Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/LOBwupmtOjvwOD71NxZ7Ho0s2Qw.roa
File:                     LOBwupmtOjvwOD71NxZ7Ho0s2Qw.roa (raw, json)
Hash identifier:          DJGhaJo+0yNK8F3TYQ6FU/rc+9w29cSxCTAMEnX0zus=
Subject key identifier:   2C:E0:70:BA:99:AD:3A:3B:F0:38:3E:F5:37:16:7B:1E:8D:2C:D9:0C
Certificate issuer:       /CN=81bb78be41e48337997c8fe91d8e2f24f7b49eaf
Certificate serial:       018CC493958457AD2B58094ADBAD3A2D5568
Authority key identifier: 81:BB:78:BE:41:E4:83:37:99:7C:8F:E9:1D:8E:2F:24:F7:B4:9E:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gbt4vkHkgzeZfI_pHY4vJPe0nq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/LOBwupmtOjvwOD71NxZ7Ho0s2Qw.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44431
IP address blocks:        92.43.224.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/gbt4vkHkgzeZfI_pHY4vJPe0nq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/gbt4vkHkgzeZfI_pHY4vJPe0nq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gbt4vkHkgzeZfI_pHY4vJPe0nq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:95:84:57:ad:2b:58:09:4a:db:ad:3a:2d:55:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81bb78be41e48337997c8fe91d8e2f24f7b49eaf
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ce070ba99ad3a3bf0383ef537167b1e8d2cd90c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:64:a1:19:76:0f:1c:73:94:a4:c6:d9:6e:69:
                    34:c2:0f:bd:8a:e5:26:36:4c:a6:d3:20:3c:1c:e1:
                    04:f0:ef:f6:55:ce:72:5b:57:f0:52:aa:3f:e5:8e:
                    d5:55:3d:42:0c:e4:f5:e6:a1:9f:91:5b:00:79:db:
                    a1:29:83:59:8f:f9:73:a8:32:59:db:53:88:1e:2c:
                    4e:3d:bf:38:8b:86:17:10:8f:87:52:19:8d:0f:d3:
                    87:d3:0b:d1:18:f3:94:74:c0:84:6d:07:35:09:7d:
                    8d:6d:38:74:f8:2e:a0:42:04:e2:d8:e0:c6:e5:e9:
                    59:ab:d5:55:2f:1b:a2:d4:1a:e0:33:48:b9:49:cb:
                    d3:da:1b:03:32:b7:75:5d:7e:72:95:fd:b5:a4:61:
                    6e:5d:6e:a5:0a:ea:4a:ef:10:e0:6e:15:db:d7:36:
                    f0:43:a5:54:2f:93:69:34:16:1a:13:a6:8f:97:4e:
                    bd:5d:dd:45:ab:6c:ce:c1:49:fc:3d:1d:c1:03:b4:
                    29:30:d2:09:c6:b9:33:95:f2:da:60:ee:3b:5e:75:
                    6c:ec:fa:0e:ca:f5:2f:3d:a7:81:89:99:58:1f:ed:
                    55:38:af:65:3d:b6:05:06:cd:57:8f:ca:fb:00:dd:
                    71:ec:bd:d0:50:5a:0d:5c:0f:91:f7:7e:c7:10:4e:
                    be:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:E0:70:BA:99:AD:3A:3B:F0:38:3E:F5:37:16:7B:1E:8D:2C:D9:0C
            X509v3 Authority Key Identifier:
                keyid:81:BB:78:BE:41:E4:83:37:99:7C:8F:E9:1D:8E:2F:24:F7:B4:9E:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gbt4vkHkgzeZfI_pHY4vJPe0nq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/LOBwupmtOjvwOD71NxZ7Ho0s2Qw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/gbt4vkHkgzeZfI_pHY4vJPe0nq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.43.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2b:2c:e6:66:2a:85:12:c3:8d:f1:1c:8a:77:59:ee:28:9c:ad:
         5a:f0:31:1a:77:a3:70:f7:0a:e6:f9:fc:0c:5f:c3:2a:98:c9:
         87:3a:65:03:da:b7:55:69:0e:a6:b7:99:c1:17:9b:d0:2e:7a:
         71:35:7d:b2:ad:a7:7b:b1:cd:35:81:95:93:8b:d7:34:bc:30:
         df:99:2c:04:40:76:01:57:a2:4d:e8:52:67:eb:65:6d:96:1d:
         5e:cc:f0:10:16:ce:f1:22:dc:5a:3a:e9:7b:2e:34:b3:c2:08:
         d8:c5:95:9a:a7:32:52:8b:95:ae:76:02:53:f7:b0:1f:60:d5:
         a3:eb:41:4a:fa:c4:1e:49:65:b7:de:4f:f7:a5:74:5f:93:fa:
         e5:b0:ac:f2:13:75:58:64:cd:a1:db:fd:f6:09:de:5d:40:93:
         1b:19:35:79:9b:17:1f:ef:38:74:35:34:e9:3e:2b:c6:d0:49:
         f5:72:24:00:51:e7:23:bc:ba:6f:38:af:b4:11:97:bc:d5:02:
         2d:af:5f:e9:d8:e5:eb:b8:57:35:06:b7:f1:4e:69:f7:a9:90:
         ec:e0:d2:5a:48:7c:70:92:e6:f2:de:60:c0:5d:3e:01:cb:fa:
         1a:24:35:b3:9a:5b:f2:52:67:30:35:91:46:6c:0e:cb:75:81:
         8e:c1:73:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5WEV60rWAlK2606LVVoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYmI3OGJlNDFlNDgzMzc5OTdjOGZlOTFkOGUyZjI0Zjdi
NDllYWYwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2UwNzBiYTk5YWQzYTNiZjAzODNlZjUzNzE2N2IxZThkMmNkOTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2ShGXYPHHOUpMbZbmk0wg+9iuUm
Nkym0yA8HOEE8O/2Vc5yW1fwUqo/5Y7VVT1CDOT15qGfkVsAeduhKYNZj/lzqDJZ
21OIHixOPb84i4YXEI+HUhmND9OH0wvRGPOUdMCEbQc1CX2NbTh0+C6gQgTi2ODG
5elZq9VVLxui1BrgM0i5ScvT2hsDMrd1XX5ylf21pGFuXW6lCupK7xDgbhXb1zbw
Q6VUL5NpNBYaE6aPl069Xd1Fq2zOwUn8PR3BA7QpMNIJxrkzlfLaYO47XnVs7PoO
yvUvPaeBiZlYH+1VOK9lPbYFBs1Xj8r7AN1x7L3QUFoNXA+R937HEE6+vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzgcLqZrTo78Dg+9TcWex6NLNkMMB8GA1UdIwQY
MBaAFIG7eL5B5IM3mXyP6R2OLyT3tJ6vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2J0NHZrSGtnemVaZklfcEhZNHZKUGUwbnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC85ZGI0ZDMtZjc4ZC00NDMwLTg3YzAt
NmNiZDU4MWQzMTdjLzEvTE9Cd3VwbXRPanZ3T0Q3MU54WjdIbzBzMlF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC85ZGI0ZDMtZjc4ZC00NDMwLTg3YzAtNmNiZDU4MWQzMTdj
LzEvZ2J0NHZrSGtnemVaZklfcEhZNHZKUGUwbnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXCvgMA0G
CSqGSIb3DQEBCwUAA4IBAQArLOZmKoUSw43xHIp3We4onK1a8DEad6Nw9wrm+fwM
X8MqmMmHOmUD2rdVaQ6mt5nBF5vQLnpxNX2yrad7sc01gZWTi9c0vDDfmSwEQHYB
V6JN6FJn62Vtlh1ezPAQFs7xItxaOul7LjSzwgjYxZWapzJSi5WudgJT97AfYNWj
60FK+sQeSWW33k/3pXRfk/rlsKzyE3VYZM2h2/32Cd5dQJMbGTV5mxcf7zh0NTTp
PivG0En1ciQAUecjvLpvOK+0EZe81QItr1/p2OXruFc1BrfxTmn3qZDs4NJaSHxw
kuby3mDAXT4By/oaJDWzmlvyUmcwNZFGbA7LdYGOwXPP
-----END CERTIFICATE-----