Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/L0KUj4cBxC3PKOTmln6UuqN89HA.roa
File:                     L0KUj4cBxC3PKOTmln6UuqN89HA.roa (raw, json)
Hash identifier:          lTKS9fFPqgXGZzT+f+MvEsI01snPYymEf3BtGC8nB5c=
Subject key identifier:   2F:42:94:8F:87:01:C4:2D:CF:28:E4:E6:96:7E:94:BA:A3:7C:F4:70
Certificate issuer:       /CN=83a062525292a29e97fe6a055b9bd6084a771977
Certificate serial:       018CC7955495B7CE23C59B1BC56C109ED8C4
Authority key identifier: 83:A0:62:52:52:92:A2:9E:97:FE:6A:05:5B:9B:D6:08:4A:77:19:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g6BiUlKSop6X_moFW5vWCEp3GXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/L0KUj4cBxC3PKOTmln6UuqN89HA.roa
Signing time:             Tue 02 Jan 2024 00:31:41 +0000
ROA not before:           Tue 02 Jan 2024 00:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        185.54.172.0/22 maxlen: 22
                          2a02:4620::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/g6BiUlKSop6X_moFW5vWCEp3GXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/g6BiUlKSop6X_moFW5vWCEp3GXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g6BiUlKSop6X_moFW5vWCEp3GXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:54:95:b7:ce:23:c5:9b:1b:c5:6c:10:9e:d8:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83a062525292a29e97fe6a055b9bd6084a771977
        Validity
            Not Before: Jan  2 00:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f42948f8701c42dcf28e4e6967e94baa37cf470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ae:94:19:46:df:98:e6:9a:07:40:d9:e2:89:
                    84:8d:8c:4d:f5:3a:79:d6:c8:fc:94:ec:a1:fe:33:
                    72:4a:cc:f4:f3:7b:54:f5:67:64:0d:71:52:d4:dc:
                    98:10:3d:17:77:9d:d6:73:ff:40:13:90:6a:91:84:
                    89:84:2a:f9:c3:5a:8c:65:25:e7:90:15:da:80:57:
                    20:f3:77:5e:40:a8:a6:87:ee:47:5e:9a:90:5d:09:
                    07:20:d3:dc:6b:ee:c6:30:df:c7:c3:eb:de:ed:4a:
                    04:9e:c1:d9:a9:b9:64:6f:81:18:45:c9:b5:81:05:
                    17:99:19:27:d6:d1:1c:81:ca:6c:ed:47:42:60:cf:
                    47:3c:db:bc:73:69:e6:14:60:de:49:1e:f8:42:de:
                    4c:23:43:df:1a:61:5f:dc:96:a0:37:8c:d1:5a:a6:
                    31:bd:d0:3f:b6:37:8f:eb:80:2e:66:8d:45:02:6f:
                    d1:80:fd:4d:6e:db:51:e1:bc:3c:d0:42:70:ce:f0:
                    6a:5c:72:47:55:2b:4d:7a:11:f3:f2:f2:8b:e1:ed:
                    0e:d2:57:36:08:01:d4:46:61:95:e1:6a:db:1c:f5:
                    2b:9e:91:2d:c6:da:d6:f6:9c:1a:33:64:69:f5:5e:
                    cf:d5:09:05:fc:78:99:25:01:7b:2d:af:0b:10:e4:
                    ad:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:42:94:8F:87:01:C4:2D:CF:28:E4:E6:96:7E:94:BA:A3:7C:F4:70
            X509v3 Authority Key Identifier:
                keyid:83:A0:62:52:52:92:A2:9E:97:FE:6A:05:5B:9B:D6:08:4A:77:19:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g6BiUlKSop6X_moFW5vWCEp3GXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/L0KUj4cBxC3PKOTmln6UuqN89HA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/958a2c-cef0-4bcc-99c2-321c9d66c847/1/g6BiUlKSop6X_moFW5vWCEp3GXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.172.0/22
                IPv6:
                  2a02:4620::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:c5:a5:97:5f:c0:e8:b3:9c:03:00:f9:54:2d:1a:d6:54:5b:
         6d:de:93:46:70:e9:67:51:11:87:8c:ef:aa:0c:06:1f:62:fa:
         8e:91:dd:11:34:06:3d:4f:6d:85:11:3b:ff:4c:98:03:6a:55:
         71:1e:70:63:33:04:b0:32:11:92:88:dd:6d:7a:8d:59:fa:bb:
         b9:6c:33:01:e8:46:c2:8d:0b:fe:31:0f:e5:30:06:1c:77:d5:
         9c:54:99:ac:96:76:09:a0:4b:23:d3:59:11:bb:00:23:6c:59:
         3c:7a:b2:36:60:2d:a1:47:21:13:59:e6:7f:f8:81:b7:71:cd:
         b3:74:93:c3:d8:43:17:bc:51:39:1c:d5:69:cf:7a:2c:e9:fb:
         66:9e:a1:05:02:d5:b6:1b:2d:a3:6c:ed:2a:b5:e3:d0:ac:12:
         98:45:44:18:70:df:5c:8a:c6:73:d0:b3:3b:76:b6:73:f7:6e:
         19:40:29:6f:75:9a:e4:98:a1:3e:65:a6:7e:6d:46:e9:a0:d5:
         ba:88:21:aa:2e:9b:ea:b0:94:87:44:66:35:f7:71:c5:30:9a:
         72:6f:5b:e6:4b:6c:05:7b:49:e1:41:f0:18:2a:03:cb:f4:cb:
         a5:40:25:24:27:da:e0:1a:5e:02:b8:3f:63:2d:0e:79:15:84:
         31:65:bf:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlVSVt84jxZsbxWwQntjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYTA2MjUyNTI5MmEyOWU5N2ZlNmEwNTViOWJkNjA4NGE3
NzE5NzcwHhcNMjQwMTAyMDAzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjQyOTQ4Zjg3MDFjNDJkY2YyOGU0ZTY5NjdlOTRiYWEzN2NmNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjK6UGUbfmOaaB0DZ4omEjYxN9Tp5
1sj8lOyh/jNySsz083tU9WdkDXFS1NyYED0Xd53Wc/9AE5BqkYSJhCr5w1qMZSXn
kBXagFcg83deQKimh+5HXpqQXQkHINPca+7GMN/Hw+ve7UoEnsHZqblkb4EYRcm1
gQUXmRkn1tEcgcps7UdCYM9HPNu8c2nmFGDeSR74Qt5MI0PfGmFf3JagN4zRWqYx
vdA/tjeP64AuZo1FAm/RgP1NbttR4bw80EJwzvBqXHJHVStNehHz8vKL4e0O0lc2
CAHURmGV4WrbHPUrnpEtxtrW9pwaM2Rp9V7P1QkF/HiZJQF7La8LEOStcQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC9ClI+HAcQtzyjk5pZ+lLqjfPRwMB8GA1UdIwQY
MBaAFIOgYlJSkqKel/5qBVub1ghKdxl3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzZCaVVsS1NvcDZYX21vRlc1dldDRXAzR1hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS85NThhMmMtY2VmMC00YmNjLTk5YzIt
MzIxYzlkNjZjODQ3LzEvTDBLVWo0Y0J4QzNQS09UbWxuNlV1cU44OUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS85NThhMmMtY2VmMC00YmNjLTk5YzItMzIxYzlkNjZjODQ3
LzEvZzZCaVVsS1NvcDZYX21vRlc1dldDRXAzR1hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTasMA0E
AgACMAcDBQAqAkYgMA0GCSqGSIb3DQEBCwUAA4IBAQA/xaWXX8Dos5wDAPlULRrW
VFtt3pNGcOlnURGHjO+qDAYfYvqOkd0RNAY9T22FETv/TJgDalVxHnBjMwSwMhGS
iN1teo1Z+ru5bDMB6EbCjQv+MQ/lMAYcd9WcVJmslnYJoEsj01kRuwAjbFk8erI2
YC2hRyETWeZ/+IG3cc2zdJPD2EMXvFE5HNVpz3os6ftmnqEFAtW2Gy2jbO0qtePQ
rBKYRUQYcN9cisZz0LM7drZz924ZQClvdZrkmKE+ZaZ+bUbpoNW6iCGqLpvqsJSH
RGY193HFMJpyb1vmS2wFe0nhQfAYKgPL9MulQCUkJ9rgGl4CuD9jLQ55FYQxZb/w
-----END CERTIFICATE-----