Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/L-IgO97tvYvE3c4q3VeG1tWDinY.roa
File:                     L-IgO97tvYvE3c4q3VeG1tWDinY.roa (raw, json)
Hash identifier:          9R+51sGm98JEPtR3FnReXmdDmvJTP4KhW9acEf+MH5s=
Subject key identifier:   2F:E2:20:3B:DE:ED:BD:8B:C4:DD:CE:2A:DD:57:86:D6:D5:83:8A:76
Certificate issuer:       /CN=6682890b7ed23347478d4d65db0948c3db23ebe7
Certificate serial:       018CC492FD059112096B6E9F04714A7DC5F6
Authority key identifier: 66:82:89:0B:7E:D2:33:47:47:8D:4D:65:DB:09:48:C3:DB:23:EB:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZoKJC37SM0dHjU1l2wlIw9sj6-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/L-IgO97tvYvE3c4q3VeG1tWDinY.roa
Signing time:             Mon 01 Jan 2024 10:30:16 +0000
ROA not before:           Mon 01 Jan 2024 10:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34762
IP address blocks:        86.39.128.0/17 maxlen: 24
                          185.115.216.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/ZoKJC37SM0dHjU1l2wlIw9sj6-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/ZoKJC37SM0dHjU1l2wlIw9sj6-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZoKJC37SM0dHjU1l2wlIw9sj6-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:fd:05:91:12:09:6b:6e:9f:04:71:4a:7d:c5:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6682890b7ed23347478d4d65db0948c3db23ebe7
        Validity
            Not Before: Jan  1 10:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fe2203bdeedbd8bc4ddce2add5786d6d5838a76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:8d:65:52:71:db:48:94:56:2a:c3:09:d6:8d:
                    6c:2f:b9:c9:83:fc:07:75:8d:52:87:f2:25:f8:30:
                    51:6c:b1:04:fa:70:01:f8:dd:91:c2:28:23:d8:b9:
                    91:2d:db:6c:13:36:5b:70:7b:bd:5d:91:e6:b1:9b:
                    ea:68:92:45:61:3c:ef:bc:24:ac:9a:67:e2:83:02:
                    4d:91:6d:fa:f8:ce:2b:2b:77:0a:dc:37:bc:92:cc:
                    c1:e7:4b:ba:1b:4c:03:8e:df:6b:1f:77:5b:27:cf:
                    57:14:29:8e:e3:1b:61:2e:b8:d0:06:ac:9e:80:2c:
                    2b:46:fe:50:ad:5a:0d:fd:8d:c6:2b:e1:ff:4e:8d:
                    cd:74:c1:48:20:05:69:bc:0d:68:c3:65:05:00:da:
                    d0:3d:bd:f1:c9:53:1c:8f:7a:98:b8:0e:fe:31:53:
                    2d:fd:fc:5e:f9:b7:7d:10:3b:7d:d7:c3:23:81:92:
                    3c:f1:99:3a:f9:e2:74:89:c1:6c:c9:b2:60:ff:15:
                    10:9c:5b:2d:8a:02:6e:0a:f3:e3:65:03:97:b1:38:
                    4f:1f:34:b2:a7:ce:e0:24:38:31:9b:66:4f:1c:3a:
                    47:6b:b8:cc:bd:79:6f:9e:1a:58:e5:9f:e2:a7:1e:
                    ea:76:5e:af:b8:0e:ec:c9:18:3d:53:34:dd:15:93:
                    35:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E2:20:3B:DE:ED:BD:8B:C4:DD:CE:2A:DD:57:86:D6:D5:83:8A:76
            X509v3 Authority Key Identifier:
                keyid:66:82:89:0B:7E:D2:33:47:47:8D:4D:65:DB:09:48:C3:DB:23:EB:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZoKJC37SM0dHjU1l2wlIw9sj6-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/L-IgO97tvYvE3c4q3VeG1tWDinY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2a981d-67f5-484e-be1b-ff64a9ba597c/1/ZoKJC37SM0dHjU1l2wlIw9sj6-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.39.128.0/17
                  185.115.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:45:38:ac:75:e5:b4:31:3f:20:bb:2c:4a:2f:5f:7a:c1:02:
         66:d6:db:8b:1f:d6:e2:66:dd:d8:65:25:27:4a:aa:a7:99:73:
         41:4e:e2:b3:1c:ba:ac:00:9e:5b:5e:5c:c0:70:47:3a:9e:94:
         0f:75:e5:bb:bf:56:ff:b7:ed:dd:c2:97:c1:ec:14:5a:18:91:
         3f:45:ec:37:f3:a4:0c:1f:c8:de:bf:14:c1:90:96:77:b2:da:
         54:90:2b:d5:f0:0b:f4:d1:67:ec:39:03:4e:07:18:c7:63:90:
         87:97:e5:b8:a4:3b:b0:8e:a6:0d:51:37:70:7d:71:95:2c:8a:
         e0:6f:86:62:d0:bc:a1:52:9b:cb:6d:0e:ca:77:52:f8:de:7f:
         99:09:0f:09:65:ee:70:1c:ee:59:07:8c:d7:92:ee:6a:51:42:
         8c:93:93:2a:50:5c:94:d4:c6:5a:c2:ad:c9:4d:c5:13:94:65:
         28:d1:6e:55:6b:fe:b2:9d:83:dc:9e:b3:eb:a2:fb:ac:48:63:
         62:52:77:dd:2c:8c:5a:8f:94:00:55:84:45:88:52:8a:f2:b6:
         1c:5c:a8:79:3c:38:c5:94:33:15:d0:e3:01:40:6f:61:20:a8:
         a2:b8:28:4d:3a:10:11:7a:f7:07:85:52:bf:17:1e:92:78:ee:
         19:2a:d5:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkv0FkRIJa26fBHFKfcX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ODI4OTBiN2VkMjMzNDc0NzhkNGQ2NWRiMDk0OGMzZGIy
M2ViZTcwHhcNMjQwMTAxMTAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmUyMjAzYmRlZWRiZDhiYzRkZGNlMmFkZDU3ODZkNmQ1ODM4YTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiY1lUnHbSJRWKsMJ1o1sL7nJg/wH
dY1Sh/Il+DBRbLEE+nAB+N2Rwigj2LmRLdtsEzZbcHu9XZHmsZvqaJJFYTzvvCSs
mmfigwJNkW36+M4rK3cK3De8kszB50u6G0wDjt9rH3dbJ89XFCmO4xthLrjQBqye
gCwrRv5QrVoN/Y3GK+H/To3NdMFIIAVpvA1ow2UFANrQPb3xyVMcj3qYuA7+MVMt
/fxe+bd9EDt918MjgZI88Zk6+eJ0icFsybJg/xUQnFstigJuCvPjZQOXsThPHzSy
p87gJDgxm2ZPHDpHa7jMvXlvnhpY5Z/ipx7qdl6vuA7syRg9UzTdFZM1SwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC/iIDve7b2LxN3OKt1XhtbVg4p2MB8GA1UdIwQY
MBaAFGaCiQt+0jNHR41NZdsJSMPbI+vnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm9LSkMzN1NNMGRIalUxbDJ3bEl3OXNqNi1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yYTk4MWQtNjdmNS00ODRlLWJlMWIt
ZmY2NGE5YmE1OTdjLzEvTC1JZ085N3R2WXZFM2M0cTNWZUcxdFdEaW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yYTk4MWQtNjdmNS00ODRlLWJlMWItZmY2NGE5YmE1OTdj
LzEvWm9LSkMzN1NNMGRIalUxbDJ3bEl3OXNqNi1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQHVieAAwQC
uXPYMA0GCSqGSIb3DQEBCwUAA4IBAQBDRTisdeW0MT8guyxKL196wQJm1tuLH9bi
Zt3YZSUnSqqnmXNBTuKzHLqsAJ5bXlzAcEc6npQPdeW7v1b/t+3dwpfB7BRaGJE/
Rew386QMH8jevxTBkJZ3stpUkCvV8Av00WfsOQNOBxjHY5CHl+W4pDuwjqYNUTdw
fXGVLIrgb4Zi0LyhUpvLbQ7Kd1L43n+ZCQ8JZe5wHO5ZB4zXku5qUUKMk5MqUFyU
1MZawq3JTcUTlGUo0W5Va/6ynYPcnrProvusSGNiUnfdLIxaj5QAVYRFiFKK8rYc
XKh5PDjFlDMV0OMBQG9hIKiiuChNOhARevcHhVK/Fx6SeO4ZKtUu
-----END CERTIFICATE-----