Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/LtgDh9LB2Rs0rhExhOQEepC1lU0.roa
File:                     LtgDh9LB2Rs0rhExhOQEepC1lU0.roa (raw, json)
Hash identifier:          sN+6J0o7PNzgvNe+zjZZZV0tN2I7V8kz4mlZkjOfdkQ=
Subject key identifier:   2E:D8:03:87:D2:C1:D9:1B:34:AE:11:31:84:E4:04:7A:90:B5:95:4D
Certificate issuer:       /CN=d04079bb7070ed0eeea3a1a467c79462bcc5455f
Certificate serial:       018CC64A7CEBC14D065A4100583DB587900B
Authority key identifier: D0:40:79:BB:70:70:ED:0E:EE:A3:A1:A4:67:C7:94:62:BC:C5:45:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/LtgDh9LB2Rs0rhExhOQEepC1lU0.roa
Signing time:             Mon 01 Jan 2024 18:30:19 +0000
ROA not before:           Mon 01 Jan 2024 18:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198426
IP address blocks:        185.149.209.0/24 maxlen: 24
                          192.175.40.0/22 maxlen: 22
                          2a0d:a0c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:7c:eb:c1:4d:06:5a:41:00:58:3d:b5:87:90:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d04079bb7070ed0eeea3a1a467c79462bcc5455f
        Validity
            Not Before: Jan  1 18:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ed80387d2c1d91b34ae113184e4047a90b5954d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:94:a9:a0:70:2b:8d:d1:71:3e:5c:e7:7d:f9:
                    70:dc:fb:d0:36:6e:b7:75:1d:28:1b:73:f1:fd:bf:
                    27:09:11:1a:1d:14:5e:3e:f8:69:ce:c3:d0:f0:b0:
                    49:d5:c5:76:00:36:1a:46:85:5f:b4:b0:17:b7:50:
                    6b:1e:1a:cb:f5:d3:a5:c5:4a:59:ef:12:73:02:c0:
                    84:76:b6:68:b2:bf:35:ea:ec:71:50:f1:45:a8:0d:
                    3b:93:fc:92:c8:c1:68:b2:aa:83:85:30:25:31:8e:
                    5b:ae:32:fa:6b:ea:ff:b5:a2:62:5a:65:08:fe:4c:
                    a9:82:8c:73:62:ab:65:38:ec:20:3c:57:95:ba:80:
                    03:8d:c2:3c:20:90:55:0d:34:f7:e6:0f:6f:67:cb:
                    0f:44:66:da:e9:fc:98:f2:43:d3:a9:04:17:b2:e2:
                    24:97:c6:5e:a7:c1:4d:20:51:a1:8c:73:e0:77:a0:
                    70:32:81:b7:93:aa:0f:8d:85:e8:75:24:46:50:a1:
                    af:24:6a:19:0e:2b:13:48:fb:9d:9f:39:42:be:c6:
                    70:01:cb:f6:11:7e:27:a4:14:86:40:42:b9:40:a9:
                    6c:ab:c8:06:ab:fe:57:0e:3a:71:1b:1e:b4:cd:a6:
                    43:99:59:41:9c:ef:91:f8:1e:3a:ea:8c:3c:03:37:
                    2c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D8:03:87:D2:C1:D9:1B:34:AE:11:31:84:E4:04:7A:90:B5:95:4D
            X509v3 Authority Key Identifier:
                keyid:D0:40:79:BB:70:70:ED:0E:EE:A3:A1:A4:67:C7:94:62:BC:C5:45:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/LtgDh9LB2Rs0rhExhOQEepC1lU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.209.0/24
                  192.175.40.0/22
                IPv6:
                  2a0d:a0c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:b9:7d:0b:46:ed:f5:1d:00:78:85:ce:f4:7c:87:80:78:0c:
         cf:aa:47:9e:7b:7b:61:d5:67:a4:14:48:cf:9b:6a:a8:ec:a2:
         68:f6:c2:9c:85:4a:86:bf:b9:71:b6:36:6f:00:81:48:61:50:
         2e:5e:23:d7:30:be:88:65:c5:a2:9b:33:07:8e:e4:d2:20:ac:
         8a:da:0a:7a:6a:59:a3:69:7c:62:de:40:37:92:cf:f9:59:76:
         e3:c7:92:a1:01:6c:2d:b8:93:bf:ad:bf:43:9d:b4:eb:ef:80:
         ef:39:87:c4:5a:a9:67:70:ac:88:a3:02:63:b8:8a:7e:c8:f6:
         01:9b:3e:fd:06:89:ce:c6:73:90:06:79:d5:59:2f:fd:e6:48:
         83:b8:d0:69:b1:7b:1b:d7:73:d9:a8:62:39:66:81:5e:c2:2e:
         13:b9:83:ec:81:24:7a:04:1c:7a:31:c2:44:92:63:d8:de:ab:
         34:81:74:8d:8c:47:d6:60:53:da:49:c9:0b:89:26:28:75:20:
         1f:44:6f:4e:07:19:ff:c7:33:f2:ec:9f:be:04:a5:a4:7e:15:
         b2:98:a9:6d:0f:cc:0f:43:ce:09:d4:30:60:63:da:e5:33:4e:
         62:7b:a9:db:b3:ee:c7:93:58:9c:55:0c:44:4a:cc:19:4e:bd:
         10:94:d6:c9
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzGSnzrwU0GWkEAWD21h5ALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNDA3OWJiNzA3MGVkMGVlZWEzYTFhNDY3Yzc5NDYyYmNj
NTQ1NWYwHhcNMjQwMTAxMTgzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQ4MDM4N2QyYzFkOTFiMzRhZTExMzE4NGU0MDQ3YTkwYjU5NTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5SpoHArjdFxPlznfflw3PvQNm63
dR0oG3Px/b8nCREaHRRePvhpzsPQ8LBJ1cV2ADYaRoVftLAXt1BrHhrL9dOlxUpZ
7xJzAsCEdrZosr816uxxUPFFqA07k/ySyMFosqqDhTAlMY5brjL6a+r/taJiWmUI
/kypgoxzYqtlOOwgPFeVuoADjcI8IJBVDTT35g9vZ8sPRGba6fyY8kPTqQQXsuIk
l8Zep8FNIFGhjHPgd6BwMoG3k6oPjYXodSRGUKGvJGoZDisTSPudnzlCvsZwAcv2
EX4npBSGQEK5QKlsq8gGq/5XDjpxGx60zaZDmVlBnO+R+B466ow8AzcsGwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFC7YA4fSwdkbNK4RMYTkBHqQtZVNMB8GA1UdIwQY
MBaAFNBAebtwcO0O7qOhpGfHlGK8xUVfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEVCNXUzQnc3UTd1bzZHa1o4ZVVZcnpGUlY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hOTNkYTAtZTE1NS00MzI0LTliYTkt
NjIwOThkMWVjMWU2LzEvTHRnRGg5TEIyUnMwcmhFeGhPUUVlcEMxbFUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hOTNkYTAtZTE1NS00MzI0LTliYTktNjIwOThkMWVjMWU2
LzEvMEVCNXUzQnc3UTd1bzZHa1o4ZVVZcnpGUlY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAuZXRAwQC
wK8oMA8EAgACMAkDBwAqDaDAAAAwDQYJKoZIhvcNAQELBQADggEBADW5fQtG7fUd
AHiFzvR8h4B4DM+qR557e2HVZ6QUSM+baqjsomj2wpyFSoa/uXG2Nm8AgUhhUC5e
I9cwvohlxaKbMweO5NIgrIraCnpqWaNpfGLeQDeSz/lZduPHkqEBbC24k7+tv0Od
tOvvgO85h8RaqWdwrIijAmO4in7I9gGbPv0Gic7Gc5AGedVZL/3mSIO40GmxexvX
c9moYjlmgV7CLhO5g+yBJHoEHHoxwkSSY9jeqzSBdI2MR9ZgU9pJyQuJJih1IB9E
b04HGf/HM/Lsn74EpaR+FbKYqW0PzA9DzgnUMGBj2uUzTmJ7qduz7seTWJxVDERK
zBlOvRCU1sk=
-----END CERTIFICATE-----