Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/b8a6a4-f7ea-4afe-b60f-9c0de3652738/1/ltEcjxtPYj3fDIdTcItwITTs5U0.roa
File:                     ltEcjxtPYj3fDIdTcItwITTs5U0.roa (raw, json)
Hash identifier:          JsVTUEfnZW0KswuKj7jbyCjdLji2Vh7z72Z2KUhrkdI=
Subject key identifier:   96:D1:1C:8F:1B:4F:62:3D:DF:0C:87:53:70:8B:70:21:34:EC:E5:4D
Certificate issuer:       /CN=d81cf1aac21aa5823b019de91aeeec23e3e526db
Certificate serial:       018EFA2D714BA6B9DF6E124C9D3159148B27
Authority key identifier: D8:1C:F1:AA:C2:1A:A5:82:3B:01:9D:E9:1A:EE:EC:23:E3:E5:26:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2BzxqsIapYI7AZ3pGu7sI-PlJts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/b8a6a4-f7ea-4afe-b60f-9c0de3652738/1/ltEcjxtPYj3fDIdTcItwITTs5U0.roa
Signing time:             Sat 20 Apr 2024 06:24:25 +0000
ROA not before:           Sat 20 Apr 2024 06:24:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29695
IP address blocks:        195.43.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/b8a6a4-f7ea-4afe-b60f-9c0de3652738/1/2BzxqsIapYI7AZ3pGu7sI-PlJts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/b8a6a4-f7ea-4afe-b60f-9c0de3652738/1/2BzxqsIapYI7AZ3pGu7sI-PlJts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2BzxqsIapYI7AZ3pGu7sI-PlJts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 09:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:fa:2d:71:4b:a6:b9:df:6e:12:4c:9d:31:59:14:8b:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d81cf1aac21aa5823b019de91aeeec23e3e526db
        Validity
            Not Before: Apr 20 06:24:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96d11c8f1b4f623ddf0c8753708b702134ece54d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e0:96:13:9e:57:8c:3d:52:ed:3f:e1:a9:69:
                    90:41:17:6f:4c:3c:7a:a2:b3:fe:15:ae:df:e8:bd:
                    49:0a:8b:2b:66:b1:46:d4:91:8f:63:f2:41:bb:18:
                    7f:21:8e:01:70:af:de:7f:8c:3f:21:62:f4:e1:e9:
                    74:59:5e:51:d4:38:f4:3a:e0:9a:09:34:5c:08:8d:
                    d6:a5:44:28:b3:08:8a:04:23:8b:0e:40:e8:5c:d2:
                    e5:93:93:a8:56:70:6a:b8:51:41:5e:d4:26:5d:f8:
                    e0:62:66:ed:73:c8:4b:98:83:f2:b3:28:05:42:a1:
                    b9:3f:78:c0:66:79:f3:80:94:1a:e9:ef:2d:91:f3:
                    73:fe:f3:72:7b:63:9c:5a:38:aa:2d:5a:d4:1b:b8:
                    f6:24:bb:f2:8f:51:d5:6f:4b:a6:14:1d:d2:1b:30:
                    87:1a:be:4f:f5:29:83:ba:24:80:9c:7c:d9:b3:9a:
                    05:f3:2e:f0:6b:ea:ec:15:f5:4b:e5:2a:54:97:83:
                    9d:2c:69:8e:86:96:15:4d:9c:3f:36:ad:74:62:4c:
                    54:22:7c:4f:d0:dc:11:f7:74:19:3b:a5:68:cf:23:
                    a4:e0:8f:4d:f7:f4:b1:63:0f:75:79:4d:3d:8d:6b:
                    18:d4:0d:66:54:3e:a7:a9:23:11:9f:5b:44:54:8d:
                    fc:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:D1:1C:8F:1B:4F:62:3D:DF:0C:87:53:70:8B:70:21:34:EC:E5:4D
            X509v3 Authority Key Identifier:
                keyid:D8:1C:F1:AA:C2:1A:A5:82:3B:01:9D:E9:1A:EE:EC:23:E3:E5:26:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2BzxqsIapYI7AZ3pGu7sI-PlJts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/b8a6a4-f7ea-4afe-b60f-9c0de3652738/1/ltEcjxtPYj3fDIdTcItwITTs5U0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/b8a6a4-f7ea-4afe-b60f-9c0de3652738/1/2BzxqsIapYI7AZ3pGu7sI-PlJts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:de:91:86:d5:3c:40:71:f0:16:7a:da:5f:7d:20:25:c1:13:
         34:71:de:a1:74:9c:19:4d:6c:b8:e8:f1:92:ba:7d:80:e3:91:
         74:d3:df:59:38:ed:27:0d:f1:3a:dc:93:e4:32:74:f1:3f:25:
         c4:b6:6a:2e:70:6b:2a:8d:57:62:a4:7a:57:59:81:5d:09:7f:
         2e:9c:7c:6e:0b:d7:24:f1:23:2c:b9:d5:e3:cb:4c:f8:69:fc:
         9b:56:cf:6f:f8:59:63:52:c9:fc:30:e8:ae:8e:b1:cb:1d:ff:
         19:42:52:83:7a:ae:6d:69:a8:51:1d:fb:82:52:50:5c:85:b8:
         78:6f:a3:91:47:b9:4f:ab:e4:bd:a9:a1:66:93:e0:8a:99:21:
         3e:e5:47:40:59:38:7f:9f:4a:60:02:e1:fa:91:65:56:f1:c6:
         49:74:5a:bc:22:be:e3:60:82:97:b0:5f:ea:7c:2b:a9:33:23:
         a5:38:ff:65:f7:c1:d7:3f:44:f2:f4:bb:01:81:94:90:b3:35:
         d7:13:c5:bd:f1:60:c4:7f:00:cb:0a:f6:b2:f6:9f:56:59:67:
         99:fd:6e:b6:cf:22:64:7f:ac:dc:61:b2:a9:0c:9d:a1:af:6a:
         9f:12:a3:4d:99:78:17:e7:a0:24:ee:c6:c4:7d:99:58:43:26:
         33:35:91:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY76LXFLprnfbhJMnTFZFIsnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MWNmMWFhYzIxYWE1ODIzYjAxOWRlOTFhZWVlYzIzZTNl
NTI2ZGIwHhcNMjQwNDIwMDYyNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmQxMWM4ZjFiNGY2MjNkZGYwYzg3NTM3MDhiNzAyMTM0ZWNlNTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+CWE55XjD1S7T/hqWmQQRdvTDx6
orP+Fa7f6L1JCosrZrFG1JGPY/JBuxh/IY4BcK/ef4w/IWL04el0WV5R1Dj0OuCa
CTRcCI3WpUQoswiKBCOLDkDoXNLlk5OoVnBquFFBXtQmXfjgYmbtc8hLmIPysygF
QqG5P3jAZnnzgJQa6e8tkfNz/vNye2OcWjiqLVrUG7j2JLvyj1HVb0umFB3SGzCH
Gr5P9SmDuiSAnHzZs5oF8y7wa+rsFfVL5SpUl4OdLGmOhpYVTZw/Nq10YkxUInxP
0NwR93QZO6VozyOk4I9N9/SxYw91eU09jWsY1A1mVD6nqSMRn1tEVI38owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbRHI8bT2I93wyHU3CLcCE07OVNMB8GA1UdIwQY
MBaAFNgc8arCGqWCOwGd6Rru7CPj5SbbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkJ6eHFzSWFwWUk3QVozcEd1N3NJLVBsSnRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9iOGE2YTQtZjdlYS00YWZlLWI2MGYt
OWMwZGUzNjUyNzM4LzEvbHRFY2p4dFBZajNmRElkVGNJdHdJVFRzNVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9iOGE2YTQtZjdlYS00YWZlLWI2MGYtOWMwZGUzNjUyNzM4
LzEvMkJ6eHFzSWFwWUk3QVozcEd1N3NJLVBsSnRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwys8MA0G
CSqGSIb3DQEBCwUAA4IBAQCN3pGG1TxAcfAWetpffSAlwRM0cd6hdJwZTWy46PGS
un2A45F0099ZOO0nDfE63JPkMnTxPyXEtmoucGsqjVdipHpXWYFdCX8unHxuC9ck
8SMsudXjy0z4afybVs9v+FljUsn8MOiujrHLHf8ZQlKDeq5taahRHfuCUlBchbh4
b6ORR7lPq+S9qaFmk+CKmSE+5UdAWTh/n0pgAuH6kWVW8cZJdFq8Ir7jYIKXsF/q
fCupMyOlOP9l98HXP0Ty9LsBgZSQszXXE8W98WDEfwDLCvay9p9WWWeZ/W62zyJk
f6zcYbKpDJ2hr2qfEqNNmXgX56Ak7sbEfZlYQyYzNZFS
-----END CERTIFICATE-----