Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/LBLEzy4HcYlhO9Qg9uDoUWWAWgQ.roa
File:                     LBLEzy4HcYlhO9Qg9uDoUWWAWgQ.roa (raw, json)
Hash identifier:          4P9kl60C0J5vn4EII5a42d+Mw21ncwktqGF7utLLSLc=
Subject key identifier:   2C:12:C4:CF:2E:07:71:89:61:3B:D4:20:F6:E0:E8:51:65:80:5A:04
Certificate issuer:       /CN=5c6a5f52b002f6286c1d5eb257bb5e853342a284
Certificate serial:       018CC34947D516C568BD123A29A2C673C814
Authority key identifier: 5C:6A:5F:52:B0:02:F6:28:6C:1D:5E:B2:57:BB:5E:85:33:42:A2:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGpfUrAC9ihsHV6yV7tehTNCooQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/LBLEzy4HcYlhO9Qg9uDoUWWAWgQ.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33864
IP address blocks:        84.17.128.0/19 maxlen: 24
                          185.137.40.0/22 maxlen: 24
                          2a02:1760::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/XGpfUrAC9ihsHV6yV7tehTNCooQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/XGpfUrAC9ihsHV6yV7tehTNCooQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGpfUrAC9ihsHV6yV7tehTNCooQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 20:23:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:47:d5:16:c5:68:bd:12:3a:29:a2:c6:73:c8:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c6a5f52b002f6286c1d5eb257bb5e853342a284
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c12c4cf2e077189613bd420f6e0e85165805a04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a8:6e:04:d1:1b:74:bb:9b:de:7e:8f:a4:11:
                    3c:fb:40:88:75:60:e9:1d:9f:30:1f:04:99:00:1d:
                    3c:b5:9e:05:6e:8e:b4:dd:e5:dc:3e:f5:c4:4c:03:
                    03:3a:61:60:7c:d4:d4:0d:33:91:3d:04:84:e1:a9:
                    6f:fd:c2:58:8c:b4:85:a8:e0:b2:0e:be:c3:40:ad:
                    a0:49:bf:a2:6a:07:57:c3:7d:56:a0:f4:ee:14:26:
                    e3:c7:00:0a:84:ed:0a:99:e2:1c:a2:28:74:1a:77:
                    20:81:cb:c4:92:72:1c:d1:fb:4c:79:c8:24:cd:49:
                    a4:78:a2:24:de:69:c8:18:8e:88:b1:ed:46:3b:ea:
                    4d:9a:b9:96:dc:6c:c3:0f:c7:11:c0:6d:33:d0:b5:
                    f6:2e:d4:b1:bd:d3:74:4b:60:06:2a:52:6f:00:c0:
                    09:4f:05:9e:95:49:52:05:41:b1:9f:33:00:d5:aa:
                    b1:ba:39:a2:be:8d:fb:6a:99:72:a1:3e:c2:b1:48:
                    14:c3:df:e4:14:8b:94:9f:2f:4f:7c:72:8f:12:0f:
                    63:93:39:6d:ef:20:e6:c7:69:4c:be:29:6a:b1:08:
                    73:21:14:17:e0:4b:b4:d0:94:4c:8f:05:80:c5:7a:
                    f7:cd:82:58:d4:6b:d8:8c:2b:0c:e7:66:2a:71:45:
                    f5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:12:C4:CF:2E:07:71:89:61:3B:D4:20:F6:E0:E8:51:65:80:5A:04
            X509v3 Authority Key Identifier:
                keyid:5C:6A:5F:52:B0:02:F6:28:6C:1D:5E:B2:57:BB:5E:85:33:42:A2:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGpfUrAC9ihsHV6yV7tehTNCooQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/LBLEzy4HcYlhO9Qg9uDoUWWAWgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/b4ecb1-a0f5-4261-bcde-096c9c07ae18/1/XGpfUrAC9ihsHV6yV7tehTNCooQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.128.0/19
                  185.137.40.0/22
                IPv6:
                  2a02:1760::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:00:2b:2c:88:34:05:52:00:db:21:15:b6:f1:fb:9f:b4:e0:
         ae:33:e1:72:99:be:ac:fb:ef:d0:6c:b2:09:84:e7:02:c0:f9:
         70:c5:7e:c4:82:22:c6:c9:a4:1c:c9:b8:48:54:b7:15:b5:3d:
         c2:ff:1a:18:fb:71:6c:17:76:99:22:6c:6e:c1:71:ff:fe:ba:
         45:27:9f:2f:9a:7a:7f:43:18:84:97:fa:e6:51:aa:ae:51:b9:
         b9:5b:7c:46:ce:ae:5b:aa:2f:ca:0f:61:84:36:b8:71:fd:01:
         5b:9c:2a:f6:e9:fe:87:a4:d2:71:96:10:ba:38:f9:1c:c6:98:
         f8:7e:1e:e2:8d:ce:84:49:33:13:b9:1c:83:a5:ec:d7:40:7d:
         48:f2:1b:8c:a4:2f:c8:e0:f8:41:df:58:0f:76:a8:f8:5b:97:
         0e:cc:b9:f9:ca:25:f5:e0:91:5f:f7:0c:7b:f4:49:43:46:c3:
         1c:66:1f:2f:93:0c:cd:7d:ae:28:4a:c5:ed:96:7d:55:3c:b8:
         b2:53:f8:c8:cc:98:bd:fe:49:8f:03:11:6c:66:3d:28:55:3f:
         3a:ad:b2:b6:16:73:9f:22:bc:21:ef:07:98:ab:8b:ee:4a:c6:
         42:d2:a5:d5:71:b1:ef:d3:2b:bc:02:64:a3:b5:dc:11:f9:20:
         88:a8:19:c0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSUfVFsVovRI6KaLGc8gUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNmE1ZjUyYjAwMmY2Mjg2YzFkNWViMjU3YmI1ZTg1MzM0
MmEyODQwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzEyYzRjZjJlMDc3MTg5NjEzYmQ0MjBmNmUwZTg1MTY1ODA1YTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApahuBNEbdLub3n6PpBE8+0CIdWDp
HZ8wHwSZAB08tZ4Fbo603eXcPvXETAMDOmFgfNTUDTORPQSE4alv/cJYjLSFqOCy
Dr7DQK2gSb+iagdXw31WoPTuFCbjxwAKhO0KmeIcoih0GncggcvEknIc0ftMecgk
zUmkeKIk3mnIGI6Ise1GO+pNmrmW3GzDD8cRwG0z0LX2LtSxvdN0S2AGKlJvAMAJ
TwWelUlSBUGxnzMA1aqxujmivo37aplyoT7CsUgUw9/kFIuUny9PfHKPEg9jkzlt
7yDmx2lMvilqsQhzIRQX4Eu00JRMjwWAxXr3zYJY1GvYjCsM52YqcUX1FwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCwSxM8uB3GJYTvUIPbg6FFlgFoEMB8GA1UdIwQY
MBaAFFxqX1KwAvYobB1esle7XoUzQqKEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdwZlVyQUM5aWhzSFY2eVY3dGVoVE5Db29RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iNGVjYjEtYTBmNS00MjYxLWJjZGUt
MDk2YzljMDdhZTE4LzEvTEJMRXp5NEhjWWxoTzlRZzl1RG9VV1dBV2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iNGVjYjEtYTBmNS00MjYxLWJjZGUtMDk2YzljMDdhZTE4
LzEvWEdwZlVyQUM5aWhzSFY2eVY3dGVoVE5Db29RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFVBGAAwQC
uYkoMA0EAgACMAcDBQAqAhdgMA0GCSqGSIb3DQEBCwUAA4IBAQBGACssiDQFUgDb
IRW28fuftOCuM+Fymb6s++/QbLIJhOcCwPlwxX7EgiLGyaQcybhIVLcVtT3C/xoY
+3FsF3aZImxuwXH//rpFJ58vmnp/QxiEl/rmUaquUbm5W3xGzq5bqi/KD2GENrhx
/QFbnCr26f6HpNJxlhC6OPkcxpj4fh7ijc6ESTMTuRyDpezXQH1I8huMpC/I4PhB
31gPdqj4W5cOzLn5yiX14JFf9wx79ElDRsMcZh8vkwzNfa4oSsXtln1VPLiyU/jI
zJi9/kmPAxFsZj0oVT86rbK2FnOfIrwh7weYq4vuSsZC0qXVcbHv0yu8AmSjtdwR
+SCIqBnA
-----END CERTIFICATE-----