Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/LxBbadNjNdFYCTrUSTZhPwswd6A.roa
File:                     LxBbadNjNdFYCTrUSTZhPwswd6A.roa (raw, json)
Hash identifier:          Bk2C2PERRo1LqJVF8gm5lLNGdR4ADMQb5YFnYOW/lgQ=
Subject key identifier:   2F:10:5B:69:D3:63:35:D1:58:09:3A:D4:49:36:61:3F:0B:30:77:A0
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649E6C7664664A99ADDFD05EE6267E5
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/LxBbadNjNdFYCTrUSTZhPwswd6A.roa
Signing time:             Mon 01 Jan 2024 18:29:41 +0000
ROA not before:           Mon 01 Jan 2024 18:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198938
IP address blocks:        213.222.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e6:c7:66:46:64:a9:9a:dd:fd:05:ee:62:67:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f105b69d36335d158093ad44936613f0b3077a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2a:51:eb:7e:bf:6b:dd:4a:6f:0a:80:60:3b:
                    91:f8:10:93:1f:ed:45:7e:29:61:8b:53:be:62:a3:
                    7e:ee:1a:fc:89:e2:d1:a7:45:f5:bc:7b:6f:3a:a8:
                    a7:91:d7:e7:37:f3:f9:ab:5a:cf:5a:3d:09:e8:0b:
                    db:77:a4:08:f1:b2:a2:a7:51:8d:6e:48:f4:99:69:
                    e6:e8:ea:76:0e:29:d9:e0:1f:89:dd:82:71:00:81:
                    0a:7e:7a:f5:5a:01:92:d5:c4:1e:e3:a5:74:86:32:
                    e6:b8:c8:a8:a4:5b:95:4c:8c:e3:2e:5b:44:1d:20:
                    6a:52:63:cf:96:8e:ce:d4:ca:c7:48:00:86:89:ee:
                    f7:53:ae:16:75:aa:83:fe:d7:0d:12:5a:a6:ce:04:
                    c6:58:aa:59:1c:81:98:92:d5:dc:36:c1:85:c2:82:
                    ac:48:2e:0b:71:39:53:5e:5a:0c:da:05:44:19:f2:
                    15:86:52:29:3d:32:7f:79:e3:b3:01:fc:be:c6:80:
                    4b:eb:8d:1a:5e:40:b9:26:1c:ca:94:74:0d:9e:df:
                    c3:48:c2:0c:8f:14:4c:6d:1a:3d:7c:6b:c7:0f:d3:
                    60:96:9b:5c:86:a2:99:a2:83:da:ba:d8:5f:44:4d:
                    1c:2a:5c:a1:a3:24:52:91:ae:2a:b4:47:25:74:c8:
                    93:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:10:5B:69:D3:63:35:D1:58:09:3A:D4:49:36:61:3F:0B:30:77:A0
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/LxBbadNjNdFYCTrUSTZhPwswd6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.222.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:68:ed:d5:94:17:48:de:18:ed:64:f9:37:2d:41:98:43:1a:
         4c:13:4e:e2:b4:e0:e3:99:75:d0:67:43:19:a2:b7:71:63:c7:
         c5:30:49:45:8c:1c:dd:43:90:a9:d5:fc:2d:d9:4b:b2:d6:69:
         5d:2a:f9:7b:f8:2b:ca:af:38:20:99:0a:fc:b3:80:09:e9:2f:
         8b:f6:7a:4f:08:e2:45:6d:be:f8:1e:84:68:6a:bf:32:54:32:
         67:d9:c5:3e:78:7f:70:fc:88:47:4a:95:45:e7:95:34:8e:40:
         36:48:63:6b:a8:d0:a5:fe:ee:c7:b3:8f:b2:c5:f3:fe:ee:84:
         83:49:6a:e1:9f:7a:f0:b7:bc:03:f6:d6:67:0d:f7:08:1f:9e:
         16:74:b4:c5:41:b2:cd:da:6e:a6:7d:f7:b5:f0:9c:78:c3:d8:
         db:d3:1e:f8:d2:a8:22:53:3b:0a:ef:29:b8:1c:0c:a8:26:9d:
         70:bc:b0:64:70:db:7e:71:58:5a:61:6b:22:a3:f2:2c:aa:76:
         6a:08:52:90:52:23:1e:23:01:43:88:cc:35:25:01:02:c6:93:
         52:67:41:7b:42:be:06:af:56:f5:1b:66:31:1e:6f:b7:26:47:
         81:bf:40:78:76:52:cc:f6:e3:8c:22:4c:00:d6:26:f2:00:71:
         fd:72:22:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSebHZkZkqZrd/QXuYmflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjEwNWI2OWQzNjMzNWQxNTgwOTNhZDQ0OTM2NjEzZjBiMzA3N2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiypR636/a91KbwqAYDuR+BCTH+1F
filhi1O+YqN+7hr8ieLRp0X1vHtvOqinkdfnN/P5q1rPWj0J6Avbd6QI8bKip1GN
bkj0mWnm6Op2DinZ4B+J3YJxAIEKfnr1WgGS1cQe46V0hjLmuMiopFuVTIzjLltE
HSBqUmPPlo7O1MrHSACGie73U64WdaqD/tcNElqmzgTGWKpZHIGYktXcNsGFwoKs
SC4LcTlTXloM2gVEGfIVhlIpPTJ/eeOzAfy+xoBL640aXkC5JhzKlHQNnt/DSMIM
jxRMbRo9fGvHD9NglptchqKZooPauthfRE0cKlyhoyRSka4qtEcldMiTYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8QW2nTYzXRWAk61Ek2YT8LMHegMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvTHhCYmFkTmpOZEZZQ1RyVVNUWmhQd3N3ZDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1d4yMA0G
CSqGSIb3DQEBCwUAA4IBAQAcaO3VlBdI3hjtZPk3LUGYQxpME07itODjmXXQZ0MZ
ordxY8fFMElFjBzdQ5Cp1fwt2Uuy1mldKvl7+CvKrzggmQr8s4AJ6S+L9npPCOJF
bb74HoRoar8yVDJn2cU+eH9w/IhHSpVF55U0jkA2SGNrqNCl/u7Hs4+yxfP+7oSD
SWrhn3rwt7wD9tZnDfcIH54WdLTFQbLN2m6mffe18Jx4w9jb0x740qgiUzsK7ym4
HAyoJp1wvLBkcNt+cVhaYWsio/IsqnZqCFKQUiMeIwFDiMw1JQECxpNSZ0F7Qr4G
r1b1G2YxHm+3JkeBv0B4dlLM9uOMIkwA1ibyAHH9ciIP
-----END CERTIFICATE-----