Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/83f82d-1545-4074-8682-a1de58a3b35b/1/LnsIAVLHc63ssGW-G1A9mWz9GJw.roa
File:                     LnsIAVLHc63ssGW-G1A9mWz9GJw.roa (raw, json)
Hash identifier:          u8mP6VrUDQ5qBM5yI2g/sXxg2COxrwhBwlPdtwOdizg=
Subject key identifier:   2E:7B:08:01:52:C7:73:AD:EC:B0:65:BE:1B:50:3D:99:6C:FD:18:9C
Certificate issuer:       /CN=8288903d90c01e2d5ce1878805ad4a92d28aedc9
Certificate serial:       018CC72657A6862C1444EDEBE78840729EDC
Authority key identifier: 82:88:90:3D:90:C0:1E:2D:5C:E1:87:88:05:AD:4A:92:D2:8A:ED:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/goiQPZDAHi1c4YeIBa1KktKK7ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/83f82d-1545-4074-8682-a1de58a3b35b/1/LnsIAVLHc63ssGW-G1A9mWz9GJw.roa
Signing time:             Mon 01 Jan 2024 22:30:27 +0000
ROA not before:           Mon 01 Jan 2024 22:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206732
IP address blocks:        185.178.8.0/22 maxlen: 24
                          2a12:b140::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/83f82d-1545-4074-8682-a1de58a3b35b/1/goiQPZDAHi1c4YeIBa1KktKK7ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/83f82d-1545-4074-8682-a1de58a3b35b/1/goiQPZDAHi1c4YeIBa1KktKK7ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/goiQPZDAHi1c4YeIBa1KktKK7ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:57:a6:86:2c:14:44:ed:eb:e7:88:40:72:9e:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8288903d90c01e2d5ce1878805ad4a92d28aedc9
        Validity
            Not Before: Jan  1 22:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e7b080152c773adecb065be1b503d996cfd189c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:63:2f:80:c9:7d:1e:d4:a2:73:e2:93:ed:f2:
                    50:15:4f:d7:35:77:e1:e3:0e:49:78:03:cf:88:9a:
                    e3:2b:51:8f:41:66:f4:f9:7e:23:59:41:50:df:a8:
                    e6:c7:fa:b2:13:77:29:95:cf:a1:da:e5:bb:79:bd:
                    9c:09:03:e6:82:a5:4c:1f:dc:39:d6:f3:6a:44:2a:
                    bf:0a:d2:c1:86:2d:b8:8a:4d:03:3e:99:1e:5e:b1:
                    e8:b3:b4:d2:ae:c9:ed:9e:fd:98:0c:a6:df:e9:64:
                    f8:3c:7a:78:93:11:bb:e7:85:1c:d2:cd:23:1e:a9:
                    be:24:de:2a:e8:3f:e2:84:b9:c7:68:e7:62:57:84:
                    ba:f5:14:05:b4:e1:ca:28:dc:3f:a1:01:5b:4f:8e:
                    94:a1:2c:13:a3:cd:31:85:59:c2:bd:c0:46:53:9f:
                    d2:6f:2e:8f:70:52:c1:71:1d:81:df:8e:c4:f6:0c:
                    c2:cc:65:88:b9:74:dd:0e:b1:aa:b3:70:66:e1:27:
                    9c:83:c5:ee:90:c4:44:27:c2:7b:50:cd:7b:85:25:
                    f2:09:b1:19:4f:58:91:df:3d:12:3b:aa:79:9b:86:
                    33:8c:33:a5:8b:56:4a:46:fa:68:36:55:64:d4:7f:
                    12:81:e0:c5:65:b9:02:bc:2f:10:22:cb:cd:90:90:
                    4e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:7B:08:01:52:C7:73:AD:EC:B0:65:BE:1B:50:3D:99:6C:FD:18:9C
            X509v3 Authority Key Identifier:
                keyid:82:88:90:3D:90:C0:1E:2D:5C:E1:87:88:05:AD:4A:92:D2:8A:ED:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/goiQPZDAHi1c4YeIBa1KktKK7ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/83f82d-1545-4074-8682-a1de58a3b35b/1/LnsIAVLHc63ssGW-G1A9mWz9GJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/83f82d-1545-4074-8682-a1de58a3b35b/1/goiQPZDAHi1c4YeIBa1KktKK7ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.8.0/22
                IPv6:
                  2a12:b140::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:55:60:35:07:9f:0f:3f:31:ac:ad:5e:1f:df:33:22:d9:8c:
         f2:b1:5a:c6:d0:98:2f:e6:53:5c:77:95:26:ce:9d:10:4e:72:
         8e:b9:02:82:52:9e:20:dd:b8:84:4e:a3:5f:f7:e1:72:b6:9a:
         12:7f:95:d4:fb:76:ac:dc:82:1a:ba:27:4e:85:9b:13:4b:a5:
         88:89:73:86:90:e2:ba:bf:c6:0d:94:99:8a:9f:00:61:be:59:
         42:ed:eb:0c:c4:12:31:4d:3a:d8:37:33:8d:1b:ae:a8:fc:ce:
         3a:4a:1b:37:29:de:3e:f6:4a:a2:2d:42:e4:78:8e:c5:38:b1:
         c4:f0:69:b0:2d:da:90:68:a9:bf:e9:f4:03:e4:1f:90:aa:4f:
         13:d1:bb:d6:b7:4f:79:19:f7:56:96:de:55:ae:5b:6a:ba:eb:
         d9:f7:42:4e:0a:89:3c:f7:d4:63:cd:83:6f:88:a2:71:99:39:
         3f:02:69:44:9a:f3:a1:93:7a:82:68:a3:c2:bb:16:f6:cb:56:
         7b:00:d3:56:51:e6:3a:cc:f9:a4:16:76:e8:b6:7a:ec:bb:d6:
         f2:38:84:b1:e3:4f:fa:a6:6e:62:e0:0c:9f:fb:9b:7c:46:24:
         38:28:9c:13:bf:54:3e:7e:4e:ef:01:a0:db:f5:f7:51:98:dc:
         5d:3d:b7:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJlemhiwURO3r54hAcp7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyODg5MDNkOTBjMDFlMmQ1Y2UxODc4ODA1YWQ0YTkyZDI4
YWVkYzkwHhcNMjQwMTAxMjIzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTdiMDgwMTUyYzc3M2FkZWNiMDY1YmUxYjUwM2Q5OTZjZmQxODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGMvgMl9HtSic+KT7fJQFU/XNXfh
4w5JeAPPiJrjK1GPQWb0+X4jWUFQ36jmx/qyE3cplc+h2uW7eb2cCQPmgqVMH9w5
1vNqRCq/CtLBhi24ik0DPpkeXrHos7TSrsntnv2YDKbf6WT4PHp4kxG754Uc0s0j
Hqm+JN4q6D/ihLnHaOdiV4S69RQFtOHKKNw/oQFbT46UoSwTo80xhVnCvcBGU5/S
by6PcFLBcR2B347E9gzCzGWIuXTdDrGqs3Bm4Secg8XukMREJ8J7UM17hSXyCbEZ
T1iR3z0SO6p5m4YzjDOli1ZKRvpoNlVk1H8SgeDFZbkCvC8QIsvNkJBO5wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC57CAFSx3Ot7LBlvhtQPZls/RicMB8GA1UdIwQY
MBaAFIKIkD2QwB4tXOGHiAWtSpLSiu3JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ29pUVBaREFIaTFjNFllSUJhMUtrdEtLN2NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi84M2Y4MmQtMTU0NS00MDc0LTg2ODIt
YTFkZTU4YTNiMzViLzEvTG5zSUFWTEhjNjNzc0dXLUcxQTltV3o5R0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi84M2Y4MmQtMTU0NS00MDc0LTg2ODItYTFkZTU4YTNiMzVi
LzEvZ29pUVBaREFIaTFjNFllSUJhMUtrdEtLN2NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubIIMA0E
AgACMAcDBQMqErFAMA0GCSqGSIb3DQEBCwUAA4IBAQBHVWA1B58PPzGsrV4f3zMi
2YzysVrG0Jgv5lNcd5Umzp0QTnKOuQKCUp4g3biETqNf9+FytpoSf5XU+3as3IIa
uidOhZsTS6WIiXOGkOK6v8YNlJmKnwBhvllC7esMxBIxTTrYNzONG66o/M46Shs3
Kd4+9kqiLULkeI7FOLHE8GmwLdqQaKm/6fQD5B+Qqk8T0bvWt095GfdWlt5Vrltq
uuvZ90JOCok899RjzYNviKJxmTk/AmlEmvOhk3qCaKPCuxb2y1Z7ANNWUeY6zPmk
Fnbotnrsu9byOISx40/6pm5i4Ayf+5t8RiQ4KJwTv1Q+fk7vAaDb9fdRmNxdPbeV
-----END CERTIFICATE-----