Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/LFa_BUTLEtSlQFbcZqplNhCF9iM.roa
File:                     LFa_BUTLEtSlQFbcZqplNhCF9iM.roa (raw, json)
Hash identifier:          A8PMTR9F4IxwE5eJ9bBXau4ccDTMw5Uw3bdWVWHAwCQ=
Subject key identifier:   2C:56:BF:05:44:CB:12:D4:A5:40:56:DC:66:AA:65:36:10:85:F6:23
Certificate issuer:       /CN=3a1d8225b27122794bc82e91b967bb25dbe4508e
Certificate serial:       018CC7270EDC7E93394888051DC564668325
Authority key identifier: 3A:1D:82:25:B2:71:22:79:4B:C8:2E:91:B9:67:BB:25:DB:E4:50:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oh2CJbJxInlLyC6RuWe7JdvkUI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/LFa_BUTLEtSlQFbcZqplNhCF9iM.roa
Signing time:             Mon 01 Jan 2024 22:31:14 +0000
ROA not before:           Mon 01 Jan 2024 22:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208263
IP address blocks:        185.146.100.0/22 maxlen: 22
                          2a03:ab60::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/Oh2CJbJxInlLyC6RuWe7JdvkUI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/Oh2CJbJxInlLyC6RuWe7JdvkUI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oh2CJbJxInlLyC6RuWe7JdvkUI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:0e:dc:7e:93:39:48:88:05:1d:c5:64:66:83:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1d8225b27122794bc82e91b967bb25dbe4508e
        Validity
            Not Before: Jan  1 22:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c56bf0544cb12d4a54056dc66aa65361085f623
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:cd:fe:51:55:48:c0:9a:bf:56:f1:32:1c:f4:
                    07:57:8e:ad:51:94:b6:d9:94:c9:48:a0:f0:c4:b7:
                    2f:72:f3:58:63:72:82:e0:78:1d:3d:4f:59:55:8b:
                    d7:a8:9f:04:d7:e7:70:24:86:4f:d9:42:0b:bf:37:
                    42:42:2b:ab:19:c4:e5:36:fa:d0:56:fa:f1:9d:6e:
                    d7:e9:e8:43:88:b0:f0:a4:25:57:35:55:42:b8:e7:
                    b5:92:66:6a:7a:4d:c7:59:0f:9c:c2:8d:27:91:8f:
                    8c:e0:fa:d9:6b:20:ab:b6:6e:50:92:3c:53:cb:d8:
                    9e:38:9e:32:c0:87:87:b4:33:af:64:c0:1e:cd:a8:
                    06:c0:3d:68:f6:ba:fa:87:11:c8:51:9d:0f:50:af:
                    33:aa:63:93:4a:b2:be:2c:27:3f:b3:23:57:a8:e6:
                    0d:cb:fe:fe:ff:b9:1a:fd:be:36:f2:85:63:f0:49:
                    b4:bb:92:66:12:e0:4a:39:18:30:ba:43:21:96:ab:
                    62:aa:0e:d8:35:44:fe:20:c0:f9:e6:51:7d:e7:c8:
                    59:04:57:b0:87:b2:85:92:8e:11:90:a7:87:cc:7e:
                    bc:57:bb:b4:54:ca:8d:08:d4:32:59:92:23:1d:4f:
                    dd:b9:3c:9c:54:96:f0:2b:72:9e:ca:a5:fc:36:b8:
                    a9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:56:BF:05:44:CB:12:D4:A5:40:56:DC:66:AA:65:36:10:85:F6:23
            X509v3 Authority Key Identifier:
                keyid:3A:1D:82:25:B2:71:22:79:4B:C8:2E:91:B9:67:BB:25:DB:E4:50:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oh2CJbJxInlLyC6RuWe7JdvkUI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/LFa_BUTLEtSlQFbcZqplNhCF9iM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/59d4ee-4613-4649-ad2c-749e2bca73ce/1/Oh2CJbJxInlLyC6RuWe7JdvkUI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.100.0/22
                IPv6:
                  2a03:ab60::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:1d:9a:87:b2:b4:f3:56:42:d5:d7:c3:64:b1:8f:70:92:13:
         7e:59:12:9f:95:e1:d5:d4:bb:44:85:48:65:cb:cf:db:ff:ad:
         ab:7d:a0:ca:51:f8:d5:b1:4f:30:6a:1b:4a:b1:02:94:92:e1:
         15:d9:3a:87:b5:6f:1a:db:26:ac:85:73:e1:4a:65:51:77:57:
         a0:12:dd:e6:90:f7:fb:6d:a4:c6:1a:98:93:af:c0:10:73:f3:
         8e:e6:ee:7f:74:cd:ec:7a:c8:51:dc:f3:1a:08:67:ac:9e:71:
         47:42:ac:99:e0:55:1f:ba:84:17:8f:28:2d:46:cc:47:10:4d:
         d1:45:e6:0f:91:77:92:c5:ed:42:d8:03:03:9f:34:ae:6a:a3:
         3c:ed:4a:ce:dd:df:ec:7f:6a:09:10:2b:f2:5d:8a:95:43:f6:
         20:d0:2b:65:9b:81:7a:8b:5d:bd:4b:a1:86:d9:e5:b9:73:15:
         a4:7b:8e:42:9c:12:11:50:03:2d:a1:e3:be:25:38:64:7d:60:
         c8:c3:2b:be:dd:6a:b1:a0:db:e1:8e:45:41:ca:2d:fa:a3:df:
         3f:d9:fc:d8:cd:4c:e3:a4:2d:08:a1:31:e1:bd:10:81:74:97:
         e3:8f:cd:c1:2f:51:fd:35:22:85:05:46:db:9f:dc:40:8e:24:
         29:ff:ec:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJw7cfpM5SIgFHcVkZoMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMWQ4MjI1YjI3MTIyNzk0YmM4MmU5MWI5NjdiYjI1ZGJl
NDUwOGUwHhcNMjQwMTAxMjIzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzU2YmYwNTQ0Y2IxMmQ0YTU0MDU2ZGM2NmFhNjUzNjEwODVmNjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxc3+UVVIwJq/VvEyHPQHV46tUZS2
2ZTJSKDwxLcvcvNYY3KC4HgdPU9ZVYvXqJ8E1+dwJIZP2UILvzdCQiurGcTlNvrQ
VvrxnW7X6ehDiLDwpCVXNVVCuOe1kmZqek3HWQ+cwo0nkY+M4PrZayCrtm5QkjxT
y9ieOJ4ywIeHtDOvZMAezagGwD1o9rr6hxHIUZ0PUK8zqmOTSrK+LCc/syNXqOYN
y/7+/7ka/b428oVj8Em0u5JmEuBKORgwukMhlqtiqg7YNUT+IMD55lF958hZBFew
h7KFko4RkKeHzH68V7u0VMqNCNQyWZIjHU/duTycVJbwK3KeyqX8NripUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCxWvwVEyxLUpUBW3GaqZTYQhfYjMB8GA1UdIwQY
MBaAFDodgiWycSJ5S8gukblnuyXb5FCOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2gyQ0piSnhJbmxMeUM2UnVXZTdKZHZrVUk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi81OWQ0ZWUtNDYxMy00NjQ5LWFkMmMt
NzQ5ZTJiY2E3M2NlLzEvTEZhX0JVVExFdFNsUUZiY1pxcGxOaENGOWlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi81OWQ0ZWUtNDYxMy00NjQ5LWFkMmMtNzQ5ZTJiY2E3M2Nl
LzEvT2gyQ0piSnhJbmxMeUM2UnVXZTdKZHZrVUk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZJkMA0E
AgACMAcDBQAqA6tgMA0GCSqGSIb3DQEBCwUAA4IBAQAqHZqHsrTzVkLV18NksY9w
khN+WRKfleHV1LtEhUhly8/b/62rfaDKUfjVsU8wahtKsQKUkuEV2TqHtW8a2yas
hXPhSmVRd1egEt3mkPf7baTGGpiTr8AQc/OO5u5/dM3seshR3PMaCGesnnFHQqyZ
4FUfuoQXjygtRsxHEE3RReYPkXeSxe1C2AMDnzSuaqM87UrO3d/sf2oJECvyXYqV
Q/Yg0Ctlm4F6i129S6GG2eW5cxWke45CnBIRUAMtoeO+JThkfWDIwyu+3WqxoNvh
jkVByi36o98/2fzYzUzjpC0IoTHhvRCBdJfjj83BL1H9NSKFBUbbn9xAjiQp/+zA
-----END CERTIFICATE-----