Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/2a4bfe-7688-46a1-9aff-ceb0710a0751/1/LMYzpDhG9hiT3ethjCpkWgbBWDg.roa
File:                     LMYzpDhG9hiT3ethjCpkWgbBWDg.roa (raw, json)
Hash identifier:          WVqYQy2VW11n+Xc8Md58cvwZSyY3z/8amIRjhjD40lA=
Subject key identifier:   2C:C6:33:A4:38:46:F6:18:93:DD:EB:61:8C:2A:64:5A:06:C1:58:38
Certificate issuer:       /CN=2fcdb505d1da136d009e20ef1b363b02e332519f
Certificate serial:       018CC56EBD878272874DE2E3DFEAE4978505
Authority key identifier: 2F:CD:B5:05:D1:DA:13:6D:00:9E:20:EF:1B:36:3B:02:E3:32:51:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L821BdHaE20AniDvGzY7AuMyUZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/2a4bfe-7688-46a1-9aff-ceb0710a0751/1/LMYzpDhG9hiT3ethjCpkWgbBWDg.roa
Signing time:             Mon 01 Jan 2024 14:30:18 +0000
ROA not before:           Mon 01 Jan 2024 14:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57469
IP address blocks:        194.26.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/2a4bfe-7688-46a1-9aff-ceb0710a0751/1/L821BdHaE20AniDvGzY7AuMyUZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/2a4bfe-7688-46a1-9aff-ceb0710a0751/1/L821BdHaE20AniDvGzY7AuMyUZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L821BdHaE20AniDvGzY7AuMyUZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:bd:87:82:72:87:4d:e2:e3:df:ea:e4:97:85:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fcdb505d1da136d009e20ef1b363b02e332519f
        Validity
            Not Before: Jan  1 14:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cc633a43846f61893ddeb618c2a645a06c15838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:39:47:b0:47:d6:6f:b2:dd:29:af:a7:19:60:
                    1a:2a:f1:ef:6b:ea:6c:3c:46:c4:93:30:84:5d:3e:
                    d5:ba:de:a7:4f:75:95:94:95:bf:37:87:52:26:59:
                    65:c9:e9:29:6d:ca:e7:75:11:71:df:96:03:86:e8:
                    44:23:2c:d6:46:b4:2b:ed:a9:1e:da:70:d0:52:51:
                    48:1d:06:c8:b8:a8:93:bd:3a:50:03:24:af:36:42:
                    b7:63:57:e6:f4:51:96:18:7c:2c:62:c8:b4:f7:61:
                    b5:1f:62:b3:13:a3:ba:33:11:7f:ca:35:b1:b4:e8:
                    b5:71:4f:95:90:b8:ad:9b:b4:66:c8:49:da:8a:8b:
                    b9:cb:66:2a:dd:55:3f:c4:83:a8:c5:53:d2:e3:3e:
                    b1:77:39:9d:2a:d2:23:19:60:43:fe:f8:3a:af:e3:
                    57:31:2c:3f:95:62:82:e6:1c:dd:89:84:34:2e:2e:
                    53:72:12:05:35:6b:a0:92:7a:bc:0d:d2:91:0b:3f:
                    35:8f:b8:00:b7:51:8a:b1:ba:94:3f:39:c5:26:3e:
                    7a:79:b3:0a:0f:0b:ea:0b:1e:f6:b9:dc:38:cc:87:
                    b2:e6:d0:05:d0:63:61:67:bc:31:05:06:6e:76:fa:
                    0c:8b:d9:55:95:f3:28:7a:17:21:5c:17:83:9a:81:
                    a6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:C6:33:A4:38:46:F6:18:93:DD:EB:61:8C:2A:64:5A:06:C1:58:38
            X509v3 Authority Key Identifier:
                keyid:2F:CD:B5:05:D1:DA:13:6D:00:9E:20:EF:1B:36:3B:02:E3:32:51:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L821BdHaE20AniDvGzY7AuMyUZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/2a4bfe-7688-46a1-9aff-ceb0710a0751/1/LMYzpDhG9hiT3ethjCpkWgbBWDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/2a4bfe-7688-46a1-9aff-ceb0710a0751/1/L821BdHaE20AniDvGzY7AuMyUZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:2a:22:da:80:a4:ff:a2:93:ed:13:d9:5f:b0:36:2c:37:a4:
         e0:03:0a:90:76:46:a7:c7:6f:e8:0d:2c:9a:7b:cf:5d:c4:49:
         82:81:4c:e4:df:17:e6:94:fd:5d:7c:2d:21:df:df:1e:a9:c4:
         aa:90:41:ad:94:d3:38:3e:62:a9:6b:b8:70:36:6a:a5:5b:95:
         10:b7:56:fe:ec:c6:ae:10:4c:e5:c4:0c:b4:f3:79:f1:b0:06:
         92:f5:e0:7a:34:1d:f5:42:69:6d:33:d4:12:43:29:c7:a4:38:
         d9:c7:cc:f1:b4:1c:72:99:f7:bc:08:6d:66:65:02:81:9f:56:
         1c:2b:0e:83:43:18:ec:1b:c5:15:7a:d7:e7:18:75:95:0a:1f:
         b1:41:2f:ed:b5:80:ed:60:53:41:32:70:3a:06:99:1e:b0:0f:
         c9:76:33:ca:6c:5a:87:56:fb:f6:08:04:7c:d2:6c:00:ae:45:
         87:26:10:a9:39:86:eb:6b:db:39:06:c6:58:42:19:a5:b8:e5:
         7a:e1:a4:9a:51:f5:37:71:ed:16:3d:14:48:2d:9c:d3:70:30:
         41:00:a3:ab:ec:4c:74:3e:db:4a:06:03:89:27:33:9c:42:36:
         91:b0:1d:8a:3d:33:71:53:f1:ad:53:9b:c8:2d:65:a3:71:78:
         98:22:37:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbr2HgnKHTeLj3+rkl4UFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmY2RiNTA1ZDFkYTEzNmQwMDllMjBlZjFiMzYzYjAyZTMz
MjUxOWYwHhcNMjQwMTAxMTQzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2M2MzNhNDM4NDZmNjE4OTNkZGViNjE4YzJhNjQ1YTA2YzE1ODM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizlHsEfWb7LdKa+nGWAaKvHva+ps
PEbEkzCEXT7Vut6nT3WVlJW/N4dSJlllyekpbcrndRFx35YDhuhEIyzWRrQr7ake
2nDQUlFIHQbIuKiTvTpQAySvNkK3Y1fm9FGWGHwsYsi092G1H2KzE6O6MxF/yjWx
tOi1cU+VkLitm7RmyEnaiou5y2Yq3VU/xIOoxVPS4z6xdzmdKtIjGWBD/vg6r+NX
MSw/lWKC5hzdiYQ0Li5TchIFNWugknq8DdKRCz81j7gAt1GKsbqUPznFJj56ebMK
DwvqCx72udw4zIey5tAF0GNhZ7wxBQZudvoMi9lVlfMoehchXBeDmoGmswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzGM6Q4RvYYk93rYYwqZFoGwVg4MB8GA1UdIwQY
MBaAFC/NtQXR2hNtAJ4g7xs2OwLjMlGfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDgyMUJkSGFFMjBBbmlEdkd6WTdBdU15VVo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8yYTRiZmUtNzY4OC00NmExLTlhZmYt
Y2ViMDcxMGEwNzUxLzEvTE1ZenBEaEc5aGlUM2V0aGpDcGtXZ2JCV0RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8yYTRiZmUtNzY4OC00NmExLTlhZmYtY2ViMDcxMGEwNzUx
LzEvTDgyMUJkSGFFMjBBbmlEdkd6WTdBdU15VVo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrhMA0G
CSqGSIb3DQEBCwUAA4IBAQBWKiLagKT/opPtE9lfsDYsN6TgAwqQdkanx2/oDSya
e89dxEmCgUzk3xfmlP1dfC0h398eqcSqkEGtlNM4PmKpa7hwNmqlW5UQt1b+7Mau
EEzlxAy083nxsAaS9eB6NB31QmltM9QSQynHpDjZx8zxtBxymfe8CG1mZQKBn1Yc
Kw6DQxjsG8UVetfnGHWVCh+xQS/ttYDtYFNBMnA6BpkesA/JdjPKbFqHVvv2CAR8
0mwArkWHJhCpOYbra9s5BsZYQhmluOV64aSaUfU3ce0WPRRILZzTcDBBAKOr7Ex0
PttKBgOJJzOcQjaRsB2KPTNxU/GtU5vILWWjcXiYIjcE
-----END CERTIFICATE-----