Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/LGMINbRPMnClAQDmvmT4QDPm-A4.roa
File:                     LGMINbRPMnClAQDmvmT4QDPm-A4.roa (raw, json)
Hash identifier:          eZ8yMZQ73KKRIhWDRQZRftHM0ezWWNo2vnhqVAlZ/6A=
Subject key identifier:   2C:63:08:35:B4:4F:32:70:A5:01:00:E6:BE:64:F8:40:33:E6:F8:0E
Certificate issuer:       /CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
Certificate serial:       018D78198AA316AA945BEB396E52CA5302FD
Authority key identifier: D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/LGMINbRPMnClAQDmvmT4QDPm-A4.roa
Signing time:             Mon 05 Feb 2024 07:09:16 +0000
ROA not before:           Mon 05 Feb 2024 07:09:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        193.178.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:19:8a:a3:16:aa:94:5b:eb:39:6e:52:ca:53:02:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
        Validity
            Not Before: Feb  5 07:09:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c630835b44f3270a50100e6be64f84033e6f80e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:08:e0:41:d7:6f:97:bd:b8:27:da:91:78:f9:
                    88:b1:5a:e3:7f:db:82:b2:31:dc:b9:6f:74:00:51:
                    76:d1:5d:54:f3:9a:cb:c2:e1:b3:52:0d:c5:d5:d4:
                    5d:2f:d2:ea:96:e7:25:8f:93:2b:ed:18:73:9c:18:
                    27:f3:40:b2:f6:4a:9c:97:57:f0:ce:95:d2:83:d7:
                    f4:3d:54:8f:ec:8b:ea:8a:03:f1:0d:a0:d8:66:db:
                    15:a3:96:ed:2d:88:df:33:84:06:3f:9a:a2:56:c6:
                    80:f7:4a:52:ae:24:52:b4:28:50:eb:72:60:85:6c:
                    c0:e7:d2:a8:14:72:c0:70:61:2a:22:cc:b7:08:58:
                    30:21:95:ab:45:fa:84:61:fd:13:74:e7:3e:ee:6e:
                    00:66:2d:df:7a:26:ad:3a:6c:f7:29:35:79:04:da:
                    bb:32:5c:51:04:d8:84:f4:b5:92:dc:af:d2:b4:b2:
                    d9:61:c9:b5:7a:df:1d:28:be:f9:5e:de:ad:7b:90:
                    66:f3:f1:1f:a8:65:cb:f4:31:34:dd:2f:e6:9f:08:
                    b0:2a:be:e9:cc:51:0d:d4:ac:ad:23:06:39:21:c1:
                    f6:b6:7e:90:63:00:34:76:a2:c1:e6:77:5f:d6:07:
                    a8:25:2a:41:17:76:65:2f:37:d9:64:1b:15:f4:cc:
                    ea:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:63:08:35:B4:4F:32:70:A5:01:00:E6:BE:64:F8:40:33:E6:F8:0E
            X509v3 Authority Key Identifier:
                keyid:D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/LGMINbRPMnClAQDmvmT4QDPm-A4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:58:58:3c:de:f0:6d:73:71:33:32:1c:b6:eb:33:8c:7e:36:
         4d:78:da:b2:1b:68:cf:c0:25:03:37:f3:b0:98:1c:7b:99:b1:
         8a:fa:70:43:a0:7c:d0:e9:f0:6f:51:e2:52:79:6e:1a:50:17:
         14:ab:fc:44:be:38:4c:32:12:be:ac:b8:bc:6c:25:d1:7d:87:
         fc:b4:0f:bc:83:27:1a:ac:5c:48:00:6d:b7:da:81:c3:ca:54:
         9f:4a:eb:70:fe:d2:6f:80:ab:54:e1:af:de:4a:46:5b:43:cf:
         6a:05:04:7f:b5:2f:11:f4:09:33:6f:2e:d0:7e:83:0c:39:fa:
         9e:1b:50:85:57:ff:a8:e2:1e:6c:5f:d9:2b:bf:6f:88:11:7b:
         4a:5f:7d:7f:ca:e0:d7:8e:1b:d5:70:cb:9d:b1:56:32:83:2d:
         f7:85:71:cd:ea:c4:ce:48:94:22:0b:0f:16:70:b0:b3:66:37:
         3c:76:20:32:ae:c8:d3:55:6c:3a:f2:47:9a:85:b4:d0:5c:04:
         ac:50:2d:dd:6b:1a:b3:bb:e8:8b:94:c4:cb:5e:0e:2c:7a:bf:
         cb:d1:63:bc:5b:3e:ea:ca:51:ea:00:d1:79:35:22:d1:a1:4e:
         29:c0:f7:10:4d:4d:59:dc:6d:a4:d6:fd:2f:7c:68:79:4d:25:
         56:13:6e:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY14GYqjFqqUW+s5blLKUwL9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZjA2NWM4YmRiNzhmZjI5NGY3YzU0NTQ5NzFkYmZhYmZi
NmMxODQwHhcNMjQwMjA1MDcwOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzYzMDgzNWI0NGYzMjcwYTUwMTAwZTZiZTY0Zjg0MDMzZTZmODBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwjgQddvl724J9qRePmIsVrjf9uC
sjHcuW90AFF20V1U85rLwuGzUg3F1dRdL9Lqluclj5Mr7RhznBgn80Cy9kqcl1fw
zpXSg9f0PVSP7IvqigPxDaDYZtsVo5btLYjfM4QGP5qiVsaA90pSriRStChQ63Jg
hWzA59KoFHLAcGEqIsy3CFgwIZWrRfqEYf0TdOc+7m4AZi3feiatOmz3KTV5BNq7
MlxRBNiE9LWS3K/StLLZYcm1et8dKL75Xt6te5Bm8/EfqGXL9DE03S/mnwiwKr7p
zFEN1KytIwY5IcH2tn6QYwA0dqLB5ndf1geoJSpBF3ZlLzfZZBsV9MzqDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxjCDW0TzJwpQEA5r5k+EAz5vgOMB8GA1UdIwQY
MBaAFNXwZci9t4/ylPfFRUlx2/q/tsGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWIt
MzVhNWRjMmM3OTJjLzEvTEdNSU5iUlBNbkNsQVFEbXZtVDRRRFBtLUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWItMzVhNWRjMmM3OTJj
LzEvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbJzMA0G
CSqGSIb3DQEBCwUAA4IBAQAWWFg83vBtc3EzMhy26zOMfjZNeNqyG2jPwCUDN/Ow
mBx7mbGK+nBDoHzQ6fBvUeJSeW4aUBcUq/xEvjhMMhK+rLi8bCXRfYf8tA+8gyca
rFxIAG232oHDylSfSutw/tJvgKtU4a/eSkZbQ89qBQR/tS8R9Akzby7QfoMMOfqe
G1CFV/+o4h5sX9krv2+IEXtKX31/yuDXjhvVcMudsVYygy33hXHN6sTOSJQiCw8W
cLCzZjc8diAyrsjTVWw68keahbTQXASsUC3daxqzu+iLlMTLXg4ser/L0WO8Wz7q
ylHqANF5NSLRoU4pwPcQTU1Z3G2k1v0vfGh5TSVWE25f
-----END CERTIFICATE-----