Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LndcKWgnNCR_QEVbCf6t8jvHM0g.roa
File:                     LndcKWgnNCR_QEVbCf6t8jvHM0g.roa (raw, json)
Hash identifier:          JzatOFIf5h3xDrHWsOTGusUwbJ4sw653ksVSuh53lKU=
Subject key identifier:   2E:77:5C:29:68:27:34:24:7F:40:45:5B:09:FE:AD:F2:3B:C7:33:48
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0194282499B74EE1A16037560A62D8C988CA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LndcKWgnNCR_QEVbCf6t8jvHM0g.roa
Signing time:             Thu 02 Jan 2025 17:51:14 +0000
ROA not before:           Thu 02 Jan 2025 17:51:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137517
IP address blocks:        193.37.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:99:b7:4e:e1:a1:60:37:56:0a:62:d8:c9:88:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e775c29682734247f40455b09feadf23bc73348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:74:b6:47:31:43:5d:11:fb:dd:e6:c2:0a:e0:
                    34:84:5e:fc:98:b7:74:19:8f:02:86:ee:99:83:e8:
                    f4:fb:25:28:70:80:5d:f8:1e:7e:03:25:6d:57:db:
                    74:f3:54:f4:da:c1:71:26:9c:b2:93:2b:fd:18:6c:
                    22:78:ee:20:89:8f:ac:cd:9c:e3:a7:07:1c:0a:62:
                    eb:8c:52:dc:4b:11:11:ee:eb:23:93:ad:59:84:94:
                    8f:bd:44:2c:b3:b3:d0:c8:b8:33:39:98:25:00:ff:
                    1e:2b:b0:a8:95:3a:d2:d1:b8:18:36:1e:b1:ca:50:
                    8e:99:80:7f:72:45:bf:02:06:21:72:08:28:73:be:
                    25:85:58:b2:77:91:e7:28:fd:32:2c:c6:1c:b6:8b:
                    24:3d:8f:08:eb:c8:d1:f8:8d:0e:c5:ca:40:e0:c5:
                    ac:10:42:e8:0a:2e:38:67:b0:a7:6a:1a:f8:5b:37:
                    68:4a:1f:37:31:b1:87:82:fe:76:bb:c0:17:77:40:
                    65:88:4d:6d:0d:80:46:cb:30:4e:fc:45:2a:15:a9:
                    2c:10:5d:75:1b:f8:af:c2:cc:87:fa:6f:05:d2:ad:
                    fe:20:63:e0:22:ac:eb:84:f5:9b:c3:c2:2e:53:de:
                    e2:57:40:d6:49:1a:b7:95:fd:14:02:85:d8:82:e8:
                    5f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:77:5C:29:68:27:34:24:7F:40:45:5B:09:FE:AD:F2:3B:C7:33:48
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LndcKWgnNCR_QEVbCf6t8jvHM0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:c8:b7:9d:57:63:8a:de:36:5f:a8:76:53:d6:5d:b0:65:42:
         82:dc:1b:28:c1:62:96:96:5d:00:90:b5:8c:31:10:3c:9c:77:
         cb:25:2f:81:77:27:22:77:b3:cd:ba:28:c8:ef:6f:b3:b4:9a:
         c6:4f:c3:d1:02:0d:12:5c:80:fa:0f:1c:4e:b7:27:30:c9:a5:
         be:0f:2c:0c:b9:bb:d9:ad:40:28:d5:bf:c3:ec:92:26:08:d5:
         4c:2a:3f:1a:35:8e:4d:b7:f6:64:c8:f1:06:44:69:3e:3c:17:
         f9:75:69:69:64:2e:b9:40:09:2e:20:2a:0a:42:82:b9:ee:1d:
         4b:61:42:86:0f:13:45:61:53:f8:a0:33:d6:f2:1c:4d:98:16:
         d8:98:c7:7c:15:c6:06:3e:17:ae:af:33:27:3c:3e:4a:9d:95:
         ad:17:ec:9d:2c:ac:59:08:7a:20:91:f9:f8:4e:bc:77:bd:b1:
         0a:0c:9b:2c:3c:e5:b4:cf:f7:df:ac:ef:cd:a1:04:21:87:a7:
         32:be:26:83:de:8f:37:b3:f6:ec:d5:13:91:7f:28:ff:c8:37:
         a3:50:bb:bf:ac:0e:ee:59:12:b9:35:36:82:bd:e3:f2:28:e8:
         0b:8c:34:1f:8f:ec:01:f9:5a:64:63:e5:66:4a:92:c2:ba:ac:
         2f:ca:ab:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJJm3TuGhYDdWCmLYyYjKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTc3NWMyOTY4MjczNDI0N2Y0MDQ1NWIwOWZlYWRmMjNiYzczMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHS2RzFDXRH73ebCCuA0hF78mLd0
GY8Chu6Zg+j0+yUocIBd+B5+AyVtV9t081T02sFxJpyykyv9GGwieO4giY+szZzj
pwccCmLrjFLcSxER7usjk61ZhJSPvUQss7PQyLgzOZglAP8eK7ColTrS0bgYNh6x
ylCOmYB/ckW/AgYhcggoc74lhViyd5HnKP0yLMYctoskPY8I68jR+I0OxcpA4MWs
EELoCi44Z7Cnahr4WzdoSh83MbGHgv52u8AXd0BliE1tDYBGyzBO/EUqFaksEF11
G/ivwsyH+m8F0q3+IGPgIqzrhPWbw8IuU97iV0DWSRq3lf0UAoXYguhfOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC53XCloJzQkf0BFWwn+rfI7xzNIMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTG5kY0tXZ25OQ1JfUUVWYkNmNnQ4anZITTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSUsMA0G
CSqGSIb3DQEBCwUAA4IBAQBEyLedV2OK3jZfqHZT1l2wZUKC3BsowWKWll0AkLWM
MRA8nHfLJS+Bdycid7PNuijI72+ztJrGT8PRAg0SXID6DxxOtycwyaW+DywMubvZ
rUAo1b/D7JImCNVMKj8aNY5Nt/ZkyPEGRGk+PBf5dWlpZC65QAkuICoKQoK57h1L
YUKGDxNFYVP4oDPW8hxNmBbYmMd8FcYGPheurzMnPD5KnZWtF+ydLKxZCHogkfn4
Trx3vbEKDJssPOW0z/ffrO/NoQQhh6cyviaD3o83s/bs1RORfyj/yDejULu/rA7u
WRK5NTaCvePyKOgLjDQfj+wB+VpkY+VmSpLCuqwvyqs6
-----END CERTIFICATE-----