Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c2d399-4ae9-4431-9161-58efa0bee084/1/LPbQhc19-JdikqMkS5r2to6SmIc.roa
File:                     LPbQhc19-JdikqMkS5r2to6SmIc.roa (raw, json)
Hash identifier:          KoCdL0JL3mN74O33lQAh/ZziNnauN604I9YBxcIXbYs=
Subject key identifier:   2C:F6:D0:85:CD:7D:F8:97:62:92:A3:24:4B:9A:F6:B6:8E:92:98:87
Certificate issuer:       /CN=12c603666719e979bef0921451a2ec264ed01209
Certificate serial:       018CC8DE5B40A3C113E82D88208E706839F8
Authority key identifier: 12:C6:03:66:67:19:E9:79:BE:F0:92:14:51:A2:EC:26:4E:D0:12:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsYDZmcZ6Xm-8JIUUaLsJk7QEgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c2d399-4ae9-4431-9161-58efa0bee084/1/LPbQhc19-JdikqMkS5r2to6SmIc.roa
Signing time:             Tue 02 Jan 2024 06:31:04 +0000
ROA not before:           Tue 02 Jan 2024 06:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16296
IP address blocks:        80.241.128.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c2d399-4ae9-4431-9161-58efa0bee084/1/EsYDZmcZ6Xm-8JIUUaLsJk7QEgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c2d399-4ae9-4431-9161-58efa0bee084/1/EsYDZmcZ6Xm-8JIUUaLsJk7QEgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsYDZmcZ6Xm-8JIUUaLsJk7QEgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 15:21:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:5b:40:a3:c1:13:e8:2d:88:20:8e:70:68:39:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c603666719e979bef0921451a2ec264ed01209
        Validity
            Not Before: Jan  2 06:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cf6d085cd7df8976292a3244b9af6b68e929887
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fa:94:11:7f:6f:43:94:73:2e:59:4f:f1:d5:
                    12:09:0c:52:93:f0:8a:60:39:b8:c3:d3:ba:81:d4:
                    ed:f4:ac:4d:b4:bd:df:c8:c6:e3:a9:9c:48:1f:54:
                    fe:08:df:b2:15:0b:10:7f:1f:8f:0f:e9:77:8b:2e:
                    e2:d0:69:94:e6:23:e5:2b:bc:45:6c:10:45:87:04:
                    11:24:5e:57:15:1f:d5:8d:b2:d7:ed:b4:b4:a5:fe:
                    9d:a4:33:d4:66:7a:0b:a6:4d:1b:53:b5:d0:d2:be:
                    ff:ce:df:14:6a:8b:f2:a1:a9:23:9b:9d:eb:94:c5:
                    45:a7:17:b4:8b:6a:7f:fa:23:d9:4f:f6:d8:9c:91:
                    b9:d4:6c:4c:e8:43:f9:46:3a:94:26:74:75:16:33:
                    6c:29:94:b0:84:2e:7f:9d:75:d3:cd:25:d3:c8:da:
                    52:e1:33:5d:94:2e:0c:e2:1c:66:7a:f1:a0:24:01:
                    3e:54:a6:93:de:4c:42:c5:e6:49:b3:f2:ae:fb:ae:
                    46:2b:51:22:0e:07:51:bf:80:32:6e:03:44:05:92:
                    a0:3b:40:e6:01:74:a2:ba:3c:4f:b8:9c:a6:ea:35:
                    bd:9e:f1:29:f3:ff:ac:27:22:f5:ef:b1:8e:9e:0f:
                    4f:a1:f2:2b:df:fa:9b:73:21:2e:ac:78:7d:fc:f4:
                    01:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:F6:D0:85:CD:7D:F8:97:62:92:A3:24:4B:9A:F6:B6:8E:92:98:87
            X509v3 Authority Key Identifier:
                keyid:12:C6:03:66:67:19:E9:79:BE:F0:92:14:51:A2:EC:26:4E:D0:12:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsYDZmcZ6Xm-8JIUUaLsJk7QEgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c2d399-4ae9-4431-9161-58efa0bee084/1/LPbQhc19-JdikqMkS5r2to6SmIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c2d399-4ae9-4431-9161-58efa0bee084/1/EsYDZmcZ6Xm-8JIUUaLsJk7QEgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.241.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         07:6b:02:78:7e:c4:9c:90:d2:2f:c5:f3:85:e9:af:c1:3d:db:
         89:07:dc:8c:50:be:88:e0:29:59:bc:01:45:73:ca:72:90:1d:
         e2:a5:cf:87:1a:3f:8a:b4:ce:9b:a9:cf:a3:0b:cf:1c:d5:fd:
         d0:dc:e9:cf:04:81:40:6b:f0:56:14:ec:43:90:c1:bf:72:c3:
         1c:9d:30:c1:16:47:c7:a6:72:46:89:4e:21:60:65:3d:4a:90:
         58:cc:d6:df:6d:79:71:8c:ff:57:a7:f1:54:18:11:76:67:78:
         fe:a0:a4:6f:54:e4:83:a6:9c:f3:8a:8c:b1:d2:28:ca:8b:81:
         1d:e5:07:b2:4c:19:60:a5:be:1d:3c:a0:09:b7:92:95:c0:bf:
         20:de:68:24:23:24:da:72:eb:6c:6b:11:6e:b5:e1:d6:e9:0f:
         57:24:28:d9:b3:3f:a6:1d:6c:02:c5:f2:3a:74:bc:2e:94:98:
         92:05:f1:47:d2:98:8b:02:2d:1f:08:2d:a4:f8:73:e5:59:cf:
         a0:34:52:8d:7c:cd:44:59:cf:f3:86:53:d2:4a:0d:fd:ff:2a:
         57:cc:e2:b4:e3:0a:58:ed:71:26:71:ac:84:7c:7b:0c:92:8c:
         8d:82:c2:5e:ea:92:52:78:7d:cf:c9:79:3f:a2:cc:db:36:a4:
         ad:30:a8:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ltAo8ET6C2III5waDn4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYzYwMzY2NjcxOWU5NzliZWYwOTIxNDUxYTJlYzI2NGVk
MDEyMDkwHhcNMjQwMTAyMDYzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2Y2ZDA4NWNkN2RmODk3NjI5MmEzMjQ0YjlhZjZiNjhlOTI5ODg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/qUEX9vQ5RzLllP8dUSCQxSk/CK
YDm4w9O6gdTt9KxNtL3fyMbjqZxIH1T+CN+yFQsQfx+PD+l3iy7i0GmU5iPlK7xF
bBBFhwQRJF5XFR/VjbLX7bS0pf6dpDPUZnoLpk0bU7XQ0r7/zt8Uaovyoakjm53r
lMVFpxe0i2p/+iPZT/bYnJG51GxM6EP5RjqUJnR1FjNsKZSwhC5/nXXTzSXTyNpS
4TNdlC4M4hxmevGgJAE+VKaT3kxCxeZJs/Ku+65GK1EiDgdRv4AybgNEBZKgO0Dm
AXSiujxPuJym6jW9nvEp8/+sJyL177GOng9PofIr3/qbcyEurHh9/PQBAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCz20IXNffiXYpKjJEua9raOkpiHMB8GA1UdIwQY
MBaAFBLGA2ZnGel5vvCSFFGi7CZO0BIJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXNZRFptY1o2WG0tOEpJVVVhTHNKazdRRWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jMmQzOTktNGFlOS00NDMxLTkxNjEt
NThlZmEwYmVlMDg0LzEvTFBiUWhjMTktSmRpa3FNa1M1cjJ0bzZTbUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jMmQzOTktNGFlOS00NDMxLTkxNjEtNThlZmEwYmVlMDg0
LzEvRXNZRFptY1o2WG0tOEpJVVVhTHNKazdRRWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUPGAMA0G
CSqGSIb3DQEBCwUAA4IBAQAHawJ4fsSckNIvxfOF6a/BPduJB9yMUL6I4ClZvAFF
c8pykB3ipc+HGj+KtM6bqc+jC88c1f3Q3OnPBIFAa/BWFOxDkMG/csMcnTDBFkfH
pnJGiU4hYGU9SpBYzNbfbXlxjP9Xp/FUGBF2Z3j+oKRvVOSDppzzioyx0ijKi4Ed
5QeyTBlgpb4dPKAJt5KVwL8g3mgkIyTacutsaxFuteHW6Q9XJCjZsz+mHWwCxfI6
dLwulJiSBfFH0piLAi0fCC2k+HPlWc+gNFKNfM1EWc/zhlPSSg39/ypXzOK04wpY
7XEmcayEfHsMkoyNgsJe6pJSeH3PyXk/oszbNqStMKh9
-----END CERTIFICATE-----