Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/LJOam5EuaTjFrK0WLyL4258kKqg.roa
File:                     LJOam5EuaTjFrK0WLyL4258kKqg.roa (raw, json)
Hash identifier:          jnRgiFyESMLm/CqojABty9iAj+7+8q/kwsKdXX3jgN0=
Subject key identifier:   2C:93:9A:9B:91:2E:69:38:C5:AC:AD:16:2F:22:F8:DB:9F:24:2A:A8
Certificate issuer:       /CN=9b340699c8ed970a8c9ed8c162088f2067c33250
Certificate serial:       018CC64B1E92BD0191D3A4BB1AA7C23648EC
Authority key identifier: 9B:34:06:99:C8:ED:97:0A:8C:9E:D8:C1:62:08:8F:20:67:C3:32:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mzQGmcjtlwqMntjBYgiPIGfDMlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/LJOam5EuaTjFrK0WLyL4258kKqg.roa
Signing time:             Mon 01 Jan 2024 18:31:00 +0000
ROA not before:           Mon 01 Jan 2024 18:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43905
IP address blocks:        93.91.96.0/21 maxlen: 21
                          185.85.130.0/23 maxlen: 23
                          213.234.64.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/mzQGmcjtlwqMntjBYgiPIGfDMlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/mzQGmcjtlwqMntjBYgiPIGfDMlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mzQGmcjtlwqMntjBYgiPIGfDMlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1e:92:bd:01:91:d3:a4:bb:1a:a7:c2:36:48:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b340699c8ed970a8c9ed8c162088f2067c33250
        Validity
            Not Before: Jan  1 18:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c939a9b912e6938c5acad162f22f8db9f242aa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c7:dc:ac:56:f1:4d:1f:26:b1:c8:81:38:1d:
                    39:23:83:dc:2f:48:20:7d:25:71:1f:b9:d6:fa:9a:
                    19:e2:b8:40:59:d3:78:be:d3:19:0b:cd:ac:dc:75:
                    91:6e:63:cc:67:f3:7a:a7:61:bb:04:41:b9:f2:03:
                    f9:00:8b:05:42:6c:a5:55:59:3e:82:87:cf:9c:90:
                    88:f4:22:10:5e:2d:b8:b4:0b:4a:ab:24:1a:3d:47:
                    c6:c4:47:e8:0e:02:86:9c:9f:c0:02:2e:6e:10:f0:
                    4a:c8:9d:56:d1:6a:82:8f:78:97:2e:78:7b:a4:59:
                    b1:77:a5:0b:73:c4:45:29:fc:00:3b:dd:84:80:e2:
                    7c:0a:3d:a4:73:89:bc:e7:9b:cb:87:ad:25:49:ab:
                    dc:d2:55:9a:83:cb:37:e6:4a:9e:43:39:bc:1b:24:
                    7a:97:0a:b7:04:7a:dc:d6:8d:06:32:ec:59:3a:44:
                    cb:16:89:aa:a8:ad:a2:34:b9:c2:74:e3:f6:cc:89:
                    b3:ac:79:d1:d5:4b:90:f2:e6:02:d2:63:54:62:49:
                    6c:19:a3:0a:ee:45:bc:26:f1:85:b6:97:3b:30:dc:
                    a0:ba:70:3d:e6:83:6b:a3:4a:af:73:41:34:eb:93:
                    eb:cd:18:12:19:70:7f:2f:40:98:af:cd:b8:ff:5f:
                    58:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:93:9A:9B:91:2E:69:38:C5:AC:AD:16:2F:22:F8:DB:9F:24:2A:A8
            X509v3 Authority Key Identifier:
                keyid:9B:34:06:99:C8:ED:97:0A:8C:9E:D8:C1:62:08:8F:20:67:C3:32:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mzQGmcjtlwqMntjBYgiPIGfDMlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/LJOam5EuaTjFrK0WLyL4258kKqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/6f4940-5abc-49b4-9747-e08be0edaf76/1/mzQGmcjtlwqMntjBYgiPIGfDMlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.91.96.0/21
                  185.85.130.0/23
                  213.234.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         32:f5:8a:3f:fe:39:d0:a7:25:5e:39:d8:0a:2d:0b:3e:93:d1:
         a0:19:ad:f7:b9:bf:af:8c:44:9d:1e:fc:36:fe:a1:44:84:a2:
         6a:db:43:d0:cc:6c:8c:df:e7:bb:3d:8d:37:dd:b8:e7:b8:57:
         a1:c1:91:bd:a0:26:76:e2:f1:36:0a:88:0c:c4:3a:02:b0:a0:
         7b:3a:7d:4a:b5:f3:eb:08:41:16:1e:3d:f1:3d:ad:ba:87:eb:
         b2:d6:0c:2c:79:3c:c4:15:e2:a8:a4:ae:0e:e6:37:cf:05:e1:
         e6:7e:1c:37:75:65:6c:12:ab:90:8d:97:a3:31:92:2e:df:53:
         28:3e:25:ae:b1:95:87:34:a8:d9:83:c1:19:bc:a9:a7:3e:91:
         b1:1a:1e:6a:9c:36:a4:41:0a:de:c8:90:a2:dc:aa:f1:13:13:
         6c:0c:27:41:66:1f:c4:b2:8f:1e:c4:78:46:7a:f0:11:83:d0:
         6b:5a:12:bd:b7:98:f0:c6:06:35:04:ec:7e:fe:9a:27:05:f5:
         82:14:e9:e4:02:90:cf:de:d2:30:5a:a0:9a:df:03:40:44:e8:
         02:de:b7:c7:07:72:38:3e:88:67:62:37:e7:63:b3:a7:b3:f4:
         d0:7a:2d:43:d4:ac:23:b4:ec:a9:5c:c9:91:32:70:27:25:5d:
         06:ef:3d:da
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGSx6SvQGR06S7GqfCNkjsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMzQwNjk5YzhlZDk3MGE4YzllZDhjMTYyMDg4ZjIwNjdj
MzMyNTAwHhcNMjQwMTAxMTgzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzkzOWE5YjkxMmU2OTM4YzVhY2FkMTYyZjIyZjhkYjlmMjQyYWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsfcrFbxTR8msciBOB05I4PcL0gg
fSVxH7nW+poZ4rhAWdN4vtMZC82s3HWRbmPMZ/N6p2G7BEG58gP5AIsFQmylVVk+
gofPnJCI9CIQXi24tAtKqyQaPUfGxEfoDgKGnJ/AAi5uEPBKyJ1W0WqCj3iXLnh7
pFmxd6ULc8RFKfwAO92EgOJ8Cj2kc4m855vLh60lSavc0lWag8s35kqeQzm8GyR6
lwq3BHrc1o0GMuxZOkTLFomqqK2iNLnCdOP2zImzrHnR1UuQ8uYC0mNUYklsGaMK
7kW8JvGFtpc7MNygunA95oNro0qvc0E065PrzRgSGXB/L0CYr824/19YvwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCyTmpuRLmk4xaytFi8i+NufJCqoMB8GA1UdIwQY
MBaAFJs0BpnI7ZcKjJ7YwWIIjyBnwzJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXpRR21janRsd3FNbnRqQllnaVBJR2ZETWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82ZjQ5NDAtNWFiYy00OWI0LTk3NDct
ZTA4YmUwZWRhZjc2LzEvTEpPYW01RXVhVGpGckswV0x5TDQyNThrS3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82ZjQ5NDAtNWFiYy00OWI0LTk3NDctZTA4YmUwZWRhZjc2
LzEvbXpRR21janRsd3FNbnRqQllnaVBJR2ZETWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDXVtgAwQB
uVWCAwQG1epAMA0GCSqGSIb3DQEBCwUAA4IBAQAy9Yo//jnQpyVeOdgKLQs+k9Gg
Ga33ub+vjESdHvw2/qFEhKJq20PQzGyM3+e7PY033bjnuFehwZG9oCZ24vE2CogM
xDoCsKB7On1KtfPrCEEWHj3xPa26h+uy1gwseTzEFeKopK4O5jfPBeHmfhw3dWVs
EquQjZejMZIu31MoPiWusZWHNKjZg8EZvKmnPpGxGh5qnDakQQreyJCi3KrxExNs
DCdBZh/Eso8exHhGevARg9BrWhK9t5jwxgY1BOx+/ponBfWCFOnkApDP3tIwWqCa
3wNAROgC3rfHB3I4PohnYjfnY7Ons/TQei1D1KwjtOypXMmRMnAnJV0G7z3a
-----END CERTIFICATE-----