Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/ldTCaFc_LTCLMygBQVpC3tFkjUw.roa
File:                     ldTCaFc_LTCLMygBQVpC3tFkjUw.roa (raw, json)
Hash identifier:          BA0C+VpdQvLWhYc6OmeHA2Dkt126RFSHm99G0y0CQs8=
Subject key identifier:   95:D4:C2:68:57:3F:2D:30:8B:33:28:01:41:5A:42:DE:D1:64:8D:4C
Certificate issuer:       /CN=a3674d5884a50a84e07dbdf6798ddcbb9cc2032e
Certificate serial:       018CC6B92DA54486FDEC0BA3AD62E2792DCA
Authority key identifier: A3:67:4D:58:84:A5:0A:84:E0:7D:BD:F6:79:8D:DC:BB:9C:C2:03:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2dNWISlCoTgfb32eY3cu5zCAy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/ldTCaFc_LTCLMygBQVpC3tFkjUw.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48347
IP address blocks:        176.58.60.0/24 maxlen: 24
                          176.58.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/o2dNWISlCoTgfb32eY3cu5zCAy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/o2dNWISlCoTgfb32eY3cu5zCAy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2dNWISlCoTgfb32eY3cu5zCAy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2d:a5:44:86:fd:ec:0b:a3:ad:62:e2:79:2d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3674d5884a50a84e07dbdf6798ddcbb9cc2032e
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95d4c268573f2d308b332801415a42ded1648d4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:09:9d:ca:d1:d5:96:d5:0d:5a:40:b2:0a:b5:
                    9b:60:d6:ae:3e:ea:40:8c:55:ba:32:7f:4d:22:7d:
                    0d:9e:97:b5:36:46:5e:b9:37:59:f2:a2:4e:59:fc:
                    98:de:a6:3e:22:0a:15:35:05:e5:2d:ec:0c:5a:bb:
                    a6:77:53:3a:d6:35:67:63:3b:24:79:66:5d:82:21:
                    62:68:47:01:3d:a9:91:ef:ed:70:ea:c6:6b:48:47:
                    76:f4:5e:1a:97:4d:2d:66:d6:23:6e:33:cb:b7:f3:
                    9b:27:5b:00:8d:5b:e0:19:3d:3d:89:3d:15:d5:44:
                    5b:6a:7e:03:c0:cb:f8:ba:43:8a:b0:55:d7:d2:3b:
                    bb:1d:7b:c5:e5:1d:95:6b:30:85:5c:99:a5:f8:d9:
                    cb:ac:a4:db:61:2b:79:44:01:13:31:b1:9d:3f:3e:
                    d1:75:c9:30:db:a4:b6:b4:03:f1:e4:9f:61:f5:fe:
                    65:92:f1:d1:24:67:28:a3:a4:47:e5:e9:d7:4a:46:
                    1c:99:17:b3:9d:91:13:76:17:f2:d1:0e:cd:a8:8b:
                    87:a2:82:b5:25:44:f6:59:f1:af:b4:09:24:fa:d6:
                    1a:77:70:f5:f3:d7:a4:40:c7:f9:6e:64:62:2b:8b:
                    21:b6:0f:2d:36:93:70:28:5b:18:88:e4:83:13:e1:
                    ce:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:D4:C2:68:57:3F:2D:30:8B:33:28:01:41:5A:42:DE:D1:64:8D:4C
            X509v3 Authority Key Identifier:
                keyid:A3:67:4D:58:84:A5:0A:84:E0:7D:BD:F6:79:8D:DC:BB:9C:C2:03:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2dNWISlCoTgfb32eY3cu5zCAy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/ldTCaFc_LTCLMygBQVpC3tFkjUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/806532-54e9-4b49-b8a7-9e220f04a901/1/o2dNWISlCoTgfb32eY3cu5zCAy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bf:eb:44:96:24:01:8a:0c:c5:d3:9d:a2:42:b3:56:3b:5f:4c:
         09:f0:c4:3a:b0:e3:58:77:d8:b2:1f:9d:2b:ae:46:4c:35:64:
         be:23:fd:ab:1b:16:c0:1a:60:a6:bd:58:e4:04:2a:9d:9e:8b:
         3c:61:12:e2:15:d5:cb:df:fa:51:28:9a:5b:1c:d2:d3:9c:e4:
         22:a7:6f:e9:fc:2c:37:6c:b6:04:49:25:6c:3d:de:fd:20:33:
         26:ed:35:66:23:74:6a:f7:75:10:a0:f5:15:2a:b7:c7:3a:a4:
         7c:47:08:9f:8a:dc:87:fa:7e:33:4d:63:6a:c7:29:d5:8e:f3:
         87:1e:12:94:8e:c5:c0:32:52:b6:98:22:96:98:ac:82:8a:cf:
         55:b2:5c:ec:90:42:44:d1:4f:88:90:80:69:ba:b6:83:ff:02:
         49:aa:75:fc:5a:0b:6c:b9:7b:3d:5f:59:eb:c7:72:a4:c5:2d:
         6b:ec:76:a8:b0:32:64:5a:46:94:a2:26:c8:06:44:ea:21:ac:
         20:50:1c:3c:c7:5c:d6:5c:1f:eb:1b:54:c4:28:24:7f:29:51:
         27:cc:14:67:ed:bf:f3:43:3b:42:d4:37:33:d9:5c:9e:e0:20:
         b4:93:88:f5:2e:cd:81:42:23:13:d0:ea:14:20:eb:21:83:e7:
         06:0d:57:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuS2lRIb97AujrWLieS3KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjc0ZDU4ODRhNTBhODRlMDdkYmRmNjc5OGRkY2JiOWNj
MjAzMmUwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWQ0YzI2ODU3M2YyZDMwOGIzMzI4MDE0MTVhNDJkZWQxNjQ4ZDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwmdytHVltUNWkCyCrWbYNauPupA
jFW6Mn9NIn0Nnpe1NkZeuTdZ8qJOWfyY3qY+IgoVNQXlLewMWrumd1M61jVnYzsk
eWZdgiFiaEcBPamR7+1w6sZrSEd29F4al00tZtYjbjPLt/ObJ1sAjVvgGT09iT0V
1URban4DwMv4ukOKsFXX0ju7HXvF5R2VazCFXJml+NnLrKTbYSt5RAETMbGdPz7R
dckw26S2tAPx5J9h9f5lkvHRJGcoo6RH5enXSkYcmReznZETdhfy0Q7NqIuHooK1
JUT2WfGvtAkk+tYad3D189ekQMf5bmRiK4shtg8tNpNwKFsYiOSDE+HOuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXUwmhXPy0wizMoAUFaQt7RZI1MMB8GA1UdIwQY
MBaAFKNnTViEpQqE4H299nmN3LucwgMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJkTldJU2xDb1RnZmIzMmVZM2N1NXpDQXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84MDY1MzItNTRlOS00YjQ5LWI4YTct
OWUyMjBmMDRhOTAxLzEvbGRUQ2FGY19MVENMTXlnQlFWcEMzdEZralV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84MDY1MzItNTRlOS00YjQ5LWI4YTctOWUyMjBmMDRhOTAx
LzEvbzJkTldJU2xDb1RnZmIzMmVZM2N1NXpDQXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsDo8MA0G
CSqGSIb3DQEBCwUAA4IBAQC/60SWJAGKDMXTnaJCs1Y7X0wJ8MQ6sONYd9iyH50r
rkZMNWS+I/2rGxbAGmCmvVjkBCqdnos8YRLiFdXL3/pRKJpbHNLTnOQip2/p/Cw3
bLYESSVsPd79IDMm7TVmI3Rq93UQoPUVKrfHOqR8RwifityH+n4zTWNqxynVjvOH
HhKUjsXAMlK2mCKWmKyCis9VslzskEJE0U+IkIBpuraD/wJJqnX8WgtsuXs9X1nr
x3KkxS1r7HaosDJkWkaUoibIBkTqIawgUBw8x1zWXB/rG1TEKCR/KVEnzBRn7b/z
QztC1Dcz2Vye4CC0k4j1Ls2BQiMT0OoUIOshg+cGDVdr
-----END CERTIFICATE-----