Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/4eap_LKCNZxMb2acbZXyjGiKcbM.roa
File:                     4eap_LKCNZxMb2acbZXyjGiKcbM.roa (raw, json)
Hash identifier:          3+Ujkw0jrot+uRjTtjlaejK5RSYqus1lReIazrC8b7U=
Subject key identifier:   E1:E6:A9:FC:B2:82:35:9C:4C:6F:66:9C:6D:95:F2:8C:68:8A:71:B3
Certificate issuer:       /CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
Certificate serial:       018EE1BA9BD5AC2D7977D0B21AFCC164955B
Authority key identifier: D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/4eap_LKCNZxMb2acbZXyjGiKcbM.roa
Signing time:             Mon 15 Apr 2024 12:28:06 +0000
ROA not before:           Mon 15 Apr 2024 12:28:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215110
IP address blocks:        178.237.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:ba:9b:d5:ac:2d:79:77:d0:b2:1a:fc:c1:64:95:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
        Validity
            Not Before: Apr 15 12:28:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1e6a9fcb282359c4c6f669c6d95f28c688a71b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ac:38:3e:d2:46:b9:66:5f:1a:57:bd:45:92:
                    1b:84:20:b6:26:80:97:98:2a:59:0f:8d:36:51:0b:
                    af:24:e7:22:39:23:fb:4d:cf:7c:ad:55:19:83:22:
                    94:b6:5b:23:d4:32:bd:38:46:87:e7:78:c7:13:ba:
                    78:8c:6b:f2:19:18:78:a4:44:62:ca:e2:1b:b2:f3:
                    60:15:3a:b1:e0:f5:c2:10:6c:22:d8:95:4b:ba:b3:
                    ab:92:77:a4:d8:18:c5:cd:49:f5:79:b1:c1:ee:38:
                    5d:ee:a4:dc:c7:21:e2:bd:5f:c4:77:f9:b5:96:50:
                    09:7c:8d:ef:4c:e1:5f:92:a8:8b:b5:06:5c:82:91:
                    a4:3f:72:6b:42:8a:66:c8:99:f0:48:25:67:70:28:
                    e6:98:a5:20:b9:a1:89:9f:39:fc:6a:ec:37:08:98:
                    4f:1a:73:3a:9c:64:8e:40:b8:af:36:4f:e4:fb:f6:
                    02:73:10:ac:a9:76:73:0d:c3:c2:c8:ab:3b:0d:2f:
                    d1:85:a7:b4:7c:60:11:24:35:43:ad:2f:09:9c:68:
                    ee:57:8c:78:0f:75:b6:6b:32:78:ff:06:a6:9c:e2:
                    82:c9:5e:fc:11:f6:28:25:d1:40:59:1b:e6:af:02:
                    29:4a:31:19:9f:93:72:61:90:9b:ee:04:2a:f5:b1:
                    16:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:E6:A9:FC:B2:82:35:9C:4C:6F:66:9C:6D:95:F2:8C:68:8A:71:B3
            X509v3 Authority Key Identifier:
                keyid:D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/4eap_LKCNZxMb2acbZXyjGiKcbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.237.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:e8:84:75:ee:3e:e2:5f:59:f7:f4:c2:fa:b7:cc:b9:76:68:
         6f:a3:00:f2:63:7b:d4:85:ba:14:82:8c:2e:6a:93:c7:1b:84:
         c7:b3:2f:5d:ba:47:cf:8c:96:33:9d:12:00:a2:25:c4:a0:21:
         e1:04:1b:96:21:85:8e:6b:64:03:23:44:e4:64:c2:a6:07:99:
         b3:d6:eb:f9:48:8c:26:12:95:be:3e:28:30:47:42:08:2f:c8:
         72:6b:f1:64:21:a2:83:a0:a4:01:56:d8:06:f0:d2:83:7d:18:
         ef:77:64:eb:83:19:45:d6:ff:20:55:a9:90:d2:98:96:c5:de:
         d5:13:92:6b:46:e5:bf:b0:ff:46:d1:65:a2:63:59:0b:ce:47:
         27:8a:2c:ab:e0:bd:b8:d4:e2:ad:dd:d1:59:47:73:11:20:c9:
         23:d6:9b:c2:d0:93:07:5e:41:e4:5b:4c:02:51:51:26:32:84:
         ec:4e:f3:8d:ce:38:3f:ea:86:87:00:8e:95:1f:90:ab:d8:85:
         74:02:8f:b7:05:d7:a3:22:ed:63:a3:ae:ec:cc:b5:e4:cd:5f:
         f5:85:63:5d:e2:3a:f3:92:dc:dd:e4:4c:b8:70:04:cb:1d:db:
         4a:85:a7:45:bb:04:2d:d6:52:6e:55:f1:be:49:ac:e9:92:39:
         e3:0c:e1:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7hupvVrC15d9CyGvzBZJVbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OTkyMmNhOGQxMzlhNGQwM2Q2ZDU3Y2JjODE3N2RjMDVm
ZWI5ZWMwHhcNMjQwNDE1MTIyODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWU2YTlmY2IyODIzNTljNGM2ZjY2OWM2ZDk1ZjI4YzY4OGE3MWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqw4PtJGuWZfGle9RZIbhCC2JoCX
mCpZD402UQuvJOciOSP7Tc98rVUZgyKUtlsj1DK9OEaH53jHE7p4jGvyGRh4pERi
yuIbsvNgFTqx4PXCEGwi2JVLurOrknek2BjFzUn1ebHB7jhd7qTcxyHivV/Ed/m1
llAJfI3vTOFfkqiLtQZcgpGkP3JrQopmyJnwSCVncCjmmKUguaGJnzn8auw3CJhP
GnM6nGSOQLivNk/k+/YCcxCsqXZzDcPCyKs7DS/Rhae0fGARJDVDrS8JnGjuV4x4
D3W2azJ4/wamnOKCyV78EfYoJdFAWRvmrwIpSjEZn5NyYZCb7gQq9bEWHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHmqfyygjWcTG9mnG2V8oxoinGzMB8GA1UdIwQY
MBaAFNSZIsqNE5pNA9bVfLyBd9wF/rnsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUt
ZThiNjBhMmRkNmI0LzEvNGVhcF9MS0NOWnhNYjJhY2JaWHlqR2lLY2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUtZThiNjBhMmRkNmI0
LzEvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu3IMA0G
CSqGSIb3DQEBCwUAA4IBAQAA6IR17j7iX1n39ML6t8y5dmhvowDyY3vUhboUgowu
apPHG4THsy9dukfPjJYznRIAoiXEoCHhBBuWIYWOa2QDI0TkZMKmB5mz1uv5SIwm
EpW+PigwR0IIL8hya/FkIaKDoKQBVtgG8NKDfRjvd2TrgxlF1v8gVamQ0piWxd7V
E5JrRuW/sP9G0WWiY1kLzkcniiyr4L241OKt3dFZR3MRIMkj1pvC0JMHXkHkW0wC
UVEmMoTsTvONzjg/6oaHAI6VH5Cr2IV0Ao+3BdejIu1jo67szLXkzV/1hWNd4jrz
ktzd5Ey4cATLHdtKhadFuwQt1lJuVfG+SazpkjnjDOFH
-----END CERTIFICATE-----