Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/L-8X_M2aGuXYqLekA8z8wM5APYc.roa
File:                     L-8X_M2aGuXYqLekA8z8wM5APYc.roa (raw, json)
Hash identifier:          CsR2fxZ4zHG3VWNSEr8Tl/408Cxo/mHP/ftY2798YRM=
Subject key identifier:   2F:EF:17:FC:CD:9A:1A:E5:D8:A8:B7:A4:03:CC:FC:C0:CE:40:3D:87
Certificate issuer:       /CN=374e2729b17369890a1512f643cd08e4ba2ff414
Certificate serial:       018CC5DD1987E6BA62014405F1B969B02F58
Authority key identifier: 37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/L-8X_M2aGuXYqLekA8z8wM5APYc.roa
Signing time:             Mon 01 Jan 2024 16:30:50 +0000
ROA not before:           Mon 01 Jan 2024 16:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14576
IP address blocks:        178.20.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:19:87:e6:ba:62:01:44:05:f1:b9:69:b0:2f:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374e2729b17369890a1512f643cd08e4ba2ff414
        Validity
            Not Before: Jan  1 16:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fef17fccd9a1ae5d8a8b7a403ccfcc0ce403d87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:17:c5:2d:47:9f:66:9c:06:6f:7d:c5:c5:98:
                    61:24:3d:b8:b3:ef:f3:1f:b6:51:6b:6f:8b:31:31:
                    fa:cc:9e:9e:74:04:cf:a6:86:6b:60:0c:af:82:ed:
                    e6:bd:44:72:e5:07:56:06:d5:ec:3b:dd:6f:0c:83:
                    12:75:96:d5:ee:73:fc:26:08:8f:19:1a:d5:b2:4e:
                    f0:7f:14:22:79:ac:b8:5d:4c:17:f2:b2:4e:66:87:
                    10:39:1c:6b:a7:54:60:47:e5:60:77:fb:a6:80:08:
                    b8:66:59:40:aa:a8:eb:3a:8d:4e:4e:b3:a8:29:30:
                    59:14:8d:4f:90:b7:72:f1:eb:2a:7e:ae:86:a3:eb:
                    29:90:26:d4:e7:d1:2b:ab:8b:ed:d6:38:3f:84:9f:
                    ef:5a:8a:3e:a6:4a:ba:99:8f:1b:a4:59:1a:2d:79:
                    ee:2f:a7:8b:0d:c3:2a:57:e2:c7:6f:2e:92:5a:e0:
                    ac:72:ba:43:45:3f:f2:fa:d8:f7:57:79:1c:a9:9d:
                    05:be:61:a4:18:f5:25:92:f2:f8:d2:a1:1c:a7:64:
                    78:ac:63:48:63:b7:2c:c0:7e:bf:27:e9:42:35:99:
                    56:09:39:e3:42:ad:84:83:1a:6d:29:49:04:e8:80:
                    3a:4c:62:4d:56:b9:5b:41:dd:85:36:a1:c4:56:18:
                    1f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:EF:17:FC:CD:9A:1A:E5:D8:A8:B7:A4:03:CC:FC:C0:CE:40:3D:87
            X509v3 Authority Key Identifier:
                keyid:37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/L-8X_M2aGuXYqLekA8z8wM5APYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:cc:8a:ac:27:89:d6:cc:ff:68:14:5a:36:d9:a6:46:fa:d3:
         04:d7:b0:4b:b5:72:ca:e6:0e:37:04:4a:b6:9c:ff:23:d4:91:
         5c:51:c2:2f:11:d6:b0:99:0a:db:bf:ec:bb:6d:4b:ef:42:0a:
         ce:b5:18:a8:39:2b:1b:c1:eb:cb:6c:e1:5c:0f:a9:5e:72:95:
         4a:95:44:32:93:59:a6:4f:e8:b2:0e:1e:a1:67:f9:f2:74:56:
         e8:63:08:4a:85:7e:07:7c:47:4a:58:40:20:27:73:43:47:68:
         16:0a:31:82:f7:16:72:7e:59:e5:39:15:6d:44:2e:fb:1e:19:
         f6:46:ea:44:30:99:9b:dd:f6:15:78:0b:c3:f8:2b:17:9d:38:
         24:cb:a0:94:7f:c0:b4:de:04:3f:54:5e:9c:d7:3e:33:3c:c1:
         53:04:0f:0f:e6:e9:48:2c:2b:3b:19:bf:33:e6:f8:02:75:67:
         6a:91:be:84:64:40:8e:6e:2c:ed:ed:18:db:ff:e3:e0:91:39:
         6b:58:62:19:10:97:58:e0:c6:6b:44:7d:25:83:3b:8c:f0:27:
         9d:84:83:9d:a7:d0:27:57:44:b5:95:fd:60:d1:2c:84:34:8d:
         f4:6a:ee:dd:4f:b2:a8:0d:4d:5a:03:68:3b:88:0a:f4:fc:ae:
         d2:b6:d8:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3RmH5rpiAUQF8blpsC9YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGUyNzI5YjE3MzY5ODkwYTE1MTJmNjQzY2QwOGU0YmEy
ZmY0MTQwHhcNMjQwMTAxMTYzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmVmMTdmY2NkOWExYWU1ZDhhOGI3YTQwM2NjZmNjMGNlNDAzZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRfFLUefZpwGb33FxZhhJD24s+/z
H7ZRa2+LMTH6zJ6edATPpoZrYAyvgu3mvURy5QdWBtXsO91vDIMSdZbV7nP8JgiP
GRrVsk7wfxQieay4XUwX8rJOZocQORxrp1RgR+Vgd/umgAi4ZllAqqjrOo1OTrOo
KTBZFI1PkLdy8esqfq6Go+spkCbU59Erq4vt1jg/hJ/vWoo+pkq6mY8bpFkaLXnu
L6eLDcMqV+LHby6SWuCscrpDRT/y+tj3V3kcqZ0FvmGkGPUlkvL40qEcp2R4rGNI
Y7cswH6/J+lCNZlWCTnjQq2EgxptKUkE6IA6TGJNVrlbQd2FNqHEVhgfawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/vF/zNmhrl2Ki3pAPM/MDOQD2HMB8GA1UdIwQY
MBaAFDdOJymxc2mJChUS9kPNCOS6L/QUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYt
Y2ZjNDZhNzZlYzc4LzEvTC04WF9NMmFHdVhZcUxla0E4ejh3TTVBUFljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYtY2ZjNDZhNzZlYzc4
LzEvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshTUMA0G
CSqGSIb3DQEBCwUAA4IBAQCvzIqsJ4nWzP9oFFo22aZG+tME17BLtXLK5g43BEq2
nP8j1JFcUcIvEdawmQrbv+y7bUvvQgrOtRioOSsbwevLbOFcD6lecpVKlUQyk1mm
T+iyDh6hZ/nydFboYwhKhX4HfEdKWEAgJ3NDR2gWCjGC9xZyflnlORVtRC77Hhn2
RupEMJmb3fYVeAvD+CsXnTgky6CUf8C03gQ/VF6c1z4zPMFTBA8P5ulILCs7Gb8z
5vgCdWdqkb6EZECObizt7Rjb/+PgkTlrWGIZEJdY4MZrRH0lgzuM8CedhIOdp9An
V0S1lf1g0SyENI30au7dT7KoDU1aA2g7iAr0/K7Sttin
-----END CERTIFICATE-----