Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/LbRLSCZgNjKQ4NVrLzk4GRKtgYY.roa
File:                     LbRLSCZgNjKQ4NVrLzk4GRKtgYY.roa (raw, json)
Hash identifier:          /kAcDTHsuQOYOXcr8j8Fv03Ys7En4o0Y+S9NpXp7/Jw=
Subject key identifier:   2D:B4:4B:48:26:60:36:32:90:E0:D5:6B:2F:39:38:19:12:AD:81:86
Certificate issuer:       /CN=e292c8c779b6ed6ede72a8cf11490ef6d7a9e921
Certificate serial:       0197D4A7E6ACD175B39E0D405C94E6FE1BD7
Authority key identifier: E2:92:C8:C7:79:B6:ED:6E:DE:72:A8:CF:11:49:0E:F6:D7:A9:E9:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/LbRLSCZgNjKQ4NVrLzk4GRKtgYY.roa
Signing time:             Fri 04 Jul 2025 08:57:42 +0000
ROA not before:           Fri 04 Jul 2025 08:57:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        95.128.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d4:a7:e6:ac:d1:75:b3:9e:0d:40:5c:94:e6:fe:1b:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e292c8c779b6ed6ede72a8cf11490ef6d7a9e921
        Validity
            Not Before: Jul  4 08:57:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2db44b482660363290e0d56b2f39381912ad8186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:62:d1:9f:54:1d:f1:1d:ef:ac:78:50:2a:2b:
                    fd:b8:e5:03:dd:e6:fb:38:e2:de:e2:36:16:06:b8:
                    94:ad:60:c0:96:02:68:f7:df:e0:e3:7b:98:4d:67:
                    6d:22:50:60:86:93:61:68:1a:3a:8b:5b:ee:9f:43:
                    d3:bc:3d:e1:f1:0d:ac:59:6d:c7:59:22:80:8d:f8:
                    ba:ef:35:ce:52:4a:b4:4b:d4:30:47:c9:29:db:a6:
                    5f:6b:48:c6:66:97:3f:1b:0f:aa:d1:c8:85:ab:9a:
                    ea:20:55:7f:02:23:5a:22:81:6a:2b:c1:48:74:99:
                    db:db:d2:15:5f:1d:e8:93:cd:c3:87:46:8c:0c:05:
                    5d:98:63:6b:3e:35:c8:5e:aa:3c:01:eb:32:99:2c:
                    d1:1c:84:c4:fa:1e:93:aa:ca:7d:10:89:ea:74:07:
                    26:43:7e:f0:c8:de:5a:9a:e9:3b:f8:7d:32:d5:74:
                    cb:d9:05:b8:6f:58:5c:dc:d0:55:9e:1f:7a:67:cd:
                    fd:02:19:d8:09:ec:e2:96:61:f1:0f:4f:28:d9:ac:
                    f3:0a:4e:2d:93:16:6c:db:36:0e:23:cf:fe:b4:e8:
                    61:ff:1f:11:6b:f0:4f:85:50:a5:d5:d5:59:31:06:
                    24:1e:e2:f4:9e:c1:26:6f:9b:22:fc:34:77:ca:f4:
                    f9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B4:4B:48:26:60:36:32:90:E0:D5:6B:2F:39:38:19:12:AD:81:86
            X509v3 Authority Key Identifier:
                keyid:E2:92:C8:C7:79:B6:ED:6E:DE:72:A8:CF:11:49:0E:F6:D7:A9:E9:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/LbRLSCZgNjKQ4NVrLzk4GRKtgYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:7e:5b:d2:1b:f4:41:75:8e:bc:3b:5f:5d:ae:bd:bc:15:e7:
         03:18:23:7b:01:dd:4d:0c:53:cb:bd:67:4d:74:52:80:c0:1e:
         4e:ae:d8:df:88:09:5d:9e:8a:70:fb:bd:8a:d9:5d:f5:f1:d5:
         da:92:7b:b0:f8:20:10:55:f8:d6:d6:99:d9:9b:28:18:b5:83:
         16:04:83:ca:30:1d:85:e2:ea:fa:3c:31:d6:41:79:a8:70:eb:
         e7:cd:8c:b2:b7:98:bc:78:56:87:9e:f6:df:03:23:f3:4a:e1:
         89:d4:4c:98:63:9d:de:53:72:e2:ee:4c:bd:15:71:cc:27:a9:
         b2:fa:b2:cb:4d:9c:cc:93:0a:95:43:a2:2a:b7:b0:28:98:6c:
         71:81:d0:0c:d2:b9:d7:68:7d:d6:a3:b8:a8:df:9c:22:84:7f:
         d8:1a:83:f3:e5:92:b1:2a:20:8c:7d:2c:0a:7b:8b:fc:5c:c0:
         fa:4f:d6:22:47:db:76:a5:55:81:06:17:27:72:1d:66:da:ab:
         a3:5c:8d:a0:f0:13:de:91:e0:95:dc:1b:38:00:8a:9a:2e:ac:
         3a:7b:b9:39:5f:5c:b2:e0:46:07:5f:19:c1:1d:be:53:cc:0e:
         29:13:6a:37:e8:2b:77:cf:75:e3:ee:ca:66:0d:78:af:5d:6a:
         1d:a9:f2:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfUp+as0XWzng1AXJTm/hvXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOTJjOGM3NzliNmVkNmVkZTcyYThjZjExNDkwZWY2ZDdh
OWU5MjEwHhcNMjUwNzA0MDg1NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGI0NGI0ODI2NjAzNjMyOTBlMGQ1NmIyZjM5MzgxOTEyYWQ4MTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGLRn1Qd8R3vrHhQKiv9uOUD3eb7
OOLe4jYWBriUrWDAlgJo99/g43uYTWdtIlBghpNhaBo6i1vun0PTvD3h8Q2sWW3H
WSKAjfi67zXOUkq0S9QwR8kp26Zfa0jGZpc/Gw+q0ciFq5rqIFV/AiNaIoFqK8FI
dJnb29IVXx3ok83Dh0aMDAVdmGNrPjXIXqo8AesymSzRHITE+h6Tqsp9EInqdAcm
Q37wyN5amuk7+H0y1XTL2QW4b1hc3NBVnh96Z839AhnYCezilmHxD08o2azzCk4t
kxZs2zYOI8/+tOhh/x8Ra/BPhVCl1dVZMQYkHuL0nsEmb5si/DR3yvT5CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC20S0gmYDYykODVay85OBkSrYGGMB8GA1UdIwQY
MBaAFOKSyMd5tu1u3nKozxFJDvbXqekhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHBMSXgzbTI3VzdlY3FqUEVVa085dGVwNlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC80YTJlOTctMjU3MC00NzhiLWI5YmMt
NWViYjYzNzgwMDllLzEvTGJSTFNDWmdOaktRNE5Wckx6azRHUkt0Z1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC80YTJlOTctMjU3MC00NzhiLWI5YmMtNWViYjYzNzgwMDll
LzEvNHBMSXgzbTI3VzdlY3FqUEVVa085dGVwNlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DDMA0G
CSqGSIb3DQEBCwUAA4IBAQBCflvSG/RBdY68O19drr28FecDGCN7Ad1NDFPLvWdN
dFKAwB5OrtjfiAldnopw+72K2V318dXaknuw+CAQVfjW1pnZmygYtYMWBIPKMB2F
4ur6PDHWQXmocOvnzYyyt5i8eFaHnvbfAyPzSuGJ1EyYY53eU3Li7ky9FXHMJ6my
+rLLTZzMkwqVQ6Iqt7AomGxxgdAM0rnXaH3Wo7io35wihH/YGoPz5ZKxKiCMfSwK
e4v8XMD6T9YiR9t2pVWBBhcnch1m2qujXI2g8BPekeCV3Bs4AIqaLqw6e7k5X1yy
4EYHXxnBHb5TzA4pE2o36Ct3z3Xj7spmDXivXWodqfIX
-----END CERTIFICATE-----