Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/LOni4jbgzslMb2W00Nhm6LM8Nu4.roa
File:                     LOni4jbgzslMb2W00Nhm6LM8Nu4.roa (raw, json)
Hash identifier:          o9ytTBu97LDUK9YCrCY6h2KjXPXZSEwbljrk7MO73uo=
Subject key identifier:   2C:E9:E2:E2:36:E0:CE:C9:4C:6F:65:B4:D0:D8:66:E8:B3:3C:36:EE
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA0629572F628ABB748EC3F66972F
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/LOni4jbgzslMb2W00Nhm6LM8Nu4.roa
Signing time:             Tue 02 Jan 2024 06:32:27 +0000
ROA not before:           Tue 02 Jan 2024 06:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62410
IP address blocks:        2a0e:d604::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a0:62:95:72:f6:28:ab:b7:48:ec:3f:66:97:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ce9e2e236e0cec94c6f65b4d0d866e8b33c36ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:84:60:e0:f1:80:f1:64:2c:47:a7:13:22:e2:
                    44:00:16:43:03:98:55:b4:1b:2c:ad:9d:73:1a:22:
                    f8:c6:9d:13:09:94:6c:d9:30:5f:7d:29:1c:bd:30:
                    35:81:49:2b:7d:60:70:cd:85:ff:f7:d9:fa:32:2f:
                    e8:65:e4:bb:c4:fc:51:2b:5c:4a:29:6b:2d:f4:3e:
                    f1:47:ba:ff:a6:ed:13:04:4f:df:c6:bc:24:2a:28:
                    85:d5:e7:40:13:c5:62:7d:a2:a9:45:29:51:60:53:
                    3b:bd:a9:96:07:be:69:a6:f1:60:00:5a:62:9b:d3:
                    a3:31:4b:2d:2e:df:cd:70:6c:bf:52:7d:56:59:09:
                    bc:59:c6:a1:6a:a1:d9:64:a9:98:c0:f8:1b:53:47:
                    6f:54:cd:5d:14:76:c5:7a:53:00:6a:95:b4:85:97:
                    a8:a1:71:09:79:4f:47:6a:ac:7e:43:83:1f:eb:5a:
                    d8:a5:aa:89:b5:96:3c:26:99:3e:d2:09:1c:48:36:
                    bc:c2:8b:5e:d1:59:b3:78:a0:8b:82:00:78:bb:d1:
                    22:db:be:17:8b:b3:42:4c:21:2f:9c:05:b6:8d:3f:
                    e5:9b:88:55:45:8c:a2:64:e1:1c:b5:0d:0b:77:eb:
                    69:ee:ec:e7:24:9e:5c:df:0e:e3:b3:b3:27:ab:fe:
                    9d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:E9:E2:E2:36:E0:CE:C9:4C:6F:65:B4:D0:D8:66:E8:B3:3C:36:EE
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/LOni4jbgzslMb2W00Nhm6LM8Nu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d604::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:21:b3:b2:3f:65:e9:12:c9:da:df:d9:ad:20:bf:9f:c2:db:
         02:fb:34:0d:1b:0a:92:af:87:0c:0e:12:95:b1:fc:c2:88:3f:
         04:e3:bf:56:fa:5e:61:e7:04:04:43:b8:cf:92:5b:54:e7:eb:
         60:78:08:ef:d5:5f:08:0f:2b:54:67:8a:7b:43:2a:85:a2:dd:
         2a:8f:60:11:15:41:8e:5b:54:d8:b6:17:56:be:21:a2:da:c1:
         50:f9:08:42:15:26:23:6f:40:cd:83:0f:9f:f7:1d:da:9c:d6:
         03:96:bc:55:69:6e:08:b2:30:32:01:f0:fd:2c:02:2f:9b:b5:
         ff:3c:0a:cb:ac:f7:c2:cd:64:c0:63:ea:c4:65:7b:dc:b0:91:
         4c:81:f7:d0:82:2b:f9:87:91:07:c6:5c:eb:d7:4c:08:58:d7:
         c3:12:36:1b:d0:a6:1c:fa:7e:a0:1d:28:70:4c:3d:e2:21:20:
         5c:3c:d6:81:3b:aa:86:32:41:cf:74:77:65:12:58:16:94:75:
         de:35:b5:ea:18:c4:a6:1c:fe:b6:d0:29:1c:6b:f7:b5:88:43:
         47:a9:c5:53:1a:1c:be:b2:ef:51:37:fe:31:7b:c5:e9:d2:0d:
         77:3b:58:0a:1b:a8:65:06:a7:1a:da:83:a2:3f:c2:29:55:16:
         3b:f0:ac:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI36BilXL2KKu3SOw/ZpcvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2U5ZTJlMjM2ZTBjZWM5NGM2ZjY1YjRkMGQ4NjZlOGIzM2MzNmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4Rg4PGA8WQsR6cTIuJEABZDA5hV
tBssrZ1zGiL4xp0TCZRs2TBffSkcvTA1gUkrfWBwzYX/99n6Mi/oZeS7xPxRK1xK
KWst9D7xR7r/pu0TBE/fxrwkKiiF1edAE8VifaKpRSlRYFM7vamWB75ppvFgAFpi
m9OjMUstLt/NcGy/Un1WWQm8WcahaqHZZKmYwPgbU0dvVM1dFHbFelMAapW0hZeo
oXEJeU9Haqx+Q4Mf61rYpaqJtZY8Jpk+0gkcSDa8wote0VmzeKCLggB4u9Ei274X
i7NCTCEvnAW2jT/lm4hVRYyiZOEctQ0Ld+tp7uznJJ5c3w7js7Mnq/6dBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCzp4uI24M7JTG9ltNDYZuizPDbuMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTE9uaTRqYmd6c2xNYjJXMDBOaG02TE04TnU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg7WBAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBgIbOyP2XpEsna39mtIL+fwtsC+zQNGwqSr4cM
DhKVsfzCiD8E479W+l5h5wQEQ7jPkltU5+tgeAjv1V8IDytUZ4p7QyqFot0qj2AR
FUGOW1TYthdWviGi2sFQ+QhCFSYjb0DNgw+f9x3anNYDlrxVaW4IsjAyAfD9LAIv
m7X/PArLrPfCzWTAY+rEZXvcsJFMgffQgiv5h5EHxlzr10wIWNfDEjYb0KYc+n6g
HShwTD3iISBcPNaBO6qGMkHPdHdlElgWlHXeNbXqGMSmHP620Ckca/e1iENHqcVT
Ghy+su9RN/4xe8Xp0g13O1gKG6hlBqca2oOiP8IpVRY78Ky8
-----END CERTIFICATE-----