Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/lvFlg-aAF79hiJi2PSFm1pSaFOg.roa
File:                     lvFlg-aAF79hiJi2PSFm1pSaFOg.roa (raw, json)
Hash identifier:          HI3BKkvMRqopWScxbHhP7/ZhjWgti31O2RsotkTEyZA=
Subject key identifier:   96:F1:65:83:E6:80:17:BF:61:88:98:B6:3D:21:66:D6:94:9A:14:E8
Certificate issuer:       /CN=82b136e6820d94f03b1c5d71eee3d4b22191528f
Certificate serial:       018EF6780AAA8DF7C6639B575F0C32290BB7
Authority key identifier: 82:B1:36:E6:82:0D:94:F0:3B:1C:5D:71:EE:E3:D4:B2:21:91:52:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/grE25oINlPA7HF1x7uPUsiGRUo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/lvFlg-aAF79hiJi2PSFm1pSaFOg.roa
Signing time:             Fri 19 Apr 2024 13:07:25 +0000
ROA not before:           Fri 19 Apr 2024 13:07:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213035
IP address blocks:        193.56.104.0/24 maxlen: 24
                          193.56.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/grE25oINlPA7HF1x7uPUsiGRUo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/grE25oINlPA7HF1x7uPUsiGRUo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/grE25oINlPA7HF1x7uPUsiGRUo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:78:0a:aa:8d:f7:c6:63:9b:57:5f:0c:32:29:0b:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82b136e6820d94f03b1c5d71eee3d4b22191528f
        Validity
            Not Before: Apr 19 13:07:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96f16583e68017bf618898b63d2166d6949a14e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b6:3d:f6:d2:f7:20:e9:82:aa:57:38:66:45:
                    e9:30:3a:23:a6:d4:51:32:3b:0c:ee:8e:bb:a3:69:
                    b3:3f:a0:ac:1b:2f:dc:dd:6d:a3:b4:ac:0d:c3:32:
                    4c:ce:ac:9c:37:82:f8:ab:08:98:7f:bb:5d:74:89:
                    4f:26:07:74:5e:a0:b1:2c:5e:b8:aa:5f:52:d4:76:
                    89:67:4c:66:f7:0c:78:58:ef:99:f4:88:27:80:e3:
                    13:c8:64:f2:98:de:44:67:0f:50:d8:90:d4:f1:84:
                    5d:27:b3:fe:55:a3:35:54:cb:29:81:87:c9:18:37:
                    f6:3b:20:8d:37:3a:c7:1a:17:55:a1:4e:13:d0:9c:
                    c6:ee:29:2d:9d:d0:fe:e4:39:b6:7c:1a:94:00:dd:
                    d9:13:23:7a:11:10:60:f2:62:43:6e:8c:af:58:fc:
                    72:04:a2:fb:3a:97:28:db:9a:b2:36:02:55:bd:bc:
                    28:7d:50:55:2f:06:9e:05:bb:a5:46:35:84:fa:0d:
                    e1:2e:36:39:5a:8f:d8:b8:26:1e:4f:1a:bd:24:1a:
                    05:c4:bb:cf:e9:8e:56:a4:49:ff:58:8e:2c:87:98:
                    c6:56:7b:77:b5:33:dc:d8:88:4e:ac:61:fe:49:63:
                    46:1b:33:6f:47:2f:10:4c:d5:63:06:58:4e:fc:54:
                    5c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:F1:65:83:E6:80:17:BF:61:88:98:B6:3D:21:66:D6:94:9A:14:E8
            X509v3 Authority Key Identifier:
                keyid:82:B1:36:E6:82:0D:94:F0:3B:1C:5D:71:EE:E3:D4:B2:21:91:52:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/grE25oINlPA7HF1x7uPUsiGRUo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/lvFlg-aAF79hiJi2PSFm1pSaFOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/22112e-4e13-43d0-9eb1-0da3caa91429/1/grE25oINlPA7HF1x7uPUsiGRUo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:a3:78:bb:82:61:26:96:76:9b:2e:45:a6:94:a4:cf:d3:4d:
         b2:3c:5b:5e:2f:3a:96:62:e6:23:8f:0a:04:c1:8e:a4:c3:a8:
         37:8d:d6:83:c1:06:53:cd:f3:95:72:3a:50:70:eb:5e:2a:13:
         2c:b3:2d:67:d4:ec:77:68:92:aa:28:6d:af:40:f8:6f:1a:05:
         3a:ba:24:57:bd:7f:20:eb:b7:b8:32:e3:84:bb:d2:ab:6d:74:
         95:a8:8e:17:ea:4c:51:25:d0:ce:25:9b:63:ef:c8:04:e0:86:
         e0:1f:f7:97:3e:b0:20:f6:b5:47:5e:4a:f6:fb:d4:cf:64:b8:
         e3:a9:b4:e3:cc:cf:32:78:c3:3e:01:be:ea:00:5c:f3:25:65:
         84:44:ed:84:3f:1c:b5:ce:65:06:c5:bb:2c:2c:66:33:ee:bd:
         2c:dd:d1:5b:c7:c7:42:be:40:62:30:82:a8:d0:fa:0a:ac:9a:
         9d:0e:db:a0:fa:b9:c8:be:bb:d8:98:f9:fe:5b:d3:7d:12:f8:
         2f:39:3e:6e:dc:be:e2:d2:84:8c:2a:76:84:b8:d7:8b:4b:c8:
         70:fc:dc:80:eb:aa:ad:4a:2c:a6:71:1f:f9:ff:92:c5:1a:1d:
         af:a0:84:c0:2e:3d:c6:7e:1b:5b:ec:d8:06:fb:2f:1c:fe:29:
         5e:54:a6:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY72eAqqjffGY5tXXwwyKQu3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyYjEzNmU2ODIwZDk0ZjAzYjFjNWQ3MWVlZTNkNGIyMjE5
MTUyOGYwHhcNMjQwNDE5MTMwNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmYxNjU4M2U2ODAxN2JmNjE4ODk4YjYzZDIxNjZkNjk0OWExNGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLY99tL3IOmCqlc4ZkXpMDojptRR
MjsM7o67o2mzP6CsGy/c3W2jtKwNwzJMzqycN4L4qwiYf7tddIlPJgd0XqCxLF64
ql9S1HaJZ0xm9wx4WO+Z9IgngOMTyGTymN5EZw9Q2JDU8YRdJ7P+VaM1VMspgYfJ
GDf2OyCNNzrHGhdVoU4T0JzG7iktndD+5Dm2fBqUAN3ZEyN6ERBg8mJDboyvWPxy
BKL7Opco25qyNgJVvbwofVBVLwaeBbulRjWE+g3hLjY5Wo/YuCYeTxq9JBoFxLvP
6Y5WpEn/WI4sh5jGVnt3tTPc2IhOrGH+SWNGGzNvRy8QTNVjBlhO/FRcuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbxZYPmgBe/YYiYtj0hZtaUmhToMB8GA1UdIwQY
MBaAFIKxNuaCDZTwOxxdce7j1LIhkVKPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3JFMjVvSU5sUEE3SEYxeDd1UFVzaUdSVW84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yMjExMmUtNGUxMy00M2QwLTllYjEt
MGRhM2NhYTkxNDI5LzEvbHZGbGctYUFGNzloaUppMlBTRm0xcFNhRk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yMjExMmUtNGUxMy00M2QwLTllYjEtMGRhM2NhYTkxNDI5
LzEvZ3JFMjVvSU5sUEE3SEYxeDd1UFVzaUdSVW84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwThoMA0G
CSqGSIb3DQEBCwUAA4IBAQC0o3i7gmEmlnabLkWmlKTP002yPFteLzqWYuYjjwoE
wY6kw6g3jdaDwQZTzfOVcjpQcOteKhMssy1n1Ox3aJKqKG2vQPhvGgU6uiRXvX8g
67e4MuOEu9KrbXSVqI4X6kxRJdDOJZtj78gE4IbgH/eXPrAg9rVHXkr2+9TPZLjj
qbTjzM8yeMM+Ab7qAFzzJWWERO2EPxy1zmUGxbssLGYz7r0s3dFbx8dCvkBiMIKo
0PoKrJqdDtug+rnIvrvYmPn+W9N9EvgvOT5u3L7i0oSMKnaEuNeLS8hw/NyA66qt
SiymcR/5/5LFGh2voITALj3Gfhtb7NgG+y8c/ileVKYP
-----END CERTIFICATE-----