Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/lmtCWp6Wih8wZQpZnruWD8objVw.roa
File:                     lmtCWp6Wih8wZQpZnruWD8objVw.roa (raw, json)
Hash identifier:          VN6oN50f3dDYJz7QbuBNUxZnFaj6WWan/9t6M/h0VPo=
Subject key identifier:   96:6B:42:5A:9E:96:8A:1F:30:65:0A:59:9E:BB:96:0F:CA:1B:8D:5C
Certificate issuer:       /CN=dbbf37909ce17ba53ad90a8632377a5d938743e5
Certificate serial:       018CCA2A7B7E441EF50C6B41ADA3D7DD7A94
Authority key identifier: DB:BF:37:90:9C:E1:7B:A5:3A:D9:0A:86:32:37:7A:5D:93:87:43:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/lmtCWp6Wih8wZQpZnruWD8objVw.roa
Signing time:             Tue 02 Jan 2024 12:33:50 +0000
ROA not before:           Tue 02 Jan 2024 12:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39738
IP address blocks:        82.86.32.0/19 maxlen: 19
                          82.86.0.0/19 maxlen: 19
                          82.86.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7b:7e:44:1e:f5:0c:6b:41:ad:a3:d7:dd:7a:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbbf37909ce17ba53ad90a8632377a5d938743e5
        Validity
            Not Before: Jan  2 12:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=966b425a9e968a1f30650a599ebb960fca1b8d5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:02:ea:58:eb:a2:b7:34:c1:13:df:11:f4:3b:
                    e0:4c:6d:19:73:3e:9d:93:b5:3f:a9:91:06:f7:86:
                    1b:f7:08:14:7f:e5:8e:28:d3:9a:ca:83:8f:c2:3d:
                    7f:1d:f0:59:3d:c2:6b:91:08:0d:e4:db:c5:3d:93:
                    21:9e:a4:31:07:4c:1a:59:28:3d:9b:bf:22:81:a9:
                    54:97:a7:a3:e1:3a:50:f9:90:88:97:2a:e2:9d:90:
                    68:f8:5a:91:49:08:f9:84:6d:2f:bd:9d:41:30:cf:
                    98:75:aa:11:9c:b7:2e:13:78:a8:a0:0e:6b:09:97:
                    b6:e1:a5:42:36:d3:e3:07:06:bc:9b:e3:cf:15:fa:
                    82:ad:d5:a1:5e:fa:f4:a8:44:9a:1a:5d:5e:c9:cb:
                    cb:08:fc:15:78:4d:e6:02:eb:dd:2b:60:a9:d0:bb:
                    7d:b1:4f:4a:bc:72:f7:d6:73:77:e5:6a:df:72:40:
                    e4:39:51:91:74:f8:40:02:83:59:e9:fd:58:1a:fa:
                    e3:1a:9d:f8:5c:a5:e3:d9:a3:15:3b:8c:de:7c:3c:
                    29:57:ba:59:1e:26:9a:75:5d:97:b6:62:1c:9c:24:
                    06:de:dc:86:38:57:81:0c:92:95:22:e6:f5:91:63:
                    fd:88:dd:b9:54:e5:f2:13:44:4b:26:7c:f1:98:d9:
                    83:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:6B:42:5A:9E:96:8A:1F:30:65:0A:59:9E:BB:96:0F:CA:1B:8D:5C
            X509v3 Authority Key Identifier:
                keyid:DB:BF:37:90:9C:E1:7B:A5:3A:D9:0A:86:32:37:7A:5D:93:87:43:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2783kJzhe6U62QqGMjd6XZOHQ-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/lmtCWp6Wih8wZQpZnruWD8objVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/1373a0-8c3d-4283-a5ce-822ea43dc18d/1/2783kJzhe6U62QqGMjd6XZOHQ-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.86.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3e:4b:1d:21:a8:e2:e6:66:b6:46:d4:2b:a6:a8:f3:b2:db:70:
         bc:ba:da:c8:5f:7a:1e:1a:cc:cf:ab:c3:ed:84:ee:81:3a:d6:
         25:25:f9:a9:d1:e3:98:c5:af:79:41:d4:95:cb:a8:ec:b2:7e:
         e2:48:35:6e:26:d3:6c:7e:62:be:8c:83:11:5c:6d:7b:77:26:
         94:af:6f:27:aa:f0:9d:a9:7d:80:d7:00:7d:01:dd:38:8e:67:
         f3:80:a6:93:b2:1a:e3:9f:51:9b:b5:f3:2c:0d:1e:9c:6e:3a:
         29:30:05:0a:74:a7:4f:6e:9b:34:02:a6:d7:13:0c:22:8e:6a:
         76:e3:53:32:c7:4b:f5:a1:aa:e4:cd:3a:78:e0:bb:cd:49:dc:
         96:33:68:80:c6:0e:45:16:8b:d2:fb:80:08:d4:a7:17:f5:a0:
         ae:d2:9b:28:a3:79:66:d7:74:f1:e1:27:7e:d8:4d:cf:69:9b:
         27:af:bf:41:83:12:c7:e7:54:e0:67:78:30:0f:a8:61:76:f1:
         17:fb:a3:ee:c7:1a:16:ce:36:f3:b2:74:95:5b:24:46:cd:96:
         35:59:7e:7c:aa:f2:94:13:1d:ef:e2:36:cd:91:33:55:9c:68:
         7d:1f:c8:0a:3f:a0:d2:de:5c:d1:a4:c9:c1:f5:eb:4c:3d:c7:
         cb:81:b4:92
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzKKnt+RB71DGtBraPX3XqUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYmYzNzkwOWNlMTdiYTUzYWQ5MGE4NjMyMzc3YTVkOTM4
NzQzZTUwHhcNMjQwMTAyMTIzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjZiNDI1YTllOTY4YTFmMzA2NTBhNTk5ZWJiOTYwZmNhMWI4ZDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQLqWOuitzTBE98R9DvgTG0Zcz6d
k7U/qZEG94Yb9wgUf+WOKNOayoOPwj1/HfBZPcJrkQgN5NvFPZMhnqQxB0waWSg9
m78igalUl6ej4TpQ+ZCIlyrinZBo+FqRSQj5hG0vvZ1BMM+YdaoRnLcuE3iooA5r
CZe24aVCNtPjBwa8m+PPFfqCrdWhXvr0qESaGl1eycvLCPwVeE3mAuvdK2Cp0Lt9
sU9KvHL31nN35WrfckDkOVGRdPhAAoNZ6f1YGvrjGp34XKXj2aMVO4zefDwpV7pZ
HiaadV2XtmIcnCQG3tyGOFeBDJKVIub1kWP9iN25VOXyE0RLJnzxmNmD5wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJZrQlqeloofMGUKWZ67lg/KG41cMB8GA1UdIwQY
MBaAFNu/N5Cc4XulOtkKhjI3el2Th0PlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjc4M2tKemhlNlU2MlFxR01qZDZYWk9IUS1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8xMzczYTAtOGMzZC00MjgzLWE1Y2Ut
ODIyZWE0M2RjMThkLzEvbG10Q1dwNldpaDh3WlFwWm5ydVdEOG9ialZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8xMzczYTAtOGMzZC00MjgzLWE1Y2UtODIyZWE0M2RjMThk
LzEvMjc4M2tKemhlNlU2MlFxR01qZDZYWk9IUS1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAUlYwDQYJ
KoZIhvcNAQELBQADggEBAD5LHSGo4uZmtkbUK6ao87LbcLy62shfeh4azM+rw+2E
7oE61iUl+anR45jFr3lB1JXLqOyyfuJINW4m02x+Yr6MgxFcbXt3JpSvbyeq8J2p
fYDXAH0B3TiOZ/OAppOyGuOfUZu18ywNHpxuOikwBQp0p09umzQCptcTDCKOanbj
UzLHS/WhquTNOnjgu81J3JYzaIDGDkUWi9L7gAjUpxf1oK7SmyijeWbXdPHhJ37Y
Tc9pmyevv0GDEsfnVOBneDAPqGF28Rf7o+7HGhbONvOydJVbJEbNljVZfnyq8pQT
He/iNs2RM1WcaH0fyAo/oNLeXNGkycH160w9x8uBtJI=
-----END CERTIFICATE-----