Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/c2376d-511d-49b5-b9c1-878665838a60/1/LgJy6OGB2vgae1QKAQ4zN0ubsm8.roa
File:                     LgJy6OGB2vgae1QKAQ4zN0ubsm8.roa (raw, json)
Hash identifier:          NM7UjQPJjMJDxICLIcC2IYZmTxE0KIS9pWRvbNtclzU=
Subject key identifier:   2E:02:72:E8:E1:81:DA:F8:1A:7B:54:0A:01:0E:33:37:4B:9B:B2:6F
Certificate issuer:       /CN=169dc1432c686f1ed57ec0cae31586103edbf2c7
Certificate serial:       018CC424633769C1094845BF1E2482BD2D3F
Authority key identifier: 16:9D:C1:43:2C:68:6F:1E:D5:7E:C0:CA:E3:15:86:10:3E:DB:F2:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fp3BQyxobx7VfsDK4xWGED7b8sc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/c2376d-511d-49b5-b9c1-878665838a60/1/LgJy6OGB2vgae1QKAQ4zN0ubsm8.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39305
IP address blocks:        185.196.63.0/24 maxlen: 24
                          195.242.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/c2376d-511d-49b5-b9c1-878665838a60/1/Fp3BQyxobx7VfsDK4xWGED7b8sc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/c2376d-511d-49b5-b9c1-878665838a60/1/Fp3BQyxobx7VfsDK4xWGED7b8sc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fp3BQyxobx7VfsDK4xWGED7b8sc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:63:37:69:c1:09:48:45:bf:1e:24:82:bd:2d:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=169dc1432c686f1ed57ec0cae31586103edbf2c7
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e0272e8e181daf81a7b540a010e33374b9bb26f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:6e:bc:1f:aa:93:04:c8:ae:f9:71:a8:d7:f6:
                    e5:be:d9:d4:b0:05:e2:f5:e6:ea:25:00:c4:26:ea:
                    2f:63:e7:79:fe:f2:81:40:b4:f3:ea:c5:42:af:5f:
                    94:26:11:f7:4e:e3:e2:92:74:95:eb:9e:81:52:39:
                    33:23:37:1f:15:86:79:48:96:3e:56:a9:0d:1e:e7:
                    bb:56:41:40:63:de:eb:43:b7:d0:9f:bb:ba:fd:08:
                    f1:66:d5:70:19:32:78:90:be:1d:50:51:d8:04:fb:
                    73:6f:a9:af:8a:70:c2:e1:74:58:dd:9d:7c:c4:a6:
                    d8:db:46:9a:36:70:b8:43:4b:3a:54:d1:52:57:ce:
                    dc:da:46:be:76:cb:9f:b0:87:63:27:0e:2c:31:c5:
                    7a:f6:76:77:5d:10:35:49:05:5e:1c:e5:66:99:15:
                    07:5c:5c:8b:16:f5:6c:84:70:8b:f9:8e:bb:66:01:
                    9e:79:e9:ad:3a:56:4a:18:52:b1:ef:a1:e3:7d:60:
                    18:b1:3d:6e:a4:eb:14:da:35:06:c9:a9:37:96:44:
                    0b:62:1b:b9:ed:60:75:0a:14:fe:8d:b0:fb:63:a8:
                    e1:42:b7:4b:f4:a7:d7:bd:dd:ce:d8:4b:e5:35:fc:
                    25:71:82:9f:fe:d3:b2:48:9e:75:38:90:31:14:e0:
                    67:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:02:72:E8:E1:81:DA:F8:1A:7B:54:0A:01:0E:33:37:4B:9B:B2:6F
            X509v3 Authority Key Identifier:
                keyid:16:9D:C1:43:2C:68:6F:1E:D5:7E:C0:CA:E3:15:86:10:3E:DB:F2:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fp3BQyxobx7VfsDK4xWGED7b8sc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/c2376d-511d-49b5-b9c1-878665838a60/1/LgJy6OGB2vgae1QKAQ4zN0ubsm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/c2376d-511d-49b5-b9c1-878665838a60/1/Fp3BQyxobx7VfsDK4xWGED7b8sc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.63.0/24
                  195.242.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:7b:64:74:8a:55:6b:14:9b:bb:fc:0a:e3:71:78:c4:e7:08:
         91:dc:50:a5:3f:67:93:91:5c:54:8f:b3:89:90:15:89:55:83:
         95:db:f0:0f:23:4b:78:15:78:d4:8f:4f:2f:66:7f:3d:83:57:
         7c:f4:01:a4:7d:36:a6:d1:41:c2:58:a7:37:98:c1:e0:5c:db:
         c0:43:b7:44:d0:53:5a:66:8d:a8:e4:a5:26:d5:64:8a:09:cb:
         25:4e:15:a6:bd:0c:30:24:cb:06:1b:d2:fb:57:14:bd:12:1b:
         99:60:c5:94:44:de:0e:2e:6c:80:a8:55:c4:2c:52:30:73:11:
         cb:dd:4e:b8:b2:cc:7c:d5:4d:f7:e1:70:d1:8f:e0:4c:f1:90:
         83:dc:2a:7e:17:5d:f8:16:f6:93:7f:38:8a:ba:7b:14:55:2f:
         90:38:fc:a9:99:fb:c6:b0:17:ca:af:65:dc:2a:c5:7d:29:e0:
         26:e4:8d:81:c2:20:d6:91:de:0a:72:79:41:1e:06:e3:16:17:
         77:a0:a0:ee:71:0b:d5:fb:06:72:06:c6:1c:ec:3f:bc:38:d2:
         11:74:a5:02:39:40:39:12:b1:f6:3f:19:31:9d:d2:7a:3d:ff:
         5e:27:24:9b:f0:a1:39:d6:d9:94:71:a7:a1:c5:73:f4:28:2f:
         90:75:f2:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJGM3acEJSEW/HiSCvS0/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OWRjMTQzMmM2ODZmMWVkNTdlYzBjYWUzMTU4NjEwM2Vk
YmYyYzcwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTAyNzJlOGUxODFkYWY4MWE3YjU0MGEwMTBlMzMzNzRiOWJiMjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgG68H6qTBMiu+XGo1/blvtnUsAXi
9ebqJQDEJuovY+d5/vKBQLTz6sVCr1+UJhH3TuPiknSV656BUjkzIzcfFYZ5SJY+
VqkNHue7VkFAY97rQ7fQn7u6/QjxZtVwGTJ4kL4dUFHYBPtzb6mvinDC4XRY3Z18
xKbY20aaNnC4Q0s6VNFSV87c2ka+dsufsIdjJw4sMcV69nZ3XRA1SQVeHOVmmRUH
XFyLFvVshHCL+Y67ZgGeeemtOlZKGFKx76HjfWAYsT1upOsU2jUGyak3lkQLYhu5
7WB1ChT+jbD7Y6jhQrdL9KfXvd3O2EvlNfwlcYKf/tOySJ51OJAxFOBn4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC4Ccujhgdr4GntUCgEOMzdLm7JvMB8GA1UdIwQY
MBaAFBadwUMsaG8e1X7AyuMVhhA+2/LHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnAzQlF5eG9ieDdWZnNESzR4V0dFRDdiOHNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9jMjM3NmQtNTExZC00OWI1LWI5YzEt
ODc4NjY1ODM4YTYwLzEvTGdKeTZPR0IydmdhZTFRS0FRNHpOMHVic204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9jMjM3NmQtNTExZC00OWI1LWI5YzEtODc4NjY1ODM4YTYw
LzEvRnAzQlF5eG9ieDdWZnNESzR4V0dFRDdiOHNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucQ/AwQA
w/KSMA0GCSqGSIb3DQEBCwUAA4IBAQCDe2R0ilVrFJu7/ArjcXjE5wiR3FClP2eT
kVxUj7OJkBWJVYOV2/API0t4FXjUj08vZn89g1d89AGkfTam0UHCWKc3mMHgXNvA
Q7dE0FNaZo2o5KUm1WSKCcslThWmvQwwJMsGG9L7VxS9EhuZYMWURN4OLmyAqFXE
LFIwcxHL3U64ssx81U334XDRj+BM8ZCD3Cp+F134FvaTfziKunsUVS+QOPypmfvG
sBfKr2XcKsV9KeAm5I2BwiDWkd4KcnlBHgbjFhd3oKDucQvV+wZyBsYc7D+8ONIR
dKUCOUA5ErH2PxkxndJ6Pf9eJySb8KE51tmUcaehxXP0KC+QdfKC
-----END CERTIFICATE-----