Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Lvb6L7LGXm4-nCkhySVpft5zjtk.roa
File:                     Lvb6L7LGXm4-nCkhySVpft5zjtk.roa (raw, json)
Hash identifier:          kA6Tzi/HJIsarD78IIROFiXCuLvXDWV+rg2OhEO6hZQ=
Subject key identifier:   2E:F6:FA:2F:B2:C6:5E:6E:3E:9C:29:21:C9:25:69:7E:DE:73:8E:D9
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D719F6B41EA5AA8DA08132E1A9FD
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Lvb6L7LGXm4-nCkhySVpft5zjtk.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206484
IP address blocks:        217.111.138.0/24 maxlen: 24
                          62.192.11.0/24 maxlen: 24
                          213.173.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d7:19:f6:b4:1e:a5:aa:8d:a0:81:32:e1:a9:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ef6fa2fb2c65e6e3e9c2921c925697ede738ed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:21:a8:77:c3:cc:64:e3:98:7c:3b:6e:41:ff:
                    f5:89:6a:1c:f2:a2:ba:f1:59:1f:02:d0:3a:2f:16:
                    10:a2:9d:1d:ed:23:2d:f3:31:d9:f1:bf:d9:cb:54:
                    81:65:09:e7:cb:e7:05:4e:5b:b1:68:4e:cd:79:57:
                    a1:63:55:2f:7f:f8:49:3c:3e:05:51:c4:cc:34:81:
                    31:6c:08:45:35:56:b2:44:c3:56:b1:9f:55:d0:18:
                    7d:37:37:03:1f:a3:67:5b:2a:7f:9c:40:5a:90:c3:
                    05:78:54:24:11:8c:45:23:37:89:6d:2e:e5:c1:55:
                    72:f0:52:74:f9:bb:02:60:2d:5f:07:41:da:05:48:
                    3a:1a:61:51:6c:c7:14:d3:20:4e:18:c3:89:12:45:
                    2a:eb:c8:34:36:dd:13:e8:28:dc:65:3d:e9:ec:cd:
                    b0:a0:95:69:85:b0:49:e8:b3:cb:f4:83:28:30:02:
                    08:38:dd:02:cb:61:a8:1f:36:3f:a1:ed:17:8b:78:
                    24:ae:1c:a0:de:1d:2b:fe:9e:10:4e:69:64:6f:e8:
                    93:ac:55:b8:13:ae:f8:b6:ec:57:de:37:ca:01:a7:
                    97:57:43:35:cd:97:8c:46:9d:4f:0b:f6:d1:85:0a:
                    df:94:2b:4e:92:a9:19:ef:90:dd:44:13:d3:76:77:
                    7d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:F6:FA:2F:B2:C6:5E:6E:3E:9C:29:21:C9:25:69:7E:DE:73:8E:D9
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Lvb6L7LGXm4-nCkhySVpft5zjtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.11.0/24
                  213.173.161.0/24
                  217.111.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:5a:de:6b:96:0b:fb:0c:56:7c:7b:bf:f5:6b:b1:5f:af:7f:
         3e:e4:33:93:3a:3f:84:7a:79:f7:87:51:f3:73:da:a6:9f:e3:
         92:8d:29:6f:77:be:eb:6e:e3:16:e7:69:bf:8e:b1:12:62:fc:
         af:ca:bd:18:e0:25:a1:d5:7f:8b:ec:69:e9:7e:e4:d3:90:a0:
         ff:4f:2b:ae:40:a4:cf:20:7e:f0:f7:25:3e:29:51:22:13:b7:
         25:e2:3d:df:2f:8f:a5:f0:22:18:dd:f6:70:8f:89:b2:c2:ac:
         86:4a:1c:30:87:34:67:ba:62:40:82:0b:13:61:10:27:a3:4a:
         96:74:46:98:23:4d:b7:2a:9d:13:e5:e7:68:23:0b:31:67:bf:
         1b:09:11:04:94:58:86:1b:b6:0c:95:0c:8f:6d:7d:f3:a1:03:
         22:0d:ab:c3:54:1f:77:a5:12:e1:9d:dc:94:68:5e:7b:4e:5b:
         3d:fd:47:7e:92:44:84:a2:e8:92:82:bf:2f:7e:29:51:f3:df:
         42:ad:9c:62:86:04:80:bb:11:c2:23:0e:4e:8c:9a:3a:df:49:
         4a:5e:70:69:fe:a0:13:29:0e:1a:97:94:92:46:a4:e8:99:0c:
         8d:56:47:83:83:f3:8e:88:bc:d2:8a:43:a5:83:c1:6a:b4:bc:
         bc:30:eb:fb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDttcZ9rQepaqNoIEy4an9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWY2ZmEyZmIyYzY1ZTZlM2U5YzI5MjFjOTI1Njk3ZWRlNzM4ZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCGod8PMZOOYfDtuQf/1iWoc8qK6
8VkfAtA6LxYQop0d7SMt8zHZ8b/Zy1SBZQnny+cFTluxaE7NeVehY1Uvf/hJPD4F
UcTMNIExbAhFNVayRMNWsZ9V0Bh9NzcDH6NnWyp/nEBakMMFeFQkEYxFIzeJbS7l
wVVy8FJ0+bsCYC1fB0HaBUg6GmFRbMcU0yBOGMOJEkUq68g0Nt0T6CjcZT3p7M2w
oJVphbBJ6LPL9IMoMAIION0Cy2GoHzY/oe0Xi3gkrhyg3h0r/p4QTmlkb+iTrFW4
E674tuxX3jfKAaeXV0M1zZeMRp1PC/bRhQrflCtOkqkZ75DdRBPTdnd9zwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC72+i+yxl5uPpwpIcklaX7ec47ZMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvTHZiNkw3TEdYbTQtbkNraHlTVnBmdDV6anRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPsALAwQA
1a2hAwQA2W+KMA0GCSqGSIb3DQEBCwUAA4IBAQCYWt5rlgv7DFZ8e7/1a7Ffr38+
5DOTOj+Eenn3h1Hzc9qmn+OSjSlvd77rbuMW52m/jrESYvyvyr0Y4CWh1X+L7Gnp
fuTTkKD/TyuuQKTPIH7w9yU+KVEiE7cl4j3fL4+l8CIY3fZwj4mywqyGShwwhzRn
umJAggsTYRAno0qWdEaYI023Kp0T5edoIwsxZ78bCREElFiGG7YMlQyPbX3zoQMi
DavDVB93pRLhndyUaF57Tls9/Ud+kkSEouiSgr8vfilR899CrZxihgSAuxHCIw5O
jJo630lKXnBp/qATKQ4al5SSRqTomQyNVkeDg/OOiLzSikOlg8FqtLy8MOv7
-----END CERTIFICATE-----