Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/848406-5826-4dbc-b93e-5d27c75aae6f/1/lLAuXQBa34BSpcVwh8hzyI_P7vs.roa
File:                     lLAuXQBa34BSpcVwh8hzyI_P7vs.roa (raw, json)
Hash identifier:          Ux0V/mR0zQm5R/BxtbjHp138ShTX2cTsJ/RVo8gCPTg=
Subject key identifier:   94:B0:2E:5D:00:5A:DF:80:52:A5:C5:70:87:C8:73:C8:8F:CF:EE:FB
Certificate issuer:       /CN=8c07ecd7666ccef91e82f7ecbce0ba285336fb45
Certificate serial:       018CC3B68A0542A8F3F1DBB2B03769D86A4B
Authority key identifier: 8C:07:EC:D7:66:6C:CE:F9:1E:82:F7:EC:BC:E0:BA:28:53:36:FB:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jAfs12ZszvkegvfsvOC6KFM2-0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/848406-5826-4dbc-b93e-5d27c75aae6f/1/lLAuXQBa34BSpcVwh8hzyI_P7vs.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48303
IP address blocks:        185.199.104.0/22 maxlen: 22
                          2a0a:9bc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/848406-5826-4dbc-b93e-5d27c75aae6f/1/jAfs12ZszvkegvfsvOC6KFM2-0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/848406-5826-4dbc-b93e-5d27c75aae6f/1/jAfs12ZszvkegvfsvOC6KFM2-0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jAfs12ZszvkegvfsvOC6KFM2-0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8a:05:42:a8:f3:f1:db:b2:b0:37:69:d8:6a:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c07ecd7666ccef91e82f7ecbce0ba285336fb45
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94b02e5d005adf8052a5c57087c873c88fcfeefb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9d:5c:d9:66:9c:3c:08:f0:47:04:7c:0b:c2:
                    b0:c1:39:72:09:a2:f1:3e:7e:08:0f:79:d2:09:07:
                    0e:5c:4f:e0:fc:38:c3:46:80:95:82:9b:45:41:7a:
                    de:bc:32:3c:47:45:73:6e:e6:a1:3d:b8:b6:6b:83:
                    71:d0:ed:d1:17:c8:03:f5:6d:c5:f8:9f:58:a4:03:
                    6a:09:43:ee:92:6a:65:13:8f:28:36:da:75:f7:9f:
                    46:ca:0a:ad:64:ec:8f:ec:60:c2:a2:24:dc:58:53:
                    4f:5e:52:1f:34:b4:ff:32:18:35:e9:81:20:49:cf:
                    60:97:aa:e1:db:ad:09:f3:11:f7:5a:ad:60:8a:39:
                    ab:c8:05:b0:a3:83:56:e4:82:40:59:d1:da:d7:e8:
                    3b:a2:0e:9a:24:82:2d:21:59:cd:bf:33:98:66:7d:
                    21:37:d6:e3:92:f1:98:66:33:04:e0:50:7f:fc:88:
                    a0:93:36:57:99:2c:87:5f:80:52:68:e0:55:c0:a6:
                    e2:d4:71:a4:7e:a9:ce:db:d2:c3:d9:18:57:2f:ce:
                    0c:1c:36:cf:03:fa:5a:30:bf:ee:4f:1c:c7:81:e4:
                    5c:0e:13:32:07:31:7a:e2:31:9d:33:69:d7:fa:83:
                    d4:f4:48:72:76:e5:0c:4b:37:ab:3e:4d:3b:73:54:
                    a9:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:B0:2E:5D:00:5A:DF:80:52:A5:C5:70:87:C8:73:C8:8F:CF:EE:FB
            X509v3 Authority Key Identifier:
                keyid:8C:07:EC:D7:66:6C:CE:F9:1E:82:F7:EC:BC:E0:BA:28:53:36:FB:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jAfs12ZszvkegvfsvOC6KFM2-0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/848406-5826-4dbc-b93e-5d27c75aae6f/1/lLAuXQBa34BSpcVwh8hzyI_P7vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/848406-5826-4dbc-b93e-5d27c75aae6f/1/jAfs12ZszvkegvfsvOC6KFM2-0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.104.0/22
                IPv6:
                  2a0a:9bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:c4:81:f7:ff:61:7f:3a:aa:19:fc:da:8f:c7:62:ca:41:f9:
         3d:55:58:9b:0a:b7:c3:5f:a1:f9:32:1b:a7:74:04:8c:90:df:
         69:43:a7:22:9f:8e:ea:93:a7:a9:f2:0f:e8:c6:9a:e7:2e:a7:
         aa:13:f5:76:ea:67:fe:4b:78:3b:65:48:62:97:4b:e2:c2:de:
         2a:80:32:33:03:45:f9:9d:69:ea:44:f6:5f:c1:31:3a:1a:8c:
         51:39:72:5c:f0:6f:12:ea:e5:17:29:dc:6a:40:5e:ca:a7:4f:
         6a:e5:29:58:08:e1:8b:65:a2:b7:66:c4:72:ec:4e:83:a2:18:
         cb:14:0b:23:38:9a:bf:08:dd:22:d8:57:37:51:6a:b3:11:f4:
         03:fb:ba:27:47:e6:1d:61:76:52:f3:49:1d:4e:47:66:a5:97:
         18:06:40:b3:7d:52:99:12:98:ea:23:26:70:68:29:5e:d1:f0:
         ca:58:33:b5:0c:bc:c7:d6:59:fc:4e:1b:7e:b2:86:63:23:bc:
         79:07:e3:36:e7:88:db:20:07:75:c8:f6:6d:fa:e7:d2:79:d2:
         7c:d2:44:f6:ab:85:cb:21:24:8b:d3:15:c6:fd:fa:36:e4:e1:
         14:e7:86:1c:af:df:36:75:f4:59:2e:99:7f:ae:63:2f:d0:79:
         49:fc:9c:d5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtooFQqjz8duysDdp2GpLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMDdlY2Q3NjY2Y2NlZjkxZTgyZjdlY2JjZTBiYTI4NTMz
NmZiNDUwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGIwMmU1ZDAwNWFkZjgwNTJhNWM1NzA4N2M4NzNjODhmY2ZlZWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJ1c2WacPAjwRwR8C8KwwTlyCaLx
Pn4ID3nSCQcOXE/g/DjDRoCVgptFQXrevDI8R0VzbuahPbi2a4Nx0O3RF8gD9W3F
+J9YpANqCUPukmplE48oNtp1959GygqtZOyP7GDCoiTcWFNPXlIfNLT/Mhg16YEg
Sc9gl6rh260J8xH3Wq1gijmryAWwo4NW5IJAWdHa1+g7og6aJIItIVnNvzOYZn0h
N9bjkvGYZjME4FB//IigkzZXmSyHX4BSaOBVwKbi1HGkfqnO29LD2RhXL84MHDbP
A/paML/uTxzHgeRcDhMyBzF64jGdM2nX+oPU9EhyduUMSzerPk07c1SpSwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJSwLl0AWt+AUqXFcIfIc8iPz+77MB8GA1UdIwQY
MBaAFIwH7NdmbM75HoL37LzguihTNvtFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakFmczEyWnN6dmtlZ3Zmc3ZPQzZLRk0yLTBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My84NDg0MDYtNTgyNi00ZGJjLWI5M2Ut
NWQyN2M3NWFhZTZmLzEvbExBdVhRQmEzNEJTcGNWd2g4aHp5SV9QN3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My84NDg0MDYtNTgyNi00ZGJjLWI5M2UtNWQyN2M3NWFhZTZm
LzEvakFmczEyWnN6dmtlZ3Zmc3ZPQzZLRk0yLTBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucdoMA0E
AgACMAcDBQMqCpvAMA0GCSqGSIb3DQEBCwUAA4IBAQACxIH3/2F/OqoZ/NqPx2LK
Qfk9VVibCrfDX6H5MhundASMkN9pQ6cin47qk6ep8g/oxprnLqeqE/V26mf+S3g7
ZUhil0viwt4qgDIzA0X5nWnqRPZfwTE6GoxROXJc8G8S6uUXKdxqQF7Kp09q5SlY
COGLZaK3ZsRy7E6DohjLFAsjOJq/CN0i2Fc3UWqzEfQD+7onR+YdYXZS80kdTkdm
pZcYBkCzfVKZEpjqIyZwaCle0fDKWDO1DLzH1ln8Tht+soZjI7x5B+M254jbIAd1
yPZt+ufSedJ80kT2q4XLISSL0xXG/fo25OEU54Ycr982dfRZLpl/rmMv0HlJ/JzV
-----END CERTIFICATE-----