Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LjEEtJV2PD1xFIRU-BX7LOj3PAM.roa
File:                     LjEEtJV2PD1xFIRU-BX7LOj3PAM.roa (raw, json)
Hash identifier:          3hzWwIyJX/OZKoLLPUDw9nVPhE5D9xmoCMe60hO1+94=
Subject key identifier:   2E:31:04:B4:95:76:3C:3D:71:14:84:54:F8:15:FB:2C:E8:F7:3C:03
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC802806667532061DBD726F1AC96B770
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LjEEtJV2PD1xFIRU-BX7LOj3PAM.roa
Signing time:             Tue 02 Jan 2024 02:30:56 +0000
ROA not before:           Tue 02 Jan 2024 02:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59816
IP address blocks:        185.199.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:80:66:67:53:20:61:db:d7:26:f1:ac:96:b7:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e3104b495763c3d71148454f815fb2ce8f73c03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:76:b5:0d:32:5a:fd:4e:dc:74:0b:44:09:8a:
                    fa:94:3e:79:07:4c:d8:45:6e:ea:3f:e7:39:20:96:
                    de:d0:86:69:4e:95:40:f7:59:8a:6e:02:d6:99:28:
                    b8:93:4e:c2:41:e5:cf:8b:7b:40:3d:7b:ee:8b:2e:
                    b3:73:ee:4f:5a:75:94:80:6a:be:6e:2c:15:28:8b:
                    54:ea:a1:37:38:7b:08:a0:34:1f:99:a3:b8:f3:f8:
                    4c:b7:ba:a2:05:70:25:47:d7:ae:c0:3c:28:d4:e3:
                    ab:cf:e6:98:04:ee:bf:2a:2a:dd:b2:51:13:7e:3d:
                    0e:a6:7a:f7:c8:53:20:3a:28:62:ef:7f:dc:7d:1d:
                    22:af:9f:36:70:2c:ea:6c:57:80:4c:0b:3e:de:ee:
                    d1:e8:23:f8:83:62:51:50:1d:a1:e0:b8:a2:22:31:
                    ce:5f:70:06:fd:a7:c0:c1:bf:7e:fd:70:b1:e4:c6:
                    23:81:11:81:49:de:6f:50:82:4f:89:c6:8a:06:95:
                    c6:dd:5b:f0:fe:af:22:05:5e:20:01:17:a6:60:74:
                    cf:31:92:5e:c4:ef:1f:39:6e:6c:6e:ed:d3:1a:6b:
                    ba:47:aa:51:79:ea:ed:9d:c7:f1:68:1e:c8:29:08:
                    38:3d:60:09:1c:9a:b5:b2:42:5a:d6:c5:df:48:8a:
                    90:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:31:04:B4:95:76:3C:3D:71:14:84:54:F8:15:FB:2C:E8:F7:3C:03
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LjEEtJV2PD1xFIRU-BX7LOj3PAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:8e:08:ff:60:56:f3:42:64:2c:5b:8f:d6:3b:57:36:9b:a3:
         d7:54:51:9b:fa:42:15:7b:ec:3f:a8:92:47:cf:39:60:0e:1e:
         3a:09:87:3a:5b:5c:8e:61:29:7d:5c:2e:b1:7e:a9:2e:dd:82:
         77:e3:0d:38:3b:c5:95:8a:ff:9a:c2:3d:2e:b7:53:d3:f0:78:
         2a:c8:bc:ed:9d:8d:9c:5a:e7:8f:0c:f9:36:2f:4f:d4:64:64:
         77:d6:6f:ce:84:a0:ae:4d:86:85:07:0e:f8:69:ec:4e:eb:c3:
         7f:30:14:6e:86:78:a4:51:7e:25:ec:71:68:e5:32:9e:c1:56:
         61:aa:a4:18:9b:ee:c4:9c:dc:ed:bc:25:1d:c4:ea:bb:ad:44:
         45:87:ca:df:0b:96:e7:93:dc:02:ce:ac:65:1f:f8:d9:64:44:
         2f:a7:22:b1:ce:ed:87:0b:a0:50:0b:e2:11:e9:0a:8d:aa:89:
         6b:f7:0a:19:f9:d8:a8:89:7d:97:83:a4:8a:6e:35:2f:7b:bb:
         f2:a5:d1:fb:f0:ca:f4:44:71:17:b8:6a:2c:01:bc:f1:0c:64:
         ac:8f:2f:70:fb:87:23:8d:3f:28:f9:50:16:52:dc:3d:49:02:
         c3:77:9c:50:cf:2a:27:49:54:a9:59:8f:91:3a:98:c7:fe:52:
         d0:0d:e2:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAoBmZ1MgYdvXJvGslrdwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTMxMDRiNDk1NzYzYzNkNzExNDg0NTRmODE1ZmIyY2U4ZjczYzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApna1DTJa/U7cdAtECYr6lD55B0zY
RW7qP+c5IJbe0IZpTpVA91mKbgLWmSi4k07CQeXPi3tAPXvuiy6zc+5PWnWUgGq+
biwVKItU6qE3OHsIoDQfmaO48/hMt7qiBXAlR9euwDwo1OOrz+aYBO6/KirdslET
fj0Opnr3yFMgOihi73/cfR0ir582cCzqbFeATAs+3u7R6CP4g2JRUB2h4LiiIjHO
X3AG/afAwb9+/XCx5MYjgRGBSd5vUIJPicaKBpXG3Vvw/q8iBV4gARemYHTPMZJe
xO8fOW5sbu3TGmu6R6pReertncfxaB7IKQg4PWAJHJq1skJa1sXfSIqQbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4xBLSVdjw9cRSEVPgV+yzo9zwDMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTGpFRXRKVjJQRDF4RklSVS1CWDdMT2ozUEFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuceeMA0G
CSqGSIb3DQEBCwUAA4IBAQCUjgj/YFbzQmQsW4/WO1c2m6PXVFGb+kIVe+w/qJJH
zzlgDh46CYc6W1yOYSl9XC6xfqku3YJ34w04O8WViv+awj0ut1PT8HgqyLztnY2c
WuePDPk2L0/UZGR31m/OhKCuTYaFBw74aexO68N/MBRuhnikUX4l7HFo5TKewVZh
qqQYm+7EnNztvCUdxOq7rURFh8rfC5bnk9wCzqxlH/jZZEQvpyKxzu2HC6BQC+IR
6QqNqolr9woZ+dioiX2Xg6SKbjUve7vypdH78Mr0RHEXuGosAbzxDGSsjy9w+4cj
jT8o+VAWUtw9SQLDd5xQzyonSVSpWY+ROpjH/lLQDeI6
-----END CERTIFICATE-----