Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/LatCEoKJ_jKkf-s6Rw-xtiCOj6I.roa
File:                     LatCEoKJ_jKkf-s6Rw-xtiCOj6I.roa (raw, json)
Hash identifier:          D8xH6rOVVnzLyMBoK5Y+e3T76Yupwsg9fpWyCiwa22c=
Subject key identifier:   2D:AB:42:12:82:89:FE:32:A4:7F:EB:3A:47:0F:B1:B6:20:8E:8F:A2
Certificate issuer:       /CN=7aa606117bb5f7e4160ef268f9f4aa0457380441
Certificate serial:       018CC726AB4F4BC8D5C4A2B460CC78A81C91
Authority key identifier: 7A:A6:06:11:7B:B5:F7:E4:16:0E:F2:68:F9:F4:AA:04:57:38:04:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eqYGEXu19-QWDvJo-fSqBFc4BEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/LatCEoKJ_jKkf-s6Rw-xtiCOj6I.roa
Signing time:             Mon 01 Jan 2024 22:30:49 +0000
ROA not before:           Mon 01 Jan 2024 22:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43228
IP address blocks:        185.190.104.0/22 maxlen: 22
                          185.190.104.0/23 maxlen: 23
                          185.190.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/eqYGEXu19-QWDvJo-fSqBFc4BEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/eqYGEXu19-QWDvJo-fSqBFc4BEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eqYGEXu19-QWDvJo-fSqBFc4BEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ab:4f:4b:c8:d5:c4:a2:b4:60:cc:78:a8:1c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aa606117bb5f7e4160ef268f9f4aa0457380441
        Validity
            Not Before: Jan  1 22:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dab42128289fe32a47feb3a470fb1b6208e8fa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:69:ec:64:89:74:1a:7e:ba:01:51:a0:50:b5:
                    66:95:cd:f2:a2:e0:a2:20:98:28:da:f7:46:b2:ed:
                    73:06:a8:22:81:39:35:a7:a5:1b:65:a1:7f:ca:92:
                    6e:ef:b7:24:36:ff:4b:81:90:f2:66:68:ca:d1:9f:
                    69:bc:97:07:87:d0:b3:ce:0a:21:ae:38:9d:1e:de:
                    91:8c:f7:bb:fb:de:c8:ed:f9:c5:03:b4:85:19:54:
                    df:d9:5d:35:25:55:8c:a1:df:05:05:1a:d1:9b:d5:
                    8f:7b:ee:0b:18:e1:63:8e:e3:27:26:6f:89:a7:1f:
                    5a:0f:2e:93:6d:1d:5d:75:1f:ed:3a:2f:b9:7e:fb:
                    c5:2f:20:92:e7:62:19:53:8a:21:4c:aa:96:df:18:
                    70:45:6e:95:41:b7:9c:e8:d1:64:80:87:3d:4e:e4:
                    ef:c6:8b:d7:bb:a1:10:e0:75:db:3b:ad:f3:ca:d1:
                    a4:65:78:f3:83:32:7b:83:88:2b:5c:ef:68:a1:4f:
                    a4:6a:29:c8:d9:c4:3f:f0:6c:4e:19:57:f9:e3:c0:
                    c1:56:e4:31:ac:d4:f8:8a:7c:3c:eb:9d:dd:43:72:
                    47:16:5a:c1:f3:f4:f4:4f:61:a7:08:f3:76:eb:48:
                    98:03:e5:32:b1:32:de:0a:e4:0b:75:ba:c6:5c:5f:
                    f4:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:AB:42:12:82:89:FE:32:A4:7F:EB:3A:47:0F:B1:B6:20:8E:8F:A2
            X509v3 Authority Key Identifier:
                keyid:7A:A6:06:11:7B:B5:F7:E4:16:0E:F2:68:F9:F4:AA:04:57:38:04:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eqYGEXu19-QWDvJo-fSqBFc4BEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/LatCEoKJ_jKkf-s6Rw-xtiCOj6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/eqYGEXu19-QWDvJo-fSqBFc4BEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:20:a6:67:87:2a:b2:de:7b:a0:4a:e6:35:c3:75:21:e8:1e:
         c7:33:09:8a:53:aa:f2:63:e0:45:72:2a:da:c9:4b:67:6b:c5:
         26:c2:38:66:71:a6:39:c4:75:d0:0f:bb:f7:1a:15:a6:2b:5a:
         43:91:bd:9b:3c:96:8b:d9:ed:7d:48:95:a1:fa:17:5f:9d:95:
         73:77:86:e7:45:11:e5:37:00:8b:6e:fd:2e:77:28:25:50:70:
         fd:bf:91:b9:df:09:7e:b3:a9:f1:85:bb:23:95:71:c5:34:21:
         2d:23:c3:f6:ea:01:bb:af:5f:ec:d2:fa:c9:dd:20:2a:47:79:
         5a:a3:76:59:13:8d:2a:9f:f6:7a:61:3e:71:47:3d:15:47:91:
         9b:be:16:25:d9:f4:1c:01:f4:8e:99:86:ad:b2:7e:25:f9:43:
         51:0e:08:8a:6f:c3:31:8b:1c:8d:aa:98:7d:47:c6:a6:e7:1c:
         64:c6:21:8f:da:f0:38:7a:67:dc:c2:71:62:bb:8b:6a:fe:ef:
         29:4c:b7:dd:5d:e7:89:1c:d0:67:9c:d0:ad:03:48:30:d6:18:
         4a:0e:e1:74:d5:c2:bb:28:19:10:ad:de:01:da:07:de:5e:b1:
         da:d5:bd:09:19:c6:14:09:15:8b:ea:ed:71:42:0d:b6:74:5e:
         2f:97:2a:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJqtPS8jVxKK0YMx4qByRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhYTYwNjExN2JiNWY3ZTQxNjBlZjI2OGY5ZjRhYTA0NTcz
ODA0NDEwHhcNMjQwMTAxMjIzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGFiNDIxMjgyODlmZTMyYTQ3ZmViM2E0NzBmYjFiNjIwOGU4ZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGnsZIl0Gn66AVGgULVmlc3youCi
IJgo2vdGsu1zBqgigTk1p6UbZaF/ypJu77ckNv9LgZDyZmjK0Z9pvJcHh9Czzgoh
rjidHt6RjPe7+97I7fnFA7SFGVTf2V01JVWMod8FBRrRm9WPe+4LGOFjjuMnJm+J
px9aDy6TbR1ddR/tOi+5fvvFLyCS52IZU4ohTKqW3xhwRW6VQbec6NFkgIc9TuTv
xovXu6EQ4HXbO63zytGkZXjzgzJ7g4grXO9ooU+kainI2cQ/8GxOGVf548DBVuQx
rNT4inw8653dQ3JHFlrB8/T0T2GnCPN260iYA+UysTLeCuQLdbrGXF/0fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2rQhKCif4ypH/rOkcPsbYgjo+iMB8GA1UdIwQY
MBaAFHqmBhF7tffkFg7yaPn0qgRXOARBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXFZR0VYdTE5LVFXRHZKby1mU3FCRmM0QkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8yM2JkZDAtNWJmMS00ZDQ0LWI0YWEt
YTA2MTM2YjJkYzcyLzEvTGF0Q0VvS0pfaktrZi1zNlJ3LXh0aUNPajZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8yM2JkZDAtNWJmMS00ZDQ0LWI0YWEtYTA2MTM2YjJkYzcy
LzEvZXFZR0VYdTE5LVFXRHZKby1mU3FCRmM0QkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub5oMA0G
CSqGSIb3DQEBCwUAA4IBAQA/IKZnhyqy3nugSuY1w3Uh6B7HMwmKU6ryY+BFcira
yUtna8UmwjhmcaY5xHXQD7v3GhWmK1pDkb2bPJaL2e19SJWh+hdfnZVzd4bnRRHl
NwCLbv0udyglUHD9v5G53wl+s6nxhbsjlXHFNCEtI8P26gG7r1/s0vrJ3SAqR3la
o3ZZE40qn/Z6YT5xRz0VR5GbvhYl2fQcAfSOmYatsn4l+UNRDgiKb8MxixyNqph9
R8am5xxkxiGP2vA4emfcwnFiu4tq/u8pTLfdXeeJHNBnnNCtA0gw1hhKDuF01cK7
KBkQrd4B2gfeXrHa1b0JGcYUCRWL6u1xQg22dF4vlyqp
-----END CERTIFICATE-----