Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/LmzEojZvyCiGI9_D9yUIX0FIyoE.roa
File:                     LmzEojZvyCiGI9_D9yUIX0FIyoE.roa (raw, json)
Hash identifier:          I8/RAMi48nQFuJVbQ7VLUyZcnZkUFB8VFZuT9FcbCCQ=
Subject key identifier:   2E:6C:C4:A2:36:6F:C8:28:86:23:DF:C3:F7:25:08:5F:41:48:CA:81
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA993B5325C1ACBCEEAF0C6D5B1352
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/LmzEojZvyCiGI9_D9yUIX0FIyoE.roa
Signing time:             Tue 02 Jan 2024 10:31:38 +0000
ROA not before:           Tue 02 Jan 2024 10:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47216
IP address blocks:        91.186.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:99:3b:53:25:c1:ac:bc:ee:af:0c:6d:5b:13:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e6cc4a2366fc8288623dfc3f725085f4148ca81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4c:80:04:40:f4:34:5e:26:92:0e:af:09:d7:
                    24:ba:df:38:dd:f5:5f:7d:c1:a9:40:37:13:67:7e:
                    72:3f:ef:9f:f8:73:4d:fa:8f:da:c2:46:e6:cc:ab:
                    67:5d:b2:5d:4e:3b:d3:a4:cc:af:77:64:80:42:29:
                    da:2f:cb:a1:a4:59:7a:27:bf:0a:b8:64:4e:bb:a5:
                    e3:ad:2a:83:85:21:ca:79:8e:8b:31:7d:b9:97:5e:
                    08:46:cd:52:04:38:cd:b3:72:3e:17:4c:f3:0b:be:
                    f6:c0:2f:4a:64:1c:08:6b:ca:75:9a:1e:7d:35:e7:
                    96:3e:2a:b6:62:e7:cb:90:6c:e8:50:8c:b4:08:f7:
                    0b:1f:71:a1:1e:9d:ae:ce:f3:bc:29:36:cc:64:f7:
                    a3:01:b1:69:a3:67:dd:a7:d3:04:d2:fa:f8:6d:6e:
                    09:f6:4c:28:0c:1a:5d:78:fe:04:4b:a1:46:60:b3:
                    00:9d:7c:e4:af:31:75:b9:a1:8b:8c:23:b8:44:09:
                    9b:26:77:9a:13:a6:d3:05:ab:f7:db:2e:d3:b5:85:
                    fc:25:77:94:65:b1:09:ca:68:0d:2b:03:1d:35:f7:
                    d6:2b:1c:b0:93:d2:61:4e:7e:6f:c2:5b:70:9a:87:
                    54:ce:69:7a:c1:3f:c7:b3:c8:29:1e:93:0c:84:7d:
                    21:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:6C:C4:A2:36:6F:C8:28:86:23:DF:C3:F7:25:08:5F:41:48:CA:81
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/LmzEojZvyCiGI9_D9yUIX0FIyoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:2d:35:e7:bc:06:d5:0b:a7:cc:1b:dd:65:a4:ca:20:94:2c:
         81:62:a9:59:c3:89:1b:e5:80:52:f6:e4:06:f7:0a:13:0f:75:
         92:61:8d:e8:01:2a:76:dd:37:11:5a:05:eb:04:a0:c0:85:8c:
         35:6e:53:a6:dd:db:4b:05:91:40:37:c8:22:38:86:09:1a:8a:
         b5:65:54:30:bc:30:34:e2:61:1c:16:5f:18:50:66:cd:b1:f9:
         85:b3:d7:9d:67:06:e7:14:d8:9f:4e:4e:8a:55:15:00:85:cb:
         77:56:e1:52:e3:38:7e:f3:0e:b1:43:02:66:8d:f5:fd:a3:14:
         95:69:f3:ae:e4:c6:9d:2b:cd:fa:46:0c:23:a8:8c:ff:de:1d:
         9c:a7:ad:68:56:72:53:c9:02:06:10:ab:16:90:3a:73:47:71:
         fc:a0:69:11:0f:9c:a0:f3:bd:39:ce:79:d6:d2:84:5b:58:e2:
         09:2d:5c:ad:a0:90:e6:b6:1c:59:e0:30:61:6c:fd:8d:3f:9e:
         85:21:00:93:95:cc:eb:ae:8d:13:3b:46:6b:8f:c6:38:bb:80:
         e8:77:eb:f6:4e:ab:b4:04:e8:c5:09:ee:d9:2b:6e:5f:9c:a3:
         ef:23:62:ce:e5:3b:5f:c7:3d:69:70:2a:6f:c0:b2:a9:18:06:
         36:ac:19:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJupk7UyXBrLzurwxtWxNSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTZjYzRhMjM2NmZjODI4ODYyM2RmYzNmNzI1MDg1ZjQxNDhjYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0yABED0NF4mkg6vCdckut843fVf
fcGpQDcTZ35yP++f+HNN+o/awkbmzKtnXbJdTjvTpMyvd2SAQinaL8uhpFl6J78K
uGROu6XjrSqDhSHKeY6LMX25l14IRs1SBDjNs3I+F0zzC772wC9KZBwIa8p1mh59
NeeWPiq2YufLkGzoUIy0CPcLH3GhHp2uzvO8KTbMZPejAbFpo2fdp9ME0vr4bW4J
9kwoDBpdeP4ES6FGYLMAnXzkrzF1uaGLjCO4RAmbJneaE6bTBav32y7TtYX8JXeU
ZbEJymgNKwMdNffWKxywk9JhTn5vwltwmodUzml6wT/Hs8gpHpMMhH0h5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5sxKI2b8gohiPfw/clCF9BSMqBMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvTG16RW9qWnZ5Q2lHSTlfRDl5VUlYMEZJeW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7rBMA0G
CSqGSIb3DQEBCwUAA4IBAQBpLTXnvAbVC6fMG91lpMoglCyBYqlZw4kb5YBS9uQG
9woTD3WSYY3oASp23TcRWgXrBKDAhYw1blOm3dtLBZFAN8giOIYJGoq1ZVQwvDA0
4mEcFl8YUGbNsfmFs9edZwbnFNifTk6KVRUAhct3VuFS4zh+8w6xQwJmjfX9oxSV
afOu5MadK836RgwjqIz/3h2cp61oVnJTyQIGEKsWkDpzR3H8oGkRD5yg8705znnW
0oRbWOIJLVytoJDmthxZ4DBhbP2NP56FIQCTlczrro0TO0Zrj8Y4u4Dod+v2Tqu0
BOjFCe7ZK25fnKPvI2LO5Ttfxz1pcCpvwLKpGAY2rBmv
-----END CERTIFICATE-----