Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/LoqgZG-60T_TdzTfY9Z1jqSyJ8A.roa
File:                     LoqgZG-60T_TdzTfY9Z1jqSyJ8A.roa (raw, json)
Hash identifier:          Uwu705/AMqkWcrKKRCohAFdCqWdyBgi2f5jxcT8Cayg=
Subject key identifier:   2E:8A:A0:64:6F:BA:D1:3F:D3:77:34:DF:63:D6:75:8E:A4:B2:27:C0
Certificate issuer:       /CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
Certificate serial:       018CC492362D0967FC79B095C8ECBCA0255E
Authority key identifier: 56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/LoqgZG-60T_TdzTfY9Z1jqSyJ8A.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59451
IP address blocks:        194.165.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/VtDjso8r4z7FqdLKAKxkFVU2y8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/VtDjso8r4z7FqdLKAKxkFVU2y8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:36:2d:09:67:fc:79:b0:95:c8:ec:bc:a0:25:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e8aa0646fbad13fd37734df63d6758ea4b227c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:06:fc:4a:a0:5d:af:75:bb:f2:74:a2:ff:b4:
                    53:f3:dd:e1:8c:17:77:88:70:cc:1c:ce:eb:09:21:
                    d7:c1:77:0d:06:71:b1:25:dc:eb:c2:f9:e1:2e:aa:
                    b6:70:c6:54:04:f2:df:77:b7:d1:cf:36:52:39:88:
                    9b:03:ba:d1:e7:3a:71:f1:21:a4:40:2e:a2:07:6a:
                    f8:46:ef:d0:5f:fb:3e:a2:65:62:e9:9c:29:4d:c3:
                    a2:11:10:9d:2b:ee:99:7a:dc:43:3f:9c:ef:b2:11:
                    ba:39:21:b3:70:79:a3:eb:e8:bc:72:e7:60:10:8d:
                    99:11:84:f3:37:51:f2:20:9b:7c:69:64:62:71:66:
                    e7:80:a6:45:2c:12:32:f9:b0:f5:81:6c:82:5f:a0:
                    a7:42:1c:d7:a1:00:4d:1c:09:bc:99:83:d2:4d:15:
                    3f:01:ad:b1:18:69:fa:8c:86:06:3d:32:31:61:3e:
                    54:e8:62:72:76:16:8e:40:8c:29:25:f8:58:3c:06:
                    51:8c:d1:66:2b:2d:0f:ea:ea:ca:b2:7a:bd:02:85:
                    95:3a:b4:9a:f8:b3:b7:11:89:4a:dc:e9:a3:03:a5:
                    6f:4f:d4:d8:3d:42:4b:a0:06:91:8c:3c:cf:72:07:
                    cb:1c:cb:a0:58:9e:fe:61:41:41:47:7b:3d:28:c6:
                    a1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:8A:A0:64:6F:BA:D1:3F:D3:77:34:DF:63:D6:75:8E:A4:B2:27:C0
            X509v3 Authority Key Identifier:
                keyid:56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/LoqgZG-60T_TdzTfY9Z1jqSyJ8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/VtDjso8r4z7FqdLKAKxkFVU2y8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:7e:e1:85:cb:2c:e2:12:1d:c7:cb:ab:aa:1e:bd:d6:95:89:
         9d:17:48:1a:55:33:d9:c4:3e:27:2b:dd:96:c1:f3:4b:63:a2:
         2d:8d:96:97:d1:e9:1b:8b:5f:51:38:7b:44:23:60:31:74:f1:
         13:f8:22:cf:66:12:53:9f:5c:f3:76:00:eb:bc:96:72:88:2f:
         d6:43:f6:75:85:95:9d:b9:15:92:39:bf:43:c7:b9:6d:32:d6:
         0e:b9:ac:78:a6:ac:37:02:81:f2:1c:13:a3:f4:7e:0a:17:f0:
         c8:b0:ea:92:0e:8e:db:f9:13:af:73:ca:2f:31:11:4f:73:f4:
         4f:10:5d:02:da:96:c6:fe:96:72:25:08:3b:42:35:51:64:b6:
         9e:9b:e4:bc:67:e2:03:bb:1d:5a:bf:1c:7f:5d:6f:48:80:dd:
         18:8e:db:f2:de:0c:5f:7b:6b:91:fc:de:89:a5:47:67:4e:5f:
         53:fb:55:4e:60:2c:5b:8e:9c:c4:82:17:3a:b7:f3:50:1e:42:
         d4:39:ba:06:4b:72:a7:b2:3c:69:aa:f1:28:05:ab:2d:39:3b:
         90:0b:ad:10:08:06:c2:c0:02:56:bc:55:f0:b2:6f:89:22:73:
         ad:ea:02:8c:9c:a5:37:74:b1:a5:d4:f0:ef:c2:a1:d5:a0:77:
         40:a8:3f:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjYtCWf8ebCVyOy8oCVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZDBlM2IyOGYyYmUzM2VjNWE5ZDJjYTAwYWM2NDE1NTUz
NmNiYzYwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZThhYTA2NDZmYmFkMTNmZDM3NzM0ZGY2M2Q2NzU4ZWE0YjIyN2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwb8SqBdr3W78nSi/7RT893hjBd3
iHDMHM7rCSHXwXcNBnGxJdzrwvnhLqq2cMZUBPLfd7fRzzZSOYibA7rR5zpx8SGk
QC6iB2r4Ru/QX/s+omVi6ZwpTcOiERCdK+6ZetxDP5zvshG6OSGzcHmj6+i8cudg
EI2ZEYTzN1HyIJt8aWRicWbngKZFLBIy+bD1gWyCX6CnQhzXoQBNHAm8mYPSTRU/
Aa2xGGn6jIYGPTIxYT5U6GJydhaOQIwpJfhYPAZRjNFmKy0P6urKsnq9AoWVOrSa
+LO3EYlK3OmjA6VvT9TYPUJLoAaRjDzPcgfLHMugWJ7+YUFBR3s9KMahpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6KoGRvutE/03c032PWdY6ksifAMB8GA1UdIwQY
MBaAFFbQ47KPK+M+xanSygCsZBVVNsvGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMt
OGI4ZDcyMTcyMDkwLzEvTG9xZ1pHLTYwVF9UZHpUZlk5WjFqcVN5SjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMtOGI4ZDcyMTcyMDkw
LzEvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqWDMA0G
CSqGSIb3DQEBCwUAA4IBAQA2fuGFyyziEh3Hy6uqHr3WlYmdF0gaVTPZxD4nK92W
wfNLY6ItjZaX0ekbi19ROHtEI2AxdPET+CLPZhJTn1zzdgDrvJZyiC/WQ/Z1hZWd
uRWSOb9Dx7ltMtYOuax4pqw3AoHyHBOj9H4KF/DIsOqSDo7b+ROvc8ovMRFPc/RP
EF0C2pbG/pZyJQg7QjVRZLaem+S8Z+IDux1avxx/XW9IgN0Yjtvy3gxfe2uR/N6J
pUdnTl9T+1VOYCxbjpzEghc6t/NQHkLUOboGS3KnsjxpqvEoBastOTuQC60QCAbC
wAJWvFXwsm+JInOt6gKMnKU3dLGl1PDvwqHVoHdAqD/B
-----END CERTIFICATE-----