Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/lGP_F4iu2e9Akp-qWmUKau01xzc.roa
File:                     lGP_F4iu2e9Akp-qWmUKau01xzc.roa (raw, json)
Hash identifier:          vjYa9Lw83IJZhd08DbYDtgqyqFDqk5YwcpZmf3W5KVk=
Subject key identifier:   94:63:FF:17:88:AE:D9:EF:40:92:9F:AA:5A:65:0A:6A:ED:35:C7:37
Certificate issuer:       /CN=07f2a175be20108641c649553213f212511667a5
Certificate serial:       018CCA2A13E29DD1A179670863AEFAC5BB14
Authority key identifier: 07:F2:A1:75:BE:20:10:86:41:C6:49:55:32:13:F2:12:51:16:67:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_Khdb4gEIZBxklVMhPyElEWZ6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/lGP_F4iu2e9Akp-qWmUKau01xzc.roa
Signing time:             Tue 02 Jan 2024 12:33:24 +0000
ROA not before:           Tue 02 Jan 2024 12:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        185.166.232.0/23 maxlen: 24
                          185.166.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/B_Khdb4gEIZBxklVMhPyElEWZ6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/B_Khdb4gEIZBxklVMhPyElEWZ6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_Khdb4gEIZBxklVMhPyElEWZ6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 22:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:13:e2:9d:d1:a1:79:67:08:63:ae:fa:c5:bb:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f2a175be20108641c649553213f212511667a5
        Validity
            Not Before: Jan  2 12:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9463ff1788aed9ef40929faa5a650a6aed35c737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e3:c7:76:4d:b3:a3:93:42:78:1a:5a:8e:93:
                    ab:74:8f:32:c2:a5:17:6b:53:bf:d8:8f:a5:52:3e:
                    82:c0:f6:d2:8f:12:ee:1e:00:b9:af:60:99:7d:d4:
                    8e:8d:b4:47:96:5b:f1:b4:0f:ba:65:f2:fb:0c:3c:
                    c1:fe:05:24:81:2f:e8:9d:1b:0f:40:f7:0e:01:df:
                    2b:d7:5c:9f:1c:54:27:60:6e:59:6e:c3:9b:51:05:
                    c6:5a:ea:af:da:8d:7d:7d:d4:d8:24:d9:28:1b:91:
                    6d:63:06:fa:7f:16:e9:df:91:7f:b9:0d:38:7e:aa:
                    78:42:19:5c:b3:8b:05:78:0e:dc:31:3a:65:3b:b0:
                    0c:4e:42:73:25:8e:62:ee:48:ff:a0:48:a8:d8:5f:
                    24:22:bb:94:89:b1:d1:f3:7f:28:d9:d7:66:db:44:
                    1d:54:31:48:00:b2:ad:d1:8e:2a:4b:d5:29:4e:3c:
                    b2:14:55:86:de:f6:1c:c7:46:56:2e:d2:ac:cb:c4:
                    56:af:b1:db:37:04:95:f4:24:df:9a:b8:87:94:6e:
                    e6:1d:cd:40:c5:83:06:17:53:03:7d:f8:2e:1f:3e:
                    a7:6c:c9:95:bb:61:c1:30:b9:b3:de:f5:45:fc:38:
                    74:f2:9b:b8:ca:5e:22:ec:02:bd:a2:a0:ca:55:30:
                    0a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:63:FF:17:88:AE:D9:EF:40:92:9F:AA:5A:65:0A:6A:ED:35:C7:37
            X509v3 Authority Key Identifier:
                keyid:07:F2:A1:75:BE:20:10:86:41:C6:49:55:32:13:F2:12:51:16:67:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_Khdb4gEIZBxklVMhPyElEWZ6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/lGP_F4iu2e9Akp-qWmUKau01xzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/B_Khdb4gEIZBxklVMhPyElEWZ6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.232.0/23
                  185.166.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:c0:2b:82:f2:b1:1a:fb:f9:cd:77:6f:37:0f:45:20:e8:7c:
         4b:fa:a2:26:47:59:38:fb:44:23:5e:68:b2:b7:fb:4e:8c:b6:
         f8:48:30:0e:77:24:bb:9d:e2:28:62:44:bb:27:ad:e1:66:07:
         64:ef:c1:be:ac:5f:1f:74:c3:ff:a8:49:74:1b:24:80:ae:86:
         30:4f:25:ba:61:01:92:29:e1:fb:fe:8f:f9:ee:ee:6f:fa:60:
         1c:d0:e4:9b:ad:46:e8:4b:cd:f3:79:52:d9:5e:b2:e0:d7:9e:
         e5:d9:85:ec:ac:3f:07:86:f0:84:a1:06:da:ed:ae:d8:c4:7f:
         f4:5b:fd:d2:6b:21:77:12:1d:d7:f5:c6:2f:39:4d:f1:08:f3:
         89:7c:e5:fa:d6:bf:f2:1a:93:30:25:5b:2f:3f:82:54:ac:d2:
         e9:f6:3b:df:42:2a:33:35:17:9e:6a:3d:f0:04:69:3f:48:2b:
         36:38:e7:1d:4e:9e:c9:e5:1d:6e:7f:50:f1:ee:5c:6b:d5:67:
         2c:36:45:f0:1c:2c:67:8e:1a:be:cd:0d:ed:3a:24:f6:de:42:
         df:6e:c5:c6:85:57:bb:6b:ab:44:60:e6:3c:3c:68:c6:d9:cd:
         4c:b6:24:76:27:7d:2d:2e:33:a4:4c:18:c3:9b:cf:a0:07:c2:
         47:0e:14:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKhPindGheWcIY676xbsUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjJhMTc1YmUyMDEwODY0MWM2NDk1NTMyMTNmMjEyNTEx
NjY3YTUwHhcNMjQwMTAyMTIzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDYzZmYxNzg4YWVkOWVmNDA5MjlmYWE1YTY1MGE2YWVkMzVjNzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOPHdk2zo5NCeBpajpOrdI8ywqUX
a1O/2I+lUj6CwPbSjxLuHgC5r2CZfdSOjbRHllvxtA+6ZfL7DDzB/gUkgS/onRsP
QPcOAd8r11yfHFQnYG5ZbsObUQXGWuqv2o19fdTYJNkoG5FtYwb6fxbp35F/uQ04
fqp4Qhlcs4sFeA7cMTplO7AMTkJzJY5i7kj/oEio2F8kIruUibHR838o2ddm20Qd
VDFIALKt0Y4qS9UpTjyyFFWG3vYcx0ZWLtKsy8RWr7HbNwSV9CTfmriHlG7mHc1A
xYMGF1MDffguHz6nbMmVu2HBMLmz3vVF/Dh08pu4yl4i7AK9oqDKVTAKtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJRj/xeIrtnvQJKfqlplCmrtNcc3MB8GA1UdIwQY
MBaAFAfyoXW+IBCGQcZJVTIT8hJRFmelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9LaGRiNGdFSVpCeGtsVk1oUHlFbEVXWjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8zNmIwODUtMWE1Yi00YWY5LTg3OGIt
Mzc2NDI2ZmZkNjYyLzEvbEdQX0Y0aXUyZTlBa3AtcVdtVUthdTAxeHpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8zNmIwODUtMWE1Yi00YWY5LTg3OGItMzc2NDI2ZmZkNjYy
LzEvQl9LaGRiNGdFSVpCeGtsVk1oUHlFbEVXWjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuaboAwQA
uabrMA0GCSqGSIb3DQEBCwUAA4IBAQCzwCuC8rEa+/nNd283D0Ug6HxL+qImR1k4
+0QjXmiyt/tOjLb4SDAOdyS7neIoYkS7J63hZgdk78G+rF8fdMP/qEl0GySAroYw
TyW6YQGSKeH7/o/57u5v+mAc0OSbrUboS83zeVLZXrLg157l2YXsrD8HhvCEoQba
7a7YxH/0W/3SayF3Eh3X9cYvOU3xCPOJfOX61r/yGpMwJVsvP4JUrNLp9jvfQioz
NReeaj3wBGk/SCs2OOcdTp7J5R1uf1Dx7lxr1WcsNkXwHCxnjhq+zQ3tOiT23kLf
bsXGhVe7a6tEYOY8PGjG2c1MtiR2J30tLjOkTBjDm8+gB8JHDhTC
-----END CERTIFICATE-----