Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/lP-XoEy5uCAsHAtTe1bAFx7xjKY.roa
File:                     lP-XoEy5uCAsHAtTe1bAFx7xjKY.roa (raw, json)
Hash identifier:          yGAUUoSl1cysm17I08UCaSrMd4i5xHhDVzK0qBw4V6I=
Subject key identifier:   94:FF:97:A0:4C:B9:B8:20:2C:1C:0B:53:7B:56:C0:17:1E:F1:8C:A6
Certificate issuer:       /CN=c4eb34dda2f8094968494892063351ee0f10e91a
Certificate serial:       018FBF07122D2F244E754EB1EFB3EBB8C8D9
Authority key identifier: C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/lP-XoEy5uCAsHAtTe1bAFx7xjKY.roa
Signing time:             Tue 28 May 2024 11:47:42 +0000
ROA not before:           Tue 28 May 2024 11:47:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212150
IP address blocks:        193.151.162.0/24 maxlen: 24
                          193.151.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bf:07:12:2d:2f:24:4e:75:4e:b1:ef:b3:eb:b8:c8:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4eb34dda2f8094968494892063351ee0f10e91a
        Validity
            Not Before: May 28 11:47:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94ff97a04cb9b8202c1c0b537b56c0171ef18ca6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f1:b1:6b:6b:cf:fd:68:2e:03:63:1b:50:61:
                    5f:c9:dc:6d:8b:3b:3e:57:09:c0:6b:e9:de:79:51:
                    be:49:79:dd:cd:c7:7d:c0:30:72:99:3f:e8:e8:2e:
                    f3:f9:bc:33:b7:c1:9b:7c:67:d9:76:c8:7b:a2:16:
                    91:c1:fe:0f:23:62:db:1b:7d:af:22:f0:6e:01:cd:
                    6f:c0:93:6a:72:56:28:2e:80:7e:6e:77:8a:19:22:
                    67:35:57:25:a3:48:c6:16:ed:9f:5d:0d:f8:3d:98:
                    0c:41:f3:3b:5d:f7:4c:ef:ba:89:1d:c4:9f:d0:32:
                    ec:d8:34:d6:a1:e5:75:04:5d:26:71:e6:d6:c2:0f:
                    cb:82:02:48:76:f2:5c:6f:51:85:36:d8:06:85:d9:
                    17:8a:c8:44:23:54:8c:ab:1b:aa:23:f5:df:ef:b8:
                    0b:11:7c:59:b7:88:e5:1e:79:c0:f3:2d:41:97:a7:
                    11:78:ff:7f:48:5a:e7:06:91:2e:fa:ea:f9:7c:25:
                    02:1e:c8:dc:25:64:aa:af:b5:8e:69:b0:d3:2e:d0:
                    e6:dc:80:fe:d5:9c:ec:8c:4d:28:f0:b5:3f:80:5a:
                    c1:3f:e7:ee:54:f0:8b:18:1d:40:45:cf:97:75:e5:
                    05:f9:a2:4c:2f:79:54:79:55:a9:d9:c3:54:e1:11:
                    77:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:FF:97:A0:4C:B9:B8:20:2C:1C:0B:53:7B:56:C0:17:1E:F1:8C:A6
            X509v3 Authority Key Identifier:
                keyid:C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/lP-XoEy5uCAsHAtTe1bAFx7xjKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         df:6a:40:17:b3:e4:a4:2c:03:c4:da:60:6e:6b:ca:c8:92:20:
         a6:95:5f:30:2c:f7:36:73:c6:c1:b6:e4:4e:6a:e9:f0:f3:98:
         7f:f2:cc:c4:7c:33:9d:be:5b:c4:22:32:20:b1:ba:08:41:0c:
         24:c2:f1:c8:3f:f2:d8:bd:9e:99:e5:57:f4:3b:39:1f:15:e8:
         f8:17:23:f8:0f:4d:e5:9d:c8:ba:a0:3d:72:a5:2e:84:bb:e6:
         88:de:d9:1f:ff:d1:66:fa:1f:ce:57:93:22:8c:63:63:e6:4e:
         16:4e:bc:e6:dc:aa:75:cf:f0:97:1e:e9:5c:12:45:71:07:25:
         30:73:67:ce:0a:70:8d:89:25:2c:df:8a:d3:44:1f:86:32:9c:
         94:ad:89:a2:8e:de:00:78:fb:bf:83:43:be:c7:d8:7d:24:bb:
         13:e3:f7:a0:ce:4a:65:ad:98:f3:3e:21:f8:e2:eb:d8:65:e1:
         f2:23:e9:45:e5:2c:8b:6e:e0:4e:02:26:3d:8b:06:6c:f9:2c:
         74:27:f4:67:72:5f:3f:12:69:28:61:2f:5c:96:07:a3:3f:b0:
         1f:0d:d5:63:5a:fd:4b:5e:2f:b4:47:98:29:e3:c3:bc:b1:5b:
         e5:c4:88:8e:52:18:15:d2:7e:4c:94:f7:d0:ef:ba:8a:33:bc:
         e1:be:15:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+/BxItLyROdU6x77PruMjZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZWIzNGRkYTJmODA5NDk2ODQ5NDg5MjA2MzM1MWVlMGYx
MGU5MWEwHhcNMjQwNTI4MTE0NzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGZmOTdhMDRjYjliODIwMmMxYzBiNTM3YjU2YzAxNzFlZjE4Y2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfGxa2vP/WguA2MbUGFfydxtizs+
VwnAa+neeVG+SXndzcd9wDBymT/o6C7z+bwzt8GbfGfZdsh7ohaRwf4PI2LbG32v
IvBuAc1vwJNqclYoLoB+bneKGSJnNVclo0jGFu2fXQ34PZgMQfM7XfdM77qJHcSf
0DLs2DTWoeV1BF0mcebWwg/LggJIdvJcb1GFNtgGhdkXishEI1SMqxuqI/Xf77gL
EXxZt4jlHnnA8y1Bl6cReP9/SFrnBpEu+ur5fCUCHsjcJWSqr7WOabDTLtDm3ID+
1ZzsjE0o8LU/gFrBP+fuVPCLGB1ARc+XdeUF+aJML3lUeVWp2cNU4RF3IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJT/l6BMubggLBwLU3tWwBce8YymMB8GA1UdIwQY
MBaAFMTrNN2i+AlJaElIkgYzUe4PEOkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEt
YTM0N2I1NmYzYjlhLzEvbFAtWG9FeTV1Q0FzSEF0VGUxYkFGeDd4aktZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEtYTM0N2I1NmYzYjlh
LzEveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwZeiMA0G
CSqGSIb3DQEBCwUAA4IBAQDfakAXs+SkLAPE2mBua8rIkiCmlV8wLPc2c8bBtuRO
aunw85h/8szEfDOdvlvEIjIgsboIQQwkwvHIP/LYvZ6Z5Vf0OzkfFej4FyP4D03l
nci6oD1ypS6Eu+aI3tkf/9Fm+h/OV5MijGNj5k4WTrzm3Kp1z/CXHulcEkVxByUw
c2fOCnCNiSUs34rTRB+GMpyUrYmijt4AePu/g0O+x9h9JLsT4/egzkplrZjzPiH4
4uvYZeHyI+lF5SyLbuBOAiY9iwZs+Sx0J/Rncl8/EmkoYS9clgejP7AfDdVjWv1L
Xi+0R5gp48O8sVvlxIiOUhgV0n5MlPfQ77qKM7zhvhWw
-----END CERTIFICATE-----