Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/LGyRNuKg8rSIF2TwrSd3erVXQJs.roa
File:                     LGyRNuKg8rSIF2TwrSd3erVXQJs.roa (raw, json)
Hash identifier:          Pi9/iZsGLr1oOHFxRM1OF/fvN0IT3tCbFrmH5JhhzuU=
Subject key identifier:   2C:6C:91:36:E2:A0:F2:B4:88:17:64:F0:AD:27:77:7A:B5:57:40:9B
Certificate issuer:       /CN=81060a518528e86a8ea77f188a0263790c08f6b9
Certificate serial:       018CC26D73B8C04F7FBD18047A1FDEB93132
Authority key identifier: 81:06:0A:51:85:28:E8:6A:8E:A7:7F:18:8A:02:63:79:0C:08:F6:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQYKUYUo6GqOp38YigJjeQwI9rk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/LGyRNuKg8rSIF2TwrSd3erVXQJs.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5603
IP address blocks:        91.217.127.0/24 maxlen: 24
                          91.217.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/gQYKUYUo6GqOp38YigJjeQwI9rk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/gQYKUYUo6GqOp38YigJjeQwI9rk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQYKUYUo6GqOp38YigJjeQwI9rk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:73:b8:c0:4f:7f:bd:18:04:7a:1f:de:b9:31:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81060a518528e86a8ea77f188a0263790c08f6b9
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c6c9136e2a0f2b4881764f0ad27777ab557409b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5f:f4:bc:67:2f:75:21:39:9c:97:e8:ff:c0:
                    a2:20:ba:5d:6f:a9:7f:48:63:cb:47:84:b4:22:13:
                    3c:95:d8:6f:6f:72:92:c8:6e:c5:a7:bd:54:ab:ef:
                    f5:21:a0:fd:af:83:94:43:bc:85:d2:64:94:d7:af:
                    15:52:e6:f5:d2:2d:a2:9c:1a:b3:76:61:5c:e6:1f:
                    a6:69:e5:aa:af:3b:32:54:6f:2d:6b:d4:ef:62:99:
                    b3:75:b4:4c:06:20:72:13:fe:05:c6:eb:84:2e:30:
                    0c:dc:f6:b5:33:78:be:f3:14:eb:83:35:cf:c1:84:
                    2e:a3:11:85:9a:cf:72:78:0c:53:1a:67:fb:e2:17:
                    77:10:4d:73:02:47:f4:8b:33:05:4f:f6:45:bd:76:
                    2c:5b:96:5d:5a:ef:fa:6e:b4:94:fa:c4:cd:cc:bc:
                    ff:42:54:39:4b:d7:d9:37:16:91:4e:0b:3b:6b:57:
                    04:db:a5:eb:29:7f:bf:9a:99:ba:57:32:4e:86:52:
                    01:b5:87:14:b3:08:77:f0:be:bd:5a:ad:e0:d0:93:
                    19:43:f4:11:80:fe:11:51:05:ef:82:1a:36:ee:48:
                    6e:fc:55:f6:c9:52:c3:5b:d2:96:14:93:5a:e8:e5:
                    ec:9c:26:78:0d:85:d1:5e:17:07:14:c0:3c:af:23:
                    18:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:6C:91:36:E2:A0:F2:B4:88:17:64:F0:AD:27:77:7A:B5:57:40:9B
            X509v3 Authority Key Identifier:
                keyid:81:06:0A:51:85:28:E8:6A:8E:A7:7F:18:8A:02:63:79:0C:08:F6:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQYKUYUo6GqOp38YigJjeQwI9rk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/LGyRNuKg8rSIF2TwrSd3erVXQJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/e5e2d0-f439-45e4-8540-f19600c7ad54/1/gQYKUYUo6GqOp38YigJjeQwI9rk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:59:02:7e:72:9f:cf:21:6c:7b:e2:6c:db:0f:24:75:cf:b1:
         1a:7a:37:a7:e5:f7:a5:40:ea:26:38:91:6f:a5:18:59:e2:ea:
         ce:7b:ee:0d:d5:a9:08:10:90:d3:8a:2c:d1:b9:34:dd:71:9d:
         3f:09:6f:43:e0:62:2f:7f:05:52:d2:bf:93:6e:90:82:08:f4:
         3c:c4:ae:4c:ea:2f:85:06:3d:77:d4:44:08:fe:98:f9:81:7c:
         f0:56:7e:29:85:bb:1c:e8:8b:9b:be:73:d8:d0:53:e3:62:e9:
         39:0a:e3:9a:b5:d2:0d:49:19:16:68:3b:84:9d:14:9b:dd:e2:
         90:80:55:45:63:f6:cc:6c:5a:2d:42:7d:d0:3e:9a:26:0f:1d:
         6c:22:95:98:27:36:e6:18:ac:3a:66:f0:0f:ac:09:7b:32:b4:
         54:ab:0c:6d:de:6e:0f:5f:f6:96:ff:cf:a6:0a:53:75:35:a8:
         f4:7c:88:53:47:d1:9c:7c:0c:50:22:fa:d9:e2:b3:05:aa:0b:
         88:56:26:df:ff:ab:aa:87:52:0a:71:2c:f1:55:ed:e3:ee:e5:
         9f:ce:6d:a3:d6:bb:51:84:5d:76:fa:7d:e5:26:df:f3:25:fa:
         36:42:c9:bc:ea:9c:28:d7:ea:1e:29:e1:93:c4:ca:bb:02:90:
         d6:38:6b:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXO4wE9/vRgEeh/euTEyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMDYwYTUxODUyOGU4NmE4ZWE3N2YxODhhMDI2Mzc5MGMw
OGY2YjkwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzZjOTEzNmUyYTBmMmI0ODgxNzY0ZjBhZDI3Nzc3YWI1NTc0MDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAol/0vGcvdSE5nJfo/8CiILpdb6l/
SGPLR4S0IhM8ldhvb3KSyG7Fp71Uq+/1IaD9r4OUQ7yF0mSU168VUub10i2inBqz
dmFc5h+maeWqrzsyVG8ta9TvYpmzdbRMBiByE/4FxuuELjAM3Pa1M3i+8xTrgzXP
wYQuoxGFms9yeAxTGmf74hd3EE1zAkf0izMFT/ZFvXYsW5ZdWu/6brSU+sTNzLz/
QlQ5S9fZNxaRTgs7a1cE26XrKX+/mpm6VzJOhlIBtYcUswh38L69Wq3g0JMZQ/QR
gP4RUQXvgho27khu/FX2yVLDW9KWFJNa6OXsnCZ4DYXRXhcHFMA8ryMYYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxskTbioPK0iBdk8K0nd3q1V0CbMB8GA1UdIwQY
MBaAFIEGClGFKOhqjqd/GIoCY3kMCPa5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1FZS1VZVW82R3FPcDM4WWlnSmplUXdJOXJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9lNWUyZDAtZjQzOS00NWU0LTg1NDAt
ZjE5NjAwYzdhZDU0LzEvTEd5Uk51S2c4clNJRjJUd3JTZDNlclZYUUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9lNWUyZDAtZjQzOS00NWU0LTg1NDAtZjE5NjAwYzdhZDU0
LzEvZ1FZS1VZVW82R3FPcDM4WWlnSmplUXdJOXJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9l+MA0G
CSqGSIb3DQEBCwUAA4IBAQBHWQJ+cp/PIWx74mzbDyR1z7Eaejen5felQOomOJFv
pRhZ4urOe+4N1akIEJDTiizRuTTdcZ0/CW9D4GIvfwVS0r+TbpCCCPQ8xK5M6i+F
Bj131EQI/pj5gXzwVn4phbsc6IubvnPY0FPjYuk5CuOatdINSRkWaDuEnRSb3eKQ
gFVFY/bMbFotQn3QPpomDx1sIpWYJzbmGKw6ZvAPrAl7MrRUqwxt3m4PX/aW/8+m
ClN1Naj0fIhTR9GcfAxQIvrZ4rMFqguIVibf/6uqh1IKcSzxVe3j7uWfzm2j1rtR
hF12+n3lJt/zJfo2Qsm86pwo1+oeKeGTxMq7ApDWOGva
-----END CERTIFICATE-----