Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/Lg-UqvJ7mB9s1Ec_INtlLyWe9p4.roa
File:                     Lg-UqvJ7mB9s1Ec_INtlLyWe9p4.roa (raw, json)
Hash identifier:          JsyrggCYQvVNcgceeDKV5EgJ925GRY4Kudy6Ygryxgk=
Subject key identifier:   2E:0F:94:AA:F2:7B:98:1F:6C:D4:47:3F:20:DB:65:2F:25:9E:F6:9E
Certificate issuer:       /CN=a6a0434bebe5dfa63dda78c24a4ebc1d2cd7369d
Certificate serial:       018CC56EC88C602E4180C469515606070966
Authority key identifier: A6:A0:43:4B:EB:E5:DF:A6:3D:DA:78:C2:4A:4E:BC:1D:2C:D7:36:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pqBDS-vl36Y92njCSk68HSzXNp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/Lg-UqvJ7mB9s1Ec_INtlLyWe9p4.roa
Signing time:             Mon 01 Jan 2024 14:30:21 +0000
ROA not before:           Mon 01 Jan 2024 14:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209437
IP address blocks:        2a0a:56c4:5::/48 maxlen: 48
                          2a0a:56c4:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/pqBDS-vl36Y92njCSk68HSzXNp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/pqBDS-vl36Y92njCSk68HSzXNp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pqBDS-vl36Y92njCSk68HSzXNp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c8:8c:60:2e:41:80:c4:69:51:56:06:07:09:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6a0434bebe5dfa63dda78c24a4ebc1d2cd7369d
        Validity
            Not Before: Jan  1 14:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e0f94aaf27b981f6cd4473f20db652f259ef69e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:b3:2c:a8:9d:d3:7b:79:c6:18:2d:40:15:11:
                    d0:36:84:95:e4:78:b5:33:5f:9d:5c:0c:6f:e8:7a:
                    bf:e6:1b:81:54:d5:92:e3:6f:90:f6:80:f0:ab:95:
                    fb:d4:e9:15:c1:28:ea:32:47:a8:9d:19:53:55:b1:
                    9b:b1:67:6a:33:58:25:52:2b:5f:4c:54:6a:f8:0b:
                    39:2a:32:2a:dc:8f:b4:ee:e7:14:01:14:9d:5e:36:
                    c3:a1:ca:b6:8d:41:88:88:c2:55:91:c3:c2:0c:fc:
                    7c:88:45:34:e8:84:20:55:c2:f9:ad:e8:c4:62:1c:
                    6a:b4:46:a0:50:58:d4:45:b1:ae:ee:87:1d:24:93:
                    d0:fa:90:9f:0d:2f:97:25:78:91:ae:8b:77:17:0e:
                    40:e8:2f:6c:99:dc:10:82:3d:30:d3:5c:51:0a:2b:
                    f8:da:3e:3d:a2:3d:4b:b1:30:61:2c:8a:e1:b4:d6:
                    99:06:fb:f4:5e:8f:05:2a:37:f1:8c:21:bc:fe:5d:
                    96:49:07:70:13:97:2e:16:4a:a9:6e:9d:7b:0f:fb:
                    5f:9d:c9:9e:c9:c2:9e:cf:26:3f:97:eb:84:91:fa:
                    6f:58:dd:42:e1:fa:58:b3:5b:c0:b8:ad:3b:45:81:
                    1e:13:aa:ca:b5:9d:08:c7:32:f8:30:7b:16:69:7f:
                    45:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:0F:94:AA:F2:7B:98:1F:6C:D4:47:3F:20:DB:65:2F:25:9E:F6:9E
            X509v3 Authority Key Identifier:
                keyid:A6:A0:43:4B:EB:E5:DF:A6:3D:DA:78:C2:4A:4E:BC:1D:2C:D7:36:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pqBDS-vl36Y92njCSk68HSzXNp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/Lg-UqvJ7mB9s1Ec_INtlLyWe9p4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d8398e-232c-45c2-b8e0-9ce4767da2c1/1/pqBDS-vl36Y92njCSk68HSzXNp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:56c4:3::/48
                  2a0a:56c4:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:5c:44:48:7d:98:ba:fe:8a:e5:ec:a1:79:ad:49:ff:9f:33:
         9f:c1:58:2e:8f:9f:45:c1:05:d4:6a:56:f9:3f:7e:3d:cb:73:
         8d:b3:a9:4b:2b:c0:0d:7e:00:2d:59:aa:27:af:45:0a:32:06:
         60:a2:37:6d:fd:21:68:c8:e6:13:02:10:2b:c4:66:43:cd:0b:
         7d:22:fd:e3:ba:3b:60:1e:b7:75:51:4a:43:73:c6:0d:5f:c1:
         1e:f3:be:42:d9:5d:29:5b:13:91:b2:a4:6f:d9:f6:3b:4a:c0:
         8e:28:18:d6:16:bf:e4:29:1b:09:e3:4e:22:5a:2b:a4:e0:e3:
         c3:18:e3:33:3e:a6:35:3d:78:9d:19:fa:a7:bc:74:48:31:87:
         82:b1:f7:71:fa:28:1e:f0:7a:b7:2e:15:43:59:cd:b6:34:11:
         fc:1d:d3:47:b0:6d:ad:af:76:5b:2a:50:40:5b:eb:ba:ec:2f:
         a4:70:a1:a0:07:6c:e1:e3:2e:cf:2a:2a:30:3d:68:b8:5d:7d:
         b1:57:59:c5:85:b4:8b:95:4a:31:84:2c:ec:99:35:15:0f:bc:
         47:b6:2a:31:1e:df:e9:18:ad:2a:06:be:82:54:c9:cd:c1:8c:
         2b:c2:46:8d:45:3f:a8:c2:ae:5e:fa:14:78:3c:71:8a:e9:7b:
         55:b8:10:ee
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbsiMYC5BgMRpUVYGBwlmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2YTA0MzRiZWJlNWRmYTYzZGRhNzhjMjRhNGViYzFkMmNk
NzM2OWQwHhcNMjQwMTAxMTQzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTBmOTRhYWYyN2I5ODFmNmNkNDQ3M2YyMGRiNjUyZjI1OWVmNjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirMsqJ3Te3nGGC1AFRHQNoSV5Hi1
M1+dXAxv6Hq/5huBVNWS42+Q9oDwq5X71OkVwSjqMkeonRlTVbGbsWdqM1glUitf
TFRq+As5KjIq3I+07ucUARSdXjbDocq2jUGIiMJVkcPCDPx8iEU06IQgVcL5rejE
YhxqtEagUFjURbGu7ocdJJPQ+pCfDS+XJXiRrot3Fw5A6C9smdwQgj0w01xRCiv4
2j49oj1LsTBhLIrhtNaZBvv0Xo8FKjfxjCG8/l2WSQdwE5cuFkqpbp17D/tfncme
ycKezyY/l+uEkfpvWN1C4fpYs1vAuK07RYEeE6rKtZ0IxzL4MHsWaX9FKQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC4PlKrye5gfbNRHPyDbZS8lnvaeMB8GA1UdIwQY
MBaAFKagQ0vr5d+mPdp4wkpOvB0s1zadMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHFCRFMtdmwzNlk5Mm5qQ1NrNjhIU3pYTnAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9kODM5OGUtMjMyYy00NWMyLWI4ZTAt
OWNlNDc2N2RhMmMxLzEvTGctVXF2SjdtQjlzMUVjX0lOdGxMeVdlOXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9kODM5OGUtMjMyYy00NWMyLWI4ZTAtOWNlNDc2N2RhMmMx
LzEvcHFCRFMtdmwzNlk5Mm5qQ1NrNjhIU3pYTnAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgpWxAAD
AwcAKgpWxAAFMA0GCSqGSIb3DQEBCwUAA4IBAQBOXERIfZi6/orl7KF5rUn/nzOf
wVguj59FwQXUalb5P349y3ONs6lLK8ANfgAtWaonr0UKMgZgojdt/SFoyOYTAhAr
xGZDzQt9Iv3jujtgHrd1UUpDc8YNX8Ee875C2V0pWxORsqRv2fY7SsCOKBjWFr/k
KRsJ404iWiuk4OPDGOMzPqY1PXidGfqnvHRIMYeCsfdx+ige8Hq3LhVDWc22NBH8
HdNHsG2tr3ZbKlBAW+u67C+kcKGgB2zh4y7PKiowPWi4XX2xV1nFhbSLlUoxhCzs
mTUVD7xHtioxHt/pGK0qBr6CVMnNwYwrwkaNRT+owq5e+hR4PHGK6XtVuBDu
-----END CERTIFICATE-----