Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/LgftrbGLkXUsciG_uH7qi41wzQ8.roa
File:                     LgftrbGLkXUsciG_uH7qi41wzQ8.roa (raw, json)
Hash identifier:          N79U0I7Gr3bdnZ966DwYzKA0gzLt5iGoxzRy1JhsSSk=
Subject key identifier:   2E:07:ED:AD:B1:8B:91:75:2C:72:21:BF:B8:7E:EA:8B:8D:70:CD:0F
Certificate issuer:       /CN=e10d5c29a3439703d89b5abf03a75d861771bef4
Certificate serial:       018CC56EE3212909D19E2FFAB81926DB8AA9
Authority key identifier: E1:0D:5C:29:A3:43:97:03:D8:9B:5A:BF:03:A7:5D:86:17:71:BE:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/LgftrbGLkXUsciG_uH7qi41wzQ8.roa
Signing time:             Mon 01 Jan 2024 14:30:27 +0000
ROA not before:           Mon 01 Jan 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64447
IP address blocks:        188.119.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e3:21:29:09:d1:9e:2f:fa:b8:19:26:db:8a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e10d5c29a3439703d89b5abf03a75d861771bef4
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e07edadb18b91752c7221bfb87eea8b8d70cd0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:72:39:49:16:d4:47:e4:dc:ca:dd:e6:2c:c3:
                    f8:e1:ce:75:c6:4d:23:bf:0f:e6:8e:e9:86:15:e2:
                    c6:fd:7d:3e:71:4f:17:fd:f3:6c:de:1f:2c:f2:bc:
                    46:e5:2a:ed:32:09:b5:f9:81:c1:83:d4:dd:23:10:
                    16:94:ea:cd:27:ca:b0:ef:6f:6b:ed:ff:fe:ac:75:
                    06:69:82:31:30:c1:87:5e:54:3a:f0:07:7d:e0:5e:
                    50:07:af:f8:c1:41:3d:18:ed:05:01:ae:79:92:a7:
                    64:2b:53:87:64:c8:9f:fe:a6:9f:81:53:86:e8:ef:
                    5f:20:95:b0:c4:fb:e7:02:85:cf:44:5f:cb:67:04:
                    43:81:89:27:05:94:30:17:f4:8f:a8:b0:be:3b:2c:
                    f9:cb:8a:d8:e2:f8:37:85:0c:d5:dc:ad:89:73:aa:
                    62:a3:46:c2:be:47:7d:5e:46:27:3e:69:12:da:9c:
                    38:ea:32:6e:76:93:38:a4:1f:ba:b2:52:74:5b:03:
                    c4:11:34:80:86:a3:3c:2b:ea:c5:3b:dd:60:a8:60:
                    8b:bf:d4:15:a3:62:3a:2d:d9:b6:ed:dd:a0:db:0c:
                    56:ec:11:4c:26:35:ce:53:be:17:4a:a6:06:4c:76:
                    5f:77:aa:c6:32:d8:85:6d:7d:6f:7d:22:db:85:be:
                    b8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:07:ED:AD:B1:8B:91:75:2C:72:21:BF:B8:7E:EA:8B:8D:70:CD:0F
            X509v3 Authority Key Identifier:
                keyid:E1:0D:5C:29:A3:43:97:03:D8:9B:5A:BF:03:A7:5D:86:17:71:BE:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/LgftrbGLkXUsciG_uH7qi41wzQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:a3:a0:04:be:12:8e:09:26:57:90:49:52:68:ea:a3:47:e0:
         3d:b7:fd:ce:77:4a:5c:eb:28:18:54:58:9c:ed:4e:2f:15:5e:
         09:c7:99:4b:64:bb:87:bc:f9:ee:64:08:be:ab:2f:7e:c3:81:
         90:40:b5:3b:f6:9f:11:78:5f:a4:23:22:8b:23:66:e5:3b:72:
         b5:1f:0f:c2:e9:08:0c:d7:af:e3:61:5e:12:77:e6:7c:98:61:
         0a:64:bc:2b:a5:8a:ce:ee:cd:b0:89:51:4a:21:c2:5b:b9:16:
         58:a0:14:46:58:2d:bc:f3:f1:4e:f4:51:6f:57:b6:7c:61:60:
         a5:d6:c5:21:11:ee:f4:73:9b:27:ae:39:49:51:59:e2:f7:16:
         da:22:cc:36:e6:1c:de:e1:74:71:a3:16:b6:21:11:c2:76:96:
         da:ad:81:3c:f6:29:e5:18:f0:6e:a2:e2:be:45:03:36:4d:ff:
         c3:a0:69:b2:86:6d:9d:00:82:74:0e:35:d1:d5:70:c5:ef:6e:
         16:e8:bc:8a:de:b8:47:48:ac:a5:fd:81:e3:ee:09:83:18:5a:
         fa:af:f7:ec:21:16:6f:fd:04:64:63:98:df:1a:6e:54:4b:24:
         b7:2b:8a:81:38:13:ad:d7:84:5a:72:f7:3e:8b:58:62:a6:57:
         1b:05:91:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuMhKQnRni/6uBkm24qpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMGQ1YzI5YTM0Mzk3MDNkODliNWFiZjAzYTc1ZDg2MTc3
MWJlZjQwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTA3ZWRhZGIxOGI5MTc1MmM3MjIxYmZiODdlZWE4YjhkNzBjZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXI5SRbUR+Tcyt3mLMP44c51xk0j
vw/mjumGFeLG/X0+cU8X/fNs3h8s8rxG5SrtMgm1+YHBg9TdIxAWlOrNJ8qw729r
7f/+rHUGaYIxMMGHXlQ68Ad94F5QB6/4wUE9GO0FAa55kqdkK1OHZMif/qafgVOG
6O9fIJWwxPvnAoXPRF/LZwRDgYknBZQwF/SPqLC+Oyz5y4rY4vg3hQzV3K2Jc6pi
o0bCvkd9XkYnPmkS2pw46jJudpM4pB+6slJ0WwPEETSAhqM8K+rFO91gqGCLv9QV
o2I6Ldm27d2g2wxW7BFMJjXOU74XSqYGTHZfd6rGMtiFbX1vfSLbhb64AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4H7a2xi5F1LHIhv7h+6ouNcM0PMB8GA1UdIwQY
MBaAFOENXCmjQ5cD2JtavwOnXYYXcb70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFExY0thTkRsd1BZbTFxX0E2ZGRoaGR4dnZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8zZWRiNDctZmQ2ZS00YzU5LWE3YWIt
ZTQyYTU4MDY0YTYzLzEvTGdmdHJiR0xrWFVzY2lHX3VIN3FpNDF3elE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8zZWRiNDctZmQ2ZS00YzU5LWE3YWItZTQyYTU4MDY0YTYz
LzEvNFExY0thTkRsd1BZbTFxX0E2ZGRoaGR4dnZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHcdMA0G
CSqGSIb3DQEBCwUAA4IBAQB/o6AEvhKOCSZXkElSaOqjR+A9t/3Od0pc6ygYVFic
7U4vFV4Jx5lLZLuHvPnuZAi+qy9+w4GQQLU79p8ReF+kIyKLI2blO3K1Hw/C6QgM
16/jYV4Sd+Z8mGEKZLwrpYrO7s2wiVFKIcJbuRZYoBRGWC288/FO9FFvV7Z8YWCl
1sUhEe70c5snrjlJUVni9xbaIsw25hze4XRxoxa2IRHCdpbarYE89inlGPBuouK+
RQM2Tf/DoGmyhm2dAIJ0DjXR1XDF724W6LyK3rhHSKyl/YHj7gmDGFr6r/fsIRZv
/QRkY5jfGm5USyS3K4qBOBOt14Racvc+i1hiplcbBZHX
-----END CERTIFICATE-----