Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Lpbj-HaYDOf_MK5XtqE8hdhF0TA.roa
File:                     Lpbj-HaYDOf_MK5XtqE8hdhF0TA.roa (raw, json)
Hash identifier:          edkkIqvmRQzKkMlRs1LwOZ/x3XkJkTxkkgXoYELjo9s=
Subject key identifier:   2E:96:E3:F8:76:98:0C:E7:FF:30:AE:57:B6:A1:3C:85:D8:45:D1:30
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC802859824A000A6A3B6FEC08444DF8D
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Lpbj-HaYDOf_MK5XtqE8hdhF0TA.roa
Signing time:             Tue 02 Jan 2024 02:30:57 +0000
ROA not before:           Tue 02 Jan 2024 02:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     150158
IP address blocks:        185.223.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:85:98:24:a0:00:a6:a3:b6:fe:c0:84:44:df:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e96e3f876980ce7ff30ae57b6a13c85d845d130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:3c:38:53:0f:63:88:09:d0:31:1f:58:15:27:
                    98:3e:7a:db:95:d8:27:89:f1:00:a0:ce:5c:ec:d4:
                    a1:e7:48:05:42:93:75:55:a1:9c:85:2b:73:a6:a0:
                    22:75:07:9e:20:d8:85:89:02:f6:aa:cb:a3:69:ca:
                    6d:fc:ad:f2:0d:8b:f0:a3:0e:e4:96:5b:f1:12:54:
                    23:d8:1e:aa:c2:98:be:2e:d0:b3:9c:53:c2:5c:45:
                    4c:35:19:3c:98:06:78:89:fd:40:96:42:cf:f4:e5:
                    75:ad:f3:e3:52:c4:2f:28:e0:e2:75:d3:7a:8f:91:
                    3e:9d:82:5d:3b:a5:2f:c3:26:50:4c:03:d3:a6:a8:
                    19:f9:69:9f:19:ab:d7:97:27:b5:56:13:2f:00:72:
                    bb:bd:4e:67:0a:f3:25:2f:e3:dc:06:74:e4:83:54:
                    0d:f0:78:b6:bb:dc:3d:f6:fe:7f:9c:53:be:df:f1:
                    1c:43:d9:81:64:28:c8:99:39:1e:b3:c6:14:d6:2c:
                    be:d5:f0:31:93:66:24:bf:02:1a:ca:76:17:e0:60:
                    cc:85:d4:12:9d:84:f8:93:87:7d:dc:6b:b0:f4:cc:
                    30:c1:00:a7:fc:12:23:f6:0c:d3:04:6e:f5:9f:16:
                    df:42:13:8b:41:42:f5:bf:18:5e:7f:f5:44:f8:7b:
                    40:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:96:E3:F8:76:98:0C:E7:FF:30:AE:57:B6:A1:3C:85:D8:45:D1:30
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Lpbj-HaYDOf_MK5XtqE8hdhF0TA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:73:fb:ba:46:0f:af:27:b6:cb:33:63:d8:6b:66:a6:c9:f8:
         68:ac:3d:14:3d:b5:4c:64:83:70:ae:b9:4a:54:5a:63:c6:89:
         00:df:18:11:9f:3f:a2:92:35:1b:e9:33:2b:c9:d0:07:4e:74:
         5f:a6:ce:8e:41:15:79:f3:a4:09:20:f1:8c:76:b6:91:f0:f9:
         ed:ca:ae:e5:1d:56:ac:8c:77:33:d9:65:23:0d:58:2a:f0:39:
         0a:47:8d:ad:40:90:c7:c5:60:29:8c:49:66:6b:d4:a9:d2:e4:
         1e:62:65:0a:69:35:d4:27:93:db:63:44:99:01:5e:af:b3:0e:
         66:9d:56:35:43:45:f6:9b:99:95:dd:71:e7:b2:96:52:a6:af:
         ca:18:e5:2a:a7:23:6a:56:d6:95:69:17:ec:77:de:b0:b6:32:
         1f:70:dc:e3:03:43:56:e5:0b:b5:f5:02:bf:49:e0:92:44:ad:
         5f:7b:37:92:bd:6d:1a:85:c6:2c:85:d5:e4:2c:3d:82:24:3c:
         c8:54:11:92:94:de:6d:38:de:e7:0e:ae:63:e9:e3:e0:07:82:
         16:e4:03:2c:b5:58:8a:2d:d7:22:d8:0d:88:96:5a:9d:20:7b:
         24:87:35:3a:2f:0a:b6:cf:02:a8:8b:91:e7:5a:df:15:84:f3:
         a6:56:35:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAoWYJKAApqO2/sCERN+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTk2ZTNmODc2OTgwY2U3ZmYzMGFlNTdiNmExM2M4NWQ4NDVkMTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzw4Uw9jiAnQMR9YFSeYPnrbldgn
ifEAoM5c7NSh50gFQpN1VaGchStzpqAidQeeINiFiQL2qsujacpt/K3yDYvwow7k
llvxElQj2B6qwpi+LtCznFPCXEVMNRk8mAZ4if1AlkLP9OV1rfPjUsQvKODiddN6
j5E+nYJdO6UvwyZQTAPTpqgZ+WmfGavXlye1VhMvAHK7vU5nCvMlL+PcBnTkg1QN
8Hi2u9w99v5/nFO+3/EcQ9mBZCjImTkes8YU1iy+1fAxk2YkvwIaynYX4GDMhdQS
nYT4k4d93Guw9MwwwQCn/BIj9gzTBG71nxbfQhOLQUL1vxhef/VE+HtAUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6W4/h2mAzn/zCuV7ahPIXYRdEwMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTHBiai1IYVlET2ZfTUs1WHRxRThoZGhGMFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud+aMA0G
CSqGSIb3DQEBCwUAA4IBAQAec/u6Rg+vJ7bLM2PYa2amyfhorD0UPbVMZINwrrlK
VFpjxokA3xgRnz+ikjUb6TMrydAHTnRfps6OQRV586QJIPGMdraR8Pntyq7lHVas
jHcz2WUjDVgq8DkKR42tQJDHxWApjElma9Sp0uQeYmUKaTXUJ5PbY0SZAV6vsw5m
nVY1Q0X2m5mV3XHnspZSpq/KGOUqpyNqVtaVaRfsd96wtjIfcNzjA0NW5Qu19QK/
SeCSRK1fezeSvW0ahcYshdXkLD2CJDzIVBGSlN5tON7nDq5j6ePgB4IW5AMstViK
Ldci2A2IllqdIHskhzU6Lwq2zwKoi5HnWt8VhPOmVjWO
-----END CERTIFICATE-----