Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/6d7d65-f215-42f8-9a5a-123720bfe746/1/LMz9GSLAj9uNHDheDmHldtfzfAg.roa
File:                     LMz9GSLAj9uNHDheDmHldtfzfAg.roa (raw, json)
Hash identifier:          TU49I8WmuTe4YaAhki8w7wLQuERDhfWh4KJapgbGgwk=
Subject key identifier:   2C:CC:FD:19:22:C0:8F:DB:8D:1C:38:5E:0E:61:E5:76:D7:F3:7C:08
Certificate issuer:       /CN=316d95d8836c1f116a71ee21dec0ff671e1e070d
Certificate serial:       018CC6B936C1A45A0A99D76B29E3A99A0561
Authority key identifier: 31:6D:95:D8:83:6C:1F:11:6A:71:EE:21:DE:C0:FF:67:1E:1E:07:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MW2V2INsHxFqce4h3sD_Zx4eBw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/6d7d65-f215-42f8-9a5a-123720bfe746/1/LMz9GSLAj9uNHDheDmHldtfzfAg.roa
Signing time:             Mon 01 Jan 2024 20:31:16 +0000
ROA not before:           Mon 01 Jan 2024 20:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        193.222.106.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/6d7d65-f215-42f8-9a5a-123720bfe746/1/MW2V2INsHxFqce4h3sD_Zx4eBw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/6d7d65-f215-42f8-9a5a-123720bfe746/1/MW2V2INsHxFqce4h3sD_Zx4eBw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MW2V2INsHxFqce4h3sD_Zx4eBw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:36:c1:a4:5a:0a:99:d7:6b:29:e3:a9:9a:05:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=316d95d8836c1f116a71ee21dec0ff671e1e070d
        Validity
            Not Before: Jan  1 20:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cccfd1922c08fdb8d1c385e0e61e576d7f37c08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3e:3e:76:0e:b6:5f:e6:f1:f5:e8:60:93:ee:
                    62:39:0c:98:7b:61:d5:c4:bf:49:0f:e6:a2:6b:8e:
                    47:d1:c5:95:72:99:63:15:4d:a5:cd:60:54:f6:ca:
                    7a:f2:74:8e:6e:34:92:43:86:f6:79:81:ea:4f:b9:
                    ea:ba:19:2d:6c:54:eb:fc:16:dc:05:1c:58:3b:a8:
                    54:68:1f:99:2e:6f:51:93:5b:9d:b7:38:80:7e:59:
                    b1:c3:4a:67:4f:60:2c:00:01:f2:33:20:42:10:2d:
                    2e:07:5f:ed:84:36:63:f6:9e:48:f9:cf:b7:c8:e7:
                    e8:b0:02:ea:65:d5:44:e3:87:91:0f:51:88:bb:9c:
                    f7:33:d3:b1:8a:fa:0b:e3:38:5f:3d:a5:1f:16:6a:
                    c9:7e:7d:5a:ba:be:f5:33:ae:78:d8:3a:a3:fd:dc:
                    06:02:07:56:04:54:66:e4:46:d1:1d:c1:92:50:b4:
                    84:0e:ad:76:c8:80:c6:73:54:59:de:28:d8:9a:7e:
                    b5:e4:68:28:46:33:57:76:0b:dc:20:a2:c5:2e:c4:
                    ff:46:05:0b:34:da:88:2a:8b:76:7c:b4:58:05:55:
                    52:53:fb:57:34:3a:d6:35:30:d8:48:0b:ca:a0:f7:
                    3d:30:4c:db:75:1b:ac:52:9b:9c:3e:a2:40:e8:4a:
                    6b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:CC:FD:19:22:C0:8F:DB:8D:1C:38:5E:0E:61:E5:76:D7:F3:7C:08
            X509v3 Authority Key Identifier:
                keyid:31:6D:95:D8:83:6C:1F:11:6A:71:EE:21:DE:C0:FF:67:1E:1E:07:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MW2V2INsHxFqce4h3sD_Zx4eBw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/6d7d65-f215-42f8-9a5a-123720bfe746/1/LMz9GSLAj9uNHDheDmHldtfzfAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/6d7d65-f215-42f8-9a5a-123720bfe746/1/MW2V2INsHxFqce4h3sD_Zx4eBw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ce:06:54:4d:47:7f:3e:e9:bd:95:4c:19:0a:f0:67:85:81:55:
         23:d4:7c:43:89:a8:c9:8c:72:a9:25:61:60:a2:eb:84:8c:a9:
         8c:11:f2:f6:e1:8e:a0:0d:fa:4b:cf:e9:c6:9f:13:48:d3:1b:
         f1:56:fe:cd:39:0d:fb:dc:bf:2f:17:58:d0:42:95:d0:19:4f:
         7c:68:57:57:b2:c7:37:c3:ce:66:1f:6e:41:5b:53:4d:90:b9:
         86:b5:36:1b:5e:d9:27:9f:a4:66:6f:54:2a:c6:1e:39:b5:4a:
         b6:8e:77:10:a6:3a:16:50:69:b3:db:43:d6:dc:9e:8a:95:5b:
         6f:46:9b:4a:d1:7d:a8:7c:a0:94:ca:78:fb:07:fd:c4:1a:be:
         fd:b0:d2:ad:bd:ec:52:33:99:66:08:ff:27:a8:0d:b1:6b:3d:
         a8:b0:6c:27:0f:af:6e:f8:1c:69:9f:a9:c1:0d:0a:80:b0:8a:
         ee:4d:6c:4e:ff:75:64:e3:dd:38:19:49:bf:cf:a7:0a:03:66:
         80:12:ee:d8:a8:26:a3:64:c8:83:41:0e:ba:53:f6:b9:a6:63:
         a3:eb:7c:84:c4:4b:f8:8f:02:6e:da:74:86:bb:7e:e4:02:19:
         4f:17:b0:22:d6:13:b6:e5:87:ad:9f:fb:ab:74:7e:5a:1f:73:
         10:0d:ce:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTbBpFoKmddrKeOpmgVhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNmQ5NWQ4ODM2YzFmMTE2YTcxZWUyMWRlYzBmZjY3MWUx
ZTA3MGQwHhcNMjQwMTAxMjAzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2NjZmQxOTIyYzA4ZmRiOGQxYzM4NWUwZTYxZTU3NmQ3ZjM3YzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjD4+dg62X+bx9ehgk+5iOQyYe2HV
xL9JD+aia45H0cWVcpljFU2lzWBU9sp68nSObjSSQ4b2eYHqT7nquhktbFTr/Bbc
BRxYO6hUaB+ZLm9Rk1udtziAflmxw0pnT2AsAAHyMyBCEC0uB1/thDZj9p5I+c+3
yOfosALqZdVE44eRD1GIu5z3M9OxivoL4zhfPaUfFmrJfn1aur71M6542Dqj/dwG
AgdWBFRm5EbRHcGSULSEDq12yIDGc1RZ3ijYmn615GgoRjNXdgvcIKLFLsT/RgUL
NNqIKot2fLRYBVVSU/tXNDrWNTDYSAvKoPc9MEzbdRusUpucPqJA6EprJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzM/RkiwI/bjRw4Xg5h5XbX83wIMB8GA1UdIwQY
MBaAFDFtldiDbB8RanHuId7A/2ceHgcNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVcyVjJJTnNIeEZxY2U0aDNzRF9aeDRlQncwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC82ZDdkNjUtZjIxNS00MmY4LTlhNWEt
MTIzNzIwYmZlNzQ2LzEvTE16OUdTTEFqOXVOSERoZURtSGxkdGZ6ZkFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC82ZDdkNjUtZjIxNS00MmY4LTlhNWEtMTIzNzIwYmZlNzQ2
LzEvTVcyVjJJTnNIeEZxY2U0aDNzRF9aeDRlQncwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwd5qMA0G
CSqGSIb3DQEBCwUAA4IBAQDOBlRNR38+6b2VTBkK8GeFgVUj1HxDiajJjHKpJWFg
ouuEjKmMEfL24Y6gDfpLz+nGnxNI0xvxVv7NOQ373L8vF1jQQpXQGU98aFdXssc3
w85mH25BW1NNkLmGtTYbXtknn6Rmb1Qqxh45tUq2jncQpjoWUGmz20PW3J6KlVtv
RptK0X2ofKCUynj7B/3EGr79sNKtvexSM5lmCP8nqA2xaz2osGwnD69u+Bxpn6nB
DQqAsIruTWxO/3Vk4904GUm/z6cKA2aAEu7YqCajZMiDQQ66U/a5pmOj63yExEv4
jwJu2nSGu37kAhlPF7Ai1hO25Yetn/urdH5aH3MQDc5V
-----END CERTIFICATE-----