Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/09c980-38eb-4222-b225-d71130c6c0f9/1/LBbWU0WMfzZhNoSO9RgqOybvX_M.roa
File:                     LBbWU0WMfzZhNoSO9RgqOybvX_M.roa (raw, json)
Hash identifier:          /oeybjLETuVV7wntucTgdof/2swnXe6vcy8si6AUK3k=
Subject key identifier:   2C:16:D6:53:45:8C:7F:36:61:36:84:8E:F5:18:2A:3B:26:EF:5F:F3
Certificate issuer:       /CN=210d1c0db5aa1880d7747e22f1dbf4716d3101a9
Certificate serial:       018CFD252AEF2122F892769FB804898505CA
Authority key identifier: 21:0D:1C:0D:B5:AA:18:80:D7:74:7E:22:F1:DB:F4:71:6D:31:01:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQ0cDbWqGIDXdH4i8dv0cW0xAak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/09c980-38eb-4222-b225-d71130c6c0f9/1/LBbWU0WMfzZhNoSO9RgqOybvX_M.roa
Signing time:             Fri 12 Jan 2024 10:08:40 +0000
ROA not before:           Fri 12 Jan 2024 10:08:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207415
IP address blocks:        193.111.209.0/24 maxlen: 24
                          2a13:6700:1::/48 maxlen: 48
                          2a13:6700::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/09c980-38eb-4222-b225-d71130c6c0f9/1/IQ0cDbWqGIDXdH4i8dv0cW0xAak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/09c980-38eb-4222-b225-d71130c6c0f9/1/IQ0cDbWqGIDXdH4i8dv0cW0xAak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQ0cDbWqGIDXdH4i8dv0cW0xAak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fd:25:2a:ef:21:22:f8:92:76:9f:b8:04:89:85:05:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=210d1c0db5aa1880d7747e22f1dbf4716d3101a9
        Validity
            Not Before: Jan 12 10:08:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c16d653458c7f366136848ef5182a3b26ef5ff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:63:35:2c:e1:20:37:da:74:ed:de:9f:49:86:
                    43:0b:ee:c4:d5:a2:33:38:7d:f4:d9:6c:3d:66:66:
                    97:32:f8:8f:9b:76:b9:47:67:8d:51:62:55:a4:43:
                    10:df:e6:1e:16:fb:bd:53:27:61:89:26:fe:a8:54:
                    a5:4d:04:00:82:7d:ed:47:81:70:6a:b8:9b:23:be:
                    83:ec:27:63:5d:f3:f0:d9:97:9a:d1:55:63:41:6e:
                    d8:23:a5:1e:17:7a:9f:57:64:33:05:1b:98:18:c0:
                    d1:cd:d0:13:90:10:b4:aa:31:0f:2a:66:67:00:43:
                    c1:8d:7d:e8:15:3a:b9:1e:60:e3:d3:f9:82:73:34:
                    77:c6:18:9b:be:70:fe:dc:f7:d9:f4:6e:19:e0:0c:
                    9c:e3:0d:c3:49:f2:fc:b4:37:aa:1e:b1:97:c5:cb:
                    29:34:5c:5b:c3:2b:8a:a7:9c:2d:2d:e7:8e:1b:37:
                    c4:02:42:5e:ac:03:48:06:93:b6:b6:6b:73:94:d4:
                    f2:18:fc:06:80:7f:a0:c1:97:98:4c:42:00:75:e1:
                    02:db:32:74:db:b7:e8:ba:6c:f8:07:ba:4c:00:d7:
                    81:e1:55:ce:51:88:1c:67:50:be:ac:1f:f0:e4:d8:
                    0c:71:fc:2d:48:64:16:28:13:d1:22:ad:d9:a5:ec:
                    e3:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:16:D6:53:45:8C:7F:36:61:36:84:8E:F5:18:2A:3B:26:EF:5F:F3
            X509v3 Authority Key Identifier:
                keyid:21:0D:1C:0D:B5:AA:18:80:D7:74:7E:22:F1:DB:F4:71:6D:31:01:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQ0cDbWqGIDXdH4i8dv0cW0xAak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/09c980-38eb-4222-b225-d71130c6c0f9/1/LBbWU0WMfzZhNoSO9RgqOybvX_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/09c980-38eb-4222-b225-d71130c6c0f9/1/IQ0cDbWqGIDXdH4i8dv0cW0xAak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.209.0/24
                IPv6:
                  2a13:6700::/47

    Signature Algorithm: sha256WithRSAEncryption
         57:43:ff:e5:18:5b:78:1b:6c:0b:0e:5f:c1:ff:1b:b5:1c:48:
         67:6e:43:a6:11:45:9a:0c:75:f8:b5:68:2d:68:53:91:f6:73:
         cc:e8:7b:83:f9:26:80:d9:08:03:a8:b6:17:12:23:6b:cb:47:
         f0:1a:51:b2:48:5b:84:6b:eb:f0:97:65:5e:a1:d3:bd:ea:5a:
         5d:6a:f5:6b:42:ec:1a:92:73:9d:ed:aa:a2:a2:85:bb:e5:91:
         59:61:7d:53:47:6b:93:91:cf:f7:9c:6c:22:98:c5:d1:72:60:
         75:50:5c:ff:04:ae:e0:41:7e:53:a2:ec:77:26:88:29:10:95:
         6a:4a:f2:58:23:85:63:ca:e1:0e:d8:2b:c4:ce:2c:11:6c:e8:
         7a:93:7c:f2:3c:27:a6:6b:fd:56:43:1b:4c:62:d9:89:2e:e7:
         a3:99:5f:5b:43:b9:5a:fa:19:9e:0b:3f:39:5f:83:d2:ef:cd:
         f5:59:26:ef:2b:2a:ec:24:4f:c7:b7:aa:f8:03:3a:c9:4c:13:
         46:d4:b6:0f:37:52:42:e4:5a:aa:37:80:68:ba:c6:54:88:67:
         73:d2:8b:33:29:1e:b2:cc:58:f1:40:4d:ec:8b:66:72:3e:85:
         bb:af:8a:45:33:48:6c:46:ee:e7:0d:b8:69:c1:a1:d6:97:a1:
         5a:1d:06:64
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYz9JSrvISL4knafuASJhQXKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMGQxYzBkYjVhYTE4ODBkNzc0N2UyMmYxZGJmNDcxNmQz
MTAxYTkwHhcNMjQwMTEyMTAwODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzE2ZDY1MzQ1OGM3ZjM2NjEzNjg0OGVmNTE4MmEzYjI2ZWY1ZmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGM1LOEgN9p07d6fSYZDC+7E1aIz
OH302Ww9ZmaXMviPm3a5R2eNUWJVpEMQ3+YeFvu9UydhiSb+qFSlTQQAgn3tR4Fw
aribI76D7CdjXfPw2Zea0VVjQW7YI6UeF3qfV2QzBRuYGMDRzdATkBC0qjEPKmZn
AEPBjX3oFTq5HmDj0/mCczR3xhibvnD+3PfZ9G4Z4Ayc4w3DSfL8tDeqHrGXxcsp
NFxbwyuKp5wtLeeOGzfEAkJerANIBpO2tmtzlNTyGPwGgH+gwZeYTEIAdeEC2zJ0
27foumz4B7pMANeB4VXOUYgcZ1C+rB/w5NgMcfwtSGQWKBPRIq3ZpezjpwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCwW1lNFjH82YTaEjvUYKjsm71/zMB8GA1UdIwQY
MBaAFCENHA21qhiA13R+IvHb9HFtMQGpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVEwY0RiV3FHSURYZEg0aThkdjBjVzB4QWFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8wOWM5ODAtMzhlYi00MjIyLWIyMjUt
ZDcxMTMwYzZjMGY5LzEvTEJiV1UwV01melpoTm9TTzlSZ3FPeWJ2WF9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8wOWM5ODAtMzhlYi00MjIyLWIyMjUtZDcxMTMwYzZjMGY5
LzEvSVEwY0RiV3FHSURYZEg0aThkdjBjVzB4QWFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwW/RMA8E
AgACMAkDBwEqE2cAAAAwDQYJKoZIhvcNAQELBQADggEBAFdD/+UYW3gbbAsOX8H/
G7UcSGduQ6YRRZoMdfi1aC1oU5H2c8zoe4P5JoDZCAOothcSI2vLR/AaUbJIW4Rr
6/CXZV6h073qWl1q9WtC7BqSc53tqqKihbvlkVlhfVNHa5ORz/ecbCKYxdFyYHVQ
XP8EruBBflOi7HcmiCkQlWpK8lgjhWPK4Q7YK8TOLBFs6HqTfPI8J6Zr/VZDG0xi
2Yku56OZX1tDuVr6GZ4LPzlfg9LvzfVZJu8rKuwkT8e3qvgDOslME0bUtg83UkLk
Wqo3gGi6xlSIZ3PSizMpHrLMWPFATeyLZnI+hbuvikUzSGxG7ucNuGnBodaXoVod
BmQ=
-----END CERTIFICATE-----