Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/lipYy7_Qkl0X6_DIpmw5w0iMk9g.roa
File:                     lipYy7_Qkl0X6_DIpmw5w0iMk9g.roa (raw, json)
Hash identifier:          aI1iTWCogAd5UYBTD2Z81sFjpXHsTB6VnJ2YAZsgqho=
Subject key identifier:   96:2A:58:CB:BF:D0:92:5D:17:EB:F0:C8:A6:6C:39:C3:48:8C:93:D8
Certificate issuer:       /CN=406f014a2bc76ae04e6d304d06aacbfc8e85d514
Certificate serial:       018CC492CAEF58CC0B0383CC80AE2E272FA9
Authority key identifier: 40:6F:01:4A:2B:C7:6A:E0:4E:6D:30:4D:06:AA:CB:FC:8E:85:D5:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QG8BSivHauBObTBNBqrL_I6F1RQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/lipYy7_Qkl0X6_DIpmw5w0iMk9g.roa
Signing time:             Mon 01 Jan 2024 10:30:03 +0000
ROA not before:           Mon 01 Jan 2024 10:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24685
IP address blocks:        194.246.121.0/24 maxlen: 32
                          195.234.76.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/QG8BSivHauBObTBNBqrL_I6F1RQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/QG8BSivHauBObTBNBqrL_I6F1RQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QG8BSivHauBObTBNBqrL_I6F1RQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:ca:ef:58:cc:0b:03:83:cc:80:ae:2e:27:2f:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=406f014a2bc76ae04e6d304d06aacbfc8e85d514
        Validity
            Not Before: Jan  1 10:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=962a58cbbfd0925d17ebf0c8a66c39c3488c93d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:11:53:4d:74:28:ae:88:af:6d:90:ff:30:16:
                    ec:d2:38:02:b0:5e:50:bf:0e:55:f3:80:91:cc:08:
                    25:56:7b:86:95:13:13:99:33:90:f3:0f:be:88:4d:
                    53:e5:29:70:a5:73:15:43:5e:2b:7b:cc:9c:c7:ea:
                    72:43:31:fb:87:db:74:59:8d:f7:29:50:1e:9d:bf:
                    72:66:67:41:9a:41:e0:91:57:17:c7:62:15:6e:bd:
                    cd:97:5c:f0:d1:ab:9b:ec:8e:19:5d:f8:15:03:37:
                    99:ee:f8:45:21:84:7e:f1:80:6f:5a:86:13:d9:fb:
                    be:d9:c3:ff:30:74:72:fd:04:44:e3:fd:1f:33:f5:
                    a6:ba:73:b8:52:30:6c:f5:c2:04:55:51:ee:94:bd:
                    ce:4f:de:ed:a5:21:12:69:d9:e4:d9:85:6d:ac:86:
                    ce:7b:03:9e:a2:eb:e7:ae:33:bf:0a:7c:7a:81:c6:
                    ea:97:49:7d:e4:ee:c5:b0:cd:fb:1e:e8:cf:d5:2e:
                    59:e4:ce:fa:61:a6:58:45:4f:6b:40:f4:71:51:57:
                    2d:8b:ec:ca:e0:9b:7a:67:56:45:bf:d7:5b:9f:8a:
                    e6:d0:1c:cd:64:6d:1d:49:1c:68:01:2e:40:8e:1e:
                    78:2a:93:45:fd:fb:4f:0b:88:55:7c:a6:80:9e:71:
                    95:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:2A:58:CB:BF:D0:92:5D:17:EB:F0:C8:A6:6C:39:C3:48:8C:93:D8
            X509v3 Authority Key Identifier:
                keyid:40:6F:01:4A:2B:C7:6A:E0:4E:6D:30:4D:06:AA:CB:FC:8E:85:D5:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QG8BSivHauBObTBNBqrL_I6F1RQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/lipYy7_Qkl0X6_DIpmw5w0iMk9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/QG8BSivHauBObTBNBqrL_I6F1RQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.121.0/24
                  195.234.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:37:66:3d:74:0a:51:82:69:6e:bc:e8:c0:ce:d2:b3:70:1c:
         e0:f5:99:f0:be:03:10:88:87:b5:a7:86:de:25:97:cb:de:09:
         3a:2a:fa:5b:f0:4a:e6:37:c3:71:49:e0:3e:1c:f4:ea:1d:4d:
         d4:c7:0c:4f:6c:51:f4:b7:a0:3b:39:34:db:cc:33:b1:75:46:
         24:84:f1:3e:a2:fb:68:63:1c:04:6f:c2:c2:4f:f6:05:cc:73:
         61:bb:39:24:a5:b5:c7:62:33:94:2e:37:33:e7:ca:b1:59:4c:
         03:0d:ca:92:2d:86:dd:8f:19:15:54:2f:f4:0b:1e:b5:63:7f:
         6c:be:c5:ca:6b:cd:68:57:ad:cf:7c:57:11:b1:fe:14:a4:65:
         f5:d6:a4:08:90:b0:d3:8d:d6:ae:c0:60:de:6c:05:7c:a8:47:
         62:da:4a:a8:d6:67:c7:c7:2b:d2:ce:e4:35:73:76:34:6b:6e:
         84:16:cb:cb:0c:21:67:97:bd:f9:7e:d7:3c:64:59:3b:92:ec:
         ca:dc:03:df:fd:18:08:47:94:5c:05:85:cd:af:19:63:7d:87:
         d0:be:f0:46:e5:52:91:83:df:85:6d:a4:17:10:e9:68:9e:48:
         a3:4d:5e:6e:25:48:33:73:92:16:33:5e:8f:1d:7a:7c:92:55:
         93:2c:c0:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEksrvWMwLA4PMgK4uJy+pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNmYwMTRhMmJjNzZhZTA0ZTZkMzA0ZDA2YWFjYmZjOGU4
NWQ1MTQwHhcNMjQwMTAxMTAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjJhNThjYmJmZDA5MjVkMTdlYmYwYzhhNjZjMzljMzQ4OGM5M2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRFTTXQoroivbZD/MBbs0jgCsF5Q
vw5V84CRzAglVnuGlRMTmTOQ8w++iE1T5SlwpXMVQ14re8ycx+pyQzH7h9t0WY33
KVAenb9yZmdBmkHgkVcXx2IVbr3Nl1zw0aub7I4ZXfgVAzeZ7vhFIYR+8YBvWoYT
2fu+2cP/MHRy/QRE4/0fM/WmunO4UjBs9cIEVVHulL3OT97tpSESadnk2YVtrIbO
ewOeouvnrjO/Cnx6gcbql0l95O7FsM37HujP1S5Z5M76YaZYRU9rQPRxUVcti+zK
4Jt6Z1ZFv9dbn4rm0BzNZG0dSRxoAS5Ajh54KpNF/ftPC4hVfKaAnnGVFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJYqWMu/0JJdF+vwyKZsOcNIjJPYMB8GA1UdIwQY
MBaAFEBvAUorx2rgTm0wTQaqy/yOhdUUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUc4QlNpdkhhdUJPYlRCTkJxckxfSTZGMVJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hYjNjYWEtMzEzZS00NjgzLTg0ZGIt
OWVlNWE3OGVjNTdiLzEvbGlwWXk3X1FrbDBYNl9ESXBtdzV3MGlNazlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hYjNjYWEtMzEzZS00NjgzLTg0ZGItOWVlNWE3OGVjNTdi
LzEvUUc4QlNpdkhhdUJPYlRCTkJxckxfSTZGMVJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwvZ5AwQA
w+pMMA0GCSqGSIb3DQEBCwUAA4IBAQCYN2Y9dApRgmluvOjAztKzcBzg9ZnwvgMQ
iIe1p4beJZfL3gk6Kvpb8ErmN8NxSeA+HPTqHU3UxwxPbFH0t6A7OTTbzDOxdUYk
hPE+ovtoYxwEb8LCT/YFzHNhuzkkpbXHYjOULjcz58qxWUwDDcqSLYbdjxkVVC/0
Cx61Y39svsXKa81oV63PfFcRsf4UpGX11qQIkLDTjdauwGDebAV8qEdi2kqo1mfH
xyvSzuQ1c3Y0a26EFsvLDCFnl735ftc8ZFk7kuzK3APf/RgIR5RcBYXNrxljfYfQ
vvBG5VKRg9+FbaQXEOlonkijTV5uJUgzc5IWM16PHXp8klWTLMC/
-----END CERTIFICATE-----