Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/LJyNvDe-Rh0YHzFAOFr2BZpPJDg.roa
File:                     LJyNvDe-Rh0YHzFAOFr2BZpPJDg.roa (raw, json)
Hash identifier:          HW8iYVyxKglLKUh/ID3L4I7qltwwpGwyAA/Ylhox90o=
Subject key identifier:   2C:9C:8D:BC:37:BE:46:1D:18:1F:31:40:38:5A:F6:05:9A:4F:24:38
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       018CC56E25228E887CDAF85743FB3ACFF2B5
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/LJyNvDe-Rh0YHzFAOFr2BZpPJDg.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201304
IP address blocks:        212.18.248.0/24 maxlen: 24
                          2a04:2b00:13ee::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:25:22:8e:88:7c:da:f8:57:43:fb:3a:cf:f2:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c9c8dbc37be461d181f3140385af6059a4f2438
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0f:43:cc:c0:b7:13:f5:17:9c:cd:ac:a1:31:
                    28:96:ac:31:dc:1c:ba:5b:ef:23:d1:8c:15:78:74:
                    f8:40:10:f9:18:dd:18:b4:ec:15:d3:90:03:63:da:
                    8b:e5:6e:3a:cc:ef:d9:3e:4e:4d:93:42:ae:36:be:
                    73:96:d3:13:6e:cb:86:6c:ae:c5:10:bc:af:2e:57:
                    b6:c6:75:d9:10:c2:20:05:15:f7:69:47:30:6f:6b:
                    42:48:3b:90:36:1d:54:93:02:b2:18:dd:d7:b7:8a:
                    38:6d:03:2b:a6:15:88:dc:fb:44:17:03:e5:00:b1:
                    48:56:61:ec:77:e3:0c:64:8f:fb:51:39:77:5a:0b:
                    1c:d5:88:eb:9f:f0:77:0d:99:3e:09:b7:1a:8c:45:
                    f9:d2:1c:11:40:19:82:da:a6:c0:c1:ce:3e:0d:7a:
                    54:36:70:d1:49:ed:cc:b9:30:27:6b:2c:e2:7f:a9:
                    fb:1d:32:b8:0b:d4:3e:7f:32:30:5c:6e:21:d8:35:
                    38:59:ad:3b:d9:45:1c:a2:a6:ad:05:38:bf:71:be:
                    87:8e:1f:f3:b0:71:13:23:c7:a8:c5:c6:c4:88:6d:
                    1c:0d:bb:45:e5:18:6a:d0:f7:14:27:46:7f:50:8b:
                    b2:5b:25:73:49:54:b4:52:74:5a:d8:bb:c7:e6:ea:
                    61:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:9C:8D:BC:37:BE:46:1D:18:1F:31:40:38:5A:F6:05:9A:4F:24:38
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/LJyNvDe-Rh0YHzFAOFr2BZpPJDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.18.248.0/24
                IPv6:
                  2a04:2b00:13ee::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:b9:78:5d:d6:7a:a3:fc:ab:6c:73:7a:b5:1f:da:d3:1c:82:
         f3:ea:55:0f:78:8e:03:df:28:2e:b4:5a:88:fa:43:a6:ae:57:
         44:09:fc:3b:99:84:42:b7:df:5d:0f:4e:46:5a:db:97:55:1b:
         16:9a:3a:d8:72:ae:0b:09:c5:04:b9:38:52:d0:21:b5:ba:26:
         15:c7:ec:87:b5:08:b7:53:cc:4c:dd:9b:06:a6:f8:d5:ff:c2:
         cf:a9:88:53:e3:2a:1e:d1:e4:b5:93:4e:9f:08:d7:af:25:62:
         44:66:07:10:a1:1d:0f:83:d4:d3:a1:34:8c:cd:3e:8d:12:a1:
         0e:be:71:d6:80:b2:48:21:73:de:1c:14:01:08:7f:48:d8:63:
         df:1e:65:02:0c:71:cc:2a:5c:15:30:77:11:86:fe:5f:b4:2c:
         ab:59:e4:41:fa:cd:6a:cd:b7:0f:4c:52:6d:59:e9:57:a8:70:
         3c:b4:a7:90:3b:e2:2b:77:06:17:47:ca:a6:05:72:d9:55:de:
         83:9c:df:d9:92:a1:76:d0:02:ea:3e:77:d7:e8:27:ed:b6:d4:
         c6:3b:c4:f7:3e:e8:05:a3:20:ed:f6:fe:48:da:7d:a2:0d:62:
         1f:bd:bb:17:3a:97:d8:0e:b3:af:06:9d:dd:d2:e7:8d:5e:ec:
         35:52:89:57
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbiUijoh82vhXQ/s6z/K1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzljOGRiYzM3YmU0NjFkMTgxZjMxNDAzODVhZjYwNTlhNGYyNDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw9DzMC3E/UXnM2soTEolqwx3By6
W+8j0YwVeHT4QBD5GN0YtOwV05ADY9qL5W46zO/ZPk5Nk0KuNr5zltMTbsuGbK7F
ELyvLle2xnXZEMIgBRX3aUcwb2tCSDuQNh1UkwKyGN3Xt4o4bQMrphWI3PtEFwPl
ALFIVmHsd+MMZI/7UTl3Wgsc1Yjrn/B3DZk+CbcajEX50hwRQBmC2qbAwc4+DXpU
NnDRSe3MuTAnayzif6n7HTK4C9Q+fzIwXG4h2DU4Wa072UUcoqatBTi/cb6Hjh/z
sHETI8eoxcbEiG0cDbtF5Rhq0PcUJ0Z/UIuyWyVzSVS0UnRa2LvH5uphhwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCycjbw3vkYdGB8xQDha9gWaTyQ4MB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEvTEp5TnZEZS1SaDBZSHpGQU9GcjJCWnBQSkRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1BL4MA8E
AgACMAkDBwAqBCsAE+4wDQYJKoZIhvcNAQELBQADggEBAEu5eF3WeqP8q2xzerUf
2tMcgvPqVQ94jgPfKC60Woj6Q6auV0QJ/DuZhEK3310PTkZa25dVGxaaOthyrgsJ
xQS5OFLQIbW6JhXH7Ie1CLdTzEzdmwam+NX/ws+piFPjKh7R5LWTTp8I168lYkRm
BxChHQ+D1NOhNIzNPo0SoQ6+cdaAskghc94cFAEIf0jYY98eZQIMccwqXBUwdxGG
/l+0LKtZ5EH6zWrNtw9MUm1Z6VeocDy0p5A74it3BhdHyqYFctlV3oOc39mSoXbQ
Auo+d9foJ+221MY7xPc+6AWjIO32/kjafaINYh+9uxc6l9gOs68Gnd3S541e7DVS
iVc=
-----END CERTIFICATE-----