Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/LulM4q1b7Y4vZfSBPVeO74LNFP8.roa
File:                     LulM4q1b7Y4vZfSBPVeO74LNFP8.roa (raw, json)
Hash identifier:          LKLSMZDxw5IEhMjsf3z82IITw36gqI9JKqUwKgxT5XY=
Subject key identifier:   2E:E9:4C:E2:AD:5B:ED:8E:2F:65:F4:81:3D:57:8E:EF:82:CD:14:FF
Certificate issuer:       /CN=42a6e640198013de12a251f086030cd78c732516
Certificate serial:       018CC26D134CC299E84EF11FC2C5F71FEC3A
Authority key identifier: 42:A6:E6:40:19:80:13:DE:12:A2:51:F0:86:03:0C:D7:8C:73:25:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QqbmQBmAE94SolHwhgMM14xzJRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/LulM4q1b7Y4vZfSBPVeO74LNFP8.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20672
IP address blocks:        185.14.180.0/22 maxlen: 24
                          2a03:b6c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/QqbmQBmAE94SolHwhgMM14xzJRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/QqbmQBmAE94SolHwhgMM14xzJRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QqbmQBmAE94SolHwhgMM14xzJRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:13:4c:c2:99:e8:4e:f1:1f:c2:c5:f7:1f:ec:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42a6e640198013de12a251f086030cd78c732516
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ee94ce2ad5bed8e2f65f4813d578eef82cd14ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:da:dd:3c:38:50:1c:4f:33:53:38:5d:a7:5b:
                    31:d1:78:40:db:bc:9b:4f:fa:82:0b:bb:78:ae:3a:
                    61:76:2e:ea:bf:91:b8:cc:b3:9f:cf:23:a7:5e:0f:
                    92:1d:7b:08:d2:4e:6a:53:cd:62:b6:a1:eb:d9:45:
                    ca:5e:7b:ae:be:cb:e1:f4:66:87:8c:64:2b:0f:84:
                    10:1a:0b:a8:65:8c:77:01:af:c7:62:82:8b:eb:8b:
                    65:aa:0e:e1:c7:30:3a:59:56:d3:8f:b4:18:eb:5d:
                    ce:19:10:9a:c2:22:6f:e8:b0:cd:64:08:62:1a:24:
                    43:b1:36:49:bf:5f:20:95:b0:26:fe:1b:58:e5:86:
                    12:5f:1c:58:56:29:3c:78:77:e8:5f:39:34:4b:93:
                    d1:f9:45:c7:c8:e2:5f:f1:e7:9a:38:ac:1a:d0:b0:
                    9e:50:a2:24:4e:da:7e:57:24:c3:55:dd:76:4c:a2:
                    d3:43:ab:a6:8d:cf:33:e7:ea:fa:98:42:e3:50:42:
                    70:38:ec:18:05:32:e4:94:3c:6b:e1:bb:8e:b1:2f:
                    3b:dd:84:5c:7a:d7:9b:a7:6d:66:ee:9b:bf:fc:48:
                    cf:c7:69:aa:cf:f1:86:6c:b3:1d:db:b0:17:e0:46:
                    07:b2:09:81:75:b3:c4:49:b0:10:b5:ee:b5:b6:53:
                    ef:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:E9:4C:E2:AD:5B:ED:8E:2F:65:F4:81:3D:57:8E:EF:82:CD:14:FF
            X509v3 Authority Key Identifier:
                keyid:42:A6:E6:40:19:80:13:DE:12:A2:51:F0:86:03:0C:D7:8C:73:25:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QqbmQBmAE94SolHwhgMM14xzJRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/LulM4q1b7Y4vZfSBPVeO74LNFP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ba2f3d-6bd2-4f32-81af-c287670cce51/1/QqbmQBmAE94SolHwhgMM14xzJRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.180.0/22
                IPv6:
                  2a03:b6c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:af:2c:57:c9:83:83:d6:02:fe:dd:0c:54:bb:c3:d2:5b:6c:
         a9:7b:54:a7:a9:80:8b:bc:e5:6c:54:1b:07:f4:61:66:05:ff:
         c9:35:9a:6f:3e:d2:b6:b5:fb:2c:69:b5:9b:f4:5c:c0:a2:fc:
         ff:ac:c2:12:b4:11:6d:70:bd:16:5e:94:01:c6:6a:c0:57:9e:
         3f:9c:0e:2c:1e:41:ee:9a:82:fd:d0:e3:23:18:4d:a1:41:30:
         02:61:12:ab:48:b9:74:33:31:9e:c5:20:97:4c:e3:40:f5:46:
         cf:34:d9:36:6b:8d:66:aa:5f:ac:f4:ff:a5:f3:8c:86:ba:51:
         2b:22:d4:df:f4:4c:4a:80:54:a3:87:c6:67:64:b8:b9:72:a3:
         64:4b:07:65:f5:ab:f3:a2:01:99:13:9f:ae:27:59:74:32:b4:
         66:62:30:62:2c:18:0b:86:25:7e:ac:f5:8c:fc:aa:6b:dc:79:
         18:86:57:25:6a:99:06:98:27:66:72:85:77:9f:ef:5e:c9:57:
         33:de:b9:1e:88:93:01:50:25:d1:55:49:a7:cb:9d:6d:c0:c2:
         be:4c:58:51:46:2a:bc:b2:b3:f5:74:e0:1f:bc:f9:87:ee:ca:
         23:56:f4:2f:e4:2e:2d:1c:e2:ac:2b:f8:46:8c:2f:18:ae:7e:
         83:9d:73:dc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbRNMwpnoTvEfwsX3H+w6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyYTZlNjQwMTk4MDEzZGUxMmEyNTFmMDg2MDMwY2Q3OGM3
MzI1MTYwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWU5NGNlMmFkNWJlZDhlMmY2NWY0ODEzZDU3OGVlZjgyY2QxNGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9rdPDhQHE8zUzhdp1sx0XhA27yb
T/qCC7t4rjphdi7qv5G4zLOfzyOnXg+SHXsI0k5qU81itqHr2UXKXnuuvsvh9GaH
jGQrD4QQGguoZYx3Aa/HYoKL64tlqg7hxzA6WVbTj7QY613OGRCawiJv6LDNZAhi
GiRDsTZJv18glbAm/htY5YYSXxxYVik8eHfoXzk0S5PR+UXHyOJf8eeaOKwa0LCe
UKIkTtp+VyTDVd12TKLTQ6umjc8z5+r6mELjUEJwOOwYBTLklDxr4buOsS873YRc
etebp21m7pu//EjPx2mqz/GGbLMd27AX4EYHsgmBdbPESbAQte61tlPvbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC7pTOKtW+2OL2X0gT1Xju+CzRT/MB8GA1UdIwQY
MBaAFEKm5kAZgBPeEqJR8IYDDNeMcyUWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXFibVFCbUFFOTRTb2xId2hnTU0xNHh6SlJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9iYTJmM2QtNmJkMi00ZjMyLTgxYWYt
YzI4NzY3MGNjZTUxLzEvTHVsTTRxMWI3WTR2WmZTQlBWZU83NExORlA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9iYTJmM2QtNmJkMi00ZjMyLTgxYWYtYzI4NzY3MGNjZTUx
LzEvUXFibVFCbUFFOTRTb2xId2hnTU0xNHh6SlJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ60MA0E
AgACMAcDBQAqA7bAMA0GCSqGSIb3DQEBCwUAA4IBAQBqryxXyYOD1gL+3QxUu8PS
W2ype1SnqYCLvOVsVBsH9GFmBf/JNZpvPtK2tfssabWb9FzAovz/rMIStBFtcL0W
XpQBxmrAV54/nA4sHkHumoL90OMjGE2hQTACYRKrSLl0MzGexSCXTONA9UbPNNk2
a41mql+s9P+l84yGulErItTf9ExKgFSjh8ZnZLi5cqNkSwdl9avzogGZE5+uJ1l0
MrRmYjBiLBgLhiV+rPWM/Kpr3HkYhlclapkGmCdmcoV3n+9eyVcz3rkeiJMBUCXR
VUmny51twMK+TFhRRiq8srP1dOAfvPmH7sojVvQv5C4tHOKsK/hGjC8Yrn6DnXPc
-----END CERTIFICATE-----