Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/LNaFovXEEUjxdoHg1fLCjM-NQx0.roa
File:                     LNaFovXEEUjxdoHg1fLCjM-NQx0.roa (raw, json)
Hash identifier:          NNyIaNGcvOablfmmGfZD6uBrRNwdo6jnA6mKC9kz608=
Subject key identifier:   2C:D6:85:A2:F5:C4:11:48:F1:76:81:E0:D5:F2:C2:8C:CF:8D:43:1D
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       018CC94DB11246420F357F8C2D7C1EC010C8
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/LNaFovXEEUjxdoHg1fLCjM-NQx0.roa
Signing time:             Tue 02 Jan 2024 08:32:41 +0000
ROA not before:           Tue 02 Jan 2024 08:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58144
IP address blocks:        185.20.252.0/22 maxlen: 24
                          185.20.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:b1:12:46:42:0f:35:7f:8c:2d:7c:1e:c0:10:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  2 08:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cd685a2f5c41148f17681e0d5f2c28ccf8d431d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fc:12:b2:47:43:8a:aa:a3:21:fd:7c:a9:1e:
                    fe:bd:7e:19:0d:01:f6:15:a0:9e:85:b8:a5:05:69:
                    96:76:14:ab:5f:83:7d:1e:47:d8:11:f4:39:46:25:
                    1a:fc:b8:58:02:3b:96:53:2e:18:85:ce:4e:4d:93:
                    db:8f:53:42:9d:d8:8a:9c:e7:11:d8:48:36:5e:f1:
                    26:33:f7:fa:68:66:49:b2:e7:70:bb:cb:32:82:1f:
                    0a:a2:40:30:44:99:88:e0:8e:c4:2c:48:40:e4:64:
                    11:d6:f0:8d:dc:c5:80:0b:93:81:4a:2d:94:ad:76:
                    ed:ac:fd:2b:fc:e3:93:ac:68:bb:70:e5:68:83:78:
                    e2:3e:d1:f0:cc:60:c2:85:d9:de:ee:1f:c3:19:18:
                    51:74:2d:bd:c9:24:f1:16:41:8d:49:4a:73:77:7f:
                    9b:fc:2e:cb:ce:a2:3b:6a:22:a9:0d:10:15:78:8f:
                    f4:ab:69:c9:54:c5:9b:bb:15:1c:f5:3a:56:c3:7b:
                    30:ad:42:56:c3:02:f6:6c:e3:74:86:8a:bd:8d:49:
                    c1:f0:e2:d3:b9:3b:f5:ec:52:94:03:e7:a6:e8:69:
                    f1:60:0b:fb:b6:83:47:3e:ac:54:08:08:c5:87:4d:
                    30:8d:96:fa:6e:08:75:63:18:29:28:17:67:18:f7:
                    e4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:D6:85:A2:F5:C4:11:48:F1:76:81:E0:D5:F2:C2:8C:CF:8D:43:1D
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/LNaFovXEEUjxdoHg1fLCjM-NQx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:46:fa:a4:33:74:66:55:53:30:4a:45:0f:d8:74:4a:da:42:
         0d:d3:7c:7e:f8:82:80:70:65:d6:33:de:82:a6:ce:50:be:b5:
         d7:33:d4:6a:17:37:f6:28:2d:83:81:fa:92:60:ad:8b:d4:22:
         d8:d9:1f:60:b7:35:b9:46:97:33:25:16:8a:22:05:c1:5f:17:
         14:38:8b:9b:77:b9:b9:08:35:70:79:3f:76:7d:b0:7a:b7:5a:
         2f:10:64:59:17:1a:39:99:02:97:62:9c:61:c8:65:c2:0d:12:
         29:aa:07:60:4f:24:2d:31:5c:5a:dd:29:19:5d:45:39:c3:84:
         71:b7:97:ad:3a:4d:20:5d:a5:cb:b3:ae:18:ea:b1:d8:c0:5e:
         28:52:a3:44:49:ea:28:57:3a:56:a9:75:39:95:30:86:56:28:
         5f:3c:21:99:6f:10:00:10:a0:0d:24:d1:38:60:1c:ef:c8:e5:
         ab:e0:84:18:a5:3c:f2:9a:20:0f:b0:85:fb:b9:a3:cc:2d:dd:
         81:be:4b:62:70:2f:23:72:7c:23:6c:53:89:49:97:4b:1b:37:
         7b:9f:55:ec:23:92:4b:da:b1:47:44:a7:b1:d9:f0:9d:58:39:
         d1:e8:2d:f3:a5:89:ca:d6:ad:96:3c:15:e0:37:66:e3:00:ad:
         8c:38:38:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTbESRkIPNX+MLXwewBDIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjQwMTAyMDgzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2Q2ODVhMmY1YzQxMTQ4ZjE3NjgxZTBkNWYyYzI4Y2NmOGQ0MzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvwSskdDiqqjIf18qR7+vX4ZDQH2
FaCehbilBWmWdhSrX4N9HkfYEfQ5RiUa/LhYAjuWUy4Yhc5OTZPbj1NCndiKnOcR
2Eg2XvEmM/f6aGZJsudwu8sygh8KokAwRJmI4I7ELEhA5GQR1vCN3MWAC5OBSi2U
rXbtrP0r/OOTrGi7cOVog3jiPtHwzGDChdne7h/DGRhRdC29ySTxFkGNSUpzd3+b
/C7LzqI7aiKpDRAVeI/0q2nJVMWbuxUc9TpWw3swrUJWwwL2bON0hoq9jUnB8OLT
uTv17FKUA+em6GnxYAv7toNHPqxUCAjFh00wjZb6bgh1YxgpKBdnGPfklQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzWhaL1xBFI8XaB4NXywozPjUMdMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvTE5hRm92WEVFVWp4ZG9IZzFmTENqTS1OUXgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRT8MA0G
CSqGSIb3DQEBCwUAA4IBAQAWRvqkM3RmVVMwSkUP2HRK2kIN03x++IKAcGXWM96C
ps5QvrXXM9RqFzf2KC2DgfqSYK2L1CLY2R9gtzW5RpczJRaKIgXBXxcUOIubd7m5
CDVweT92fbB6t1ovEGRZFxo5mQKXYpxhyGXCDRIpqgdgTyQtMVxa3SkZXUU5w4Rx
t5etOk0gXaXLs64Y6rHYwF4oUqNESeooVzpWqXU5lTCGVihfPCGZbxAAEKANJNE4
YBzvyOWr4IQYpTzymiAPsIX7uaPMLd2BvkticC8jcnwjbFOJSZdLGzd7n1XsI5JL
2rFHRKex2fCdWDnR6C3zpYnK1q2WPBXgN2bjAK2MODj4
-----END CERTIFICATE-----