Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/LgX62EaqoZpkW7MhPzT3zCSQ6is.roa
File:                     LgX62EaqoZpkW7MhPzT3zCSQ6is.roa (raw, json)
Hash identifier:          Mg71Qztu8f0t12o6GjxwlKTWnpQOVl7ed4NSXsNMQrw=
Subject key identifier:   2E:05:FA:D8:46:AA:A1:9A:64:5B:B3:21:3F:34:F7:CC:24:90:EA:2B
Certificate issuer:       /CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
Certificate serial:       018CC94AB828536EE8C49F9A936E5F34EA9D
Authority key identifier: 5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/LgX62EaqoZpkW7MhPzT3zCSQ6is.roa
Signing time:             Tue 02 Jan 2024 08:29:26 +0000
ROA not before:           Tue 02 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34093
IP address blocks:        217.197.144.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b8:28:53:6e:e8:c4:9f:9a:93:6e:5f:34:ea:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
        Validity
            Not Before: Jan  2 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e05fad846aaa19a645bb3213f34f7cc2490ea2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:26:f6:09:95:d6:22:30:c1:77:ce:55:4b:28:
                    d2:9d:d4:07:d9:10:f4:2f:bd:13:9f:8e:f8:d8:2d:
                    3d:e9:6b:d5:e2:0c:31:42:36:21:a2:f7:2e:ef:8a:
                    bd:17:7f:5a:e0:28:06:a1:b7:d2:2b:08:50:04:3b:
                    fa:7e:cb:24:0c:9d:06:43:85:be:e1:b6:3b:56:ee:
                    1d:75:43:32:50:96:51:2f:29:e0:ff:96:a0:70:1d:
                    8b:5d:cd:67:6d:98:10:16:d1:f7:ba:4b:73:b3:df:
                    3e:53:0f:50:4f:ff:25:7a:4c:42:be:ab:fd:1c:94:
                    62:70:ef:18:4c:9d:3c:cf:37:06:85:e2:a7:c9:17:
                    91:c2:cf:0c:06:f8:46:09:fb:58:3c:53:c6:04:49:
                    70:6d:65:b2:c9:d0:8b:d4:79:01:3c:6e:3a:01:30:
                    54:a8:75:08:46:84:29:36:d3:59:82:aa:ff:28:27:
                    1a:d6:8f:90:6f:d2:5c:60:28:9b:fc:c3:41:b9:fb:
                    c1:cd:2d:0c:11:17:95:81:7e:1e:f3:5e:c5:8e:89:
                    27:e1:1e:64:09:a1:e7:fd:91:3e:77:4d:94:fc:8a:
                    79:0b:05:bf:00:6e:3c:90:73:97:c8:c6:79:f4:78:
                    8b:5d:26:66:bc:3b:3a:df:22:78:98:19:1e:ef:3b:
                    2c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:05:FA:D8:46:AA:A1:9A:64:5B:B3:21:3F:34:F7:CC:24:90:EA:2B
            X509v3 Authority Key Identifier:
                keyid:5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/LgX62EaqoZpkW7MhPzT3zCSQ6is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.197.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         59:25:88:49:66:4d:12:0b:2f:b5:f6:43:14:b3:44:fd:67:09:
         f8:df:f8:d8:57:a6:0f:7d:0e:4e:16:f3:f7:6e:20:ef:69:01:
         ee:6f:a1:1a:f5:d2:c6:c1:3a:a4:19:21:7a:93:fb:de:aa:7c:
         d9:9c:2d:3a:c5:df:f8:0e:9f:66:5e:79:18:ea:f8:4e:30:a8:
         f7:b6:6c:49:b4:c4:e7:7e:9d:74:a1:36:06:7e:84:33:2a:dd:
         e1:6c:b7:97:e9:66:7a:1e:08:8b:eb:10:93:55:0c:1a:81:10:
         ef:3a:0c:01:62:ca:6e:69:ab:62:29:38:53:b8:8a:cd:78:92:
         11:27:33:35:4b:1d:82:87:00:46:d1:1a:72:28:7c:82:29:aa:
         e3:32:38:40:99:c5:f5:a3:5f:cb:25:c0:f4:4a:84:16:ec:38:
         fa:d0:75:93:09:a1:cd:be:fa:24:4b:7f:8e:ac:18:ab:aa:2e:
         5d:b8:a5:72:34:43:5e:d6:2d:b0:e0:97:32:bc:fb:82:a9:e7:
         63:94:46:6f:82:50:45:22:ae:28:fb:14:78:6a:1d:d1:cb:d5:
         d1:52:28:b8:fa:49:72:94:d4:db:5b:6a:98:a6:fb:6c:82:2a:
         93:04:20:83:cf:bf:5d:ea:4f:48:8d:64:0d:1e:7a:66:33:99:
         12:84:29:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSrgoU27oxJ+ak25fNOqdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMzlkMTViZDJmY2M4NDc3MWJhNmFhMjlhYTU0NDI4YjIx
Y2VmNjAwHhcNMjQwMTAyMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTA1ZmFkODQ2YWFhMTlhNjQ1YmIzMjEzZjM0ZjdjYzI0OTBlYTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSb2CZXWIjDBd85VSyjSndQH2RD0
L70Tn4742C096WvV4gwxQjYhovcu74q9F39a4CgGobfSKwhQBDv6fsskDJ0GQ4W+
4bY7Vu4ddUMyUJZRLyng/5agcB2LXc1nbZgQFtH3uktzs98+Uw9QT/8lekxCvqv9
HJRicO8YTJ08zzcGheKnyReRws8MBvhGCftYPFPGBElwbWWyydCL1HkBPG46ATBU
qHUIRoQpNtNZgqr/KCca1o+Qb9JcYCib/MNBufvBzS0MEReVgX4e817Fjokn4R5k
CaHn/ZE+d02U/Ip5CwW/AG48kHOXyMZ59HiLXSZmvDs63yJ4mBke7zssoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4F+thGqqGaZFuzIT8098wkkOorMB8GA1UdIwQY
MBaAFF050VvS/MhHcbpqopqlRCiyHO9gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAt
YzI5YjQ0ZGU1M2E4LzEvTGdYNjJFYXFvWnBrVzdNaFB6VDN6Q1NRNmlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAtYzI5YjQ0ZGU1M2E4
LzEvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2cWQMA0G
CSqGSIb3DQEBCwUAA4IBAQBZJYhJZk0SCy+19kMUs0T9Zwn43/jYV6YPfQ5OFvP3
biDvaQHub6Ea9dLGwTqkGSF6k/veqnzZnC06xd/4Dp9mXnkY6vhOMKj3tmxJtMTn
fp10oTYGfoQzKt3hbLeX6WZ6HgiL6xCTVQwagRDvOgwBYspuaatiKThTuIrNeJIR
JzM1Sx2ChwBG0RpyKHyCKarjMjhAmcX1o1/LJcD0SoQW7Dj60HWTCaHNvvokS3+O
rBirqi5duKVyNENe1i2w4JcyvPuCqedjlEZvglBFIq4o+xR4ah3Ry9XRUii4+kly
lNTbW2qYpvtsgiqTBCCDz79d6k9IjWQNHnpmM5kShCn4
-----END CERTIFICATE-----