Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/LAS-89i0IrZqV2FQW2ouUfJJsTs.roa
File:                     LAS-89i0IrZqV2FQW2ouUfJJsTs.roa (raw, json)
Hash identifier:          tKt31gtkUMKEGXklqcMdOQwujxl8WFuF2SdlsDfMs5c=
Subject key identifier:   2C:04:BE:F3:D8:B4:22:B6:6A:57:61:50:5B:6A:2E:51:F2:49:B1:3B
Certificate issuer:       /CN=2330e26060913c758137488bfd7ab1bfe9e10ae2
Certificate serial:       018E020D94F112256E46CBC7B61015B1C014
Authority key identifier: 23:30:E2:60:60:91:3C:75:81:37:48:8B:FD:7A:B1:BF:E9:E1:0A:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/LAS-89i0IrZqV2FQW2ouUfJJsTs.roa
Signing time:             Sun 03 Mar 2024 02:03:48 +0000
ROA not before:           Sun 03 Mar 2024 02:03:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        185.203.232.0/24 maxlen: 24
                          185.203.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:02:0d:94:f1:12:25:6e:46:cb:c7:b6:10:15:b1:c0:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2330e26060913c758137488bfd7ab1bfe9e10ae2
        Validity
            Not Before: Mar  3 02:03:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c04bef3d8b422b66a5761505b6a2e51f249b13b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b8:be:62:c6:6e:b6:5c:ad:e5:ad:5b:cd:a4:
                    45:03:95:db:c0:4f:63:d0:dc:84:82:e7:64:36:b0:
                    27:ae:21:7b:6e:e6:e4:0e:7e:38:15:fc:22:7f:a9:
                    ea:71:bc:1c:68:e4:39:57:e6:c6:f4:0d:55:c4:2f:
                    74:c2:96:7e:88:5a:f4:8a:42:35:17:bc:1e:bb:70:
                    b8:4c:9b:ef:87:9a:48:42:8b:1a:cd:f0:50:41:c9:
                    ca:e0:a1:42:77:50:39:b7:c2:b2:9e:15:78:0d:c1:
                    37:c4:be:c7:03:57:7d:f6:f1:93:7a:fa:0b:d4:72:
                    94:b5:91:f0:30:bf:63:ad:31:26:c8:14:39:b3:81:
                    37:a7:9e:fe:d6:dd:41:fa:9f:48:b5:c5:f0:f8:59:
                    87:59:68:5f:83:7a:23:7a:47:a2:ed:fe:62:d4:96:
                    ac:9c:0e:55:d0:61:f6:61:c7:41:1a:4a:28:d3:24:
                    d3:67:54:0d:71:dd:47:32:b1:cf:03:34:9d:d5:2c:
                    a6:dc:33:dc:a8:55:d7:a8:1b:cd:c5:46:e8:1d:13:
                    f7:62:34:b2:08:44:08:34:9c:66:59:bc:97:cd:eb:
                    ac:e9:1d:cb:55:d9:9b:42:1a:26:84:c8:41:d5:26:
                    47:b0:e3:3f:70:ba:a3:c1:62:e4:ce:69:75:e7:4f:
                    c2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:04:BE:F3:D8:B4:22:B6:6A:57:61:50:5B:6A:2E:51:F2:49:B1:3B
            X509v3 Authority Key Identifier:
                keyid:23:30:E2:60:60:91:3C:75:81:37:48:8B:FD:7A:B1:BF:E9:E1:0A:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/LAS-89i0IrZqV2FQW2ouUfJJsTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.232.0/24
                  185.203.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:b0:55:b3:0c:f0:7a:22:93:97:00:3b:95:7f:9e:a9:1c:93:
         2a:cc:e5:14:a4:8b:3c:ca:b2:74:c8:aa:e0:14:ff:b7:67:2f:
         6d:b9:60:d3:26:65:02:29:67:bb:bb:73:20:57:47:75:6a:df:
         e7:78:41:7a:1b:bd:e4:88:41:94:33:87:58:45:ed:4a:61:80:
         4c:0a:74:6f:73:0a:c4:0b:98:1a:cf:63:71:bd:2b:c2:51:04:
         0f:40:de:b4:f3:f7:ea:b2:1a:58:11:ff:d6:cc:88:86:f4:6a:
         07:36:62:fb:d7:da:54:0a:85:0d:47:41:bf:7a:e5:26:1f:ef:
         83:90:49:27:e4:63:e4:4b:81:47:a1:d2:40:8b:8c:48:36:c4:
         75:38:1f:69:d4:8e:60:07:e3:0f:9f:64:b4:f2:e3:5e:a6:e2:
         c2:61:7d:47:e0:e9:02:56:fa:a9:84:b5:11:50:59:b0:2d:91:
         6e:73:23:e7:a9:92:91:40:8d:bb:4c:fa:49:4b:f4:65:cc:82:
         7f:2b:19:85:60:ad:9e:4f:a1:5b:fe:2a:c4:7a:2d:95:68:55:
         2e:b1:c1:38:87:58:02:6c:67:1c:01:1b:67:83:2d:b8:bf:88:
         61:29:b0:da:62:fe:ad:1e:64:a7:98:99:71:ee:27:51:cb:72:
         96:29:70:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4CDZTxEiVuRsvHthAVscAUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzBlMjYwNjA5MTNjNzU4MTM3NDg4YmZkN2FiMWJmZTll
MTBhZTIwHhcNMjQwMzAzMDIwMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzA0YmVmM2Q4YjQyMmI2NmE1NzYxNTA1YjZhMmU1MWYyNDliMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7i+YsZutlyt5a1bzaRFA5XbwE9j
0NyEgudkNrAnriF7bubkDn44Ffwif6nqcbwcaOQ5V+bG9A1VxC90wpZ+iFr0ikI1
F7weu3C4TJvvh5pIQosazfBQQcnK4KFCd1A5t8KynhV4DcE3xL7HA1d99vGTevoL
1HKUtZHwML9jrTEmyBQ5s4E3p57+1t1B+p9ItcXw+FmHWWhfg3ojekei7f5i1Jas
nA5V0GH2YcdBGkoo0yTTZ1QNcd1HMrHPAzSd1Sym3DPcqFXXqBvNxUboHRP3YjSy
CEQINJxmWbyXzeus6R3LVdmbQhomhMhB1SZHsOM/cLqjwWLkzml150/CSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCwEvvPYtCK2aldhUFtqLlHySbE7MB8GA1UdIwQY
MBaAFCMw4mBgkTx1gTdIi/16sb/p4QriMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpEaVlHQ1JQSFdCTjBpTF9YcXh2LW5oQ3VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS80NjkwYzAtMGI5MS00MzIyLTk0Yjkt
NzA2NzgyY2ZhMDNiLzEvTEFTLTg5aTBJclpxVjJGUVcyb3VVZkpKc1RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS80NjkwYzAtMGI5MS00MzIyLTk0YjktNzA2NzgyY2ZhMDNi
LzEvSXpEaVlHQ1JQSFdCTjBpTF9YcXh2LW5oQ3VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucvoAwQA
ucvrMA0GCSqGSIb3DQEBCwUAA4IBAQA5sFWzDPB6IpOXADuVf56pHJMqzOUUpIs8
yrJ0yKrgFP+3Zy9tuWDTJmUCKWe7u3MgV0d1at/neEF6G73kiEGUM4dYRe1KYYBM
CnRvcwrEC5gaz2NxvSvCUQQPQN608/fqshpYEf/WzIiG9GoHNmL719pUCoUNR0G/
euUmH++DkEkn5GPkS4FHodJAi4xINsR1OB9p1I5gB+MPn2S08uNepuLCYX1H4OkC
VvqphLURUFmwLZFucyPnqZKRQI27TPpJS/RlzIJ/KxmFYK2eT6Fb/irEei2VaFUu
scE4h1gCbGccARtngy24v4hhKbDaYv6tHmSnmJlx7idRy3KWKXBe
-----END CERTIFICATE-----