Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/LQijIAcLu2C9waUYtlc5JImMzgg.roa
File:                     LQijIAcLu2C9waUYtlc5JImMzgg.roa (raw, json)
Hash identifier:          cRxUg7qRMvMMjYRPq/1O7xwB3MFIG9PV5FazRgJGWR4=
Subject key identifier:   2D:08:A3:20:07:0B:BB:60:BD:C1:A5:18:B6:57:39:24:89:8C:CE:08
Certificate issuer:       /CN=bf817dc8552df3610ffc45441b3f81464e489dc8
Certificate serial:       018CC56EF9F6E6A0FA1030F27ECBF94365E2
Authority key identifier: BF:81:7D:C8:55:2D:F3:61:0F:FC:45:44:1B:3F:81:46:4E:48:9D:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4F9yFUt82EP_EVEGz-BRk5Incg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/LQijIAcLu2C9waUYtlc5JImMzgg.roa
Signing time:             Mon 01 Jan 2024 14:30:33 +0000
ROA not before:           Mon 01 Jan 2024 14:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39029
IP address blocks:        195.88.54.0/23 maxlen: 24
                          2001:67c:21e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/v4F9yFUt82EP_EVEGz-BRk5Incg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/v4F9yFUt82EP_EVEGz-BRk5Incg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4F9yFUt82EP_EVEGz-BRk5Incg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f9:f6:e6:a0:fa:10:30:f2:7e:cb:f9:43:65:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf817dc8552df3610ffc45441b3f81464e489dc8
        Validity
            Not Before: Jan  1 14:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d08a320070bbb60bdc1a518b6573924898cce08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ab:2d:cd:8b:a4:80:bb:bf:c5:09:84:68:27:
                    e3:27:fe:e1:b6:35:18:69:2a:0c:c4:0f:07:ca:fd:
                    2e:1e:ad:51:18:f3:0a:f6:e4:73:8f:61:d3:58:3b:
                    8a:5a:cb:8e:d2:e1:7f:a6:8d:d3:f2:81:87:55:e9:
                    84:5b:86:aa:fa:a6:5a:b5:f6:84:8a:bd:45:38:ff:
                    c6:43:80:fa:e0:94:e5:e1:51:f0:1c:1a:80:b1:01:
                    cf:97:77:50:47:75:ff:0f:d5:56:a4:74:51:e7:45:
                    29:c0:f7:a7:11:32:db:20:34:a9:6e:8d:d6:0e:7d:
                    6c:13:a3:69:31:65:e8:f8:ac:48:91:db:f2:84:59:
                    8b:c6:0e:94:83:8b:95:80:7d:88:9c:bb:ff:78:8b:
                    d5:91:bb:a4:77:eb:f3:93:2b:bb:53:51:38:61:18:
                    06:9d:6a:ac:da:66:9d:6b:dd:e4:f9:27:86:8e:74:
                    b4:cf:12:ca:e5:0c:c9:fe:4b:73:03:62:4d:e4:23:
                    cf:f2:19:d6:8f:38:39:2a:68:29:1a:35:dc:61:6e:
                    29:54:b2:d7:f1:0a:eb:3d:da:f8:14:e0:88:ba:cd:
                    2b:e4:2a:01:88:eb:a4:b3:9d:a0:a1:dd:23:d5:a9:
                    b6:ff:15:8f:72:3a:6e:26:50:30:b2:89:56:d1:13:
                    da:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:08:A3:20:07:0B:BB:60:BD:C1:A5:18:B6:57:39:24:89:8C:CE:08
            X509v3 Authority Key Identifier:
                keyid:BF:81:7D:C8:55:2D:F3:61:0F:FC:45:44:1B:3F:81:46:4E:48:9D:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4F9yFUt82EP_EVEGz-BRk5Incg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/LQijIAcLu2C9waUYtlc5JImMzgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/c4e7e9-f6be-41a3-a459-195389330edf/1/v4F9yFUt82EP_EVEGz-BRk5Incg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.54.0/23
                IPv6:
                  2001:67c:21e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:2c:75:1d:fe:4e:40:40:a6:1e:2d:d1:c5:03:94:15:7d:bb:
         6f:cb:f7:b9:43:f8:b3:3e:60:17:6c:ba:c5:ed:dd:83:d4:0f:
         ee:79:f5:bb:03:45:84:e8:b3:e3:8b:64:85:79:e1:15:49:18:
         ba:08:6a:84:8e:ed:14:00:21:27:9d:9e:32:87:01:6a:dc:67:
         28:61:cb:8b:b7:a2:b2:d9:f3:ce:41:98:47:44:22:87:a4:8a:
         d0:0a:2e:b3:7c:06:c6:9e:85:65:ba:18:bf:70:cf:b3:76:d7:
         1e:c5:72:eb:d2:d2:ba:b3:57:63:16:36:3e:b7:c9:1d:42:a6:
         94:61:e1:af:ee:65:cd:21:74:31:da:55:03:ea:b4:bf:c8:c1:
         14:6e:eb:b8:d0:5b:24:f0:2b:e3:a0:ea:4d:81:48:df:52:85:
         6c:02:c4:61:33:7d:83:f6:28:09:51:20:bf:a2:b2:b9:74:04:
         a9:8e:4e:5a:f1:22:9a:aa:ae:fc:1a:ec:c9:36:55:85:80:58:
         41:f7:f7:32:9d:25:d2:9e:0e:70:48:35:4e:8b:b1:a4:0a:0e:
         73:56:6f:72:5b:c4:2e:b2:0c:46:b6:aa:16:be:5e:e0:7c:8f:
         a8:6c:3e:96:59:3a:8f:64:6f:f7:cf:47:3e:47:85:18:7a:fb:
         53:5d:ae:ae
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbvn25qD6EDDyfsv5Q2XiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODE3ZGM4NTUyZGYzNjEwZmZjNDU0NDFiM2Y4MTQ2NGU0
ODlkYzgwHhcNMjQwMTAxMTQzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDA4YTMyMDA3MGJiYjYwYmRjMWE1MThiNjU3MzkyNDg5OGNjZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoastzYukgLu/xQmEaCfjJ/7htjUY
aSoMxA8Hyv0uHq1RGPMK9uRzj2HTWDuKWsuO0uF/po3T8oGHVemEW4aq+qZatfaE
ir1FOP/GQ4D64JTl4VHwHBqAsQHPl3dQR3X/D9VWpHRR50UpwPenETLbIDSpbo3W
Dn1sE6NpMWXo+KxIkdvyhFmLxg6Ug4uVgH2InLv/eIvVkbukd+vzkyu7U1E4YRgG
nWqs2mada93k+SeGjnS0zxLK5QzJ/ktzA2JN5CPP8hnWjzg5KmgpGjXcYW4pVLLX
8QrrPdr4FOCIus0r5CoBiOuks52god0j1am2/xWPcjpuJlAwsolW0RPa7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC0IoyAHC7tgvcGlGLZXOSSJjM4IMB8GA1UdIwQY
MBaAFL+BfchVLfNhD/xFRBs/gUZOSJ3IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRGOXlGVXQ4MkVQX0VWRUd6LUJSazVJbmNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9jNGU3ZTktZjZiZS00MWEzLWE0NTkt
MTk1Mzg5MzMwZWRmLzEvTFFpaklBY0x1MkM5d2FVWXRsYzVKSW1NemdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9jNGU3ZTktZjZiZS00MWEzLWE0NTktMTk1Mzg5MzMwZWRm
LzEvdjRGOXlGVXQ4MkVQX0VWRUd6LUJSazVJbmNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw1g2MA8E
AgACMAkDBwAgAQZ8IeAwDQYJKoZIhvcNAQELBQADggEBAEssdR3+TkBAph4t0cUD
lBV9u2/L97lD+LM+YBdsusXt3YPUD+559bsDRYTos+OLZIV54RVJGLoIaoSO7RQA
ISednjKHAWrcZyhhy4u3orLZ885BmEdEIoekitAKLrN8BsaehWW6GL9wz7N21x7F
cuvS0rqzV2MWNj63yR1CppRh4a/uZc0hdDHaVQPqtL/IwRRu67jQWyTwK+Og6k2B
SN9ShWwCxGEzfYP2KAlRIL+isrl0BKmOTlrxIpqqrvwa7Mk2VYWAWEH39zKdJdKe
DnBINU6LsaQKDnNWb3JbxC6yDEa2qha+XuB8j6hsPpZZOo9kb/fPRz5HhRh6+1Nd
rq4=
-----END CERTIFICATE-----