Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/LCllR5kcruqFhG2UtMJTA64PXNs.roa
File:                     LCllR5kcruqFhG2UtMJTA64PXNs.roa (raw, json)
Hash identifier:          2cLnllwkv6sWKBQADoPvSYF+yOxrXKQMS9io/ArmQyQ=
Subject key identifier:   2C:29:65:47:99:1C:AE:EA:85:84:6D:94:B4:C2:53:03:AE:0F:5C:DB
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018D8534F17B6390583061362221B760006A
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/LCllR5kcruqFhG2UtMJTA64PXNs.roa
Signing time:             Wed 07 Feb 2024 20:14:15 +0000
ROA not before:           Wed 07 Feb 2024 20:14:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        83.147.252.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:85:34:f1:7b:63:90:58:30:61:36:22:21:b7:60:00:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Feb  7 20:14:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c296547991caeea85846d94b4c25303ae0f5cdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:15:f8:38:1a:2c:4c:61:8d:6c:0f:cb:85:2d:
                    a9:d9:31:cb:28:fe:d7:08:2e:dc:0c:9d:53:a8:03:
                    c0:ae:6e:c6:a4:a0:50:53:dc:4b:3a:d3:e0:bc:aa:
                    99:30:86:2b:bb:a8:23:db:27:34:57:84:61:a2:2b:
                    e9:07:44:21:65:d2:30:fd:07:05:91:f9:9d:c7:09:
                    5b:46:a0:4b:59:93:f7:80:3b:68:6c:80:b8:a6:f1:
                    ce:5d:88:85:7c:be:3f:2c:5c:be:cf:90:59:1a:59:
                    c5:5b:fc:87:ed:a7:4d:18:94:df:0a:cd:a1:ac:62:
                    c2:de:13:7a:85:74:cf:86:52:02:37:3c:9d:ac:c8:
                    c9:4b:69:89:ab:2f:9c:a8:bd:79:1e:c5:89:e2:c8:
                    2b:d4:41:6c:b2:e5:73:ac:0b:e4:16:f2:39:b6:92:
                    4c:7b:8e:c8:a1:f5:de:44:a1:25:c4:aa:88:ed:9b:
                    1d:93:a6:a0:23:6a:67:ff:fe:4a:38:24:66:cc:85:
                    fc:8f:92:95:d3:0d:2d:da:87:8a:fa:11:11:38:d9:
                    ae:4d:be:a5:6d:8d:4b:1f:d9:2d:c8:c8:61:c8:c0:
                    ab:c2:5f:be:f1:25:5b:ab:08:84:3a:60:87:a4:19:
                    b5:ca:4d:a2:0a:be:c7:b8:92:65:2b:2b:63:c8:01:
                    2b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:29:65:47:99:1C:AE:EA:85:84:6D:94:B4:C2:53:03:AE:0F:5C:DB
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/LCllR5kcruqFhG2UtMJTA64PXNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:ed:d5:5f:97:47:10:12:c9:1d:ed:85:0c:a4:42:ef:5c:5c:
         d5:69:52:7b:0f:fd:f2:bb:f7:53:8d:8c:32:89:fe:31:a3:06:
         a2:c4:85:cf:49:a2:e6:1e:8f:27:de:51:0c:90:fb:59:e0:bf:
         d5:18:2e:e9:8b:01:c0:0a:d9:d6:ce:6f:2c:8f:c3:92:44:63:
         26:42:87:ef:e5:cc:a1:50:c6:8e:7a:b3:fe:c6:04:47:3a:d6:
         ed:98:9b:71:10:df:d0:7e:43:1e:ba:24:f7:a7:e9:a9:a2:68:
         49:f4:30:d2:ae:fe:80:77:1d:63:28:d1:a0:ea:96:4c:ef:d4:
         ab:67:b2:93:20:a5:3c:a4:e1:06:de:e8:08:ff:3c:9f:82:de:
         a6:aa:aa:ad:8f:cf:70:29:33:ed:db:34:2b:19:7f:77:2f:42:
         69:62:46:ef:11:9a:13:5e:39:3d:bb:4c:ac:51:68:f3:ee:b9:
         f0:49:9a:82:fd:81:82:8e:4f:99:1c:19:c3:e3:60:f3:85:e7:
         77:61:2c:b5:3e:4e:4b:6d:f9:37:48:6f:79:bc:fb:6c:44:2b:
         72:c6:d7:89:47:1d:0d:5e:55:31:e8:32:56:93:96:b0:45:6f:
         ce:2d:ed:40:87:89:5a:13:90:f9:9e:ee:aa:87:e4:c6:3e:d7:
         ee:64:9b:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2FNPF7Y5BYMGE2IiG3YABqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMjA3MjAxNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzI5NjU0Nzk5MWNhZWVhODU4NDZkOTRiNGMyNTMwM2FlMGY1Y2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixX4OBosTGGNbA/LhS2p2THLKP7X
CC7cDJ1TqAPArm7GpKBQU9xLOtPgvKqZMIYru6gj2yc0V4RhoivpB0QhZdIw/QcF
kfmdxwlbRqBLWZP3gDtobIC4pvHOXYiFfL4/LFy+z5BZGlnFW/yH7adNGJTfCs2h
rGLC3hN6hXTPhlICNzydrMjJS2mJqy+cqL15HsWJ4sgr1EFssuVzrAvkFvI5tpJM
e47IofXeRKElxKqI7Zsdk6agI2pn//5KOCRmzIX8j5KV0w0t2oeK+hERONmuTb6l
bY1LH9ktyMhhyMCrwl++8SVbqwiEOmCHpBm1yk2iCr7HuJJlKytjyAErqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwpZUeZHK7qhYRtlLTCUwOuD1zbMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvTENsbFI1a2NydXFGaEcyVXRNSlRBNjRQWE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5P8MA0G
CSqGSIb3DQEBCwUAA4IBAQAt7dVfl0cQEskd7YUMpELvXFzVaVJ7D/3yu/dTjYwy
if4xowaixIXPSaLmHo8n3lEMkPtZ4L/VGC7piwHACtnWzm8sj8OSRGMmQofv5cyh
UMaOerP+xgRHOtbtmJtxEN/QfkMeuiT3p+mpomhJ9DDSrv6Adx1jKNGg6pZM79Sr
Z7KTIKU8pOEG3ugI/zyfgt6mqqqtj89wKTPt2zQrGX93L0JpYkbvEZoTXjk9u0ys
UWjz7rnwSZqC/YGCjk+ZHBnD42Dzhed3YSy1Pk5Lbfk3SG95vPtsRCtyxteJRx0N
XlUx6DJWk5awRW/OLe1Ah4laE5D5nu6qh+TGPtfuZJs5
-----END CERTIFICATE-----