Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/LAFEC7e9pH2049HNL4TWiCEqKo0.roa
File:                     LAFEC7e9pH2049HNL4TWiCEqKo0.roa (raw, json)
Hash identifier:          h3j/XG1UP1167ELdB8uaEnwL1nmIeW4wkFNDUeMaMkE=
Subject key identifier:   2C:01:44:0B:B7:BD:A4:7D:B4:E3:D1:CD:2F:84:D6:88:21:2A:2A:8D
Certificate issuer:       /CN=f5a291224f82bc6d26b519ed7afbe25cb32c115c
Certificate serial:       018CC49333805414DA21B1DA50385EF0C40A
Authority key identifier: F5:A2:91:22:4F:82:BC:6D:26:B5:19:ED:7A:FB:E2:5C:B3:2C:11:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9aKRIk-CvG0mtRntevviXLMsEVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/LAFEC7e9pH2049HNL4TWiCEqKo0.roa
Signing time:             Mon 01 Jan 2024 10:30:30 +0000
ROA not before:           Mon 01 Jan 2024 10:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        193.238.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/9aKRIk-CvG0mtRntevviXLMsEVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/9aKRIk-CvG0mtRntevviXLMsEVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9aKRIk-CvG0mtRntevviXLMsEVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:33:80:54:14:da:21:b1:da:50:38:5e:f0:c4:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a291224f82bc6d26b519ed7afbe25cb32c115c
        Validity
            Not Before: Jan  1 10:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c01440bb7bda47db4e3d1cd2f84d688212a2a8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:1e:7c:f3:82:ec:67:82:85:f8:5f:da:75:1a:
                    77:8b:21:c1:b7:e0:1a:1a:1a:5c:42:cf:e5:f7:4f:
                    5c:d3:75:62:ad:73:87:b1:3b:5d:e2:e1:89:dd:e0:
                    3c:69:f0:62:e9:3b:68:60:a7:19:b1:c0:88:7a:a9:
                    f6:12:20:ad:1b:12:a8:47:85:da:38:ef:f4:81:45:
                    e3:35:fc:8f:6a:b5:f6:bb:af:03:3b:01:42:42:7f:
                    e5:fe:68:5e:50:00:6e:13:b6:94:54:5b:34:9c:13:
                    75:1b:fa:c3:21:5d:7c:c9:a5:46:c8:0e:cd:0b:d6:
                    cb:14:f8:c1:83:dd:9a:63:61:72:db:b2:d6:ba:80:
                    6d:ce:6e:52:96:3e:ef:99:ac:eb:3c:08:6c:ee:a9:
                    c8:84:4e:d9:eb:ff:95:8a:95:a0:82:f4:73:ff:62:
                    08:e7:ea:05:e3:bc:aa:54:40:e6:cc:94:72:91:1e:
                    a2:6b:38:89:33:ff:b1:06:36:a8:1a:82:3f:df:12:
                    ca:78:7e:a0:35:58:26:2f:51:ac:e2:59:1e:e2:16:
                    02:0d:8d:5c:44:f6:0f:ee:a6:87:c5:69:b4:c2:5f:
                    5c:bf:af:d8:82:21:e4:aa:bc:1e:5e:b4:26:a4:3e:
                    88:f4:90:05:6b:80:57:db:87:99:c9:3e:d8:9c:84:
                    e9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:01:44:0B:B7:BD:A4:7D:B4:E3:D1:CD:2F:84:D6:88:21:2A:2A:8D
            X509v3 Authority Key Identifier:
                keyid:F5:A2:91:22:4F:82:BC:6D:26:B5:19:ED:7A:FB:E2:5C:B3:2C:11:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9aKRIk-CvG0mtRntevviXLMsEVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/LAFEC7e9pH2049HNL4TWiCEqKo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/9aKRIk-CvG0mtRntevviXLMsEVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:9b:e2:2e:40:f7:60:b3:28:68:e9:8a:3f:11:b6:fd:a7:e8:
         35:c5:ed:22:7a:3a:26:a4:cb:6f:82:14:7e:eb:af:7e:b6:4a:
         e5:cc:c8:c2:3a:bc:07:43:46:c1:86:9f:20:37:cc:e3:8f:6c:
         9f:cc:a4:83:6c:2f:3b:c2:2c:8b:c1:18:30:0e:7c:6a:5e:1f:
         b9:8f:0b:11:1a:d3:7a:86:fa:01:9d:4c:fe:19:c1:d7:19:94:
         92:f0:18:8d:63:ff:f4:d0:94:6f:20:0a:b0:25:06:b5:bf:8f:
         fd:47:37:6e:5b:6d:6c:80:33:47:e0:2a:13:35:de:a6:77:ac:
         1d:db:42:88:06:ab:70:59:c2:c1:0f:8d:fb:55:0a:db:91:3c:
         47:36:7a:49:70:30:3d:47:c2:e9:4a:78:0a:2b:a4:87:ea:a2:
         ce:be:f5:80:49:b5:e0:54:73:97:56:5f:d9:20:54:4a:8a:e1:
         24:b2:01:ec:a8:e6:7d:20:b2:03:e2:1e:7c:aa:e1:6a:4d:be:
         64:cf:4d:b2:6f:5c:1f:04:e0:07:7f:48:a8:30:61:0c:e0:af:
         4b:33:0d:34:10:a1:2f:46:31:f2:2e:d8:8d:32:2a:b4:d9:21:
         da:58:14:3e:be:61:b9:69:3c:60:bc:3e:d8:35:a4:ed:64:88:
         4e:3f:c5:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzOAVBTaIbHaUDhe8MQKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1YTI5MTIyNGY4MmJjNmQyNmI1MTllZDdhZmJlMjVjYjMy
YzExNWMwHhcNMjQwMTAxMTAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzAxNDQwYmI3YmRhNDdkYjRlM2QxY2QyZjg0ZDY4ODIxMmEyYThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8h5884LsZ4KF+F/adRp3iyHBt+Aa
GhpcQs/l909c03VirXOHsTtd4uGJ3eA8afBi6TtoYKcZscCIeqn2EiCtGxKoR4Xa
OO/0gUXjNfyParX2u68DOwFCQn/l/mheUABuE7aUVFs0nBN1G/rDIV18yaVGyA7N
C9bLFPjBg92aY2Fy27LWuoBtzm5Slj7vmazrPAhs7qnIhE7Z6/+VipWggvRz/2II
5+oF47yqVEDmzJRykR6iaziJM/+xBjaoGoI/3xLKeH6gNVgmL1Gs4lke4hYCDY1c
RPYP7qaHxWm0wl9cv6/YgiHkqrweXrQmpD6I9JAFa4BX24eZyT7YnITphwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwBRAu3vaR9tOPRzS+E1oghKiqNMB8GA1UdIwQY
MBaAFPWikSJPgrxtJrUZ7Xr74lyzLBFcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWFLUklrLUN2RzBtdFJudGV2dmlYTE1zRVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC84YTVjYzItYzU0Mi00YzliLTgwNzct
YmM3OTc3Mzk2ZDliLzEvTEFGRUM3ZTlwSDIwNDlITkw0VFdpQ0VxS28wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC84YTVjYzItYzU0Mi00YzliLTgwNzctYmM3OTc3Mzk2ZDli
LzEvOWFLUklrLUN2RzBtdFJudGV2dmlYTE1zRVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwe4YMA0G
CSqGSIb3DQEBCwUAA4IBAQCbm+IuQPdgsyho6Yo/Ebb9p+g1xe0iejompMtvghR+
669+tkrlzMjCOrwHQ0bBhp8gN8zjj2yfzKSDbC87wiyLwRgwDnxqXh+5jwsRGtN6
hvoBnUz+GcHXGZSS8BiNY//00JRvIAqwJQa1v4/9RzduW21sgDNH4CoTNd6md6wd
20KIBqtwWcLBD437VQrbkTxHNnpJcDA9R8LpSngKK6SH6qLOvvWASbXgVHOXVl/Z
IFRKiuEksgHsqOZ9ILID4h58quFqTb5kz02yb1wfBOAHf0ioMGEM4K9LMw00EKEv
RjHyLtiNMiq02SHaWBQ+vmG5aTxgvD7YNaTtZIhOP8Wo
-----END CERTIFICATE-----