Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/832edd-488f-44d8-810b-f7ad97c0ecbd/1/LPzQ6sexGwPxXdJE3EbmsmkS8nA.roa
File:                     LPzQ6sexGwPxXdJE3EbmsmkS8nA.roa (raw, json)
Hash identifier:          2FIQwuF8Scgbv00IOzl/ramfIAA1EObx2JnjdZaeR3c=
Subject key identifier:   2C:FC:D0:EA:C7:B1:1B:03:F1:5D:D2:44:DC:46:E6:B2:69:12:F2:70
Certificate issuer:       /CN=9e3dc19309e678c14825fc72083ca1dec7843f4d
Certificate serial:       018CC3B721FE9C0EFA55AFA03CA37496C6D6
Authority key identifier: 9E:3D:C1:93:09:E6:78:C1:48:25:FC:72:08:3C:A1:DE:C7:84:3F:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nj3BkwnmeMFIJfxyCDyh3seEP00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/832edd-488f-44d8-810b-f7ad97c0ecbd/1/LPzQ6sexGwPxXdJE3EbmsmkS8nA.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50894
IP address blocks:        178.22.240.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/832edd-488f-44d8-810b-f7ad97c0ecbd/1/nj3BkwnmeMFIJfxyCDyh3seEP00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/832edd-488f-44d8-810b-f7ad97c0ecbd/1/nj3BkwnmeMFIJfxyCDyh3seEP00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nj3BkwnmeMFIJfxyCDyh3seEP00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:21:fe:9c:0e:fa:55:af:a0:3c:a3:74:96:c6:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3dc19309e678c14825fc72083ca1dec7843f4d
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cfcd0eac7b11b03f15dd244dc46e6b26912f270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f6:5c:27:ba:8e:73:0a:92:b7:6d:cc:ef:35:
                    f3:3c:9e:b4:62:7b:ec:63:25:a9:9c:e2:7a:ec:54:
                    5b:e2:d3:b3:b5:e9:d0:a6:4e:02:da:96:46:c1:1d:
                    6d:19:05:ba:fe:97:fd:45:35:2d:b5:b8:53:fd:e6:
                    e4:cb:d6:b1:eb:51:de:ff:e4:6a:76:07:a3:21:b4:
                    9c:ef:8d:fa:b8:98:02:bc:9a:da:de:31:6c:f5:cf:
                    f7:c1:0f:97:42:20:18:15:16:c9:c7:5b:81:e7:63:
                    af:fd:eb:e7:61:b2:8f:14:78:66:f2:2f:e2:b3:4c:
                    ef:28:eb:a8:1e:0b:24:68:81:7f:f3:a0:b1:70:39:
                    61:6d:22:fe:e1:1a:d0:4a:db:78:14:40:59:45:a8:
                    56:69:a4:6d:03:6c:ab:d1:c3:41:0a:1d:e8:e3:f5:
                    bc:2a:65:93:13:61:62:76:77:18:5a:0b:cf:b5:4a:
                    4b:09:5b:f9:e4:c8:dd:0c:d3:30:20:81:9b:86:6c:
                    4d:64:ef:d3:f7:49:e1:3f:5c:87:0d:86:d8:b6:69:
                    79:77:1e:f0:7d:21:65:89:27:73:ed:66:96:74:cc:
                    5e:88:78:6e:73:f6:f2:75:92:65:f0:20:c6:1f:4e:
                    05:4b:07:ee:e4:49:55:a7:1a:a9:af:0c:59:5e:5f:
                    5a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:FC:D0:EA:C7:B1:1B:03:F1:5D:D2:44:DC:46:E6:B2:69:12:F2:70
            X509v3 Authority Key Identifier:
                keyid:9E:3D:C1:93:09:E6:78:C1:48:25:FC:72:08:3C:A1:DE:C7:84:3F:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nj3BkwnmeMFIJfxyCDyh3seEP00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/832edd-488f-44d8-810b-f7ad97c0ecbd/1/LPzQ6sexGwPxXdJE3EbmsmkS8nA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/832edd-488f-44d8-810b-f7ad97c0ecbd/1/nj3BkwnmeMFIJfxyCDyh3seEP00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.22.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b6:fb:01:a6:64:6f:06:36:fe:c5:2b:97:b6:52:a4:db:d9:bb:
         21:0e:e9:cc:67:4b:92:c0:31:35:f6:22:1b:e1:94:33:2e:38:
         23:24:74:ba:17:7c:5c:c1:61:9d:12:6d:1f:fd:fe:ee:e0:80:
         56:95:f1:3d:eb:6e:80:99:6e:18:a1:fc:f3:7a:cb:83:36:2a:
         86:36:29:70:6d:33:ff:1a:76:2c:b4:fe:fd:69:ff:f2:31:97:
         02:81:b7:08:65:8a:ce:d1:3c:31:66:10:73:83:61:0b:94:69:
         aa:4f:d7:8d:3e:16:60:dd:27:17:7b:41:d7:2c:8d:fe:78:b4:
         b3:ce:1c:ac:4c:5c:ad:c2:6d:89:1e:4c:fe:85:60:26:98:92:
         73:cb:97:21:8f:e5:dc:26:45:57:c0:8d:e7:ca:2e:e0:2d:af:
         8f:db:6e:d6:57:77:27:a0:e6:6c:ea:0d:ef:74:cb:83:b8:5d:
         8b:82:8f:ec:19:e1:cd:4c:49:64:7b:2d:f5:d2:ee:7c:c0:7c:
         4d:3d:82:36:f5:37:cd:98:80:d1:8a:96:9c:40:ad:5b:91:d8:
         b5:f4:bc:7e:d5:2a:5e:4a:3f:a2:28:92:13:e9:f3:54:c4:ff:
         25:2f:50:b2:51:72:cb:b7:fb:63:fe:e8:a3:83:5d:66:c7:d3:
         85:c4:94:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyH+nA76Va+gPKN0lsbWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllM2RjMTkzMDllNjc4YzE0ODI1ZmM3MjA4M2NhMWRlYzc4
NDNmNGQwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2ZjZDBlYWM3YjExYjAzZjE1ZGQyNDRkYzQ2ZTZiMjY5MTJmMjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvZcJ7qOcwqSt23M7zXzPJ60Ynvs
YyWpnOJ67FRb4tOztenQpk4C2pZGwR1tGQW6/pf9RTUttbhT/ebky9ax61He/+Rq
dgejIbSc7436uJgCvJra3jFs9c/3wQ+XQiAYFRbJx1uB52Ov/evnYbKPFHhm8i/i
s0zvKOuoHgskaIF/86CxcDlhbSL+4RrQStt4FEBZRahWaaRtA2yr0cNBCh3o4/W8
KmWTE2FidncYWgvPtUpLCVv55MjdDNMwIIGbhmxNZO/T90nhP1yHDYbYtml5dx7w
fSFliSdz7WaWdMxeiHhuc/bydZJl8CDGH04FSwfu5ElVpxqprwxZXl9acwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCz80OrHsRsD8V3SRNxG5rJpEvJwMB8GA1UdIwQY
MBaAFJ49wZMJ5njBSCX8cgg8od7HhD9NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmozQmt3bm1lTUZJSmZ4eUNEeWgzc2VFUDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS84MzJlZGQtNDg4Zi00NGQ4LTgxMGIt
ZjdhZDk3YzBlY2JkLzEvTFB6UTZzZXhHd1B4WGRKRTNFYm1zbWtTOG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS84MzJlZGQtNDg4Zi00NGQ4LTgxMGItZjdhZDk3YzBlY2Jk
LzEvbmozQmt3bm1lTUZJSmZ4eUNEeWgzc2VFUDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDshbwMA0G
CSqGSIb3DQEBCwUAA4IBAQC2+wGmZG8GNv7FK5e2UqTb2bshDunMZ0uSwDE19iIb
4ZQzLjgjJHS6F3xcwWGdEm0f/f7u4IBWlfE9626AmW4YofzzesuDNiqGNilwbTP/
GnYstP79af/yMZcCgbcIZYrO0TwxZhBzg2ELlGmqT9eNPhZg3ScXe0HXLI3+eLSz
zhysTFytwm2JHkz+hWAmmJJzy5chj+XcJkVXwI3nyi7gLa+P227WV3cnoOZs6g3v
dMuDuF2Lgo/sGeHNTElkey310u58wHxNPYI29TfNmIDRipacQK1bkdi19Lx+1Spe
Sj+iKJIT6fNUxP8lL1CyUXLLt/tj/uijg11mx9OFxJQc
-----END CERTIFICATE-----