Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/LmWWGay_oFl1nUPf8GOXCrqRgvU.roa
File:                     LmWWGay_oFl1nUPf8GOXCrqRgvU.roa (raw, json)
Hash identifier:          fwak33amn6UD06wWzc0cTixzdeFZ4q95qNxUu21yOo4=
Subject key identifier:   2E:65:96:19:AC:BF:A0:59:75:9D:43:DF:F0:63:97:0A:BA:91:82:F5
Certificate issuer:       /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial:       018CC42472036F2D3353EDF8EB4E0ED80376
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/LmWWGay_oFl1nUPf8GOXCrqRgvU.roa
Signing time:             Mon 01 Jan 2024 08:29:31 +0000
ROA not before:           Mon 01 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213224
IP address blocks:        209.227.208.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:72:03:6f:2d:33:53:ed:f8:eb:4e:0e:d8:03:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
        Validity
            Not Before: Jan  1 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e659619acbfa059759d43dff063970aba9182f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:8c:82:ce:77:c0:21:92:91:df:25:ac:d3:61:
                    80:98:d2:0b:7e:3b:1a:2e:74:43:af:0b:5d:b7:1d:
                    4e:1c:e9:4f:4d:e9:b7:97:82:24:4e:80:c7:e5:e3:
                    6c:94:3b:97:a5:de:8c:f8:3f:4a:c1:f0:e9:0c:e1:
                    38:27:1c:b2:02:f0:56:4f:88:74:d5:bb:d0:2f:3b:
                    b0:37:71:9e:ae:6b:88:d7:6c:de:ca:a4:1c:e7:23:
                    d1:2c:5d:e6:9e:f7:6b:2c:ac:62:61:00:ce:71:20:
                    ce:28:5a:22:3c:1f:6c:78:1f:cd:8b:d9:50:d9:11:
                    cc:9a:ba:9d:56:b9:3e:92:bb:42:ba:63:57:68:7f:
                    1b:e6:ef:13:d4:9b:71:1f:81:ea:88:13:a2:7b:f7:
                    e8:f9:8b:b8:d5:c9:76:d3:d2:2a:34:3e:2c:c4:4d:
                    fa:07:7a:6e:33:64:f8:86:18:58:af:4e:a6:62:24:
                    e7:12:e4:da:65:ce:cd:86:2f:1e:cf:b2:a9:44:91:
                    3e:70:35:4b:47:52:66:d8:82:05:4f:9c:50:ff:42:
                    3a:1a:02:cc:22:f7:0b:fe:bf:49:c1:dc:1a:88:f8:
                    0f:27:8d:11:b8:d3:a9:a9:62:d3:78:76:ea:e0:47:
                    81:f0:65:01:72:5a:bd:9b:a2:fe:33:31:b7:c2:93:
                    e6:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:65:96:19:AC:BF:A0:59:75:9D:43:DF:F0:63:97:0A:BA:91:82:F5
            X509v3 Authority Key Identifier:
                keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/LmWWGay_oFl1nUPf8GOXCrqRgvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.227.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         13:25:e9:ba:40:41:86:d7:93:5b:34:5e:6b:5e:ae:da:8c:e4:
         81:04:f7:c7:de:3e:a6:55:31:42:b6:80:16:09:5f:06:79:1a:
         3d:46:9e:17:b9:2e:fb:f2:ac:ca:4a:eb:c1:b3:14:e6:63:ee:
         8d:bb:2d:15:57:8c:1f:69:a2:0a:5a:54:6c:62:83:54:b0:67:
         ed:c4:01:6c:a4:c2:e0:ed:96:f3:74:66:36:dc:ef:ce:97:57:
         85:04:59:b7:95:e4:3e:6a:ad:c1:e7:b8:83:80:2f:87:22:30:
         43:a8:1b:35:00:b9:b6:35:2a:3c:35:f9:39:9d:db:c7:df:12:
         c4:b8:f5:4a:65:e8:7a:57:6d:9a:99:cd:ea:1b:56:60:f4:9b:
         75:7b:8f:e6:29:6c:80:3a:67:6f:b1:fc:f3:5a:51:69:15:4d:
         13:07:4c:a5:0e:33:14:16:8b:f9:d2:1c:39:b8:cf:70:dd:c0:
         ed:89:cd:1d:6c:04:38:2c:3d:ef:50:25:1a:ce:d1:de:5a:35:
         6b:e9:2f:e9:3d:f4:32:5b:f2:fe:bb:73:3b:b7:1e:f8:ee:a0:
         69:c2:7c:5c:c5:81:4e:f5:40:ee:5f:bf:00:04:55:ec:a2:24:
         d9:a8:87:ee:df:d0:58:08:20:7e:da:de:a1:8e:95:5e:fb:44:
         fb:a1:b3:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHIDby0zU+34604O2AN2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjQwMTAxMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTY1OTYxOWFjYmZhMDU5NzU5ZDQzZGZmMDYzOTcwYWJhOTE4MmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIyCznfAIZKR3yWs02GAmNILfjsa
LnRDrwtdtx1OHOlPTem3l4IkToDH5eNslDuXpd6M+D9KwfDpDOE4JxyyAvBWT4h0
1bvQLzuwN3GermuI12zeyqQc5yPRLF3mnvdrLKxiYQDOcSDOKFoiPB9seB/Ni9lQ
2RHMmrqdVrk+krtCumNXaH8b5u8T1JtxH4HqiBOie/fo+Yu41cl209IqND4sxE36
B3puM2T4hhhYr06mYiTnEuTaZc7Nhi8ez7KpRJE+cDVLR1Jm2IIFT5xQ/0I6GgLM
IvcL/r9JwdwaiPgPJ40RuNOpqWLTeHbq4EeB8GUBclq9m6L+MzG3wpPmXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5llhmsv6BZdZ1D3/Bjlwq6kYL1MB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvTG1XV0dheV9vRmwxblVQZjhHT1hDcnFSZ3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE0ePQMA0G
CSqGSIb3DQEBCwUAA4IBAQATJem6QEGG15NbNF5rXq7ajOSBBPfH3j6mVTFCtoAW
CV8GeRo9Rp4XuS778qzKSuvBsxTmY+6Nuy0VV4wfaaIKWlRsYoNUsGftxAFspMLg
7ZbzdGY23O/Ol1eFBFm3leQ+aq3B57iDgC+HIjBDqBs1ALm2NSo8Nfk5ndvH3xLE
uPVKZeh6V22amc3qG1Zg9Jt1e4/mKWyAOmdvsfzzWlFpFU0TB0ylDjMUFov50hw5
uM9w3cDtic0dbAQ4LD3vUCUaztHeWjVr6S/pPfQyW/L+u3M7tx747qBpwnxcxYFO
9UDuX78ABFXsoiTZqIfu39BYCCB+2t6hjpVe+0T7obNG
-----END CERTIFICATE-----