Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/LIfOtxAKUPdV_NUNInS3wfxYvGE.roa
File:                     LIfOtxAKUPdV_NUNInS3wfxYvGE.roa (raw, json)
Hash identifier:          Td3H1Qmi3U1ybrK+hi4aHVMLWXDBLugb4Oua+jABNSM=
Subject key identifier:   2C:87:CE:B7:10:0A:50:F7:55:FC:D5:0D:22:74:B7:C1:FC:58:BC:61
Certificate issuer:       /CN=3a34889251e7cb133e906c70891ba1a0495ed860
Certificate serial:       018CC3B72D52EA76361BE87521F78BD08F67
Authority key identifier: 3A:34:88:92:51:E7:CB:13:3E:90:6C:70:89:1B:A1:A0:49:5E:D8:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OjSIklHnyxM-kGxwiRuhoEle2GA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/LIfOtxAKUPdV_NUNInS3wfxYvGE.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206150
IP address blocks:        185.195.60.0/24 maxlen: 24
                          185.240.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/OjSIklHnyxM-kGxwiRuhoEle2GA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/OjSIklHnyxM-kGxwiRuhoEle2GA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OjSIklHnyxM-kGxwiRuhoEle2GA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2d:52:ea:76:36:1b:e8:75:21:f7:8b:d0:8f:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a34889251e7cb133e906c70891ba1a0495ed860
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c87ceb7100a50f755fcd50d2274b7c1fc58bc61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:45:7d:06:ea:14:db:aa:9d:5c:26:a8:0f:1a:
                    f0:94:8a:77:2a:39:bb:0c:c8:1d:1c:fd:3b:fd:46:
                    49:42:cd:f5:30:9d:1f:55:b4:df:e0:a6:10:90:dd:
                    03:e7:f3:c8:7d:e0:e2:8b:b5:0d:8c:b0:0e:00:fa:
                    59:00:47:aa:ba:dd:1b:53:b8:de:96:b6:fd:ad:6c:
                    e2:13:c1:8d:7a:95:7d:91:d3:26:aa:4a:43:37:73:
                    80:5e:5a:dd:b6:99:3e:7d:4d:df:dd:d4:72:4e:9d:
                    d5:e8:6f:23:13:43:bf:86:be:ef:b6:05:fd:f9:bc:
                    12:9f:ba:54:1f:30:ff:7d:e8:d7:cc:62:81:c9:76:
                    ae:02:2c:d2:4b:20:fe:f1:8e:b9:dc:a6:6f:b2:3e:
                    59:ec:79:a5:e5:70:ef:83:e6:2b:68:83:e6:7c:03:
                    65:34:4e:5a:62:5c:73:c0:38:6b:6f:99:84:c2:31:
                    8e:7b:f6:9a:65:f2:93:31:25:02:95:20:80:da:42:
                    4e:be:81:1e:80:00:30:1b:2d:7e:c4:42:12:7d:d2:
                    7d:66:72:43:b7:62:9d:39:63:76:30:38:bc:46:ab:
                    05:70:2a:e4:a9:9a:a5:5f:87:f1:3a:7a:18:9f:3d:
                    7a:66:a2:f7:23:16:c7:5f:77:0a:2a:5b:85:84:33:
                    7c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:87:CE:B7:10:0A:50:F7:55:FC:D5:0D:22:74:B7:C1:FC:58:BC:61
            X509v3 Authority Key Identifier:
                keyid:3A:34:88:92:51:E7:CB:13:3E:90:6C:70:89:1B:A1:A0:49:5E:D8:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OjSIklHnyxM-kGxwiRuhoEle2GA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/LIfOtxAKUPdV_NUNInS3wfxYvGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/91182a-f34b-4a15-b363-84f9ed87ac31/1/OjSIklHnyxM-kGxwiRuhoEle2GA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.60.0/24
                  185.240.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:70:de:82:53:dd:78:18:bc:f3:64:fe:e1:65:4b:70:03:1a:
         13:33:02:b5:85:38:c4:13:23:6a:1a:a2:53:6c:0d:b3:43:7a:
         1a:41:c5:4f:8b:03:13:c7:c2:3a:b8:3b:f6:09:6c:cf:7b:9c:
         0e:01:5a:cf:ec:bf:99:ce:ee:63:e2:20:b1:34:43:c7:0b:87:
         6f:d0:10:15:e7:ec:b6:70:70:05:6e:15:7f:65:4d:63:d0:9f:
         4b:70:3a:12:cf:dd:dd:2e:20:38:a3:71:96:b5:27:20:5e:1c:
         81:85:ee:78:f0:b6:f6:a5:05:cf:f6:57:86:29:d6:f8:0d:06:
         23:1e:95:1e:f8:f9:92:b7:1e:d5:57:28:23:7b:00:6f:63:03:
         9c:e1:06:56:f6:26:b8:af:d5:ac:16:b7:ed:08:1c:ed:60:7b:
         28:7b:cf:74:f3:90:3f:69:fe:a1:81:72:20:dc:03:e3:0b:1b:
         d3:ea:5f:c5:3e:87:9c:7b:30:e0:fc:88:8f:87:60:3e:83:b5:
         1d:24:56:90:b8:73:23:6f:f4:ea:7c:63:dd:0a:1b:ef:6b:d6:
         98:99:74:3b:33:e9:79:d7:8b:12:84:1d:39:99:98:f8:8b:e5:
         b9:b3:34:d6:d9:df:1d:a8:02:d7:17:6e:43:68:c2:cf:cf:17:
         41:3f:4d:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDty1S6nY2G+h1IfeL0I9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMzQ4ODkyNTFlN2NiMTMzZTkwNmM3MDg5MWJhMWEwNDk1
ZWQ4NjAwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzg3Y2ViNzEwMGE1MGY3NTVmY2Q1MGQyMjc0YjdjMWZjNThiYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUV9BuoU26qdXCaoDxrwlIp3Kjm7
DMgdHP07/UZJQs31MJ0fVbTf4KYQkN0D5/PIfeDii7UNjLAOAPpZAEequt0bU7je
lrb9rWziE8GNepV9kdMmqkpDN3OAXlrdtpk+fU3f3dRyTp3V6G8jE0O/hr7vtgX9
+bwSn7pUHzD/fejXzGKByXauAizSSyD+8Y653KZvsj5Z7Hml5XDvg+YraIPmfANl
NE5aYlxzwDhrb5mEwjGOe/aaZfKTMSUClSCA2kJOvoEegAAwGy1+xEISfdJ9ZnJD
t2KdOWN2MDi8RqsFcCrkqZqlX4fxOnoYnz16ZqL3IxbHX3cKKluFhDN8awIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCyHzrcQClD3VfzVDSJ0t8H8WLxhMB8GA1UdIwQY
MBaAFDo0iJJR58sTPpBscIkboaBJXthgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2pTSWtsSG55eE0ta0d4d2lSdWhvRWxlMkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS85MTE4MmEtZjM0Yi00YTE1LWIzNjMt
ODRmOWVkODdhYzMxLzEvTElmT3R4QUtVUGRWX05VTkluUzN3ZnhZdkdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS85MTE4MmEtZjM0Yi00YTE1LWIzNjMtODRmOWVkODdhYzMx
LzEvT2pTSWtsSG55eE0ta0d4d2lSdWhvRWxlMkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucM8AwQA
ufBPMA0GCSqGSIb3DQEBCwUAA4IBAQAWcN6CU914GLzzZP7hZUtwAxoTMwK1hTjE
EyNqGqJTbA2zQ3oaQcVPiwMTx8I6uDv2CWzPe5wOAVrP7L+Zzu5j4iCxNEPHC4dv
0BAV5+y2cHAFbhV/ZU1j0J9LcDoSz93dLiA4o3GWtScgXhyBhe548Lb2pQXP9leG
Kdb4DQYjHpUe+PmStx7VVygjewBvYwOc4QZW9ia4r9WsFrftCBztYHsoe89085A/
af6hgXIg3APjCxvT6l/FPoecezDg/IiPh2A+g7UdJFaQuHMjb/TqfGPdChvva9aY
mXQ7M+l514sShB05mZj4i+W5szTW2d8dqALXF25DaMLPzxdBP02z
-----END CERTIFICATE-----