Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/LAk4H6vFIjjq6_YRTc7Qrx4uqpE.roa
File:                     LAk4H6vFIjjq6_YRTc7Qrx4uqpE.roa (raw, json)
Hash identifier:          EbwMEFIlbW1529xw0b9vZngQyETisP0KjXydhPonaSs=
Subject key identifier:   2C:09:38:1F:AB:C5:22:38:EA:EB:F6:11:4D:CE:D0:AF:1E:2E:AA:91
Certificate issuer:       /CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
Certificate serial:       018CC94DABC16DFF23979AD6222B5E25D22A
Authority key identifier: 30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/LAk4H6vFIjjq6_YRTc7Qrx4uqpE.roa
Signing time:             Tue 02 Jan 2024 08:32:39 +0000
ROA not before:           Tue 02 Jan 2024 08:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205939
IP address blocks:        185.145.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ab:c1:6d:ff:23:97:9a:d6:22:2b:5e:25:d2:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
        Validity
            Not Before: Jan  2 08:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c09381fabc52238eaebf6114dced0af1e2eaa91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:8f:d8:d3:9d:67:cf:4e:f4:4d:e0:c6:d5:da:
                    5f:e2:6e:5e:92:af:42:ba:ef:de:46:a2:1b:dc:9c:
                    c3:bd:ff:02:2a:43:d6:1c:54:29:54:f0:0f:81:9b:
                    45:81:f3:f3:99:d8:fa:ec:64:9c:b6:ff:e1:5b:ae:
                    3c:f3:72:98:7c:14:19:41:79:b6:25:8c:50:9c:b7:
                    9e:89:88:58:ae:f8:72:7c:b5:07:4b:e7:07:6e:3f:
                    c2:04:c4:95:f6:bd:a7:83:44:5b:bb:e5:90:6d:c3:
                    75:62:a9:b1:77:34:54:23:37:56:b4:31:53:f4:cc:
                    7b:70:c8:8f:ea:e4:7a:21:3d:5b:c9:09:69:7a:76:
                    8e:65:5d:07:d2:b7:90:9d:5f:51:e1:02:3e:c2:72:
                    36:f2:e7:44:20:19:c5:20:5e:c6:28:df:0a:22:8f:
                    fe:e1:51:0e:b1:a9:60:39:c5:62:b6:cd:32:38:f1:
                    d0:2d:c6:e0:a8:e7:b1:a8:21:09:5d:e7:6d:68:91:
                    fe:95:77:c1:bb:3a:8a:b8:37:5f:f1:e9:41:12:37:
                    ba:d3:c9:90:ed:ce:84:0b:bc:3d:48:91:ec:bf:ba:
                    b2:81:5c:05:fc:20:76:48:fb:02:95:e5:9f:39:c9:
                    cd:b6:47:d5:67:9c:34:cd:e4:98:7a:06:50:69:2a:
                    d2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:09:38:1F:AB:C5:22:38:EA:EB:F6:11:4D:CE:D0:AF:1E:2E:AA:91
            X509v3 Authority Key Identifier:
                keyid:30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/LAk4H6vFIjjq6_YRTc7Qrx4uqpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:17:b9:9d:f8:73:68:df:1a:4a:29:02:1d:bd:84:6b:10:16:
         0e:21:40:37:6a:0e:57:66:a1:c3:30:ec:79:81:2e:a0:01:1c:
         e5:46:8e:ab:42:4f:59:96:8d:a1:3e:79:46:dd:f8:58:a1:3b:
         7f:87:64:e9:90:19:fd:69:2b:22:ec:95:ee:63:50:45:49:27:
         fc:f7:b0:b7:97:70:36:1f:64:1e:1e:df:d2:39:3a:10:bb:b5:
         75:51:51:ec:dc:3d:a9:39:43:40:10:5e:60:74:d5:c9:e7:64:
         8a:dd:1c:f2:03:31:9b:75:7c:41:1c:3a:ac:7c:1d:c3:4a:db:
         b4:27:e8:2c:b0:02:7c:21:02:dd:c9:e3:ed:2b:1a:88:e4:96:
         28:da:a1:b1:5e:b8:f5:da:90:f9:1a:1b:63:40:cb:e9:b9:01:
         53:98:4f:cb:ac:ab:d4:8e:4d:7a:04:3c:34:15:18:c5:7f:85:
         79:a0:f8:eb:3f:e2:70:54:fa:da:b4:d6:ea:2c:aa:d1:6a:a8:
         24:0b:39:51:52:b4:f7:b9:90:bc:b1:15:f8:a9:e1:6e:20:6c:
         68:f4:60:be:d5:9d:57:44:db:0a:ba:ff:fd:d7:71:c2:92:15:
         a6:8e:be:b4:24:54:7b:95:7c:85:79:00:e5:66:6a:5e:e7:a4:
         df:6e:4e:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTavBbf8jl5rWIiteJdIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjFiYTYxMTFjOGYxZDNmMzdjMWI3YzFhNWVkNzM3NDAy
MTkyZjIwHhcNMjQwMTAyMDgzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzA5MzgxZmFiYzUyMjM4ZWFlYmY2MTE0ZGNlZDBhZjFlMmVhYTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiI/Y051nz070TeDG1dpf4m5ekq9C
uu/eRqIb3JzDvf8CKkPWHFQpVPAPgZtFgfPzmdj67GSctv/hW64883KYfBQZQXm2
JYxQnLeeiYhYrvhyfLUHS+cHbj/CBMSV9r2ng0Rbu+WQbcN1YqmxdzRUIzdWtDFT
9Mx7cMiP6uR6IT1byQlpenaOZV0H0reQnV9R4QI+wnI28udEIBnFIF7GKN8KIo/+
4VEOsalgOcVits0yOPHQLcbgqOexqCEJXedtaJH+lXfBuzqKuDdf8elBEje608mQ
7c6EC7w9SJHsv7qygVwF/CB2SPsCleWfOcnNtkfVZ5w0zeSYegZQaSrSywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwJOB+rxSI46uv2EU3O0K8eLqqRMB8GA1UdIwQY
MBaAFDDxumERyPHT83wbfBpe1zdAIZLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQt
YzMzMDE4NjMzZDMzLzEvTEFrNEg2dkZJampxNl9ZUlRjN1FyeDR1cXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQtYzMzMDE4NjMzZDMz
LzEvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZFNMA0G
CSqGSIb3DQEBCwUAA4IBAQALF7md+HNo3xpKKQIdvYRrEBYOIUA3ag5XZqHDMOx5
gS6gARzlRo6rQk9Zlo2hPnlG3fhYoTt/h2TpkBn9aSsi7JXuY1BFSSf897C3l3A2
H2QeHt/SOToQu7V1UVHs3D2pOUNAEF5gdNXJ52SK3RzyAzGbdXxBHDqsfB3DStu0
J+gssAJ8IQLdyePtKxqI5JYo2qGxXrj12pD5GhtjQMvpuQFTmE/LrKvUjk16BDw0
FRjFf4V5oPjrP+JwVPratNbqLKrRaqgkCzlRUrT3uZC8sRX4qeFuIGxo9GC+1Z1X
RNsKuv/913HCkhWmjr60JFR7lXyFeQDlZmpe56Tfbk6f
-----END CERTIFICATE-----