Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Ljm7laMH7Bte2Uc6UyjCPD_qQFg.roa
File:                     Ljm7laMH7Bte2Uc6UyjCPD_qQFg.roa (raw, json)
Hash identifier:          aTSkA4Q/lfw8DgHLkuhJt9nsjzGDK7m0AosjIAof554=
Subject key identifier:   2E:39:BB:95:A3:07:EC:1B:5E:D9:47:3A:53:28:C2:3C:3F:EA:40:58
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8029D6E3CCBC089B56BA2A381D579CA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Ljm7laMH7Bte2Uc6UyjCPD_qQFg.roa
Signing time:             Tue 02 Jan 2024 02:31:03 +0000
ROA not before:           Tue 02 Jan 2024 02:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272611
IP address blocks:        185.238.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:9d:6e:3c:cb:c0:89:b5:6b:a2:a3:81:d5:79:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e39bb95a307ec1b5ed9473a5328c23c3fea4058
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fa:92:31:02:c5:50:d9:16:22:f9:9a:48:d5:
                    c6:95:b7:94:34:7c:90:9e:41:da:ff:a8:d8:33:00:
                    76:09:51:c8:11:05:bb:8c:8a:7e:67:79:1a:ee:da:
                    6a:52:74:77:5c:47:5e:d4:df:1f:4b:0c:19:ee:24:
                    2a:3b:bf:eb:f9:6a:f7:01:ea:f8:3c:58:f9:5e:a9:
                    29:ef:29:f0:1a:29:6f:e3:03:e9:4f:1e:ce:10:db:
                    7f:2a:e5:fe:4c:2b:b7:01:55:5a:a4:07:29:c3:68:
                    b5:1e:be:a0:1e:cb:ed:e6:ec:33:2e:97:88:c0:42:
                    bb:de:19:c2:91:30:bd:98:0e:26:19:ce:04:60:10:
                    27:5c:b7:61:95:7b:36:97:08:7e:b1:f5:a9:b5:5d:
                    11:86:8f:52:cb:01:15:e0:7e:35:23:c7:40:a4:2d:
                    4c:4e:69:48:48:a3:b0:1c:4c:1a:28:ad:e6:9e:cd:
                    47:9d:29:cb:9b:2f:f4:d4:a5:59:71:d3:af:1e:b6:
                    98:6e:27:74:0f:6a:d9:49:98:02:91:2d:57:8a:98:
                    42:88:b4:92:37:96:fa:af:15:2c:8d:db:b5:9d:34:
                    3b:db:9d:a4:a7:9a:ff:eb:2c:ad:bc:4d:be:fe:ef:
                    77:12:f1:68:75:02:c2:c2:99:67:12:f6:ad:93:1e:
                    ba:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:39:BB:95:A3:07:EC:1B:5E:D9:47:3A:53:28:C2:3C:3F:EA:40:58
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Ljm7laMH7Bte2Uc6UyjCPD_qQFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:06:dd:59:2d:44:2d:0a:31:16:ba:72:39:d7:f3:27:df:25:
         dd:8f:ec:e0:1e:aa:1c:6f:27:2e:f0:03:f3:e8:ca:a5:da:b2:
         88:c7:2c:45:06:81:fb:06:b6:fb:5d:95:19:61:ba:e2:14:3b:
         f7:29:79:4c:13:6e:8c:90:6a:bd:91:85:b2:07:e8:21:d8:4c:
         8f:81:49:4c:80:20:8c:ee:1f:95:14:75:30:29:05:66:8c:7f:
         6a:78:4a:2e:15:7b:7a:29:3b:ac:c0:90:70:73:57:81:72:3e:
         a4:49:c0:d5:7a:f1:8d:93:0f:db:05:75:59:91:bd:52:05:00:
         59:1d:f2:d2:48:98:9d:00:31:bd:66:7a:6c:ce:42:52:bc:66:
         f6:b2:f5:20:79:98:a8:9c:9d:b6:af:3d:fc:68:9e:8e:4b:93:
         19:56:c2:08:8f:08:20:a8:13:c2:c4:4f:b1:bc:90:f9:7b:06:
         07:1d:fa:4f:30:8d:a4:99:54:7a:ed:2c:dd:7a:ee:2c:c7:f3:
         57:f9:37:52:0b:7d:ea:21:30:48:50:58:f7:a4:62:3d:c6:99:
         eb:8a:9a:b3:5a:0e:13:cd:11:96:a2:9b:f7:1a:0d:86:40:43:
         0b:09:9e:bd:68:9e:5d:13:8b:ed:82:74:c7:0c:c1:35:06:fa:
         81:c8:62:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAp1uPMvAibVroqOB1XnKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTM5YmI5NWEzMDdlYzFiNWVkOTQ3M2E1MzI4YzIzYzNmZWE0MDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfqSMQLFUNkWIvmaSNXGlbeUNHyQ
nkHa/6jYMwB2CVHIEQW7jIp+Z3ka7tpqUnR3XEde1N8fSwwZ7iQqO7/r+Wr3Aer4
PFj5Xqkp7ynwGilv4wPpTx7OENt/KuX+TCu3AVVapAcpw2i1Hr6gHsvt5uwzLpeI
wEK73hnCkTC9mA4mGc4EYBAnXLdhlXs2lwh+sfWptV0Rho9SywEV4H41I8dApC1M
TmlISKOwHEwaKK3mns1HnSnLmy/01KVZcdOvHraYbid0D2rZSZgCkS1XiphCiLSS
N5b6rxUsjdu1nTQ7252kp5r/6yytvE2+/u93EvFodQLCwplnEvatkx66GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC45u5WjB+wbXtlHOlMowjw/6kBYMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTGptN2xhTUg3QnRlMlVjNlV5akNQRF9xUUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue7mMA0G
CSqGSIb3DQEBCwUAA4IBAQCbBt1ZLUQtCjEWunI51/Mn3yXdj+zgHqocbycu8APz
6Mql2rKIxyxFBoH7Brb7XZUZYbriFDv3KXlME26MkGq9kYWyB+gh2EyPgUlMgCCM
7h+VFHUwKQVmjH9qeEouFXt6KTuswJBwc1eBcj6kScDVevGNkw/bBXVZkb1SBQBZ
HfLSSJidADG9ZnpszkJSvGb2svUgeZionJ22rz38aJ6OS5MZVsIIjwggqBPCxE+x
vJD5ewYHHfpPMI2kmVR67Szdeu4sx/NX+TdSC33qITBIUFj3pGI9xpnripqzWg4T
zRGWopv3Gg2GQEMLCZ69aJ5dE4vtgnTHDME1BvqByGI/
-----END CERTIFICATE-----