Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/Lhbt1th14edAodw9bRMZzaOx57U.roa
File:                     Lhbt1th14edAodw9bRMZzaOx57U.roa (raw, json)
Hash identifier:          x+OU1q9sGfK/5dQcHZQufauYJEnkq7uOYf+TYnLrFZo=
Subject key identifier:   2E:16:ED:D6:D8:75:E1:E7:40:A1:DC:3D:6D:13:19:CD:A3:B1:E7:B5
Certificate issuer:       /CN=1847b59d21ea36b3062fca80ce75c1616af5119a
Certificate serial:       019016645D14509CB0553E5ADA13700999A7
Authority key identifier: 18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/Lhbt1th14edAodw9bRMZzaOx57U.roa
Signing time:             Fri 14 Jun 2024 10:56:34 +0000
ROA not before:           Fri 14 Jun 2024 10:56:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201513
IP address blocks:        2a00:5da0:8010::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:16:64:5d:14:50:9c:b0:55:3e:5a:da:13:70:09:99:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1847b59d21ea36b3062fca80ce75c1616af5119a
        Validity
            Not Before: Jun 14 10:56:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e16edd6d875e1e740a1dc3d6d1319cda3b1e7b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:aa:57:94:df:e8:ec:00:49:4c:45:c6:64:83:
                    49:e2:d6:21:1a:e0:f7:6a:7c:67:ec:ab:c1:2c:15:
                    88:4c:3d:a8:72:ee:0f:36:7f:06:1e:52:29:02:01:
                    42:11:b0:4f:b6:fa:f5:90:d2:4a:d2:ea:32:f1:57:
                    e4:fd:ad:d7:24:f5:03:75:5a:b7:af:e4:17:06:fe:
                    f9:ac:4b:36:c3:ce:09:c0:12:53:a6:17:37:78:b3:
                    a1:07:ff:70:3b:f5:2b:32:db:49:5d:2b:40:4f:73:
                    b4:cb:61:36:2c:c6:a0:89:5e:3e:3c:4d:17:f2:00:
                    ba:86:b7:94:61:8a:d2:4f:cb:db:69:7e:da:04:01:
                    24:38:39:f3:0b:ce:5e:69:e1:31:35:18:45:7b:64:
                    29:4f:0a:36:7b:81:51:eb:dd:1d:fa:77:a6:fd:cb:
                    7f:8a:36:23:90:4b:27:6e:a6:66:9d:d0:be:2a:06:
                    55:de:46:d9:79:1f:bd:34:c8:a7:11:dc:eb:08:72:
                    b2:28:ec:2d:eb:c9:00:ac:95:a7:26:b4:2d:03:78:
                    22:a9:e9:b0:c5:7e:b8:f4:d3:f9:a7:46:8d:3f:9f:
                    04:4e:28:91:ec:3e:65:a1:ec:f4:01:09:62:2e:43:
                    b9:95:5a:39:45:76:02:38:3e:b3:89:c2:a1:00:b2:
                    68:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:16:ED:D6:D8:75:E1:E7:40:A1:DC:3D:6D:13:19:CD:A3:B1:E7:B5
            X509v3 Authority Key Identifier:
                keyid:18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/Lhbt1th14edAodw9bRMZzaOx57U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:5da0:8010::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:b9:45:57:1c:93:c6:4e:e4:50:bb:0f:80:c8:97:bd:55:72:
         9b:40:04:ae:5e:6f:6b:f9:b8:41:c5:45:78:8f:76:c2:58:c9:
         49:00:22:e7:af:e5:26:f8:25:90:88:25:2e:1f:54:ec:15:3a:
         c4:fa:e0:02:c4:42:ac:31:e8:b9:36:d6:9e:9a:91:30:91:23:
         fc:62:47:b5:b9:19:0d:c0:9f:f5:a9:2c:75:55:f5:9e:29:33:
         5f:5a:f9:48:a8:d1:0c:ff:38:77:81:1e:b3:87:ad:75:2c:ed:
         88:c6:22:1b:84:91:33:69:98:b2:ee:36:b1:f3:93:63:c6:91:
         f2:ff:1c:90:58:0e:96:f1:6a:75:cb:2e:10:dd:29:01:2d:48:
         82:10:fe:55:80:9e:d4:e7:fc:93:f4:d9:ff:b6:be:82:ab:67:
         81:1c:fb:a1:ad:79:63:55:e6:14:99:d4:62:6c:61:70:02:7f:
         a8:8a:30:4e:e2:eb:9e:17:f9:c5:40:89:de:61:b0:21:4d:0c:
         cc:94:75:b4:1c:3e:c4:23:7d:11:dd:6e:76:c3:8b:fe:e0:91:
         de:2c:f3:c1:13:cd:a7:ed:00:47:d0:c4:3f:22:bb:d8:06:14:
         c2:07:ad:40:83:4f:35:17:5f:07:3e:a6:a1:4b:8f:26:56:02:
         0d:a2:c4:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAWZF0UUJywVT5a2hNwCZmnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NDdiNTlkMjFlYTM2YjMwNjJmY2E4MGNlNzVjMTYxNmFm
NTExOWEwHhcNMjQwNjE0MTA1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTE2ZWRkNmQ4NzVlMWU3NDBhMWRjM2Q2ZDEzMTljZGEzYjFlN2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqpXlN/o7ABJTEXGZINJ4tYhGuD3
anxn7KvBLBWITD2ocu4PNn8GHlIpAgFCEbBPtvr1kNJK0uoy8Vfk/a3XJPUDdVq3
r+QXBv75rEs2w84JwBJTphc3eLOhB/9wO/UrMttJXStAT3O0y2E2LMagiV4+PE0X
8gC6hreUYYrST8vbaX7aBAEkODnzC85eaeExNRhFe2QpTwo2e4FR690d+nem/ct/
ijYjkEsnbqZmndC+KgZV3kbZeR+9NMinEdzrCHKyKOwt68kArJWnJrQtA3giqemw
xX649NP5p0aNP58ETiiR7D5loez0AQliLkO5lVo5RXYCOD6zicKhALJoIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC4W7dbYdeHnQKHcPW0TGc2jsee1MB8GA1UdIwQY
MBaAFBhHtZ0h6jazBi/KgM51wWFq9RGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTIt
ZjkxYmI1MTc5MjE3LzEvTGhidDF0aDE0ZWRBb2R3OWJSTVp6YU94NTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTItZjkxYmI1MTc5MjE3
LzEvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgBdoIAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAVuUVXHJPGTuRQuw+AyJe9VXKbQASuXm9r+bhB
xUV4j3bCWMlJACLnr+Um+CWQiCUuH1TsFTrE+uACxEKsMei5NtaempEwkSP8Yke1
uRkNwJ/1qSx1VfWeKTNfWvlIqNEM/zh3gR6zh611LO2IxiIbhJEzaZiy7jax85Nj
xpHy/xyQWA6W8Wp1yy4Q3SkBLUiCEP5VgJ7U5/yT9Nn/tr6Cq2eBHPuhrXljVeYU
mdRibGFwAn+oijBO4uueF/nFQIneYbAhTQzMlHW0HD7EI30R3W52w4v+4JHeLPPB
E82n7QBH0MQ/IrvYBhTCB61Ag081F18HPqahS48mVgINosRG
-----END CERTIFICATE-----