f1:27:dd:2d:dc:
                    10:6d:68:05:58:85:20:4a:a6:6d:61:71:36:45:00:
                    a3:cb:00:2f:48:a2:47:1a:31:f6:8d:78:f1:ca:d1:
                    8e:a9:b8:03:f4:85:30:2b:f2:1a:ff:ab:cf:2a:38:
                    bb:cb:35:bc:f3:c6:de:5a:13:3f:f6:59:76:a4:f8:
                    53:ca:ff:26:7a:fe:50:7a:b1:8a:dc:31:aa:1a:79:
                    34:96:4f:e8:b5:5f:7c:cd:f3:7d:e4:a0:4f:e9:45:
                    a4:ff:52:9c:91:0e:b0:3d:d6:43:1e:3c:f0:db:ac:
                    e3:ca:f4:8f:8b:4c:d5:3e:fc:cc:7f:18:91:0c:ac:
                    b4:72:93:e4:d0:e5:a1:99:85:74:7c:e8:36:12:bc:
                    27:70:b9:8c:87:73:54:c5:1a:54:6b:7c:b3:ea:6e:
                    69:9f:1f:43:4b:53:8d:58:bd:65:0b:9f:6f:ab:c0:
                    b7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:30:48:72:FF:BD:7E:19:1F:80:53:50:D1:D2:01:C7:AC:70:99:E4
            X509v3 Authority Key Identifier:
                keyid:15:27:45:5E:A7:FC:E1:7C:FD:04:31:98:52:58:D1:3E:06:BF:A7:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FSdFXqf84Xz9BDGYUljRPga_pzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/LTBIcv-9fhkfgFNQ0dIBx6xwmeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/FSdFXqf84Xz9BDGYUljRPga_pzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:7a:0c:e7:4f:62:aa:69:12:d0:82:b1:26:5c:73:93:64:86:
         e9:dd:74:27:e8:08:a8:15:a1:61:1c:a7:39:2e:9d:8c:3e:ab:
         bf:61:9c:ea:0b:cf:06:83:ac:31:fd:58:5c:9b:70:61:a3:71:
         6c:f8:ac:13:46:d1:94:7f:4b:fa:6e:c7:21:d0:75:cc:12:2f:
         8f:48:c3:d9:11:96:2d:52:2d:a3:b5:86:b8:cb:74:ba:cb:76:
         c4:b9:46:cd:fb:f5:5b:70:e9:f1:e2:44:52:68:33:e8:56:d6:
         a5:f5:d0:b6:b0:b7:3f:95:51:4c:5f:bd:96:f0:74:15:7d:a6:
         ad:a5:a3:f4:ac:9e:83:f7:9f:73:19:c2:43:dc:fe:ce:ac:1f:
         45:b4:49:0d:cf:04:da:75:bd:18:33:20:bd:04:43:33:66:76:
         25:23:32:ab:92:ed:4b:e7:64:59:13:e9:c9:56:fd:ee:8a:ba:
         9e:8c:9b:ee:fc:bf:43:3d:7d:6b:e8:8c:74:ab:2d:54:83:6d:
         11:0c:7b:59:70:bc:de:0f:53:3c:61:d1:2d:f4:48:d8:8e:63:
         eb:50:0b:19:fb:2a:04:dd:16:d3:90:f3:60:b8:0b:9a:cb:64:
         7a:21:3c:75:8d:97:82:a7:ad:cf:02:43:72:3e:aa:e1:6b:58:
         48:c0:36:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAbPzQ560HyQZFrn8qsuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Mjc0NTVlYTdmY2UxN2NmZDA0MzE5ODUyNThkMTNlMDZi
ZmE3MzUwHhcNMjQwMTAyMDIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDMwNDg3MmZmYmQ3ZTE5MWY4MDUzNTBkMWQyMDFjN2FjNzA5OWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAew/f2iU8kuOf+T0lGpw4vAEwHT
15ViltznqtvXeY3inJc5VhV9OkhSgruVRhtTN6ai1sxvC+JkWuRa8GTusGvj5IUC
xaFEFfPsdkFVaf+gjqkt8SfdLdwQbWgFWIUgSqZtYXE2RQCjywAvSKJHGjH2jXjx
ytGOqbgD9IUwK/Ia/6vPKji7yzW888beWhM/9ll2pPhTyv8mev5QerGK3DGqGnk0
lk/otV98zfN95KBP6UWk/1KckQ6wPdZDHjzw26zjyvSPi0zVPvzMfxiRDKy0cpPk
0OWhmYV0fOg2ErwncLmMh3NUxRpUa3yz6m5pnx9DS1ONWL1lC59vq8C31QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC0wSHL/vX4ZH4BTUNHSAcescJnkMB8GA1UdIwQY
MBaAFBUnRV6n/OF8/QQxmFJY0T4Gv6c1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlNkRlhxZjg0WHo5QkRHWVVsalJQZ2FfcHpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8yNGM0ZjYtMjFlZS00YjZiLWE5NDUt
OThmOGNjZDVkYjhkLzEvTFRCSWN2LTlmaGtmZ0ZOUTBkSUJ4Nnh3bWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8yNGM0ZjYtMjFlZS00YjZiLWE5NDUtOThmOGNjZDVkYjhk
LzEvRlNkRlhxZjg0WHo5QkRHWVVsalJQZ2FfcHpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV+uMA0G
CSqGSIb3DQEBCwUAA4IBAQCsegznT2KqaRLQgrEmXHOTZIbp3XQn6AioFaFhHKc5
Lp2MPqu/YZzqC88Gg6wx/Vhcm3Bho3Fs+KwTRtGUf0v6bsch0HXMEi+PSMPZEZYt
Ui2jtYa4y3S6y3bEuUbN+/VbcOnx4kRSaDPoVtal9dC2sLc/lVFMX72W8HQVfaat
paP0rJ6D959zGcJD3P7OrB9FtEkNzwTadb0YMyC9BEMzZnYlIzKrku1L52RZE+nJ
Vv3uirqejJvu/L9DPX1r6Ix0qy1Ug20RDHtZcLzeD1M8YdEt9EjYjmPrUAsZ+yoE
3RbTkPNguAuay2R6ITx1jZeCp63PAkNyPqrha1hIwDZl
-----END CERTIFICATE-----