Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/LTlSZZQaFF2GTxGI_WNKE-Ou_xo.roa
File:                     LTlSZZQaFF2GTxGI_WNKE-Ou_xo.roa (raw, json)
Hash identifier:          2Mt11r+p071nTd8rH/zYUW00AKTGyGAW3CvbkdDcg7U=
Subject key identifier:   2D:39:52:65:94:1A:14:5D:86:4F:11:88:FD:63:4A:13:E3:AE:FF:1A
Certificate issuer:       /CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
Certificate serial:       018CC94DAA12F959CEF658EE78BDBE12443E
Authority key identifier: 30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/LTlSZZQaFF2GTxGI_WNKE-Ou_xo.roa
Signing time:             Tue 02 Jan 2024 08:32:39 +0000
ROA not before:           Tue 02 Jan 2024 08:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60620
IP address blocks:        185.14.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:aa:12:f9:59:ce:f6:58:ee:78:bd:be:12:44:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
        Validity
            Not Before: Jan  2 08:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d395265941a145d864f1188fd634a13e3aeff1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e5:ca:63:fa:ba:fb:a0:43:83:96:b8:cc:1e:
                    ee:c3:90:b2:12:fd:0c:7e:ff:ac:14:eb:6a:ca:15:
                    d1:cc:8e:6c:7d:e8:4f:f9:f8:2c:a1:26:a8:a9:84:
                    69:0e:70:bf:93:77:0f:29:87:f8:28:5e:79:f4:b2:
                    29:f6:48:ac:91:30:d3:97:53:ff:3b:22:bc:57:ea:
                    88:be:4a:d6:c2:fb:43:3a:6e:ca:8e:01:db:17:5b:
                    10:91:e1:10:ef:0d:1c:0b:62:10:54:28:2f:27:22:
                    1b:49:68:21:7c:44:9b:3b:16:87:9d:80:d0:07:7f:
                    20:ea:3c:a2:e1:17:e5:21:8b:a6:ba:6a:ea:f8:af:
                    c7:8c:69:7e:f1:7f:a2:ec:a1:b7:e1:90:b1:98:5c:
                    7e:11:a1:06:d2:d7:64:82:19:b4:9a:25:d8:76:7c:
                    63:52:2e:9a:c8:e5:5b:7f:d6:99:34:c4:38:ca:e3:
                    b5:cc:22:b5:00:b1:f2:21:ee:1b:31:0b:28:29:53:
                    b3:3f:be:ef:2e:56:5a:e0:cb:12:b0:7f:6c:1b:2e:
                    5e:dc:5a:28:37:f8:2f:c6:1c:d4:2b:4e:13:a8:05:
                    6d:6d:0b:c0:94:97:39:39:fd:40:87:d8:05:fe:38:
                    ee:c9:33:2d:09:e4:00:7c:21:49:f9:b6:81:a5:f8:
                    d6:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:39:52:65:94:1A:14:5D:86:4F:11:88:FD:63:4A:13:E3:AE:FF:1A
            X509v3 Authority Key Identifier:
                keyid:30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/LTlSZZQaFF2GTxGI_WNKE-Ou_xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:5f:23:55:e7:b0:91:d5:2e:21:96:50:86:46:75:a8:12:74:
         c0:98:de:2f:10:de:91:72:5a:b3:7f:41:7f:c4:a4:ed:da:f7:
         77:28:0b:a8:3f:9b:79:81:f8:6b:be:67:de:2a:0d:4a:98:34:
         66:24:2d:55:cb:a5:38:3f:a6:64:c9:c0:dc:94:8b:a4:30:c6:
         f6:78:86:28:9d:32:27:75:35:e4:6c:c5:39:99:92:f9:7d:91:
         c3:93:c8:12:8a:3d:07:38:03:39:23:85:9c:66:d0:7f:e4:d9:
         16:b9:40:4e:61:b0:4f:d3:1d:57:23:50:6e:be:c2:5f:a3:41:
         32:50:40:55:a7:4a:e2:3f:b2:4c:a8:51:bc:f9:5b:97:69:99:
         9e:5f:ac:f8:06:2f:fe:41:9c:fd:b7:1e:0f:f7:b3:84:6e:8d:
         a6:a9:c9:5e:de:43:b0:c7:ea:ed:75:2b:c3:ec:9e:a2:b2:9c:
         63:0f:a5:6c:f0:38:09:ff:37:62:dc:19:ef:69:7a:e1:da:7b:
         46:35:29:33:a6:3c:8a:82:8b:19:6b:d9:a6:0d:09:20:b2:f2:
         7e:37:90:ee:e1:52:50:d1:8b:6c:74:29:c3:ba:4a:a7:01:1d:
         17:bc:b7:bf:74:54:fe:7e:51:6c:89:d2:7a:a6:59:5e:90:bb:
         e7:d6:04:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTaoS+VnO9ljueL2+EkQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjFiYTYxMTFjOGYxZDNmMzdjMWI3YzFhNWVkNzM3NDAy
MTkyZjIwHhcNMjQwMTAyMDgzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDM5NTI2NTk0MWExNDVkODY0ZjExODhmZDYzNGExM2UzYWVmZjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eXKY/q6+6BDg5a4zB7uw5CyEv0M
fv+sFOtqyhXRzI5sfehP+fgsoSaoqYRpDnC/k3cPKYf4KF559LIp9kiskTDTl1P/
OyK8V+qIvkrWwvtDOm7KjgHbF1sQkeEQ7w0cC2IQVCgvJyIbSWghfESbOxaHnYDQ
B38g6jyi4RflIYumumrq+K/HjGl+8X+i7KG34ZCxmFx+EaEG0tdkghm0miXYdnxj
Ui6ayOVbf9aZNMQ4yuO1zCK1ALHyIe4bMQsoKVOzP77vLlZa4MsSsH9sGy5e3Foo
N/gvxhzUK04TqAVtbQvAlJc5Of1Ah9gF/jjuyTMtCeQAfCFJ+baBpfjWUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC05UmWUGhRdhk8RiP1jShPjrv8aMB8GA1UdIwQY
MBaAFDDxumERyPHT83wbfBpe1zdAIZLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQt
YzMzMDE4NjMzZDMzLzEvTFRsU1paUWFGRjJHVHhHSV9XTktFLU91X3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQtYzMzMDE4NjMzZDMz
LzEvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ6xMA0G
CSqGSIb3DQEBCwUAA4IBAQBfXyNV57CR1S4hllCGRnWoEnTAmN4vEN6Rclqzf0F/
xKTt2vd3KAuoP5t5gfhrvmfeKg1KmDRmJC1Vy6U4P6ZkycDclIukMMb2eIYonTIn
dTXkbMU5mZL5fZHDk8gSij0HOAM5I4WcZtB/5NkWuUBOYbBP0x1XI1BuvsJfo0Ey
UEBVp0riP7JMqFG8+VuXaZmeX6z4Bi/+QZz9tx4P97OEbo2mqcle3kOwx+rtdSvD
7J6ispxjD6Vs8DgJ/zdi3BnvaXrh2ntGNSkzpjyKgosZa9mmDQkgsvJ+N5Du4VJQ
0YtsdCnDukqnAR0XvLe/dFT+flFsidJ6pllekLvn1gQq
-----END CERTIFICATE-----