Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/LNgDnrHM7ii_QTnTkLinr59AUeQ.roa
File:                     LNgDnrHM7ii_QTnTkLinr59AUeQ.roa (raw, json)
Hash identifier:          IWp+z7twTuEbxlkzYqPjQVg6B2xaBrvNskt7X77HYxE=
Subject key identifier:   2C:D8:03:9E:B1:CC:EE:28:BF:41:39:D3:90:B8:A7:AF:9F:40:51:E4
Certificate issuer:       /CN=d673d849b7d5047376d57e6f796f0018b70b4506
Certificate serial:       018CC49309F3FF646C65B504791FECDB24CE
Authority key identifier: D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/LNgDnrHM7ii_QTnTkLinr59AUeQ.roa
Signing time:             Mon 01 Jan 2024 10:30:19 +0000
ROA not before:           Mon 01 Jan 2024 10:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42378
IP address blocks:        2a01:190:15fe::/48 maxlen: 48
                          2a01:190:15fd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:09:f3:ff:64:6c:65:b5:04:79:1f:ec:db:24:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d673d849b7d5047376d57e6f796f0018b70b4506
        Validity
            Not Before: Jan  1 10:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cd8039eb1ccee28bf4139d390b8a7af9f4051e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5e:e6:cf:a8:75:39:a8:ca:d3:8d:c2:2e:18:
                    7a:5f:27:b7:96:ec:72:b0:ec:98:72:0b:b6:37:30:
                    22:8d:b8:f4:fe:ed:26:a2:d0:55:2b:7d:22:bb:8b:
                    20:14:b1:69:4b:79:53:cf:c4:3c:c1:45:bd:13:59:
                    fd:53:a3:b4:36:f4:4d:aa:db:d6:0b:ef:46:61:61:
                    65:fd:b9:17:29:ad:65:d2:71:a3:00:e6:27:2a:6a:
                    86:e8:26:14:cc:a7:8a:29:1e:80:9f:8a:e8:ba:b2:
                    2e:7c:eb:91:8d:af:be:7d:7c:a6:5f:c0:cb:c4:4c:
                    6c:5e:ae:94:3a:8e:e2:aa:6e:06:1c:f1:a3:13:e4:
                    4b:00:2a:e4:83:0d:49:92:9a:a7:a6:bd:3c:34:df:
                    9c:56:36:73:62:c4:b9:5e:52:df:51:70:ff:75:4e:
                    c2:bc:11:8d:e3:9b:03:c8:a2:fd:56:39:62:d3:e3:
                    c8:e2:81:35:fc:5e:ec:ae:67:fd:56:04:53:83:f8:
                    f5:bf:7e:f2:ad:4f:7b:6e:f7:c9:ad:38:7a:2e:c2:
                    75:2f:ad:1a:79:cb:09:d5:c3:b7:04:9c:27:0b:25:
                    9e:eb:1b:e4:2c:7b:a0:9d:19:c9:f8:2e:bd:45:80:
                    05:6e:7b:d2:84:78:8d:51:5f:3f:e0:b2:db:ba:a2:
                    dd:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:D8:03:9E:B1:CC:EE:28:BF:41:39:D3:90:B8:A7:AF:9F:40:51:E4
            X509v3 Authority Key Identifier:
                keyid:D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/LNgDnrHM7ii_QTnTkLinr59AUeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:190:15fd::-2a01:190:15fe:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         70:cf:49:63:31:da:91:4a:ab:47:f1:75:bc:1e:76:6e:83:d9:
         dd:ba:11:b2:a4:58:1d:ac:44:9b:0a:56:98:f7:58:4c:2a:ae:
         20:e7:51:69:51:0e:54:6a:8b:76:ea:1c:a9:71:0a:e7:ae:8b:
         e5:af:50:b8:16:e5:31:5c:28:b2:2e:9e:c3:62:a5:4f:99:0d:
         fc:d7:48:0b:1a:52:9e:2a:e3:17:68:8e:a1:4c:90:db:a3:98:
         96:06:af:30:84:b8:eb:31:d6:0d:6f:0e:01:78:f3:48:02:5c:
         50:e4:c8:d3:00:9c:e6:d0:b8:06:1d:a5:7d:1f:d3:2c:d6:58:
         c3:73:72:86:fa:3c:da:7f:0c:54:ec:96:1c:20:a4:22:ba:13:
         06:6f:d2:e4:af:4c:a0:43:75:4d:ff:4b:9d:d0:e8:57:9b:0d:
         80:71:85:e5:8a:3c:c0:21:39:57:b8:e3:f1:3c:ca:3f:dd:e1:
         9c:2a:60:1d:5b:1a:03:2d:c7:a5:75:9e:c9:fa:36:11:7d:fa:
         36:af:be:48:8a:a6:99:22:f2:09:52:67:05:61:e7:be:e0:e2:
         ba:74:c7:61:e5:53:85:3e:61:12:ad:0c:42:5b:7a:f3:9a:fd:
         4d:3d:2c:9d:be:fa:8a:6c:3f:9e:ac:1b:88:f7:3a:7b:5d:53:
         03:d9:7d:f2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzEkwnz/2RsZbUEeR/s2yTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzNkODQ5YjdkNTA0NzM3NmQ1N2U2Zjc5NmYwMDE4Yjcw
YjQ1MDYwHhcNMjQwMTAxMTAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2Q4MDM5ZWIxY2NlZTI4YmY0MTM5ZDM5MGI4YTdhZjlmNDA1MWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw17mz6h1OajK043CLhh6Xye3luxy
sOyYcgu2NzAijbj0/u0motBVK30iu4sgFLFpS3lTz8Q8wUW9E1n9U6O0NvRNqtvW
C+9GYWFl/bkXKa1l0nGjAOYnKmqG6CYUzKeKKR6An4rourIufOuRja++fXymX8DL
xExsXq6UOo7iqm4GHPGjE+RLACrkgw1Jkpqnpr08NN+cVjZzYsS5XlLfUXD/dU7C
vBGN45sDyKL9Vjli0+PI4oE1/F7srmf9VgRTg/j1v37yrU97bvfJrTh6LsJ1L60a
ecsJ1cO3BJwnCyWe6xvkLHugnRnJ+C69RYAFbnvShHiNUV8/4LLbuqLdyQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCzYA56xzO4ov0E505C4p6+fQFHkMB8GA1UdIwQY
MBaAFNZz2Em31QRzdtV+b3lvABi3C0UGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgt
OGVlYjc1N2NmNTQ1LzEvTE5nRG5ySE03aWlfUVRuVGtMaW5yNTlBVWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgtOGVlYjc1N2NmNTQ1
LzEvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqAQGQ
Ff0DBwAqAQGQFf4wDQYJKoZIhvcNAQELBQADggEBAHDPSWMx2pFKq0fxdbwedm6D
2d26EbKkWB2sRJsKVpj3WEwqriDnUWlRDlRqi3bqHKlxCueui+WvULgW5TFcKLIu
nsNipU+ZDfzXSAsaUp4q4xdojqFMkNujmJYGrzCEuOsx1g1vDgF480gCXFDkyNMA
nObQuAYdpX0f0yzWWMNzcob6PNp/DFTslhwgpCK6EwZv0uSvTKBDdU3/S53Q6Feb
DYBxheWKPMAhOVe44/E8yj/d4ZwqYB1bGgMtx6V1nsn6NhF9+javvkiKppki8glS
ZwVh577g4rp0x2HlU4U+YRKtDEJbevOa/U09LJ2++opsP56sG4j3OntdUwPZffI=
-----END CERTIFICATE-----