Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/LA9j98On9yPvmhghKvj2LWQ9qSE.roa
File:                     LA9j98On9yPvmhghKvj2LWQ9qSE.roa (raw, json)
Hash identifier:          +PvBF8cbO5Xk0hzBQSrRtf9VsXAqu7KNx+/ReRm5MEw=
Subject key identifier:   2C:0F:63:F7:C3:A7:F7:23:EF:9A:18:21:2A:F8:F6:2D:64:3D:A9:21
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFB3B71B1D5D80D41A09D0508F12F9
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/LA9j98On9yPvmhghKvj2LWQ9qSE.roa
Signing time:             Tue 02 Jan 2024 06:32:32 +0000
ROA not before:           Tue 02 Jan 2024 06:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213369
IP address blocks:        185.180.229.0/24 maxlen: 24
                          185.180.228.0/23 maxlen: 23
                          185.180.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:b3:b7:1b:1d:5d:80:d4:1a:09:d0:50:8f:12:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c0f63f7c3a7f723ef9a18212af8f62d643da921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0b:21:74:dd:da:ab:76:16:d2:76:9a:d0:3f:
                    1d:7d:f6:01:28:53:90:1b:4a:25:03:4e:2f:8c:db:
                    6c:fb:3d:9b:20:33:3c:19:66:7a:2d:93:53:48:f8:
                    5f:17:57:7b:71:84:c3:22:41:9d:7c:07:c5:73:ca:
                    fa:45:6f:0f:90:48:67:35:20:03:ed:8f:99:45:fc:
                    99:ba:30:5c:32:8c:7a:25:27:12:65:57:bc:a9:a7:
                    8f:71:df:56:b3:85:56:01:d3:39:ba:72:1a:45:b0:
                    e6:1c:36:5b:12:3e:0c:de:2c:d4:9a:06:dc:a7:d6:
                    48:1b:54:97:57:c2:61:ed:20:f1:aa:4d:09:ab:ce:
                    0f:11:c5:66:78:8b:ab:a3:6c:08:39:b0:75:62:82:
                    ab:4b:ce:a6:79:c4:cf:b7:55:e4:d8:7e:10:f9:3e:
                    51:4d:c3:17:c0:1c:63:9a:7f:73:46:da:56:44:4a:
                    66:d5:4b:32:be:50:5c:ec:04:f3:e9:cd:79:a4:ba:
                    b2:f5:41:4f:6e:e7:7d:d5:28:6f:74:9d:2f:23:3d:
                    14:ce:b3:c1:97:8b:58:9a:a0:46:e9:f7:95:3d:79:
                    3c:07:5d:b9:fd:da:05:7d:43:14:3f:86:b8:50:41:
                    cd:5e:5e:7a:b9:86:ca:92:1f:c2:d3:29:a0:1c:5d:
                    13:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:0F:63:F7:C3:A7:F7:23:EF:9A:18:21:2A:F8:F6:2D:64:3D:A9:21
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/LA9j98On9yPvmhghKvj2LWQ9qSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:ec:f1:ea:90:dd:a4:47:f3:3f:8b:84:cd:45:22:53:14:8e:
         24:c9:f7:53:1d:6e:0c:16:ab:2f:e8:e8:87:c8:6e:19:15:f3:
         56:9c:28:a1:0a:b0:b0:c7:04:5e:41:fe:2a:10:5a:5d:e5:a0:
         df:ec:d0:5e:d1:fd:8b:21:ef:bb:6a:56:e5:31:a6:c8:00:34:
         49:1f:d2:45:5c:b4:eb:d9:99:a4:d5:2c:d0:e6:c7:49:e6:0b:
         f5:af:ec:1b:90:32:eb:46:53:c6:f6:88:04:d5:98:84:c8:26:
         d1:50:52:43:89:9c:8f:f0:2f:51:b1:03:bb:00:b9:b9:77:11:
         fe:e8:9b:14:8c:eb:6d:a0:52:d3:43:0d:95:1c:c0:90:d8:71:
         44:7f:9b:48:f4:5e:2e:36:9e:cd:9c:b0:8e:c6:6c:12:63:bb:
         ef:36:35:19:70:3e:8f:97:a1:3a:4f:99:58:81:16:c0:67:09:
         60:59:7a:a0:cd:cd:81:8e:1a:62:86:97:65:36:b2:16:2f:32:
         bd:e6:d8:27:95:5f:c5:d9:41:d5:78:5d:50:7f:46:e1:04:f1:
         30:b3:b5:2f:61:4c:3e:e2:d4:e6:c9:21:e6:e7:1c:ec:b8:ed:
         0d:53:57:08:98:32:00:5f:f4:d7:72:12:78:31:2a:a0:4e:6b:
         2c:e1:e5:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI37O3Gx1dgNQaCdBQjxL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzBmNjNmN2MzYTdmNzIzZWY5YTE4MjEyYWY4ZjYyZDY0M2RhOTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgshdN3aq3YW0naa0D8dffYBKFOQ
G0olA04vjNts+z2bIDM8GWZ6LZNTSPhfF1d7cYTDIkGdfAfFc8r6RW8PkEhnNSAD
7Y+ZRfyZujBcMox6JScSZVe8qaePcd9Ws4VWAdM5unIaRbDmHDZbEj4M3izUmgbc
p9ZIG1SXV8Jh7SDxqk0Jq84PEcVmeIuro2wIObB1YoKrS86mecTPt1Xk2H4Q+T5R
TcMXwBxjmn9zRtpWREpm1UsyvlBc7ATz6c15pLqy9UFPbud91ShvdJ0vIz0UzrPB
l4tYmqBG6feVPXk8B125/doFfUMUP4a4UEHNXl56uYbKkh/C0ymgHF0TVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwPY/fDp/cj75oYISr49i1kPakhMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTEE5ajk4T245eVB2bWhnaEt2ajJMV1E5cVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubTkMA0G
CSqGSIb3DQEBCwUAA4IBAQA+7PHqkN2kR/M/i4TNRSJTFI4kyfdTHW4MFqsv6OiH
yG4ZFfNWnCihCrCwxwReQf4qEFpd5aDf7NBe0f2LIe+7alblMabIADRJH9JFXLTr
2Zmk1SzQ5sdJ5gv1r+wbkDLrRlPG9ogE1ZiEyCbRUFJDiZyP8C9RsQO7ALm5dxH+
6JsUjOttoFLTQw2VHMCQ2HFEf5tI9F4uNp7NnLCOxmwSY7vvNjUZcD6Pl6E6T5lY
gRbAZwlgWXqgzc2BjhpihpdlNrIWLzK95tgnlV/F2UHVeF1Qf0bhBPEws7UvYUw+
4tTmySHm5xzsuO0NU1cImDIAX/TXchJ4MSqgTmss4eV6
-----END CERTIFICATE-----