Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/LMkWxY1kXGTRpqbaUhhhsW1FZVQ.roa
File:                     LMkWxY1kXGTRpqbaUhhhsW1FZVQ.roa (raw, json)
Hash identifier:          ho7jF/TGAZuYpIXSijUNLK0a7EA+SVzjPKtww9pJM+8=
Subject key identifier:   2C:C9:16:C5:8D:64:5C:64:D1:A6:A6:DA:52:18:61:B1:6D:45:65:54
Certificate issuer:       /CN=bda61043542485096b0df4351cc0da977f3770dd
Certificate serial:       019147D8D99AE7CDB0410D7891ADA8C24575
Authority key identifier: BD:A6:10:43:54:24:85:09:6B:0D:F4:35:1C:C0:DA:97:7F:37:70:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vaYQQ1QkhQlrDfQ1HMDal383cN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/LMkWxY1kXGTRpqbaUhhhsW1FZVQ.roa
Signing time:             Mon 12 Aug 2024 18:27:59 +0000
ROA not before:           Mon 12 Aug 2024 18:27:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2852
IP address blocks:        147.32.0.0/16 maxlen: 24
                          193.84.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/vaYQQ1QkhQlrDfQ1HMDal383cN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/vaYQQ1QkhQlrDfQ1HMDal383cN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vaYQQ1QkhQlrDfQ1HMDal383cN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 18:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:47:d8:d9:9a:e7:cd:b0:41:0d:78:91:ad:a8:c2:45:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bda61043542485096b0df4351cc0da977f3770dd
        Validity
            Not Before: Aug 12 18:27:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cc916c58d645c64d1a6a6da521861b16d456554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:21:bb:95:d1:b6:6d:cc:ad:29:53:f1:7e:76:
                    27:a6:6d:00:29:c1:6e:34:61:1a:54:71:bc:b5:52:
                    74:d3:34:b3:d4:ed:0d:7a:11:88:74:6b:16:69:73:
                    fc:29:ba:f7:b4:9a:80:cf:80:12:db:dc:82:05:c1:
                    24:14:a2:a8:4b:04:5f:b8:42:4d:93:12:50:ac:8c:
                    09:93:11:70:79:55:f4:71:b3:bf:21:95:f6:4a:3e:
                    0a:02:b4:f2:61:c5:e2:46:93:70:42:a4:53:49:5f:
                    c0:02:4e:88:89:e0:f7:e9:22:11:19:26:e5:a5:c2:
                    92:ca:c5:7e:6c:bf:b6:6b:19:3c:88:c2:15:9c:1c:
                    cb:07:db:5c:1c:49:cd:96:04:28:bf:f6:72:c4:4c:
                    71:fe:31:55:86:61:49:76:cd:d5:66:bd:d6:56:34:
                    1c:d5:49:37:8a:b7:d3:2a:bd:3c:5e:b2:02:ad:05:
                    a6:5f:ef:57:7a:4c:24:e2:25:cc:04:b8:a6:05:73:
                    af:c7:06:aa:28:81:99:cd:85:80:fd:26:91:56:e0:
                    b2:dd:86:86:9b:9b:05:2b:b7:3c:df:28:d6:cc:c3:
                    7d:73:42:9e:23:bd:3f:82:9a:78:e9:90:35:10:59:
                    a5:aa:40:62:7c:7f:d6:30:fb:27:ba:1d:8c:82:22:
                    57:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:C9:16:C5:8D:64:5C:64:D1:A6:A6:DA:52:18:61:B1:6D:45:65:54
            X509v3 Authority Key Identifier:
                keyid:BD:A6:10:43:54:24:85:09:6B:0D:F4:35:1C:C0:DA:97:7F:37:70:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vaYQQ1QkhQlrDfQ1HMDal383cN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/LMkWxY1kXGTRpqbaUhhhsW1FZVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/vaYQQ1QkhQlrDfQ1HMDal383cN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.32.0.0/16
                  193.84.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:a4:cd:14:9f:ac:34:a7:a5:f0:b6:bb:28:02:b9:c4:f4:2d:
         f9:49:38:e8:47:7f:69:4d:e4:62:c0:e0:dc:66:15:d0:db:25:
         e7:e4:9c:04:53:85:66:43:cf:e2:24:57:78:51:d3:32:f5:04:
         12:b4:61:f6:bb:3f:a8:e7:4d:57:7e:23:9b:d1:e6:aa:da:6e:
         3b:d6:95:0e:e7:e2:68:4d:98:5f:5a:09:fa:62:bf:ef:bd:c5:
         88:f1:50:11:7e:46:74:41:ad:11:e1:de:b9:70:51:14:c3:94:
         7c:f0:69:7f:02:10:0d:3f:9c:fb:2b:25:33:30:c0:ce:2f:95:
         a4:53:5d:e1:36:f1:dd:44:4e:5c:ea:ff:3b:42:9c:a2:bf:32:
         43:86:d7:d9:a3:01:03:96:41:9c:70:12:33:c2:05:38:93:3d:
         b3:70:e7:f5:73:33:42:b7:ae:e7:bc:6a:b2:1e:2f:eb:17:0b:
         a6:d9:a0:1b:72:32:04:6e:aa:74:68:8d:0e:6c:f5:aa:1b:57:
         84:19:02:4b:df:f8:0d:61:c1:21:d4:7c:14:ad:0e:25:32:dc:
         b8:69:e0:b7:1c:b1:10:ac:11:1f:cb:f9:9c:52:c2:d7:49:ce:
         ca:06:ca:b1:d9:5c:ed:be:bf:18:ee:e1:03:60:08:a0:87:b7:
         49:35:b1:44
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZFH2Nma582wQQ14ka2owkV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYTYxMDQzNTQyNDg1MDk2YjBkZjQzNTFjYzBkYTk3N2Yz
NzcwZGQwHhcNMjQwODEyMTgyNzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2M5MTZjNThkNjQ1YzY0ZDFhNmE2ZGE1MjE4NjFiMTZkNDU2NTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCG7ldG2bcytKVPxfnYnpm0AKcFu
NGEaVHG8tVJ00zSz1O0NehGIdGsWaXP8Kbr3tJqAz4AS29yCBcEkFKKoSwRfuEJN
kxJQrIwJkxFweVX0cbO/IZX2Sj4KArTyYcXiRpNwQqRTSV/AAk6IieD36SIRGSbl
pcKSysV+bL+2axk8iMIVnBzLB9tcHEnNlgQov/ZyxExx/jFVhmFJds3VZr3WVjQc
1Uk3irfTKr08XrICrQWmX+9Xekwk4iXMBLimBXOvxwaqKIGZzYWA/SaRVuCy3YaG
m5sFK7c83yjWzMN9c0KeI70/gpp46ZA1EFmlqkBifH/WMPsnuh2MgiJX/wIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFCzJFsWNZFxk0aam2lIYYbFtRWVUMB8GA1UdIwQY
MBaAFL2mEENUJIUJaw30NRzA2pd/N3DdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmFZUVExUWtoUWxyRGZRMUhNRGFsMzgzY04wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8xOTY2ODktMmRiNy00ZTgwLWI5MmMt
M2EyYWQ4OGRlYWRlLzEvTE1rV3hZMWtYR1RScHFiYVVoaGhzVzFGWlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8xOTY2ODktMmRiNy00ZTgwLWI5MmMtM2EyYWQ4OGRlYWRl
LzEvdmFZUVExUWtoUWxyRGZRMUhNRGFsMzgzY04wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAkyADBALB
VGgwDQYJKoZIhvcNAQELBQADggEBAH+kzRSfrDSnpfC2uygCucT0LflJOOhHf2lN
5GLA4NxmFdDbJefknARThWZDz+IkV3hR0zL1BBK0Yfa7P6jnTVd+I5vR5qrabjvW
lQ7n4mhNmF9aCfpiv++9xYjxUBF+RnRBrRHh3rlwURTDlHzwaX8CEA0/nPsrJTMw
wM4vlaRTXeE28d1ETlzq/ztCnKK/MkOG19mjAQOWQZxwEjPCBTiTPbNw5/VzM0K3
rue8arIeL+sXC6bZoBtyMgRuqnRojQ5s9aobV4QZAkvf+A1hwSHUfBStDiUy3Lhp
4LccsRCsER/L+ZxSwtdJzsoGyrHZXO2+vxju4QNgCKCHt0k1sUQ=
-----END CERTIFICATE-----