Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/LBr4y1yoJCtkwEdo9mLo1X5mPSk.roa
File:                     LBr4y1yoJCtkwEdo9mLo1X5mPSk.roa (raw, json)
Hash identifier:          ZfC1mHZIooGj6p9b86PwJABut2voF2PexOgvROX1234=
Subject key identifier:   2C:1A:F8:CB:5C:A8:24:2B:64:C0:47:68:F6:62:E8:D5:7E:66:3D:29
Certificate issuer:       /CN=e52d8b5cba7c2d2b8af046eb7f310105ac0c09ac
Certificate serial:       0190A6C34A7AD13F301E30B87C8AD5030A69
Authority key identifier: E5:2D:8B:5C:BA:7C:2D:2B:8A:F0:46:EB:7F:31:01:05:AC:0C:09:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5S2LXLp8LSuK8EbrfzEBBawMCaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/LBr4y1yoJCtkwEdo9mLo1X5mPSk.roa
Signing time:             Fri 12 Jul 2024 11:45:34 +0000
ROA not before:           Fri 12 Jul 2024 11:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44152
IP address blocks:        185.19.172.0/22 maxlen: 24
                          185.59.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/5S2LXLp8LSuK8EbrfzEBBawMCaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/5S2LXLp8LSuK8EbrfzEBBawMCaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5S2LXLp8LSuK8EbrfzEBBawMCaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a6:c3:4a:7a:d1:3f:30:1e:30:b8:7c:8a:d5:03:0a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e52d8b5cba7c2d2b8af046eb7f310105ac0c09ac
        Validity
            Not Before: Jul 12 11:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c1af8cb5ca8242b64c04768f662e8d57e663d29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bf:f5:3c:59:67:82:d0:6b:d1:bb:bc:83:59:
                    8e:da:8f:6e:6d:13:49:e2:e6:91:71:4a:ec:3c:c2:
                    44:0b:6b:de:50:99:9d:2b:18:d1:0d:79:01:04:20:
                    14:cd:e7:9c:a3:5b:9b:3b:8f:c9:82:04:08:2e:ca:
                    a7:ea:15:2d:65:14:d1:e4:64:0e:f6:a5:3d:56:88:
                    3f:16:1f:90:90:64:39:b7:8e:cc:88:ce:ad:64:27:
                    52:c8:27:d1:94:3f:73:71:c7:db:81:b6:c9:31:79:
                    86:23:b9:6d:09:a6:3f:8a:b5:97:f9:42:56:03:4c:
                    73:3c:6e:00:95:2d:0b:c9:2f:88:60:be:f4:df:b5:
                    60:e4:74:a1:61:68:ab:39:93:1b:9e:c7:39:08:9e:
                    68:92:a6:c7:66:63:c7:fa:dd:15:ac:78:74:34:5c:
                    57:f7:58:97:f5:aa:67:d5:6c:1f:71:e7:62:a4:35:
                    22:25:43:b6:68:d3:2b:ce:4a:16:38:75:6b:be:1a:
                    a1:31:64:3e:e2:7e:64:45:3a:35:28:93:76:9c:93:
                    c9:88:7c:39:09:7b:d7:6a:c0:3f:0e:d5:60:d6:66:
                    a2:ce:21:1b:b9:25:4f:b9:7c:81:95:4d:b3:6b:4e:
                    be:c3:a2:8c:72:77:61:7a:0b:75:c0:96:37:91:3d:
                    02:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:1A:F8:CB:5C:A8:24:2B:64:C0:47:68:F6:62:E8:D5:7E:66:3D:29
            X509v3 Authority Key Identifier:
                keyid:E5:2D:8B:5C:BA:7C:2D:2B:8A:F0:46:EB:7F:31:01:05:AC:0C:09:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5S2LXLp8LSuK8EbrfzEBBawMCaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/LBr4y1yoJCtkwEdo9mLo1X5mPSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/5S2LXLp8LSuK8EbrfzEBBawMCaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.172.0/22
                  185.59.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:11:fa:a2:60:64:a2:b3:f5:9e:13:59:45:35:50:45:a5:88:
         38:9e:37:2e:27:3b:6f:f9:5b:21:0b:b1:63:dc:ab:9a:8b:cc:
         58:c9:a0:54:32:e1:45:6c:79:4f:6a:75:4c:67:67:91:5d:6e:
         86:e9:17:5c:f0:6f:63:51:59:c0:88:a0:a3:a7:57:40:ab:3f:
         1e:61:c1:6f:80:ea:30:1e:89:45:ba:a3:0e:48:4a:59:d3:74:
         b9:13:d3:9e:88:80:be:5a:fa:11:3d:f1:b8:e9:bc:7c:c0:70:
         24:d6:da:a9:e3:17:48:92:0f:54:04:ac:23:59:3b:2d:aa:24:
         b3:73:c9:6f:54:9b:c8:08:91:ee:38:a7:53:f9:1b:f5:af:2d:
         0a:24:aa:5a:1e:35:53:82:8a:a6:75:1f:87:07:0f:f3:27:c5:
         b2:04:7e:e8:9c:a6:00:4e:69:c6:5b:5b:dc:b0:67:66:5b:76:
         7a:67:23:b9:35:94:2e:de:4e:65:38:54:be:3d:b1:d6:a3:e8:
         dd:47:4e:14:63:9b:6a:36:2d:c8:66:05:b5:77:3f:51:15:4f:
         a1:31:42:55:06:56:25:af:8a:62:a3:11:46:74:74:6a:a2:5f:
         99:6f:3e:21:9e:34:19:ce:75:e9:ff:23:c8:51:9f:03:a5:a3:
         fe:32:f9:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCmw0p60T8wHjC4fIrVAwppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MmQ4YjVjYmE3YzJkMmI4YWYwNDZlYjdmMzEwMTA1YWMw
YzA5YWMwHhcNMjQwNzEyMTE0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzFhZjhjYjVjYTgyNDJiNjRjMDQ3NjhmNjYyZThkNTdlNjYzZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqr/1PFlngtBr0bu8g1mO2o9ubRNJ
4uaRcUrsPMJEC2veUJmdKxjRDXkBBCAUzeeco1ubO4/JggQILsqn6hUtZRTR5GQO
9qU9Vog/Fh+QkGQ5t47MiM6tZCdSyCfRlD9zccfbgbbJMXmGI7ltCaY/irWX+UJW
A0xzPG4AlS0LyS+IYL7037Vg5HShYWirOZMbnsc5CJ5okqbHZmPH+t0VrHh0NFxX
91iX9apn1WwfcedipDUiJUO2aNMrzkoWOHVrvhqhMWQ+4n5kRTo1KJN2nJPJiHw5
CXvXasA/DtVg1maiziEbuSVPuXyBlU2za06+w6KMcndhegt1wJY3kT0CRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCwa+MtcqCQrZMBHaPZi6NV+Zj0pMB8GA1UdIwQY
MBaAFOUti1y6fC0rivBG638xAQWsDAmsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVMyTFhMcDhMU3VLOEVicmZ6RUJCYXdNQ2F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9kNGY4M2QtZmI1My00MjRmLTg1MWQt
YzBkMDYyYTc1MzU0LzEvTEJyNHkxeW9KQ3Rrd0VkbzltTG8xWDVtUFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9kNGY4M2QtZmI1My00MjRmLTg1MWQtYzBkMDYyYTc1MzU0
LzEvNVMyTFhMcDhMU3VLOEVicmZ6RUJCYXdNQ2F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuROsAwQC
uTv4MA0GCSqGSIb3DQEBCwUAA4IBAQAcEfqiYGSis/WeE1lFNVBFpYg4njcuJztv
+VshC7Fj3Kuai8xYyaBUMuFFbHlPanVMZ2eRXW6G6Rdc8G9jUVnAiKCjp1dAqz8e
YcFvgOowHolFuqMOSEpZ03S5E9OeiIC+WvoRPfG46bx8wHAk1tqp4xdIkg9UBKwj
WTstqiSzc8lvVJvICJHuOKdT+Rv1ry0KJKpaHjVTgoqmdR+HBw/zJ8WyBH7onKYA
TmnGW1vcsGdmW3Z6ZyO5NZQu3k5lOFS+PbHWo+jdR04UY5tqNi3IZgW1dz9RFU+h
MUJVBlYlr4pioxFGdHRqol+Zbz4hnjQZznXp/yPIUZ8DpaP+MvnW
-----END CERTIFICATE-----