Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/LgaGgCDE_6UnnO-1Bj9TIkd5Q6U.roa
File:                     LgaGgCDE_6UnnO-1Bj9TIkd5Q6U.roa (raw, json)
Hash identifier:          3R/2nRCztYRSK88UdnyXeps5RmeJw9pSEzGPp//HuyU=
Subject key identifier:   2E:06:86:80:20:C4:FF:A5:27:9C:EF:B5:06:3F:53:22:47:79:43:A5
Certificate issuer:       /CN=a61ada61202413cd8fca2f49742527ad021f9676
Certificate serial:       018CC801DF998CBA4D016F7B9D14CB5435C5
Authority key identifier: A6:1A:DA:61:20:24:13:CD:8F:CA:2F:49:74:25:27:AD:02:1F:96:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/phraYSAkE82Pyi9JdCUnrQIflnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/LgaGgCDE_6UnnO-1Bj9TIkd5Q6U.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395184
IP address blocks:        185.38.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/phraYSAkE82Pyi9JdCUnrQIflnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/phraYSAkE82Pyi9JdCUnrQIflnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/phraYSAkE82Pyi9JdCUnrQIflnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:df:99:8c:ba:4d:01:6f:7b:9d:14:cb:54:35:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a61ada61202413cd8fca2f49742527ad021f9676
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e06868020c4ffa5279cefb5063f5322477943a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:24:ef:02:f8:11:fc:c9:ad:c2:bf:7c:7c:ca:
                    5c:d4:56:27:70:63:88:3f:46:22:23:4d:ca:15:cf:
                    a2:ee:47:87:46:31:ea:19:4f:e1:8e:bd:73:13:b9:
                    cd:bc:50:2b:8e:3a:86:59:80:8a:ec:0d:6c:88:4d:
                    9c:84:03:bc:74:2f:59:7f:82:b8:eb:fc:e7:02:65:
                    a5:35:c7:18:e3:e4:e9:d9:83:63:29:12:cc:f5:5a:
                    fb:a9:43:6e:23:ef:fe:a3:8c:83:5d:bc:41:f7:0e:
                    e9:bd:5a:66:00:c9:8c:db:27:71:9a:26:6a:02:cd:
                    43:cc:8b:3b:24:8f:e3:f3:99:5a:9e:9f:71:28:19:
                    64:a0:01:ce:75:50:d8:89:40:1e:51:10:cc:ad:07:
                    79:48:c9:47:61:bf:2b:4e:85:b5:52:c3:9f:e2:67:
                    ce:f2:57:a9:6b:9a:da:32:8e:0e:1e:02:69:8a:1b:
                    09:d5:af:27:3a:41:06:dd:87:08:ad:96:34:23:e1:
                    43:ea:50:c5:b2:8a:76:ed:fe:f4:5f:20:2f:0f:25:
                    53:c8:b1:a4:b3:83:db:86:9f:70:fc:c5:d5:c7:2c:
                    63:ff:48:52:56:57:4b:2f:d8:b4:ca:19:6d:a9:71:
                    d3:5d:e4:52:9f:31:8e:0e:24:64:0d:c4:11:d3:74:
                    0f:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:06:86:80:20:C4:FF:A5:27:9C:EF:B5:06:3F:53:22:47:79:43:A5
            X509v3 Authority Key Identifier:
                keyid:A6:1A:DA:61:20:24:13:CD:8F:CA:2F:49:74:25:27:AD:02:1F:96:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/phraYSAkE82Pyi9JdCUnrQIflnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/LgaGgCDE_6UnnO-1Bj9TIkd5Q6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/phraYSAkE82Pyi9JdCUnrQIflnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:e3:d6:6f:17:2f:72:43:f8:0d:d8:0a:c3:08:a7:cd:4c:4a:
         6b:8b:0f:6f:f6:98:13:a4:fe:3a:ec:9f:4d:79:1c:92:0c:1f:
         47:bd:71:36:66:5c:f9:cc:cd:59:a4:b5:3c:e7:ab:90:a3:97:
         20:c7:d7:fe:29:f4:6e:99:96:5c:ad:d1:ec:c0:28:ab:86:c1:
         40:15:33:51:c7:6e:c8:33:f8:eb:e6:1f:11:84:f9:83:5d:b1:
         4d:e3:0f:bd:8f:19:5a:e6:90:1a:c0:49:3e:cd:71:40:28:c6:
         a9:57:f4:0a:44:22:5c:0d:b2:26:02:a0:d1:ee:48:9d:9d:f3:
         1e:37:94:23:c7:8a:de:b6:7c:36:f0:cd:f2:8d:4a:56:e6:ff:
         2c:d3:12:2d:5f:51:11:59:76:09:a8:2e:31:b5:30:90:8e:fe:
         6c:87:77:b9:0d:a6:9a:a6:1a:6f:a9:20:88:4f:70:65:29:74:
         2e:43:33:fd:b0:55:75:e9:48:23:cf:c3:77:9c:bb:5d:66:8f:
         48:a3:99:14:d5:c7:c5:83:37:54:d1:43:9b:84:e0:23:3d:72:
         5a:3c:e0:58:b0:4a:8b:ac:c2:e0:da:35:15:fe:32:fc:24:dc:
         8b:cd:b7:e9:9c:b7:3f:08:0d:45:89:65:2c:a1:16:09:0a:58:
         6a:87:99:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAd+ZjLpNAW97nRTLVDXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MWFkYTYxMjAyNDEzY2Q4ZmNhMmY0OTc0MjUyN2FkMDIx
Zjk2NzYwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTA2ODY4MDIwYzRmZmE1Mjc5Y2VmYjUwNjNmNTMyMjQ3Nzk0M2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyTvAvgR/Mmtwr98fMpc1FYncGOI
P0YiI03KFc+i7keHRjHqGU/hjr1zE7nNvFArjjqGWYCK7A1siE2chAO8dC9Zf4K4
6/znAmWlNccY4+Tp2YNjKRLM9Vr7qUNuI+/+o4yDXbxB9w7pvVpmAMmM2ydxmiZq
As1DzIs7JI/j85lanp9xKBlkoAHOdVDYiUAeURDMrQd5SMlHYb8rToW1UsOf4mfO
8lepa5raMo4OHgJpihsJ1a8nOkEG3YcIrZY0I+FD6lDFsop27f70XyAvDyVTyLGk
s4Pbhp9w/MXVxyxj/0hSVldLL9i0yhltqXHTXeRSnzGODiRkDcQR03QPwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4GhoAgxP+lJ5zvtQY/UyJHeUOlMB8GA1UdIwQY
MBaAFKYa2mEgJBPNj8ovSXQlJ60CH5Z2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGhyYVlTQWtFODJQeWk5SmRDVW5yUUlmbG5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9iZGFiOWQtNDU4Yi00ZDZhLTlkOWIt
YWVlYzdhODU5YzU5LzEvTGdhR2dDREVfNlVubk8tMUJqOVRJa2Q1UTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9iZGFiOWQtNDU4Yi00ZDZhLTlkOWItYWVlYzdhODU5YzU5
LzEvcGhyYVlTQWtFODJQeWk5SmRDVW5yUUlmbG5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSbwMA0G
CSqGSIb3DQEBCwUAA4IBAQAn49ZvFy9yQ/gN2ArDCKfNTEpriw9v9pgTpP467J9N
eRySDB9HvXE2Zlz5zM1ZpLU856uQo5cgx9f+KfRumZZcrdHswCirhsFAFTNRx27I
M/jr5h8RhPmDXbFN4w+9jxla5pAawEk+zXFAKMapV/QKRCJcDbImAqDR7kidnfMe
N5Qjx4retnw28M3yjUpW5v8s0xItX1ERWXYJqC4xtTCQjv5sh3e5DaaaphpvqSCI
T3BlKXQuQzP9sFV16Ugjz8N3nLtdZo9Io5kU1cfFgzdU0UObhOAjPXJaPOBYsEqL
rMLg2jUV/jL8JNyLzbfpnLc/CA1FiWUsoRYJClhqh5n3
-----END CERTIFICATE-----