Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/cc24b9-5918-4557-a832-4017cef5bca9/1/LcuUlGrhIXee-sgNJD-6xSVIxqo.roa
File:                     LcuUlGrhIXee-sgNJD-6xSVIxqo.roa (raw, json)
Hash identifier:          VxNYgNr9vv5MynMoNO1ggKVPvK5Nz83HAt9Tt4jnXbM=
Subject key identifier:   2D:CB:94:94:6A:E1:21:77:9E:FA:C8:0D:24:3F:BA:C5:25:48:C6:AA
Certificate issuer:       /CN=1a71810fec8e7b0b5ec2629e99c89635926c6251
Certificate serial:       018CC4922A54DB1254F00FF4A6509840322B
Authority key identifier: 1A:71:81:0F:EC:8E:7B:0B:5E:C2:62:9E:99:C8:96:35:92:6C:62:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GnGBD-yOewtewmKemciWNZJsYlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/cc24b9-5918-4557-a832-4017cef5bca9/1/LcuUlGrhIXee-sgNJD-6xSVIxqo.roa
Signing time:             Mon 01 Jan 2024 10:29:22 +0000
ROA not before:           Mon 01 Jan 2024 10:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60791
IP address blocks:        185.25.248.0/22 maxlen: 22
                          2a00:7f20::/32 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/cc24b9-5918-4557-a832-4017cef5bca9/1/GnGBD-yOewtewmKemciWNZJsYlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/cc24b9-5918-4557-a832-4017cef5bca9/1/GnGBD-yOewtewmKemciWNZJsYlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GnGBD-yOewtewmKemciWNZJsYlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2a:54:db:12:54:f0:0f:f4:a6:50:98:40:32:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a71810fec8e7b0b5ec2629e99c89635926c6251
        Validity
            Not Before: Jan  1 10:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dcb94946ae121779efac80d243fbac52548c6aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c5:e1:e2:19:c1:e6:88:1c:ab:95:c1:0b:b3:
                    a8:6e:6d:c0:d3:f9:4c:69:ac:b2:66:0e:aa:17:10:
                    80:33:88:12:07:84:d2:f7:25:7a:d2:af:72:80:e0:
                    f5:f8:2b:d4:c3:07:b6:08:72:46:4a:b0:aa:0c:75:
                    e9:95:11:55:67:10:1f:7b:4e:6e:a3:22:8d:76:c3:
                    54:77:48:86:d2:bf:8d:9d:15:89:cd:9c:f1:1b:50:
                    16:ff:bb:22:45:2b:51:58:07:05:b2:28:c0:a5:62:
                    31:3a:66:ca:74:a6:72:d5:35:6c:86:a8:b6:2f:7a:
                    c6:cb:43:c0:3b:d9:a2:5c:0f:8a:f6:c1:fd:11:0c:
                    49:c2:25:22:de:ef:ff:a4:c6:0b:f1:89:e4:d6:59:
                    75:ec:da:a2:56:1c:c7:f3:58:31:a4:e4:6d:f5:7f:
                    a6:29:e5:63:6d:1a:79:41:7c:7d:e9:80:a7:ad:b9:
                    c2:02:d0:69:da:1a:96:21:cc:58:54:e1:ad:65:95:
                    9e:17:89:57:91:1d:75:c3:cd:af:d2:6e:93:39:bb:
                    af:09:53:c4:6c:f5:e0:ca:29:45:49:b2:e2:73:ae:
                    02:69:b2:3e:73:8d:4c:9e:27:8d:34:fd:d1:6b:36:
                    cc:05:76:c3:bb:d0:08:91:4e:3a:11:12:53:dd:04:
                    1f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:CB:94:94:6A:E1:21:77:9E:FA:C8:0D:24:3F:BA:C5:25:48:C6:AA
            X509v3 Authority Key Identifier:
                keyid:1A:71:81:0F:EC:8E:7B:0B:5E:C2:62:9E:99:C8:96:35:92:6C:62:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GnGBD-yOewtewmKemciWNZJsYlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/cc24b9-5918-4557-a832-4017cef5bca9/1/LcuUlGrhIXee-sgNJD-6xSVIxqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/cc24b9-5918-4557-a832-4017cef5bca9/1/GnGBD-yOewtewmKemciWNZJsYlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.248.0/22
                IPv6:
                  2a00:7f20::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:29:61:e1:57:5c:39:de:77:5c:ae:08:76:6d:3e:53:8c:e3:
         08:7c:4b:0a:05:e1:38:10:78:37:7b:8d:8f:49:d4:43:53:f6:
         68:cd:e4:6a:85:dd:fc:8d:9c:70:76:5d:11:78:61:93:12:bc:
         4b:1c:3d:87:7c:e2:26:50:6a:af:e4:8f:56:fc:d7:86:cf:f7:
         ea:b6:bd:29:bf:62:c0:a3:d7:3a:12:b9:8e:b2:9e:47:d3:6d:
         ad:20:68:0d:4c:a2:1a:d1:15:d6:dd:d4:0f:fc:81:14:eb:12:
         00:ea:ab:23:e7:67:0c:f7:79:31:39:8c:ae:dc:d6:1e:c5:d3:
         0d:89:a9:25:55:80:0b:3e:05:65:6b:36:c4:d2:b3:75:a8:87:
         c6:9d:87:ea:de:bf:b5:ff:d6:33:73:87:7b:2e:e3:af:c3:fa:
         17:2f:9a:88:02:96:21:b5:4c:4c:c9:db:05:88:1e:e7:2c:4e:
         b6:2f:57:2a:86:9b:8f:f4:d7:c5:e0:d9:8e:95:97:fb:ea:2c:
         fd:14:23:ee:93:3c:67:97:5a:ef:7f:05:68:43:6f:f2:b7:e8:
         20:a0:f6:16:8b:bd:9a:18:3a:12:e8:14:e5:63:b0:4f:6d:6f:
         eb:f3:32:18:f5:c3:e9:b4:eb:4c:fc:cf:b6:ce:cd:1c:10:1f:
         ff:0a:da:2c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkipU2xJU8A/0plCYQDIrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNzE4MTBmZWM4ZTdiMGI1ZWMyNjI5ZTk5Yzg5NjM1OTI2
YzYyNTEwHhcNMjQwMTAxMTAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGNiOTQ5NDZhZTEyMTc3OWVmYWM4MGQyNDNmYmFjNTI1NDhjNmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8Xh4hnB5ogcq5XBC7Oobm3A0/lM
aayyZg6qFxCAM4gSB4TS9yV60q9ygOD1+CvUwwe2CHJGSrCqDHXplRFVZxAfe05u
oyKNdsNUd0iG0r+NnRWJzZzxG1AW/7siRStRWAcFsijApWIxOmbKdKZy1TVshqi2
L3rGy0PAO9miXA+K9sH9EQxJwiUi3u//pMYL8Ynk1ll17NqiVhzH81gxpORt9X+m
KeVjbRp5QXx96YCnrbnCAtBp2hqWIcxYVOGtZZWeF4lXkR11w82v0m6TObuvCVPE
bPXgyilFSbLic64CabI+c41MnieNNP3RazbMBXbDu9AIkU46ERJT3QQfYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC3LlJRq4SF3nvrIDSQ/usUlSMaqMB8GA1UdIwQY
MBaAFBpxgQ/sjnsLXsJinpnIljWSbGJRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR25HQkQteU9ld3Rld21LZW1jaVdOWkpzWWxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9jYzI0YjktNTkxOC00NTU3LWE4MzIt
NDAxN2NlZjViY2E5LzEvTGN1VWxHcmhJWGVlLXNnTkpELTZ4U1ZJeHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9jYzI0YjktNTkxOC00NTU3LWE4MzItNDAxN2NlZjViY2E5
LzEvR25HQkQteU9ld3Rld21LZW1jaVdOWkpzWWxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRn4MA0E
AgACMAcDBQAqAH8gMA0GCSqGSIb3DQEBCwUAA4IBAQBEKWHhV1w53ndcrgh2bT5T
jOMIfEsKBeE4EHg3e42PSdRDU/ZozeRqhd38jZxwdl0ReGGTErxLHD2HfOImUGqv
5I9W/NeGz/fqtr0pv2LAo9c6ErmOsp5H022tIGgNTKIa0RXW3dQP/IEU6xIA6qsj
52cM93kxOYyu3NYexdMNiaklVYALPgVlazbE0rN1qIfGnYfq3r+1/9Yzc4d7LuOv
w/oXL5qIApYhtUxMydsFiB7nLE62L1cqhpuP9NfF4NmOlZf76iz9FCPukzxnl1rv
fwVoQ2/yt+ggoPYWi72aGDoS6BTlY7BPbW/r8zIY9cPptOtM/M+2zs0cEB//Ctos
-----END CERTIFICATE-----