Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/LYMjl60NxyQpdpXtRQLQWJ7qzwI.roa
File:                     LYMjl60NxyQpdpXtRQLQWJ7qzwI.roa (raw, json)
Hash identifier:          7efYexN6SmKKrmEioKX+pvDQl9DN+HW2TyxMoNR5I50=
Subject key identifier:   2D:83:23:97:AD:0D:C7:24:29:76:95:ED:45:02:D0:58:9E:EA:CF:02
Certificate issuer:       /CN=5d8a9fd7c51926e22ea8aa33b3b8838e93e8bedd
Certificate serial:       018CCA2A2B13B3A31F4E427E389A8C3E5C4B
Authority key identifier: 5D:8A:9F:D7:C5:19:26:E2:2E:A8:AA:33:B3:B8:83:8E:93:E8:BE:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYqf18UZJuIuqKozs7iDjpPovt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/LYMjl60NxyQpdpXtRQLQWJ7qzwI.roa
Signing time:             Tue 02 Jan 2024 12:33:30 +0000
ROA not before:           Tue 02 Jan 2024 12:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203780
IP address blocks:        213.140.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/XYqf18UZJuIuqKozs7iDjpPovt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/XYqf18UZJuIuqKozs7iDjpPovt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYqf18UZJuIuqKozs7iDjpPovt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2b:13:b3:a3:1f:4e:42:7e:38:9a:8c:3e:5c:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d8a9fd7c51926e22ea8aa33b3b8838e93e8bedd
        Validity
            Not Before: Jan  2 12:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d832397ad0dc724297695ed4502d0589eeacf02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7e:45:f2:78:37:ba:e5:c2:9c:27:77:bf:eb:
                    0e:88:c7:84:13:0e:d8:18:bb:3b:ef:37:e3:dd:19:
                    11:f9:43:eb:54:ae:e5:15:b1:e6:1a:6f:ca:40:c2:
                    97:b3:13:36:a0:aa:a6:87:cd:6d:ef:59:06:91:33:
                    21:23:27:b5:81:4a:66:33:17:5b:19:9a:49:0e:4c:
                    b7:13:68:a9:f1:aa:9d:d5:17:03:5e:ff:b2:84:8c:
                    6b:0f:71:49:fc:47:2e:d0:dd:28:e9:a0:18:dd:44:
                    69:03:a7:e9:64:ee:a7:b2:5d:18:67:c3:74:50:02:
                    7d:e3:8d:f9:0e:ce:ca:07:19:89:e1:f5:19:41:86:
                    3b:e8:eb:80:28:88:00:b4:75:94:26:5f:eb:26:9c:
                    37:54:cb:41:13:7a:28:fd:b8:de:23:03:49:6b:8a:
                    96:27:91:b9:4b:e3:2f:ed:4b:ea:2e:c2:5a:31:63:
                    fe:e2:ea:c3:af:19:23:79:4d:55:6e:91:db:89:97:
                    60:84:e2:36:c5:52:84:58:c8:cc:ca:66:e0:21:3b:
                    b1:01:1a:61:d8:83:06:03:54:d4:9a:8b:fb:a6:c6:
                    30:bf:0f:a3:df:7d:fa:5e:06:e6:b0:d9:07:69:e6:
                    a9:7f:3f:a1:1d:d6:0b:10:4d:4b:a0:81:7a:ac:79:
                    50:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:83:23:97:AD:0D:C7:24:29:76:95:ED:45:02:D0:58:9E:EA:CF:02
            X509v3 Authority Key Identifier:
                keyid:5D:8A:9F:D7:C5:19:26:E2:2E:A8:AA:33:B3:B8:83:8E:93:E8:BE:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYqf18UZJuIuqKozs7iDjpPovt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/LYMjl60NxyQpdpXtRQLQWJ7qzwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/bb861d-330f-4a97-9f9c-66c53f2b1f02/1/XYqf18UZJuIuqKozs7iDjpPovt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.140.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:57:3e:57:05:47:a9:51:39:d3:02:b6:ab:ec:19:01:39:64:
         62:77:af:0a:52:d1:7f:41:88:a6:fa:a2:29:66:62:98:36:62:
         c4:9e:a5:e9:01:77:9d:07:41:61:05:e7:3e:45:91:0d:3f:84:
         44:28:8f:6c:c3:c5:c5:ce:cf:69:a6:45:e9:86:92:a9:c1:35:
         d1:47:fa:35:95:4e:34:a3:20:a6:83:87:78:10:db:15:45:ed:
         51:fd:09:8c:2c:5b:65:c6:f3:92:88:69:3a:fc:5e:34:11:d2:
         a9:9b:a1:42:57:cf:87:05:7e:15:64:10:b3:94:90:5e:aa:ac:
         58:74:75:bb:85:39:3b:4a:85:50:ab:42:36:89:e8:66:2c:0b:
         66:34:f5:5a:65:39:8a:34:28:74:c5:29:89:89:b9:59:7c:a2:
         54:e2:96:3d:25:3f:5e:5d:c3:d6:46:eb:35:a7:48:fb:75:06:
         61:2c:52:75:1c:a2:1c:1a:c2:c3:75:6c:b8:12:70:b0:8e:88:
         c0:cd:f3:37:52:37:ee:08:b7:4b:61:ac:bf:f3:a4:91:8f:fa:
         eb:05:80:bd:a2:2d:6d:80:56:d6:34:c9:0d:20:a3:52:64:ef:
         89:ab:5b:65:cf:7d:90:53:52:27:b6:45:80:1f:7d:b9:74:21:
         aa:bd:ef:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKisTs6MfTkJ+OJqMPlxLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkOGE5ZmQ3YzUxOTI2ZTIyZWE4YWEzM2IzYjg4MzhlOTNl
OGJlZGQwHhcNMjQwMTAyMTIzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDgzMjM5N2FkMGRjNzI0Mjk3Njk1ZWQ0NTAyZDA1ODllZWFjZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmX5F8ng3uuXCnCd3v+sOiMeEEw7Y
GLs77zfj3RkR+UPrVK7lFbHmGm/KQMKXsxM2oKqmh81t71kGkTMhIye1gUpmMxdb
GZpJDky3E2ip8aqd1RcDXv+yhIxrD3FJ/Ecu0N0o6aAY3URpA6fpZO6nsl0YZ8N0
UAJ94435Ds7KBxmJ4fUZQYY76OuAKIgAtHWUJl/rJpw3VMtBE3oo/bjeIwNJa4qW
J5G5S+Mv7UvqLsJaMWP+4urDrxkjeU1VbpHbiZdghOI2xVKEWMjMymbgITuxARph
2IMGA1TUmov7psYwvw+j3336XgbmsNkHaeapfz+hHdYLEE1LoIF6rHlQDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2DI5etDcckKXaV7UUC0Fie6s8CMB8GA1UdIwQY
MBaAFF2Kn9fFGSbiLqiqM7O4g46T6L7dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlxZjE4VVpKdUl1cUtvenM3aURqcFBvdnQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9iYjg2MWQtMzMwZi00YTk3LTlmOWMt
NjZjNTNmMmIxZjAyLzEvTFlNamw2ME54eVFwZHBYdFJRTFFXSjdxendJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9iYjg2MWQtMzMwZi00YTk3LTlmOWMtNjZjNTNmMmIxZjAy
LzEvWFlxZjE4VVpKdUl1cUtvenM3aURqcFBvdnQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YyQMA0G
CSqGSIb3DQEBCwUAA4IBAQCSVz5XBUepUTnTArar7BkBOWRid68KUtF/QYim+qIp
ZmKYNmLEnqXpAXedB0FhBec+RZENP4REKI9sw8XFzs9ppkXphpKpwTXRR/o1lU40
oyCmg4d4ENsVRe1R/QmMLFtlxvOSiGk6/F40EdKpm6FCV8+HBX4VZBCzlJBeqqxY
dHW7hTk7SoVQq0I2iehmLAtmNPVaZTmKNCh0xSmJiblZfKJU4pY9JT9eXcPWRus1
p0j7dQZhLFJ1HKIcGsLDdWy4EnCwjojAzfM3UjfuCLdLYay/86SRj/rrBYC9oi1t
gFbWNMkNIKNSZO+Jq1tlz32QU1IntkWAH325dCGqve/b
-----END CERTIFICATE-----