Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LC-PKZ3Ve4MLavQndPTCatLSKP0.roa
File:                     LC-PKZ3Ve4MLavQndPTCatLSKP0.roa (raw, json)
Hash identifier:          fDtjVL5ps5mqmRhO72I79DDEiOkPk4shaDSx3O1j8Kw=
Subject key identifier:   2C:2F:8F:29:9D:D5:7B:83:0B:6A:F4:27:74:F4:C2:6A:D2:D2:28:FD
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8028CFDD7F9D23C01FDC62E0F6C4B9D
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LC-PKZ3Ve4MLavQndPTCatLSKP0.roa
Signing time:             Tue 02 Jan 2024 02:30:59 +0000
ROA not before:           Tue 02 Jan 2024 02:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206216
IP address blocks:        45.8.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:8c:fd:d7:f9:d2:3c:01:fd:c6:2e:0f:6c:4b:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c2f8f299dd57b830b6af42774f4c26ad2d228fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:13:cd:c7:e4:44:08:f2:dd:f2:cd:08:32:38:
                    cb:4f:d4:7d:49:bb:21:d8:98:b5:d8:2f:45:1e:52:
                    cf:89:8d:20:e1:f4:b8:d6:44:bf:db:af:8e:83:26:
                    b6:5e:c0:31:c3:f4:ff:6a:22:a4:ba:45:76:87:65:
                    08:69:ca:55:c6:ce:a7:85:61:8b:26:25:fe:b2:db:
                    ad:24:dc:23:a0:68:32:61:a0:86:e0:df:8c:0b:16:
                    84:6b:b5:88:17:42:83:41:d0:2a:c5:ba:f6:01:17:
                    78:c3:32:bc:9c:c3:be:b8:97:03:aa:a7:11:b0:5a:
                    a0:38:aa:1c:2c:b1:41:c0:ac:ee:53:0b:55:5e:f7:
                    fe:b7:9d:0c:38:05:20:8b:13:b2:d8:a1:46:c9:c1:
                    f3:5e:b8:6b:3c:ee:c5:fe:9c:df:69:53:e9:e7:67:
                    bc:a4:8a:bd:53:23:20:48:bc:4a:37:a2:b7:19:f0:
                    db:01:03:d1:7d:79:bb:44:52:9a:75:90:f8:83:0e:
                    50:30:9a:55:3a:71:85:ee:b5:13:b7:45:4b:ab:64:
                    11:c3:77:12:52:ca:b7:75:ca:61:7b:a0:ea:c6:af:
                    a3:71:f5:df:35:a4:3b:98:a4:e6:b0:4c:07:5b:20:
                    1b:67:b8:53:e0:0b:83:70:e3:cd:6b:47:85:db:f7:
                    5b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:2F:8F:29:9D:D5:7B:83:0B:6A:F4:27:74:F4:C2:6A:D2:D2:28:FD
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LC-PKZ3Ve4MLavQndPTCatLSKP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:b2:d2:76:77:bc:c1:d2:76:9b:85:19:f7:a1:22:d0:33:39:
         a8:fd:f8:2e:b7:1b:1a:30:4c:bd:2d:a7:7d:95:7f:f3:d9:79:
         ea:e3:cf:2c:0d:2e:e9:a6:93:0a:d0:e8:a0:64:7a:16:aa:a0:
         fc:84:0c:54:41:eb:97:87:2b:3e:78:47:03:0d:4d:c8:e4:89:
         49:01:97:bf:f4:ae:b4:97:d6:c9:96:25:f2:20:5f:ba:af:ec:
         d0:4b:1a:58:09:57:04:ae:3f:93:cf:b0:c0:7a:af:9e:41:d7:
         b1:74:3d:3a:ef:e3:9f:0b:09:ad:51:24:13:30:f6:7c:bf:c2:
         68:c4:3c:40:dd:16:72:42:2c:d5:5d:21:25:aa:f3:db:c6:5d:
         bf:54:5d:f5:22:80:86:da:cf:2c:aa:1a:f7:99:58:53:c9:da:
         81:1c:1f:1c:ce:7f:6a:4b:13:bd:1e:96:31:17:ee:9c:b7:7e:
         98:2a:88:9b:dc:a8:16:33:b2:81:69:c8:a2:fe:e3:1d:ea:e1:
         b3:ae:82:14:49:5c:e3:51:48:a5:fe:59:fb:65:bb:e3:20:f7:
         4f:99:11:de:58:51:72:f0:0d:81:36:f1:41:9f:17:4c:65:67:
         97:28:26:70:51:72:1d:f8:71:5c:39:fa:d1:22:e8:50:9d:09:
         f8:cb:7d:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAoz91/nSPAH9xi4PbEudMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzJmOGYyOTlkZDU3YjgzMGI2YWY0Mjc3NGY0YzI2YWQyZDIyOGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBPNx+RECPLd8s0IMjjLT9R9Sbsh
2Ji12C9FHlLPiY0g4fS41kS/26+Ogya2XsAxw/T/aiKkukV2h2UIacpVxs6nhWGL
JiX+stutJNwjoGgyYaCG4N+MCxaEa7WIF0KDQdAqxbr2ARd4wzK8nMO+uJcDqqcR
sFqgOKocLLFBwKzuUwtVXvf+t50MOAUgixOy2KFGycHzXrhrPO7F/pzfaVPp52e8
pIq9UyMgSLxKN6K3GfDbAQPRfXm7RFKadZD4gw5QMJpVOnGF7rUTt0VLq2QRw3cS
Usq3dcphe6Dqxq+jcfXfNaQ7mKTmsEwHWyAbZ7hT4AuDcOPNa0eF2/dbzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwvjymd1XuDC2r0J3T0wmrS0ij9MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTEMtUEtaM1ZlNE1MYXZRbmRQVENhdExTS1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgWMA0G
CSqGSIb3DQEBCwUAA4IBAQA9stJ2d7zB0nabhRn3oSLQMzmo/fgutxsaMEy9Lad9
lX/z2Xnq488sDS7pppMK0OigZHoWqqD8hAxUQeuXhys+eEcDDU3I5IlJAZe/9K60
l9bJliXyIF+6r+zQSxpYCVcErj+Tz7DAeq+eQdexdD067+OfCwmtUSQTMPZ8v8Jo
xDxA3RZyQizVXSElqvPbxl2/VF31IoCG2s8sqhr3mVhTydqBHB8czn9qSxO9HpYx
F+6ct36YKoib3KgWM7KBacii/uMd6uGzroIUSVzjUUil/ln7ZbvjIPdPmRHeWFFy
8A2BNvFBnxdMZWeXKCZwUXId+HFcOfrRIuhQnQn4y32F
-----END CERTIFICATE-----