Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/LtgIZEC7Bw-5FA45JnyyT3zvaNQ.roa
File:                     LtgIZEC7Bw-5FA45JnyyT3zvaNQ.roa (raw, json)
Hash identifier:          Z2MABy0J94wvLPv/W+TrzEustuU2QAlHhZsN9mAqMfc=
Subject key identifier:   2E:D8:08:64:40:BB:07:0F:B9:14:0E:39:26:7C:B2:4F:7C:EF:68:D4
Certificate issuer:       /CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
Certificate serial:       018DA7384E9CD73536CC2BDD811589687E85
Authority key identifier: 81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/LtgIZEC7Bw-5FA45JnyyT3zvaNQ.roa
Signing time:             Wed 14 Feb 2024 10:45:01 +0000
ROA not before:           Wed 14 Feb 2024 10:45:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        5.181.166.0/24 maxlen: 24
                          45.81.148.0/24 maxlen: 24
                          185.229.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:38:4e:9c:d7:35:36:cc:2b:dd:81:15:89:68:7e:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
        Validity
            Not Before: Feb 14 10:45:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ed8086440bb070fb9140e39267cb24f7cef68d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c1:56:7c:ec:75:8c:bc:c3:fe:c4:15:ca:93:
                    cc:5e:22:75:fc:72:ea:d3:24:d4:b2:fb:9d:3c:1e:
                    21:0a:22:18:0f:6b:fe:19:d0:78:85:5d:3a:80:c8:
                    6a:f1:cd:65:b0:c2:42:bd:7b:90:0f:e6:40:11:1b:
                    e3:fe:78:6b:13:fb:a6:8e:b5:9e:80:64:7b:68:82:
                    42:99:fc:ae:54:09:30:5f:13:b1:70:e3:31:ab:76:
                    6a:19:17:5f:ed:a4:a8:8b:39:4f:7f:20:0c:d7:a4:
                    b4:49:17:12:3d:22:c2:38:f9:16:d5:0c:37:a3:7b:
                    d7:97:e4:d5:5f:d5:04:b4:d5:6e:90:8d:dd:bd:df:
                    c7:48:db:7e:ce:49:ac:3e:0a:82:d5:ef:b6:c0:71:
                    19:e9:e2:44:c6:07:15:38:99:69:12:d9:9d:56:90:
                    52:41:92:e1:fa:2d:7c:3e:bc:39:51:60:8d:a5:db:
                    2f:2c:82:61:d1:5b:c0:7b:0b:ca:5b:ee:c7:bf:a7:
                    0d:c6:5e:8d:8b:5e:c1:57:e4:f9:ba:38:dc:a4:a9:
                    54:76:bb:07:1f:78:21:15:48:19:65:b7:49:45:51:
                    74:89:1e:68:38:96:6e:50:8e:21:76:8e:aa:d6:e8:
                    45:2b:11:23:01:1a:de:4f:5b:ac:ae:81:1e:8b:a5:
                    9e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D8:08:64:40:BB:07:0F:B9:14:0E:39:26:7C:B2:4F:7C:EF:68:D4
            X509v3 Authority Key Identifier:
                keyid:81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/LtgIZEC7Bw-5FA45JnyyT3zvaNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.166.0/24
                  45.81.148.0/24
                  185.229.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:29:2d:ce:51:ac:60:55:e9:a4:37:57:61:4a:52:6f:a1:39:
         ac:ff:86:66:84:77:6f:92:76:f9:4f:b0:42:50:bf:20:79:f4:
         3b:40:89:60:90:31:d6:7a:dd:41:a7:99:e1:a3:b8:ee:85:ae:
         f8:92:00:91:75:79:c1:0e:7c:e4:c7:34:a2:7c:63:0a:41:ec:
         4d:24:11:74:64:c0:b7:64:0c:49:7d:f1:10:cf:df:e2:f7:04:
         b3:de:4f:11:96:c8:b7:8c:f8:f3:b8:73:06:da:94:c9:59:76:
         87:ee:8a:93:6e:fe:3c:b2:9d:a1:ef:07:8c:8c:6d:23:3d:0d:
         f1:8c:c7:cc:92:cd:68:aa:93:1f:64:5c:d2:40:c5:4e:6b:0f:
         d2:bb:bf:26:b5:32:59:f8:94:d3:f6:c5:74:49:a1:88:a9:21:
         a3:3b:45:f4:42:14:23:9e:8e:5b:6f:f9:25:fa:2f:cd:7f:2f:
         14:a0:5c:56:6f:08:15:2f:da:10:ce:6a:b3:57:fd:fe:5a:5b:
         13:3c:fe:88:bc:b4:53:2b:31:a6:7d:f6:b4:1d:76:ed:a7:03:
         48:e3:c1:bc:f7:e6:06:f7:31:2a:eb:97:50:d9:a7:b9:97:ec:
         4b:a4:ac:f8:26:c1:37:df:90:e9:0f:d5:5f:6a:6c:8a:a5:23:
         da:e9:9d:dc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2nOE6c1zU2zCvdgRWJaH6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYzhiNzNhYjdiZGViNzZmZjQ4YjJjYTA5OTYxNmVkYmU3
MWM0MjYwHhcNMjQwMjE0MTA0NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQ4MDg2NDQwYmIwNzBmYjkxNDBlMzkyNjdjYjI0ZjdjZWY2OGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8FWfOx1jLzD/sQVypPMXiJ1/HLq
0yTUsvudPB4hCiIYD2v+GdB4hV06gMhq8c1lsMJCvXuQD+ZAERvj/nhrE/umjrWe
gGR7aIJCmfyuVAkwXxOxcOMxq3ZqGRdf7aSoizlPfyAM16S0SRcSPSLCOPkW1Qw3
o3vXl+TVX9UEtNVukI3dvd/HSNt+zkmsPgqC1e+2wHEZ6eJExgcVOJlpEtmdVpBS
QZLh+i18Prw5UWCNpdsvLIJh0VvAewvKW+7Hv6cNxl6Ni17BV+T5ujjcpKlUdrsH
H3ghFUgZZbdJRVF0iR5oOJZuUI4hdo6q1uhFKxEjARreT1usroEei6We/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC7YCGRAuwcPuRQOOSZ8sk9872jUMB8GA1UdIwQY
MBaAFIHItzq3vet2/0iyygmWFu2+ccQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUt
ZDg0ODhiM2FiNDJmLzEvTHRnSVpFQzdCdy01RkE0NUpueXlUM3p2YU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUtZDg0ODhiM2FiNDJm
LzEvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbWmAwQA
LVGUAwQAueXzMA0GCSqGSIb3DQEBCwUAA4IBAQB4KS3OUaxgVemkN1dhSlJvoTms
/4ZmhHdvknb5T7BCUL8gefQ7QIlgkDHWet1Bp5nho7juha74kgCRdXnBDnzkxzSi
fGMKQexNJBF0ZMC3ZAxJffEQz9/i9wSz3k8Rlsi3jPjzuHMG2pTJWXaH7oqTbv48
sp2h7weMjG0jPQ3xjMfMks1oqpMfZFzSQMVOaw/Su78mtTJZ+JTT9sV0SaGIqSGj
O0X0QhQjno5bb/kl+i/Nfy8UoFxWbwgVL9oQzmqzV/3+WlsTPP6IvLRTKzGmffa0
HXbtpwNI48G89+YG9zEq65dQ2ae5l+xLpKz4JsE335DpD9VfamyKpSPa6Z3c
-----END CERTIFICATE-----