Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/LmNg_R3M4mmIGYXkT5RDUiU_Nrs.roa
File:                     LmNg_R3M4mmIGYXkT5RDUiU_Nrs.roa (raw, json)
Hash identifier:          bnn12WzO45KLsrn3dOQ9ObBau1Yh4oVjig0BAZB7XEc=
Subject key identifier:   2E:63:60:FD:1D:CC:E2:69:88:19:85:E4:4F:94:43:52:25:3F:36:BB
Certificate issuer:       /CN=b78cddbfc76bda26a029ea80c8987798745f1f02
Certificate serial:       018CC8DED585F9DE231FEC8A873F3CFF64A2
Authority key identifier: B7:8C:DD:BF:C7:6B:DA:26:A0:29:EA:80:C8:98:77:98:74:5F:1F:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t4zdv8dr2iagKeqAyJh3mHRfHwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/LmNg_R3M4mmIGYXkT5RDUiU_Nrs.roa
Signing time:             Tue 02 Jan 2024 06:31:35 +0000
ROA not before:           Tue 02 Jan 2024 06:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.215.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/t4zdv8dr2iagKeqAyJh3mHRfHwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/t4zdv8dr2iagKeqAyJh3mHRfHwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t4zdv8dr2iagKeqAyJh3mHRfHwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d5:85:f9:de:23:1f:ec:8a:87:3f:3c:ff:64:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b78cddbfc76bda26a029ea80c8987798745f1f02
        Validity
            Not Before: Jan  2 06:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e6360fd1dcce269881985e44f944352253f36bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a2:13:7f:7f:57:6f:c1:91:6a:f0:4f:e4:9a:
                    bf:05:a1:d7:7a:ea:6f:9d:bf:20:14:33:6f:42:f0:
                    1e:b7:27:1f:ad:61:14:0d:c3:6e:21:be:43:23:9f:
                    74:7b:63:4a:c8:b9:48:81:bf:f9:c8:74:d2:ca:72:
                    1e:a1:43:4e:a7:1e:b5:f9:15:2e:4d:18:08:6d:44:
                    e6:02:43:58:10:ac:de:df:f4:7a:c0:92:0f:dd:7e:
                    ff:46:7a:91:1e:63:6c:29:c8:5b:02:da:cf:4c:01:
                    87:4c:2c:69:ef:d0:a9:75:53:fc:d4:23:dc:df:2c:
                    7d:31:0f:9a:57:b3:3d:5f:20:9c:68:ac:11:0b:a6:
                    47:6c:45:14:e7:c6:c9:10:58:7e:bd:65:5b:32:7e:
                    3f:d5:f5:03:18:55:de:fb:40:7b:34:cb:19:7a:a1:
                    74:b8:66:ec:9d:ce:35:87:23:19:84:d2:47:a6:cf:
                    1f:9b:6f:17:e3:38:b1:50:38:8d:55:62:c0:1c:cd:
                    ee:8c:76:6a:25:14:4b:81:bf:c7:fb:44:e8:41:03:
                    1b:8b:3d:b3:dc:96:c2:db:5a:7d:0c:4f:2c:a5:b9:
                    37:89:e6:57:ef:b0:46:8f:06:ab:d2:39:1d:08:b3:
                    2a:bd:9c:89:ba:5f:e6:db:78:66:0c:a9:a0:83:29:
                    47:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:63:60:FD:1D:CC:E2:69:88:19:85:E4:4F:94:43:52:25:3F:36:BB
            X509v3 Authority Key Identifier:
                keyid:B7:8C:DD:BF:C7:6B:DA:26:A0:29:EA:80:C8:98:77:98:74:5F:1F:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t4zdv8dr2iagKeqAyJh3mHRfHwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/LmNg_R3M4mmIGYXkT5RDUiU_Nrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/30b8e9-e7d4-40cc-ad5f-3c741220ea00/1/t4zdv8dr2iagKeqAyJh3mHRfHwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:66:69:ff:33:d7:73:bc:5f:66:28:55:8e:74:08:74:b6:a1:
         82:6a:ab:35:c6:9d:96:97:9f:65:c8:c9:9d:39:6f:b2:74:bb:
         73:ef:61:13:42:82:ef:8f:54:95:5e:dc:d4:33:47:e5:21:c6:
         d5:b3:dc:16:9d:d6:3e:c0:01:34:f8:05:d9:cd:64:36:35:fb:
         34:cc:51:8c:45:37:83:b3:40:7a:bb:85:d5:9c:30:e3:37:29:
         f4:4d:c9:5c:c0:cd:5c:af:b6:28:81:4a:e1:00:f0:c4:0a:5c:
         ab:ed:fa:d4:1b:02:5b:e7:e0:61:fb:b0:f7:f0:fb:fd:e3:62:
         04:8f:32:13:fa:cb:0b:3e:9f:a9:f9:94:1e:e4:2b:30:33:08:
         85:f5:66:5d:78:2c:38:61:30:a8:46:c1:de:9a:9f:c9:b6:60:
         f3:0c:b1:a5:8a:c0:6e:95:96:f0:c1:b2:93:a0:ba:b9:a2:b1:
         9c:e4:df:da:23:b4:b6:0a:90:e2:40:8a:c5:f3:d1:de:ff:a8:
         ce:39:ef:5a:43:81:ef:79:b9:eb:79:d1:3c:df:e2:b7:cb:7c:
         3b:c0:7e:df:7f:66:7e:d4:a1:55:de:8b:73:77:c1:ff:fc:fe:
         d8:29:7e:d8:76:40:74:c8:1a:d0:74:8b:c1:50:33:1b:f4:64:
         47:7c:bf:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tWF+d4jH+yKhz88/2SiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OGNkZGJmYzc2YmRhMjZhMDI5ZWE4MGM4OTg3Nzk4NzQ1
ZjFmMDIwHhcNMjQwMTAyMDYzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTYzNjBmZDFkY2NlMjY5ODgxOTg1ZTQ0Zjk0NDM1MjI1M2YzNmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqITf39Xb8GRavBP5Jq/BaHXeupv
nb8gFDNvQvAetycfrWEUDcNuIb5DI590e2NKyLlIgb/5yHTSynIeoUNOpx61+RUu
TRgIbUTmAkNYEKze3/R6wJIP3X7/RnqRHmNsKchbAtrPTAGHTCxp79CpdVP81CPc
3yx9MQ+aV7M9XyCcaKwRC6ZHbEUU58bJEFh+vWVbMn4/1fUDGFXe+0B7NMsZeqF0
uGbsnc41hyMZhNJHps8fm28X4zixUDiNVWLAHM3ujHZqJRRLgb/H+0ToQQMbiz2z
3JbC21p9DE8spbk3ieZX77BGjwar0jkdCLMqvZyJul/m23hmDKmggylHPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5jYP0dzOJpiBmF5E+UQ1IlPza7MB8GA1UdIwQY
MBaAFLeM3b/Ha9omoCnqgMiYd5h0Xx8CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDR6ZHY4ZHIyaWFnS2VxQXlKaDNtSFJmSHdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8zMGI4ZTktZTdkNC00MGNjLWFkNWYt
M2M3NDEyMjBlYTAwLzEvTG1OZ19SM000bW1JR1lYa1Q1UkRVaVVfTnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8zMGI4ZTktZTdkNC00MGNjLWFkNWYtM2M3NDEyMjBlYTAw
LzEvdDR6ZHY4ZHIyaWFnS2VxQXlKaDNtSFJmSHdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuddzMA0G
CSqGSIb3DQEBCwUAA4IBAQCpZmn/M9dzvF9mKFWOdAh0tqGCaqs1xp2Wl59lyMmd
OW+ydLtz72ETQoLvj1SVXtzUM0flIcbVs9wWndY+wAE0+AXZzWQ2Nfs0zFGMRTeD
s0B6u4XVnDDjNyn0TclcwM1cr7YogUrhAPDEClyr7frUGwJb5+Bh+7D38Pv942IE
jzIT+ssLPp+p+ZQe5CswMwiF9WZdeCw4YTCoRsHemp/JtmDzDLGlisBulZbwwbKT
oLq5orGc5N/aI7S2CpDiQIrF89He/6jOOe9aQ4HvebnredE83+K3y3w7wH7ff2Z+
1KFV3otzd8H//P7YKX7YdkB0yBrQdIvBUDMb9GRHfL9D
-----END CERTIFICATE-----