Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LnAfweg2i1k0JVlJ8-EEU9vTt_U.roa
File:                     LnAfweg2i1k0JVlJ8-EEU9vTt_U.roa (raw, json)
Hash identifier:          kPIAT03NXx7e4mGXPM+0Sv2Z3AjLTurel6w7BAaHk08=
Subject key identifier:   2E:70:1F:C1:E8:36:8B:59:34:25:59:49:F3:E1:04:53:DB:D3:B7:F5
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8029514741848291FA37791F87DBA10
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LnAfweg2i1k0JVlJ8-EEU9vTt_U.roa
Signing time:             Tue 02 Jan 2024 02:31:01 +0000
ROA not before:           Tue 02 Jan 2024 02:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211936
IP address blocks:        45.147.227.0/24 maxlen: 24
                          185.238.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:95:14:74:18:48:29:1f:a3:77:91:f8:7d:ba:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e701fc1e8368b5934255949f3e10453dbd3b7f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ea:2e:67:2e:7f:82:b3:be:42:ad:37:59:c4:
                    e7:a0:a9:85:7f:a6:e5:f2:a7:93:28:46:4a:c6:c5:
                    ae:c8:2e:fb:6a:53:23:a4:03:05:29:2e:d6:23:9c:
                    59:b0:8f:f7:1e:5b:66:f8:bb:01:58:f2:6a:d3:6a:
                    45:4b:da:f1:1a:37:66:04:42:35:4f:77:d7:8d:50:
                    8d:1b:07:cd:8f:08:9c:d9:48:16:25:8e:af:ce:49:
                    84:f4:20:9f:9a:f2:a5:ea:38:72:04:ac:92:e6:0b:
                    14:45:74:ba:b8:e3:39:38:63:dc:4d:40:3e:56:68:
                    1e:ed:5a:98:57:e3:f5:c1:eb:27:71:c9:4f:55:39:
                    b3:22:33:73:04:c6:37:de:9b:64:6e:f9:f8:b4:85:
                    c7:bf:b3:b9:3c:ca:e0:c8:04:91:af:9e:be:cd:a9:
                    89:29:58:19:d1:89:ab:83:ed:be:8f:64:7f:d3:e3:
                    6c:6e:ad:09:c5:c8:3a:78:44:09:b4:49:ae:fa:6d:
                    6e:61:b8:75:aa:7a:59:fd:b4:a2:6d:23:b8:af:1f:
                    61:cf:0c:88:1e:33:53:99:17:77:9e:ee:ea:8d:d7:
                    3d:0e:db:37:22:d4:dd:07:d6:a7:12:80:26:04:df:
                    4d:1c:37:85:3e:6f:91:46:3c:8f:ec:b8:00:56:db:
                    aa:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:70:1F:C1:E8:36:8B:59:34:25:59:49:F3:E1:04:53:DB:D3:B7:F5
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LnAfweg2i1k0JVlJ8-EEU9vTt_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.227.0/24
                  185.238.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:ce:f1:b6:12:cc:97:39:cb:8d:30:d9:39:ca:37:c2:91:0d:
         9c:54:d1:db:fd:99:ee:e6:75:2a:1b:aa:d4:b2:3f:ee:98:62:
         b1:ff:ae:16:d4:a4:c2:45:10:db:ec:b4:67:a1:84:83:86:b2:
         c7:f3:7c:6e:d8:ee:43:20:f1:7d:c1:6f:4c:a2:5b:e9:e9:17:
         6c:89:49:ea:99:7e:64:83:07:b3:d1:c3:6d:31:80:d9:3b:78:
         0b:27:99:db:21:d1:f3:6e:fc:67:4b:c5:3f:0c:63:10:18:04:
         d0:14:b3:8c:1c:99:6a:9f:3c:5d:8e:34:41:30:e1:4b:f5:50:
         41:a8:62:a4:24:23:d9:c1:e5:68:81:55:b8:7a:41:7a:f5:20:
         15:00:e2:76:0e:cf:8b:3a:67:1b:cb:68:5e:6d:57:3d:69:d4:
         7a:38:08:7f:a2:19:59:29:d2:86:63:b2:be:a4:81:ce:a6:94:
         11:33:56:cc:d2:2d:a0:06:bf:4a:a9:d6:42:59:ba:0b:eb:6d:
         34:56:9a:50:e7:91:bd:e0:c4:30:db:17:03:c8:0a:4b:16:28:
         f2:43:96:a4:ce:43:94:c6:00:03:cd:fc:49:b6:d3:a9:9e:bf:
         17:46:93:7f:16:54:73:85:dd:d8:e1:35:82:4e:e1:1d:20:50:
         33:6c:25:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIApUUdBhIKR+jd5H4fboQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTcwMWZjMWU4MzY4YjU5MzQyNTU5NDlmM2UxMDQ1M2RiZDNiN2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxuouZy5/grO+Qq03WcTnoKmFf6bl
8qeTKEZKxsWuyC77alMjpAMFKS7WI5xZsI/3Hltm+LsBWPJq02pFS9rxGjdmBEI1
T3fXjVCNGwfNjwic2UgWJY6vzkmE9CCfmvKl6jhyBKyS5gsURXS6uOM5OGPcTUA+
Vmge7VqYV+P1wesncclPVTmzIjNzBMY33ptkbvn4tIXHv7O5PMrgyASRr56+zamJ
KVgZ0Ymrg+2+j2R/0+Nsbq0Jxcg6eEQJtEmu+m1uYbh1qnpZ/bSibSO4rx9hzwyI
HjNTmRd3nu7qjdc9Dts3ItTdB9anEoAmBN9NHDeFPm+RRjyP7LgAVtuqewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC5wH8HoNotZNCVZSfPhBFPb07f1MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTG5BZndlZzJpMWswSlZsSjgtRUVVOXZUdF9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZPjAwQA
ue7lMA0GCSqGSIb3DQEBCwUAA4IBAQB6zvG2EsyXOcuNMNk5yjfCkQ2cVNHb/Znu
5nUqG6rUsj/umGKx/64W1KTCRRDb7LRnoYSDhrLH83xu2O5DIPF9wW9Molvp6Rds
iUnqmX5kgwez0cNtMYDZO3gLJ5nbIdHzbvxnS8U/DGMQGATQFLOMHJlqnzxdjjRB
MOFL9VBBqGKkJCPZweVogVW4ekF69SAVAOJ2Ds+LOmcby2hebVc9adR6OAh/ohlZ
KdKGY7K+pIHOppQRM1bM0i2gBr9KqdZCWboL6200VppQ55G94MQw2xcDyApLFijy
Q5akzkOUxgADzfxJttOpnr8XRpN/FlRzhd3Y4TWCTuEdIFAzbCWj
-----END CERTIFICATE-----