Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/LqnXKz1EGP1YSaduJvcSYih9hA0.roa
File:                     LqnXKz1EGP1YSaduJvcSYih9hA0.roa (raw, json)
Hash identifier:          wA9s1nfuEGLUPX/3Jx1KlVp9xbUTceFA8YFr9Z0X0xI=
Subject key identifier:   2E:A9:D7:2B:3D:44:18:FD:58:49:A7:6E:26:F7:12:62:28:7D:84:0D
Certificate issuer:       /CN=ff62562cae873f4fc4a3232bf49dd5343b7084f9
Certificate serial:       0190FD0BC22CC849A326C6CF54E4BC5D660C
Authority key identifier: FF:62:56:2C:AE:87:3F:4F:C4:A3:23:2B:F4:9D:D5:34:3B:70:84:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_2JWLK6HP0_EoyMr9J3VNDtwhPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/LqnXKz1EGP1YSaduJvcSYih9hA0.roa
Signing time:             Mon 29 Jul 2024 05:52:04 +0000
ROA not before:           Mon 29 Jul 2024 05:52:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        185.187.120.0/23 maxlen: 23
                          2a0b:9e80::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/_2JWLK6HP0_EoyMr9J3VNDtwhPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/_2JWLK6HP0_EoyMr9J3VNDtwhPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_2JWLK6HP0_EoyMr9J3VNDtwhPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fd:0b:c2:2c:c8:49:a3:26:c6:cf:54:e4:bc:5d:66:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff62562cae873f4fc4a3232bf49dd5343b7084f9
        Validity
            Not Before: Jul 29 05:52:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ea9d72b3d4418fd5849a76e26f71262287d840d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:02:a6:62:f0:c9:67:dc:02:cf:f1:ca:15:73:
                    91:74:8e:3d:ed:b8:da:bc:7c:ac:95:56:e4:8b:56:
                    09:f8:c3:58:f7:79:92:cb:bb:6d:e4:40:b0:df:2a:
                    3c:ab:d4:9c:4b:05:6c:c6:69:0d:d4:e2:e8:50:20:
                    47:88:e3:df:d8:7d:9e:62:39:d5:a2:91:63:c3:4b:
                    bb:29:b5:7b:a9:63:f0:cb:06:85:d1:64:66:92:4b:
                    34:3e:46:11:9f:19:0a:30:c2:2d:db:4c:57:63:51:
                    1a:5a:bd:8e:4a:1a:7e:04:88:2b:65:3c:27:10:ab:
                    fd:9e:e1:07:38:95:46:e9:73:92:e5:3d:a8:c0:33:
                    3e:bd:d8:1a:8a:54:4f:2f:3b:52:7c:33:3e:5d:fa:
                    57:a4:00:54:e7:e2:6f:70:b8:27:f2:82:3e:ef:a7:
                    87:6e:7f:f0:dd:a9:7b:96:6b:6b:27:6a:a0:98:48:
                    eb:78:d5:1a:0a:29:14:25:94:dd:a3:c7:3b:a2:bc:
                    da:fe:8a:c6:2b:ff:30:f0:56:d2:83:62:36:cc:e4:
                    33:da:ab:fd:54:d5:37:73:96:6b:29:37:c5:72:76:
                    e4:2c:6f:ba:1a:35:91:16:d8:97:7d:43:aa:61:57:
                    57:08:b1:6f:1b:ff:cf:6e:c1:04:b9:0c:6d:36:73:
                    6f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:A9:D7:2B:3D:44:18:FD:58:49:A7:6E:26:F7:12:62:28:7D:84:0D
            X509v3 Authority Key Identifier:
                keyid:FF:62:56:2C:AE:87:3F:4F:C4:A3:23:2B:F4:9D:D5:34:3B:70:84:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_2JWLK6HP0_EoyMr9J3VNDtwhPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/LqnXKz1EGP1YSaduJvcSYih9hA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/_2JWLK6HP0_EoyMr9J3VNDtwhPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.120.0/23
                IPv6:
                  2a0b:9e80::/36

    Signature Algorithm: sha256WithRSAEncryption
         78:14:2c:26:27:2c:14:c1:a2:d4:30:31:ee:18:4a:59:1b:05:
         49:f6:af:18:af:e6:68:7c:e1:81:8a:a0:44:2e:2c:03:dc:62:
         4a:31:78:46:22:31:21:3d:c3:1f:c0:db:d9:6d:73:6d:6f:38:
         2a:0e:61:81:bf:fc:8f:25:aa:ee:de:dd:58:0c:26:59:c0:f1:
         03:a0:04:31:4a:7a:db:9c:d7:a8:39:89:80:76:95:7b:56:28:
         4c:26:5a:92:16:56:1c:bc:e0:7c:a5:47:2b:b4:ef:e1:51:1b:
         ca:50:51:42:92:d8:22:1b:a5:fb:7c:ba:3e:f0:46:da:59:c8:
         2e:34:a8:e5:7a:db:3d:d9:72:6b:3f:c6:b1:61:48:f1:24:ef:
         1c:99:0e:52:ac:a2:72:fd:36:0d:ed:3f:a2:1a:84:a7:97:49:
         78:29:ec:26:a6:b6:a7:00:36:04:4a:ae:87:e3:75:c0:4e:07:
         e6:63:60:0a:ee:83:bb:1c:6d:ae:a2:59:dd:b1:dd:17:68:65:
         e3:08:1e:4d:f7:26:89:c4:13:8f:72:03:9a:45:b0:ed:ca:ae:
         6a:4a:37:b5:5e:89:69:71:42:f9:da:04:f6:a7:1a:55:15:58:
         bc:3e:75:f2:82:80:2d:7e:d1:39:99:7d:4a:c6:b3:74:f3:19:
         ad:09:cb:97
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZD9C8IsyEmjJsbPVOS8XWYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNjI1NjJjYWU4NzNmNGZjNGEzMjMyYmY0OWRkNTM0M2I3
MDg0ZjkwHhcNMjQwNzI5MDU1MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWE5ZDcyYjNkNDQxOGZkNTg0OWE3NmUyNmY3MTI2MjI4N2Q4NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8AKmYvDJZ9wCz/HKFXORdI497bja
vHyslVbki1YJ+MNY93mSy7tt5ECw3yo8q9ScSwVsxmkN1OLoUCBHiOPf2H2eYjnV
opFjw0u7KbV7qWPwywaF0WRmkks0PkYRnxkKMMIt20xXY1EaWr2OShp+BIgrZTwn
EKv9nuEHOJVG6XOS5T2owDM+vdgailRPLztSfDM+XfpXpABU5+JvcLgn8oI+76eH
bn/w3al7lmtrJ2qgmEjreNUaCikUJZTdo8c7orza/orGK/8w8FbSg2I2zOQz2qv9
VNU3c5ZrKTfFcnbkLG+6GjWRFtiXfUOqYVdXCLFvG//PbsEEuQxtNnNvTwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFC6p1ys9RBj9WEmnbib3EmIofYQNMB8GA1UdIwQY
MBaAFP9iViyuhz9PxKMjK/Sd1TQ7cIT5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzJKV0xLNkhQMF9Fb3lNcjlKM1ZORHR3aFBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zZGMzYzQtOWM0OC00YTY0LThmYTEt
ODhmN2I5MWI2ZTMyLzEvTHFuWEt6MUVHUDFZU2FkdUp2Y1NZaWg5aEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zZGMzYzQtOWM0OC00YTY0LThmYTEtODhmN2I5MWI2ZTMy
LzEvXzJKV0xLNkhQMF9Fb3lNcjlKM1ZORHR3aFBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBubt4MA4E
AgACMAgDBgQqC56AADANBgkqhkiG9w0BAQsFAAOCAQEAeBQsJicsFMGi1DAx7hhK
WRsFSfavGK/maHzhgYqgRC4sA9xiSjF4RiIxIT3DH8Db2W1zbW84Kg5hgb/8jyWq
7t7dWAwmWcDxA6AEMUp625zXqDmJgHaVe1YoTCZakhZWHLzgfKVHK7Tv4VEbylBR
QpLYIhul+3y6PvBG2lnILjSo5XrbPdlyaz/GsWFI8STvHJkOUqyicv02De0/ohqE
p5dJeCnsJqa2pwA2BEquh+N1wE4H5mNgCu6DuxxtrqJZ3bHdF2hl4wgeTfcmicQT
j3IDmkWw7cquako3tV6JaXFC+doE9qcaVRVYvD518oKALX7ROZl9SsazdPMZrQnL
lw==
-----END CERTIFICATE-----