Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/342f39-cdb0-4d50-9c72-3a3862118a0f/1/LGr6Ii21j0pvnQclvX1CCLhHwYM.roa
File:                     LGr6Ii21j0pvnQclvX1CCLhHwYM.roa (raw, json)
Hash identifier:          O+ObSIEkyluHwXYPHIrC8/Gxjg9KY8lGhignP1IYO10=
Subject key identifier:   2C:6A:FA:22:2D:B5:8F:4A:6F:9D:07:25:BD:7D:42:08:B8:47:C1:83
Certificate issuer:       /CN=e96c63b494b0d08a55aaa1805f620db8dad2557f
Certificate serial:       018CC56E64AF323A51AFACE4DA3DFF1051F2
Authority key identifier: E9:6C:63:B4:94:B0:D0:8A:55:AA:A1:80:5F:62:0D:B8:DA:D2:55:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6WxjtJSw0IpVqqGAX2INuNrSVX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/342f39-cdb0-4d50-9c72-3a3862118a0f/1/LGr6Ii21j0pvnQclvX1CCLhHwYM.roa
Signing time:             Mon 01 Jan 2024 14:29:55 +0000
ROA not before:           Mon 01 Jan 2024 14:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        91.227.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/342f39-cdb0-4d50-9c72-3a3862118a0f/1/6WxjtJSw0IpVqqGAX2INuNrSVX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/342f39-cdb0-4d50-9c72-3a3862118a0f/1/6WxjtJSw0IpVqqGAX2INuNrSVX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6WxjtJSw0IpVqqGAX2INuNrSVX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:64:af:32:3a:51:af:ac:e4:da:3d:ff:10:51:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96c63b494b0d08a55aaa1805f620db8dad2557f
        Validity
            Not Before: Jan  1 14:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c6afa222db58f4a6f9d0725bd7d4208b847c183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:18:cf:e7:ff:ae:2c:d1:94:61:c4:68:7c:24:
                    08:03:0a:9a:a2:17:42:0d:b9:d8:92:11:0b:bf:21:
                    f7:7d:25:b1:44:19:a5:38:ac:5f:9f:2d:d3:38:20:
                    7a:1c:4d:40:3b:4c:93:bb:fc:94:a7:67:19:a3:7a:
                    cf:4a:5b:75:bb:5d:43:fd:95:23:94:92:54:00:9f:
                    13:ee:11:9b:7c:89:26:92:bd:33:94:b2:4f:05:5d:
                    de:a6:f3:3c:ce:2c:d5:a3:90:3a:f8:99:35:26:31:
                    72:9d:39:3a:f7:cb:6c:d2:cd:8d:4d:40:f0:3f:b7:
                    be:3c:de:3c:45:17:43:29:77:70:32:b0:28:a3:e8:
                    19:a8:57:7e:59:91:81:13:ae:14:4b:b8:e6:1a:8c:
                    87:4b:83:63:5e:8e:a5:a9:1b:18:e6:06:b4:1d:97:
                    2c:3d:6a:19:a6:c0:a7:e4:bd:12:9b:18:de:f8:4c:
                    bf:a5:59:ca:b0:03:42:dd:4c:94:6f:d1:96:e7:35:
                    90:df:14:d1:95:d9:bd:54:e9:76:81:d9:53:59:d0:
                    4f:e5:7c:7b:b0:d4:43:c7:87:c6:a0:b3:be:23:f8:
                    1c:32:af:89:2e:f2:77:29:2b:90:b0:69:74:b4:8d:
                    81:5c:ca:48:48:e0:00:f4:ef:86:e2:22:d6:d8:78:
                    8b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:6A:FA:22:2D:B5:8F:4A:6F:9D:07:25:BD:7D:42:08:B8:47:C1:83
            X509v3 Authority Key Identifier:
                keyid:E9:6C:63:B4:94:B0:D0:8A:55:AA:A1:80:5F:62:0D:B8:DA:D2:55:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6WxjtJSw0IpVqqGAX2INuNrSVX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/342f39-cdb0-4d50-9c72-3a3862118a0f/1/LGr6Ii21j0pvnQclvX1CCLhHwYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/342f39-cdb0-4d50-9c72-3a3862118a0f/1/6WxjtJSw0IpVqqGAX2INuNrSVX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:f5:53:67:ae:89:1a:d2:96:1b:84:80:24:98:e5:95:ad:77:
         f2:67:30:76:ab:cf:e4:fe:09:90:ad:9d:d5:f8:41:80:81:2c:
         29:96:e3:84:f9:9f:7f:37:ef:99:94:50:27:12:66:65:8f:b0:
         88:c7:34:75:44:14:08:aa:0c:df:7a:70:5a:46:5d:b9:bb:3d:
         d5:dd:b9:ac:6c:37:57:43:eb:11:ca:01:2f:79:7b:8d:fd:30:
         76:15:7e:bd:d6:2e:0f:bc:ea:e5:5a:d3:a9:0b:7f:4d:11:f8:
         53:a1:23:cd:5a:0e:63:66:d1:17:e0:b0:55:31:68:0d:99:ad:
         11:bb:0e:0a:06:2a:da:72:a3:c6:8d:69:bf:e0:16:8d:dd:37:
         c4:9d:02:ea:28:26:27:09:f9:96:d8:4c:d9:fb:ef:83:c5:e2:
         0f:08:69:46:33:4a:14:38:7b:1a:73:e5:f6:a3:6f:81:55:93:
         fd:c5:71:2a:f1:c4:b9:00:ce:ae:b1:95:7d:f1:bc:f7:64:2c:
         71:5b:c8:c6:b6:9e:17:68:b5:5e:f1:1d:04:8b:85:eb:de:f4:
         cf:51:73:e5:f5:87:3c:f6:5f:38:ad:c1:cf:3d:38:67:bc:af:
         3c:07:08:99:f9:03:2e:37:22:3e:9f:08:c8:30:bf:9e:a7:98:
         6b:34:d6:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbmSvMjpRr6zk2j3/EFHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NmM2M2I0OTRiMGQwOGE1NWFhYTE4MDVmNjIwZGI4ZGFk
MjU1N2YwHhcNMjQwMTAxMTQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzZhZmEyMjJkYjU4ZjRhNmY5ZDA3MjViZDdkNDIwOGI4NDdjMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hjP5/+uLNGUYcRofCQIAwqaohdC
DbnYkhELvyH3fSWxRBmlOKxfny3TOCB6HE1AO0yTu/yUp2cZo3rPSlt1u11D/ZUj
lJJUAJ8T7hGbfIkmkr0zlLJPBV3epvM8zizVo5A6+Jk1JjFynTk698ts0s2NTUDw
P7e+PN48RRdDKXdwMrAoo+gZqFd+WZGBE64US7jmGoyHS4NjXo6lqRsY5ga0HZcs
PWoZpsCn5L0Smxje+Ey/pVnKsANC3UyUb9GW5zWQ3xTRldm9VOl2gdlTWdBP5Xx7
sNRDx4fGoLO+I/gcMq+JLvJ3KSuQsGl0tI2BXMpISOAA9O+G4iLW2HiL0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxq+iIttY9Kb50HJb19Qgi4R8GDMB8GA1UdIwQY
MBaAFOlsY7SUsNCKVaqhgF9iDbja0lV/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNld4anRKU3cwSXBWcXFHQVgySU51TnJTVlg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8zNDJmMzktY2RiMC00ZDUwLTljNzIt
M2EzODYyMTE4YTBmLzEvTEdyNklpMjFqMHB2blFjbHZYMUNDTGhId1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8zNDJmMzktY2RiMC00ZDUwLTljNzItM2EzODYyMTE4YTBm
LzEvNld4anRKU3cwSXBWcXFHQVgySU51TnJTVlg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+O4MA0G
CSqGSIb3DQEBCwUAA4IBAQCA9VNnroka0pYbhIAkmOWVrXfyZzB2q8/k/gmQrZ3V
+EGAgSwpluOE+Z9/N++ZlFAnEmZlj7CIxzR1RBQIqgzfenBaRl25uz3V3bmsbDdX
Q+sRygEveXuN/TB2FX691i4PvOrlWtOpC39NEfhToSPNWg5jZtEX4LBVMWgNma0R
uw4KBiracqPGjWm/4BaN3TfEnQLqKCYnCfmW2EzZ+++DxeIPCGlGM0oUOHsac+X2
o2+BVZP9xXEq8cS5AM6usZV98bz3ZCxxW8jGtp4XaLVe8R0Ei4Xr3vTPUXPl9Yc8
9l84rcHPPThnvK88BwiZ+QMuNyI+nwjIML+ep5hrNNbb
-----END CERTIFICATE-----