Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/lGpZe0nfyjOPNSkdYjcNpksLuCM.roa
File:                     lGpZe0nfyjOPNSkdYjcNpksLuCM.roa (raw, json)
Hash identifier:          DyT5m/e4p5SWboXAet9Hdxvbppe4hsfCjEIarqZC9yI=
Subject key identifier:   94:6A:59:7B:49:DF:CA:33:8F:35:29:1D:62:37:0D:A6:4B:0B:B8:23
Certificate issuer:       /CN=87f41ae0779e37defc69b2a5b0f7ab8fd40cd3e7
Certificate serial:       018CC8024C6A3709520C2962AE90BF320FDA
Authority key identifier: 87:F4:1A:E0:77:9E:37:DE:FC:69:B2:A5:B0:F7:AB:8F:D4:0C:D3:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/lGpZe0nfyjOPNSkdYjcNpksLuCM.roa
Signing time:             Tue 02 Jan 2024 02:30:43 +0000
ROA not before:           Tue 02 Jan 2024 02:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208599
IP address blocks:        185.151.76.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:4c:6a:37:09:52:0c:29:62:ae:90:bf:32:0f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87f41ae0779e37defc69b2a5b0f7ab8fd40cd3e7
        Validity
            Not Before: Jan  2 02:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=946a597b49dfca338f35291d62370da64b0bb823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d3:98:ac:fb:70:3b:ce:8e:01:d1:02:a8:fa:
                    18:c3:2c:63:05:dd:82:5b:d7:29:d1:91:d6:35:4b:
                    71:0f:7f:13:f1:9f:62:97:8c:d4:65:27:58:87:89:
                    8a:ff:c6:0f:c5:14:e9:42:72:6b:d0:e0:5e:53:8b:
                    ed:17:2c:ef:82:90:b6:5f:81:a0:19:e4:05:38:ce:
                    f1:4e:f6:07:69:86:05:8e:3e:ee:8d:8c:9d:d6:ca:
                    b0:5e:29:23:08:f4:76:ae:01:bc:a6:18:aa:a0:4a:
                    e4:55:d0:c8:65:d3:d8:b5:5d:c8:e4:40:0f:97:fa:
                    d1:f7:37:4f:a4:15:b2:26:2d:56:8b:43:d2:61:ad:
                    77:ad:5b:b7:c9:d8:6e:f2:13:20:b3:c1:33:25:70:
                    1e:38:af:80:d6:f0:49:fd:cb:4e:97:22:be:74:44:
                    f4:f4:f4:40:dc:1d:e4:40:ce:40:53:c1:57:8d:b0:
                    39:d1:c7:0e:a9:7b:da:f2:cd:4b:10:8f:07:f6:96:
                    94:be:00:e1:6d:18:a4:c4:e8:7e:b4:0a:e6:60:48:
                    0e:81:5a:10:84:93:1a:52:34:21:60:ea:ce:fd:94:
                    a3:83:62:77:aa:48:ab:a7:34:9b:fe:25:2c:6d:6a:
                    09:4b:20:6b:c9:82:59:57:f5:d6:f0:58:79:58:5a:
                    ed:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:6A:59:7B:49:DF:CA:33:8F:35:29:1D:62:37:0D:A6:4B:0B:B8:23
            X509v3 Authority Key Identifier:
                keyid:87:F4:1A:E0:77:9E:37:DE:FC:69:B2:A5:B0:F7:AB:8F:D4:0C:D3:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/lGpZe0nfyjOPNSkdYjcNpksLuCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:98:83:c6:12:10:89:15:1e:40:73:0d:a6:95:3d:4b:94:f9:
         c7:6b:4f:84:d7:13:eb:cf:d4:de:a3:49:00:8f:a3:5a:4c:82:
         74:bb:87:24:09:31:31:33:8e:67:11:c8:0a:94:88:e6:86:25:
         09:f1:97:44:ad:59:22:3b:68:15:19:42:2c:33:c7:ea:80:5f:
         81:c4:e9:86:69:cd:e2:b5:9b:b2:d5:d7:8c:ec:b8:82:ff:9f:
         53:9d:53:da:df:00:ab:a9:13:fc:f1:94:08:80:bd:44:92:fb:
         a5:fa:a3:10:0c:6c:06:f9:7e:8e:b9:b0:40:e8:96:2c:6c:74:
         27:95:cd:56:8e:92:29:36:73:1c:18:ab:c5:00:a1:55:a1:95:
         54:dd:32:f2:17:2d:02:4d:53:50:01:97:bf:6a:4d:7e:bf:88:
         61:83:ed:ad:29:66:d5:f7:92:45:58:ab:86:77:08:0e:f8:4a:
         5d:ad:b0:74:12:1b:ba:3e:32:2a:96:8a:ab:85:4f:fd:58:4f:
         7b:af:30:65:82:37:5c:4c:8f:d6:96:9a:a1:a5:e5:91:a1:37:
         ad:42:f3:a7:69:f0:76:6b:33:27:c1:8c:69:83:cf:d0:76:e1:
         07:96:b6:0c:81:fd:9f:c9:02:4e:de:d1:4c:3f:eb:e2:37:e7:
         f5:c0:a4:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAkxqNwlSDClirpC/Mg/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZjQxYWUwNzc5ZTM3ZGVmYzY5YjJhNWIwZjdhYjhmZDQw
Y2QzZTcwHhcNMjQwMTAyMDIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDZhNTk3YjQ5ZGZjYTMzOGYzNTI5MWQ2MjM3MGRhNjRiMGJiODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdOYrPtwO86OAdECqPoYwyxjBd2C
W9cp0ZHWNUtxD38T8Z9il4zUZSdYh4mK/8YPxRTpQnJr0OBeU4vtFyzvgpC2X4Gg
GeQFOM7xTvYHaYYFjj7ujYyd1sqwXikjCPR2rgG8phiqoErkVdDIZdPYtV3I5EAP
l/rR9zdPpBWyJi1Wi0PSYa13rVu3ydhu8hMgs8EzJXAeOK+A1vBJ/ctOlyK+dET0
9PRA3B3kQM5AU8FXjbA50ccOqXva8s1LEI8H9paUvgDhbRikxOh+tArmYEgOgVoQ
hJMaUjQhYOrO/ZSjg2J3qkirpzSb/iUsbWoJSyBryYJZV/XW8Fh5WFrtaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRqWXtJ38ozjzUpHWI3DaZLC7gjMB8GA1UdIwQY
MBaAFIf0GuB3njfe/GmypbD3q4/UDNPnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaF9RYTRIZWVOOTc4YWJLbHNQZXJqOVFNMC1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xODVjYjUtNDc1Mi00M2I4LThlNDYt
YzQzYWIyYTEyZDU1LzEvbEdwWmUwbmZ5ak9QTlNrZFlqY05wa3NMdUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xODVjYjUtNDc1Mi00M2I4LThlNDYtYzQzYWIyYTEyZDU1
LzEvaF9RYTRIZWVOOTc4YWJLbHNQZXJqOVFNMC1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZdMMA0G
CSqGSIb3DQEBCwUAA4IBAQA0mIPGEhCJFR5Acw2mlT1LlPnHa0+E1xPrz9Teo0kA
j6NaTIJ0u4ckCTExM45nEcgKlIjmhiUJ8ZdErVkiO2gVGUIsM8fqgF+BxOmGac3i
tZuy1deM7LiC/59TnVPa3wCrqRP88ZQIgL1Ekvul+qMQDGwG+X6OubBA6JYsbHQn
lc1WjpIpNnMcGKvFAKFVoZVU3TLyFy0CTVNQAZe/ak1+v4hhg+2tKWbV95JFWKuG
dwgO+EpdrbB0Ehu6PjIqloqrhU/9WE97rzBlgjdcTI/WlpqhpeWRoTetQvOnafB2
azMnwYxpg8/QduEHlrYMgf2fyQJO3tFMP+viN+f1wKSz
-----END CERTIFICATE-----