Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/LYgw7JKvEr5oNPBiW6InA-LCE6E.roa
File:                     LYgw7JKvEr5oNPBiW6InA-LCE6E.roa (raw, json)
Hash identifier:          oVyKq6nnl9E/AtCSfeXdob8UVTP6/OcAVjbgY+N3RAQ=
Subject key identifier:   2D:88:30:EC:92:AF:12:BE:68:34:F0:62:5B:A2:27:03:E2:C2:13:A1
Certificate issuer:       /CN=08af091858bb99651764399c6565df7a0834dbad
Certificate serial:       018CC86F86B64BD922E60B68084BEEA35356
Authority key identifier: 08:AF:09:18:58:BB:99:65:17:64:39:9C:65:65:DF:7A:08:34:DB:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/LYgw7JKvEr5oNPBiW6InA-LCE6E.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204685
IP address blocks:        185.212.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:86:b6:4b:d9:22:e6:0b:68:08:4b:ee:a3:53:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08af091858bb99651764399c6565df7a0834dbad
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d8830ec92af12be6834f0625ba22703e2c213a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ab:54:0a:aa:f6:33:06:86:4d:d1:da:b5:2d:
                    94:fc:56:25:d3:ff:bb:86:a8:90:14:df:a9:29:e8:
                    5d:20:8d:7a:f7:25:d4:c6:88:05:da:f6:b1:38:5d:
                    0f:9a:11:85:de:62:51:e8:f7:23:63:16:63:15:e5:
                    be:19:d8:4a:d3:12:21:2d:52:90:d9:f3:54:50:0b:
                    93:08:6f:fe:45:1d:85:ac:4e:f2:5d:7f:d2:46:49:
                    d6:b9:f8:0d:99:6d:77:6c:49:d8:24:0c:68:98:0c:
                    03:55:e0:70:08:a2:06:33:45:12:08:01:5e:f2:69:
                    86:cd:7c:59:d4:02:b8:5c:42:f0:cb:bb:99:5b:83:
                    c0:ac:f7:45:92:ba:dc:1b:e4:a2:da:a9:d7:7f:cb:
                    e5:ee:b9:fd:95:03:19:d8:e0:a4:18:63:87:dc:3d:
                    7a:86:0b:3d:f1:73:dc:bf:17:48:d5:12:e4:c4:b6:
                    0c:96:a8:a4:0b:94:db:67:5d:08:6d:2a:94:1c:b4:
                    ff:32:97:74:8e:d6:cf:33:e6:c1:a8:37:9c:0a:54:
                    7b:38:a9:12:9c:7a:bf:eb:f9:ec:0c:9c:10:02:a2:
                    ae:37:e6:fe:d0:5f:39:b6:8d:f6:1f:9d:0f:26:b7:
                    c9:de:11:b4:70:f6:95:83:3b:a6:b2:1f:7e:f1:56:
                    df:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:88:30:EC:92:AF:12:BE:68:34:F0:62:5B:A2:27:03:E2:C2:13:A1
            X509v3 Authority Key Identifier:
                keyid:08:AF:09:18:58:BB:99:65:17:64:39:9C:65:65:DF:7A:08:34:DB:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/LYgw7JKvEr5oNPBiW6InA-LCE6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:eb:10:f8:08:88:22:45:1d:71:0b:62:d6:d9:4f:25:2b:ea:
         6a:5c:2a:09:9d:df:61:f1:96:42:4d:f5:3a:85:1f:b7:c8:f1:
         c7:ca:a8:af:a8:ad:e1:4a:dc:74:d4:b4:34:09:be:40:e2:f5:
         4f:c2:4a:af:c6:a4:f3:e2:4b:7e:ba:77:c1:9a:ca:44:f7:2b:
         97:c5:a8:54:60:bf:00:72:a9:99:f1:31:c9:bd:9d:57:c6:89:
         2d:69:a4:2a:25:c7:0a:fa:04:b5:73:26:77:da:5a:e3:f6:29:
         2c:02:15:74:98:80:e3:10:3c:e5:69:15:12:2d:76:e7:f3:ce:
         7b:c1:34:70:5b:ae:23:b2:09:bc:b2:5c:53:11:0c:e3:6e:35:
         5d:7c:36:9d:ef:d1:18:e7:40:56:a8:be:f1:c4:b0:d9:98:cd:
         b6:41:cf:d4:68:78:84:ca:dc:67:e7:6f:35:0e:f0:d0:c6:8b:
         16:cd:e6:2f:76:ac:5f:5f:f5:a1:0c:7f:65:0a:c0:6c:14:c3:
         e0:b7:1b:34:1b:d5:40:9a:90:ad:d0:2c:7b:1b:d7:84:de:06:
         fa:1e:ca:bc:51:ab:dd:4a:87:54:cb:f1:1d:8f:48:26:7a:c1:
         10:7e:cb:80:c3:30:dc:76:1f:a3:14:a5:15:95:84:d2:28:fd:
         e7:cf:ed:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4a2S9ki5gtoCEvuo1NWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YWYwOTE4NThiYjk5NjUxNzY0Mzk5YzY1NjVkZjdhMDgz
NGRiYWQwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDg4MzBlYzkyYWYxMmJlNjgzNGYwNjI1YmEyMjcwM2UyYzIxM2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgatUCqr2MwaGTdHatS2U/FYl0/+7
hqiQFN+pKehdII169yXUxogF2vaxOF0PmhGF3mJR6PcjYxZjFeW+GdhK0xIhLVKQ
2fNUUAuTCG/+RR2FrE7yXX/SRknWufgNmW13bEnYJAxomAwDVeBwCKIGM0USCAFe
8mmGzXxZ1AK4XELwy7uZW4PArPdFkrrcG+Si2qnXf8vl7rn9lQMZ2OCkGGOH3D16
hgs98XPcvxdI1RLkxLYMlqikC5TbZ10IbSqUHLT/Mpd0jtbPM+bBqDecClR7OKkS
nHq/6/nsDJwQAqKuN+b+0F85to32H50PJrfJ3hG0cPaVgzumsh9+8Vbf+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2IMOySrxK+aDTwYluiJwPiwhOhMB8GA1UdIwQY
MBaAFAivCRhYu5llF2Q5nGVl33oINNutMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0s4SkdGaTdtV1VYWkRtY1pXWGZlZ2cwMjYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS83MDBmZDMtYzM2MC00OGFiLThhMDYt
NTYxMjliN2RjMDE4LzEvTFlndzdKS3ZFcjVvTlBCaVc2SW5BLUxDRTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS83MDBmZDMtYzM2MC00OGFiLThhMDYtNTYxMjliN2RjMDE4
LzEvQ0s4SkdGaTdtV1VYWkRtY1pXWGZlZ2cwMjYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudT7MA0G
CSqGSIb3DQEBCwUAA4IBAQBc6xD4CIgiRR1xC2LW2U8lK+pqXCoJnd9h8ZZCTfU6
hR+3yPHHyqivqK3hStx01LQ0Cb5A4vVPwkqvxqTz4kt+unfBmspE9yuXxahUYL8A
cqmZ8THJvZ1XxoktaaQqJccK+gS1cyZ32lrj9iksAhV0mIDjEDzlaRUSLXbn8857
wTRwW64jsgm8slxTEQzjbjVdfDad79EY50BWqL7xxLDZmM22Qc/UaHiEytxn5281
DvDQxosWzeYvdqxfX/WhDH9lCsBsFMPgtxs0G9VAmpCt0Cx7G9eE3gb6Hsq8Uavd
SodUy/Edj0gmesEQfsuAwzDcdh+jFKUVlYTSKP3nz+2t
-----END CERTIFICATE-----