Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/LTvU0JWVsSQgu0MVSG_VtxZcgMA.roa
File:                     LTvU0JWVsSQgu0MVSG_VtxZcgMA.roa (raw, json)
Hash identifier:          xmPZIz9nJEAlB3NELOSNPxxAUtJ8mR0ajbEAHYuN+DA=
Subject key identifier:   2D:3B:D4:D0:95:95:B1:24:20:BB:43:15:48:6F:D5:B7:16:5C:80:C0
Certificate issuer:       /CN=12c889964b35b51ba8e5e679a15b19a31f133578
Certificate serial:       019420D5CD3F32C1BBD3E6D50C081DF687CE
Authority key identifier: 12:C8:89:96:4B:35:B5:1B:A8:E5:E6:79:A1:5B:19:A3:1F:13:35:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/LTvU0JWVsSQgu0MVSG_VtxZcgMA.roa
Signing time:             Wed 01 Jan 2025 07:47:50 +0000
ROA not before:           Wed 01 Jan 2025 07:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210318
IP address blocks:        82.146.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:cd:3f:32:c1:bb:d3:e6:d5:0c:08:1d:f6:87:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c889964b35b51ba8e5e679a15b19a31f133578
        Validity
            Not Before: Jan  1 07:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d3bd4d09595b12420bb4315486fd5b7165c80c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bb:24:fe:96:e2:f7:ac:8b:00:15:01:6c:49:
                    c8:da:76:31:3c:71:36:2b:4a:12:d1:f9:7d:71:d4:
                    24:b6:8e:55:fb:15:da:55:56:c7:b8:77:25:ca:f5:
                    d4:63:67:e6:00:33:d3:14:da:b2:fb:31:97:2c:7d:
                    4a:b5:3c:3e:7e:2e:f5:f5:5f:2a:ef:a8:6f:78:e3:
                    38:1a:56:79:c7:4f:83:6a:42:c5:16:af:e9:1f:2e:
                    2d:fc:28:7c:fc:28:23:7c:89:9e:01:a1:91:42:9d:
                    f2:87:cd:7e:20:4a:f9:57:7a:4f:82:43:30:cd:0d:
                    c4:37:4c:fc:32:34:c4:3f:87:24:e7:58:a3:27:1d:
                    4c:f7:49:28:3d:7a:8d:0e:5d:ef:2c:42:b0:dd:65:
                    c0:2a:6d:e3:7b:0d:70:4d:eb:c9:32:02:01:c8:ad:
                    f7:2e:c5:bb:42:97:ba:23:7f:8f:15:5e:26:31:5d:
                    49:a1:94:4a:e9:78:8a:f5:1f:94:23:87:25:f5:4b:
                    a6:f9:1d:17:4d:06:9d:d5:dc:6f:40:c0:88:34:d2:
                    e5:2b:ad:64:d1:9a:d9:ca:c6:be:34:b9:93:6c:f4:
                    ca:e9:a0:1e:e3:14:ac:b1:86:ea:df:82:02:99:61:
                    ad:e1:37:1f:fa:79:f5:c1:e2:90:58:f3:b1:4e:89:
                    37:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:3B:D4:D0:95:95:B1:24:20:BB:43:15:48:6F:D5:B7:16:5C:80:C0
            X509v3 Authority Key Identifier:
                keyid:12:C8:89:96:4B:35:B5:1B:A8:E5:E6:79:A1:5B:19:A3:1F:13:35:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/LTvU0JWVsSQgu0MVSG_VtxZcgMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.146.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:53:9b:ef:19:5b:30:2b:83:18:7c:c0:d3:90:77:86:71:3c:
         16:26:3a:47:85:3d:ce:e3:72:53:54:0d:e9:c4:17:57:c2:6f:
         da:1a:9e:e5:7f:06:38:db:dc:76:4d:d4:db:b0:75:aa:d1:7e:
         8a:ee:8b:25:3c:43:27:9f:f1:33:18:d8:81:d1:a1:87:e4:7c:
         a1:f0:3f:03:9c:d6:4d:81:45:3e:81:c5:f7:2f:35:64:27:35:
         54:39:ed:d1:db:7a:c7:71:fc:01:c4:38:41:e6:22:4c:45:8d:
         a5:82:fd:cc:02:4c:e8:62:bc:17:ad:51:23:ba:dd:55:13:9a:
         39:ab:fd:53:38:2d:d8:f6:5e:fc:dc:98:41:23:37:cc:2d:97:
         00:73:54:8a:1f:f9:3b:35:f0:a7:c5:59:0d:a1:2b:1b:47:5c:
         58:dd:ef:de:b5:49:7b:1b:7c:d3:21:4c:35:8f:e5:05:d5:eb:
         5f:49:e9:65:69:0a:3b:83:68:ca:0e:af:e1:46:e3:1a:01:07:
         82:34:65:f6:e9:3c:ca:58:a7:cb:4a:7e:84:35:dd:37:2f:ad:
         15:0e:79:58:f4:f0:26:61:96:99:4f:f2:c3:9a:b4:c2:33:ea:
         8f:57:9b:34:be:42:a4:ea:d4:6f:bc:34:1d:b5:68:c7:96:ff:
         10:01:68:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1c0/MsG70+bVDAgd9ofOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYzg4OTk2NGIzNWI1MWJhOGU1ZTY3OWExNWIxOWEzMWYx
MzM1NzgwHhcNMjUwMTAxMDc0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDNiZDRkMDk1OTViMTI0MjBiYjQzMTU0ODZmZDViNzE2NWM4MGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLsk/pbi96yLABUBbEnI2nYxPHE2
K0oS0fl9cdQkto5V+xXaVVbHuHclyvXUY2fmADPTFNqy+zGXLH1KtTw+fi719V8q
76hveOM4GlZ5x0+DakLFFq/pHy4t/Ch8/CgjfImeAaGRQp3yh81+IEr5V3pPgkMw
zQ3EN0z8MjTEP4ck51ijJx1M90koPXqNDl3vLEKw3WXAKm3jew1wTevJMgIByK33
LsW7Qpe6I3+PFV4mMV1JoZRK6XiK9R+UI4cl9Uum+R0XTQad1dxvQMCINNLlK61k
0ZrZysa+NLmTbPTK6aAe4xSssYbq34ICmWGt4Tcf+nn1weKQWPOxTok3RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC071NCVlbEkILtDFUhv1bcWXIDAMB8GA1UdIwQY
MBaAFBLIiZZLNbUbqOXmeaFbGaMfEzV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXNpSmxrczF0UnVvNWVaNW9Wc1pveDhUTlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xNmIwMmMtODMzYS00OGYwLWJhNTYt
YWQ2ZjBiZjg4NDM4LzEvTFR2VTBKV1ZzU1FndTBNVlNHX1Z0eFpjZ01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xNmIwMmMtODMzYS00OGYwLWJhNTYtYWQ2ZjBiZjg4NDM4
LzEvRXNpSmxrczF0UnVvNWVaNW9Wc1pveDhUTlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpK6MA0G
CSqGSIb3DQEBCwUAA4IBAQCqU5vvGVswK4MYfMDTkHeGcTwWJjpHhT3O43JTVA3p
xBdXwm/aGp7lfwY429x2TdTbsHWq0X6K7oslPEMnn/EzGNiB0aGH5Hyh8D8DnNZN
gUU+gcX3LzVkJzVUOe3R23rHcfwBxDhB5iJMRY2lgv3MAkzoYrwXrVEjut1VE5o5
q/1TOC3Y9l783JhBIzfMLZcAc1SKH/k7NfCnxVkNoSsbR1xY3e/etUl7G3zTIUw1
j+UF1etfSellaQo7g2jKDq/hRuMaAQeCNGX26TzKWKfLSn6ENd03L60VDnlY9PAm
YZaZT/LDmrTCM+qPV5s0vkKk6tRvvDQdtWjHlv8QAWiF
-----END CERTIFICATE-----