Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/LR_MLFigiPycxpUT-i8X2ghQNmY.roa
File:                     LR_MLFigiPycxpUT-i8X2ghQNmY.roa (raw, json)
Hash identifier:          9bsAi4VM7z1lVXobXwmJTVkUd9f+yhERTqO1UaCMUKY=
Subject key identifier:   2D:1F:CC:2C:58:A0:88:FC:9C:C6:95:13:FA:2F:17:DA:08:50:36:66
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018CC56F019D4423D4CAB2C8D10EE898FA2E
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/LR_MLFigiPycxpUT-i8X2ghQNmY.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205220
IP address blocks:        89.44.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:01:9d:44:23:d4:ca:b2:c8:d1:0e:e8:98:fa:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d1fcc2c58a088fc9cc69513fa2f17da08503666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:05:68:27:6b:32:db:ec:ac:19:d2:8b:f3:45:
                    55:5f:45:b4:3a:01:14:63:62:58:0c:b6:1e:3d:b3:
                    5f:da:eb:c0:0a:02:10:8e:0d:cc:a5:df:c9:23:b5:
                    3b:3d:46:5a:e3:fe:eb:e3:e6:02:40:e0:1b:f1:a5:
                    c1:70:4e:4a:bb:5b:ec:39:3f:8c:07:5d:7b:5a:2a:
                    30:c6:cf:9c:72:82:13:06:47:f6:53:01:2e:b2:4c:
                    17:65:55:bd:80:34:e4:e6:c1:a3:63:d0:eb:54:54:
                    e0:86:72:7f:f4:76:1a:97:89:e6:51:15:45:19:dc:
                    c7:88:f3:b3:c5:71:28:b4:7c:16:6f:d2:9d:02:e2:
                    ae:10:45:70:0c:92:a9:83:fe:59:a6:cd:c2:ab:37:
                    10:d2:1e:ec:60:8d:06:cf:62:e4:51:83:f6:a8:30:
                    50:2a:5e:e4:0d:02:b1:93:64:97:ac:a3:bc:dd:1c:
                    34:cd:c0:c1:21:cb:1b:25:7b:08:e7:19:96:8c:db:
                    19:60:8d:ea:18:dc:45:e1:d1:fd:8a:db:10:24:bb:
                    83:90:04:28:91:c6:f3:48:11:88:71:ee:77:8f:fc:
                    d9:0b:e3:a8:f0:6f:74:13:81:a9:07:f0:8a:90:eb:
                    b5:42:91:93:f2:34:16:a2:cd:66:1a:bb:33:34:f9:
                    f5:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:1F:CC:2C:58:A0:88:FC:9C:C6:95:13:FA:2F:17:DA:08:50:36:66
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/LR_MLFigiPycxpUT-i8X2ghQNmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:bd:7d:9c:02:e8:9f:33:d9:ac:98:56:2a:4c:50:14:e5:03:
         74:9c:ce:87:e0:21:9e:39:19:65:22:88:dc:3d:84:f1:da:a8:
         11:0a:6e:ad:95:0d:d6:bd:36:c7:fd:22:1d:c5:07:3e:20:5e:
         f2:70:02:f5:20:11:05:42:33:33:36:e4:76:be:2f:58:65:3f:
         05:be:e0:41:f4:42:af:95:e1:c6:ba:8e:62:17:8e:0f:a5:d3:
         5a:99:ca:1f:2c:35:0e:29:74:e0:12:1d:c3:0c:36:06:3e:60:
         b4:d8:a7:09:d4:37:2d:82:05:0d:56:8e:be:3d:71:fb:a0:27:
         fe:03:37:c6:23:66:55:a1:9c:f7:2f:48:2a:09:6b:6b:e3:bb:
         bf:6b:27:b1:b9:6b:36:f1:1b:e4:9f:5a:c7:87:11:e3:e6:b8:
         50:04:60:02:71:80:b1:95:ca:5c:6d:4c:ee:9a:74:75:13:90:
         cf:aa:01:84:29:2b:f9:dd:2c:73:1b:57:bd:6d:51:21:44:09:
         ab:a3:14:84:a8:a7:05:78:3e:3c:63:02:3f:fe:c1:c5:f5:af:
         7a:f4:f9:c1:0a:60:4f:1c:2d:f3:4e:b9:7c:f2:18:e3:10:b9:
         a3:5a:9d:94:1f:15:5a:66:b0:53:3f:c9:87:cb:db:03:04:e6:
         aa:89:2d:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwGdRCPUyrLI0Q7omPouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDFmY2MyYzU4YTA4OGZjOWNjNjk1MTNmYTJmMTdkYTA4NTAzNjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQVoJ2sy2+ysGdKL80VVX0W0OgEU
Y2JYDLYePbNf2uvACgIQjg3Mpd/JI7U7PUZa4/7r4+YCQOAb8aXBcE5Ku1vsOT+M
B117Wiowxs+ccoITBkf2UwEuskwXZVW9gDTk5sGjY9DrVFTghnJ/9HYal4nmURVF
GdzHiPOzxXEotHwWb9KdAuKuEEVwDJKpg/5Zps3CqzcQ0h7sYI0Gz2LkUYP2qDBQ
Kl7kDQKxk2SXrKO83Rw0zcDBIcsbJXsI5xmWjNsZYI3qGNxF4dH9itsQJLuDkAQo
kcbzSBGIce53j/zZC+Oo8G90E4GpB/CKkOu1QpGT8jQWos1mGrszNPn1BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC0fzCxYoIj8nMaVE/ovF9oIUDZmMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvTFJfTUxGaWdpUHljeHBVVC1pOFgyZ2hRTm1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSzSMA0G
CSqGSIb3DQEBCwUAA4IBAQAFvX2cAuifM9msmFYqTFAU5QN0nM6H4CGeORllIojc
PYTx2qgRCm6tlQ3WvTbH/SIdxQc+IF7ycAL1IBEFQjMzNuR2vi9YZT8FvuBB9EKv
leHGuo5iF44PpdNamcofLDUOKXTgEh3DDDYGPmC02KcJ1DctggUNVo6+PXH7oCf+
AzfGI2ZVoZz3L0gqCWtr47u/ayexuWs28Rvkn1rHhxHj5rhQBGACcYCxlcpcbUzu
mnR1E5DPqgGEKSv53SxzG1e9bVEhRAmroxSEqKcFeD48YwI//sHF9a969PnBCmBP
HC3zTrl88hjjELmjWp2UHxVaZrBTP8mHy9sDBOaqiS0B
-----END CERTIFICATE-----