Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/9918aa-347d-4878-a16b-8ac7be46cc4b/1/LhzH16O_dlW0poKn16BAvnVDYwk.roa
File:                     LhzH16O_dlW0poKn16BAvnVDYwk.roa (raw, json)
Hash identifier:          smawFY+qHEcVW/wko3WyCzcClHaAbZp5W+eWL4wtTkY=
Subject key identifier:   2E:1C:C7:D7:A3:BF:76:55:B4:A6:82:A7:D7:A0:40:BE:75:43:63:09
Certificate issuer:       /CN=0c44f3e24bbfc6048e5ffa50c3dce364ffc012b0
Certificate serial:       018CC94E2E256415FEB9B78B890015151808
Authority key identifier: 0C:44:F3:E2:4B:BF:C6:04:8E:5F:FA:50:C3:DC:E3:64:FF:C0:12:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DETz4ku_xgSOX_pQw9zjZP_AErA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/9918aa-347d-4878-a16b-8ac7be46cc4b/1/LhzH16O_dlW0poKn16BAvnVDYwk.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29030
IP address blocks:        185.217.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/9918aa-347d-4878-a16b-8ac7be46cc4b/1/DETz4ku_xgSOX_pQw9zjZP_AErA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/9918aa-347d-4878-a16b-8ac7be46cc4b/1/DETz4ku_xgSOX_pQw9zjZP_AErA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DETz4ku_xgSOX_pQw9zjZP_AErA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2e:25:64:15:fe:b9:b7:8b:89:00:15:15:18:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c44f3e24bbfc6048e5ffa50c3dce364ffc012b0
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e1cc7d7a3bf7655b4a682a7d7a040be75436309
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:50:6e:45:0a:b2:8e:74:67:7b:78:63:22:7e:
                    d7:db:d7:3b:5a:46:1a:bd:84:b8:e1:1c:b7:7f:ae:
                    cd:25:85:c4:cf:64:c0:d7:45:cc:f0:9b:43:6f:55:
                    60:31:4c:26:ba:e6:03:c8:ab:89:de:ae:2d:b9:fc:
                    a6:9a:4b:0f:5c:ab:30:72:15:e1:d1:6d:f5:e8:7d:
                    a8:2d:02:6a:8f:26:cb:15:00:55:0a:80:5e:bb:d2:
                    27:df:ac:84:88:96:86:2d:c6:92:81:d8:4c:a2:e7:
                    9a:2c:85:20:92:8d:92:6b:22:f1:77:82:b1:c5:ce:
                    6e:94:25:37:7e:b4:34:22:44:86:32:f6:50:e4:8b:
                    c8:7c:6a:55:21:9d:57:43:79:2d:74:19:9a:f7:3a:
                    09:5a:92:13:06:c2:1b:40:5b:ff:ff:45:8a:a1:2f:
                    dd:4e:2f:98:19:8c:46:6d:48:72:43:bd:aa:0b:c6:
                    7a:dd:1e:81:7e:a3:61:57:f3:e1:82:80:24:cc:45:
                    58:59:5a:62:10:3c:46:37:a2:ef:82:ba:ac:cc:e1:
                    75:7f:c3:70:08:3b:89:f4:2c:66:11:66:a6:60:4b:
                    02:60:34:19:e6:2e:50:16:b5:81:34:fc:a9:7e:c3:
                    3f:0c:36:29:d4:4c:84:26:0f:75:a8:da:bd:48:2d:
                    32:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:1C:C7:D7:A3:BF:76:55:B4:A6:82:A7:D7:A0:40:BE:75:43:63:09
            X509v3 Authority Key Identifier:
                keyid:0C:44:F3:E2:4B:BF:C6:04:8E:5F:FA:50:C3:DC:E3:64:FF:C0:12:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DETz4ku_xgSOX_pQw9zjZP_AErA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/9918aa-347d-4878-a16b-8ac7be46cc4b/1/LhzH16O_dlW0poKn16BAvnVDYwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/9918aa-347d-4878-a16b-8ac7be46cc4b/1/DETz4ku_xgSOX_pQw9zjZP_AErA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:71:77:46:34:21:55:44:a4:e6:b5:78:18:40:9e:12:6e:6a:
         05:c5:69:f9:16:ff:36:77:8b:f4:f4:66:5b:d1:1f:b3:2f:47:
         2d:c8:7e:d6:c8:3c:36:a9:4a:26:33:a9:83:1f:fe:ce:31:1d:
         3c:0b:81:79:05:69:b4:b3:34:a8:0e:51:7d:32:b8:8c:55:48:
         4f:2b:96:68:ba:9b:da:4e:e4:b8:4c:31:60:6a:f7:a5:6c:3c:
         50:71:0e:ad:8a:a2:01:b6:64:cc:7f:a3:f5:72:5b:37:ec:c7:
         d0:65:f2:5f:a1:d0:47:28:e2:f1:25:72:23:c8:55:4e:3e:1e:
         20:bd:b7:a9:22:ca:86:72:6d:59:b0:eb:9d:ca:86:fb:67:c9:
         08:6c:49:5e:fe:31:f9:e2:df:29:2b:44:af:f8:f7:45:8f:ad:
         b0:6a:22:f6:c8:25:87:cb:cc:10:ee:bf:5f:c2:35:4b:b9:0b:
         9d:3e:80:89:66:2f:31:da:77:ce:ed:b0:08:a3:fc:b1:b6:b0:
         8a:34:50:78:12:40:e7:e1:e7:88:86:92:81:fc:79:02:90:57:
         e6:9e:95:9d:63:2f:e5:ff:37:03:3a:1e:38:6f:36:7b:d8:15:
         06:0b:30:9e:0a:e0:81:39:17:5c:7e:1c:7f:bc:1c:76:97:2e:
         a5:73:94:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTi4lZBX+ubeLiQAVFRgIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNDRmM2UyNGJiZmM2MDQ4ZTVmZmE1MGMzZGNlMzY0ZmZj
MDEyYjAwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTFjYzdkN2EzYmY3NjU1YjRhNjgyYTdkN2EwNDBiZTc1NDM2MzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlBuRQqyjnRne3hjIn7X29c7WkYa
vYS44Ry3f67NJYXEz2TA10XM8JtDb1VgMUwmuuYDyKuJ3q4tufymmksPXKswchXh
0W316H2oLQJqjybLFQBVCoBeu9In36yEiJaGLcaSgdhMoueaLIUgko2SayLxd4Kx
xc5ulCU3frQ0IkSGMvZQ5IvIfGpVIZ1XQ3ktdBma9zoJWpITBsIbQFv//0WKoS/d
Ti+YGYxGbUhyQ72qC8Z63R6BfqNhV/PhgoAkzEVYWVpiEDxGN6LvgrqszOF1f8Nw
CDuJ9CxmEWamYEsCYDQZ5i5QFrWBNPypfsM/DDYp1EyEJg91qNq9SC0yAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4cx9ejv3ZVtKaCp9egQL51Q2MJMB8GA1UdIwQY
MBaAFAxE8+JLv8YEjl/6UMPc42T/wBKwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREVUejRrdV94Z1NPWF9wUXc5empaUF9BRXJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS85OTE4YWEtMzQ3ZC00ODc4LWExNmIt
OGFjN2JlNDZjYzRiLzEvTGh6SDE2T19kbFcwcG9LbjE2QkF2blZEWXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS85OTE4YWEtMzQ3ZC00ODc4LWExNmItOGFjN2JlNDZjYzRi
LzEvREVUejRrdV94Z1NPWF9wUXc5empaUF9BRXJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudkmMA0G
CSqGSIb3DQEBCwUAA4IBAQBncXdGNCFVRKTmtXgYQJ4SbmoFxWn5Fv82d4v09GZb
0R+zL0ctyH7WyDw2qUomM6mDH/7OMR08C4F5BWm0szSoDlF9MriMVUhPK5Zoupva
TuS4TDFgavelbDxQcQ6tiqIBtmTMf6P1cls37MfQZfJfodBHKOLxJXIjyFVOPh4g
vbepIsqGcm1ZsOudyob7Z8kIbEle/jH54t8pK0Sv+PdFj62waiL2yCWHy8wQ7r9f
wjVLuQudPoCJZi8x2nfO7bAIo/yxtrCKNFB4EkDn4eeIhpKB/HkCkFfmnpWdYy/l
/zcDOh44bzZ72BUGCzCeCuCBORdcfhx/vBx2ly6lc5Tm
-----END CERTIFICATE-----