Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/b19bd8-e1d8-4388-a3b6-12255e3612ec/1/lZZnba3AKrPjm9oTy2JVrhUn_Oc.roa
File:                     lZZnba3AKrPjm9oTy2JVrhUn_Oc.roa (raw, json)
Hash identifier:          sLMlKKD5L/y0nKl29ziw8fobmSywMWn5oJPYk6R26iE=
Subject key identifier:   95:96:67:6D:AD:C0:2A:B3:E3:9B:DA:13:CB:62:55:AE:15:27:FC:E7
Certificate issuer:       /CN=bde2db8498ee8f7b3ab5caae83829596620702c1
Certificate serial:       018CCA29542BC5546036B980889FF4CE9FE5
Authority key identifier: BD:E2:DB:84:98:EE:8F:7B:3A:B5:CA:AE:83:82:95:96:62:07:02:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/veLbhJjuj3s6tcqug4KVlmIHAsE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/b19bd8-e1d8-4388-a3b6-12255e3612ec/1/lZZnba3AKrPjm9oTy2JVrhUn_Oc.roa
Signing time:             Tue 02 Jan 2024 12:32:35 +0000
ROA not before:           Tue 02 Jan 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41325
IP address blocks:        84.38.48.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/b19bd8-e1d8-4388-a3b6-12255e3612ec/1/veLbhJjuj3s6tcqug4KVlmIHAsE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/b19bd8-e1d8-4388-a3b6-12255e3612ec/1/veLbhJjuj3s6tcqug4KVlmIHAsE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/veLbhJjuj3s6tcqug4KVlmIHAsE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:54:2b:c5:54:60:36:b9:80:88:9f:f4:ce:9f:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bde2db8498ee8f7b3ab5caae83829596620702c1
        Validity
            Not Before: Jan  2 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9596676dadc02ab3e39bda13cb6255ae1527fce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:31:81:91:cd:f9:b3:e0:e9:bb:87:9a:ec:a7:
                    3d:33:84:70:70:54:fc:4d:4d:0a:32:ba:1e:01:03:
                    4a:b2:f7:7f:a8:09:8a:15:24:14:23:02:b0:57:74:
                    89:be:e8:a2:7b:ed:c0:47:f8:43:38:aa:f3:a0:23:
                    a3:27:1e:76:ec:6d:98:dc:1d:5c:d6:a1:69:df:64:
                    ac:6c:63:7d:56:5e:86:53:a5:4c:da:cd:41:9c:13:
                    f1:7f:78:f6:1d:af:f9:32:fa:e8:97:7f:74:4d:de:
                    d8:60:ec:6a:93:4b:3c:91:94:39:e2:40:19:2b:22:
                    d5:ee:92:23:ef:65:80:bf:68:96:68:f9:59:b3:fd:
                    2d:4f:8a:f9:b5:8a:93:2f:6a:02:4b:a1:9a:33:b9:
                    c2:e9:37:29:e8:5f:e0:48:45:1c:22:d1:08:c9:df:
                    96:ea:3c:a5:78:68:8c:1d:75:79:05:e4:0f:d9:53:
                    b2:c2:d9:03:e1:99:8f:98:bb:f3:7e:d7:d6:bb:13:
                    f2:7e:95:14:d5:d9:29:ce:da:d6:3c:bd:bf:3c:d0:
                    fc:4d:01:49:e9:31:71:4e:e5:f0:3b:3b:91:7d:96:
                    6e:12:eb:a8:76:1a:41:90:e5:e7:3a:73:80:b1:b5:
                    7b:11:90:a6:14:1a:4e:d3:38:a7:06:19:50:84:b3:
                    e4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:96:67:6D:AD:C0:2A:B3:E3:9B:DA:13:CB:62:55:AE:15:27:FC:E7
            X509v3 Authority Key Identifier:
                keyid:BD:E2:DB:84:98:EE:8F:7B:3A:B5:CA:AE:83:82:95:96:62:07:02:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/veLbhJjuj3s6tcqug4KVlmIHAsE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/b19bd8-e1d8-4388-a3b6-12255e3612ec/1/lZZnba3AKrPjm9oTy2JVrhUn_Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/b19bd8-e1d8-4388-a3b6-12255e3612ec/1/veLbhJjuj3s6tcqug4KVlmIHAsE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3e:77:a6:3e:0d:a3:1a:45:0a:97:98:96:cd:5f:23:27:df:8a:
         90:2d:f2:80:45:3b:1f:94:a1:81:65:1a:bd:15:dc:10:ea:5b:
         df:ba:44:8a:a6:e8:4c:9a:38:49:94:e3:51:97:87:6a:58:c0:
         b6:cb:4f:8c:60:d2:bb:1b:54:87:f5:ed:d5:4b:6a:1a:92:a7:
         58:84:18:e9:42:54:51:db:5f:2b:5d:cd:4e:e5:1e:63:59:2f:
         de:1b:0d:80:13:3f:1c:dc:29:26:d9:f5:db:df:b6:8b:96:09:
         35:c4:2c:1b:ca:3a:93:d0:a2:7e:0e:17:f3:a7:28:2c:eb:31:
         1a:87:47:17:0a:4c:83:25:99:b9:30:14:c1:4c:00:ec:35:9b:
         08:0c:94:f6:e2:30:2b:bf:b1:ed:dd:b8:87:64:b5:fb:e8:56:
         9b:aa:5d:64:7f:4e:f1:81:f4:ab:bf:8e:8a:10:e3:03:c9:49:
         b3:e8:c5:94:7d:c5:74:f8:34:90:da:5f:ef:54:b8:ae:fd:de:
         14:a7:f3:5f:6a:3b:37:77:c0:b3:19:87:5a:01:95:8e:52:10:
         7e:cc:99:d5:08:26:56:78:5d:ed:82:72:2a:94:2d:2e:33:26:
         58:4b:59:4a:e3:7e:3c:25:b5:af:5a:df:59:85:18:4f:55:74:
         13:33:f1:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKVQrxVRgNrmAiJ/0zp/lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZTJkYjg0OThlZThmN2IzYWI1Y2FhZTgzODI5NTk2NjIw
NzAyYzEwHhcNMjQwMTAyMTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTk2Njc2ZGFkYzAyYWIzZTM5YmRhMTNjYjYyNTVhZTE1MjdmY2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDGBkc35s+Dpu4ea7Kc9M4RwcFT8
TU0KMroeAQNKsvd/qAmKFSQUIwKwV3SJvuiie+3AR/hDOKrzoCOjJx527G2Y3B1c
1qFp32SsbGN9Vl6GU6VM2s1BnBPxf3j2Ha/5Mvrol390Td7YYOxqk0s8kZQ54kAZ
KyLV7pIj72WAv2iWaPlZs/0tT4r5tYqTL2oCS6GaM7nC6Tcp6F/gSEUcItEIyd+W
6jyleGiMHXV5BeQP2VOywtkD4ZmPmLvzftfWuxPyfpUU1dkpztrWPL2/PND8TQFJ
6TFxTuXwOzuRfZZuEuuodhpBkOXnOnOAsbV7EZCmFBpO0zinBhlQhLPkKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWWZ22twCqz45vaE8tiVa4VJ/znMB8GA1UdIwQY
MBaAFL3i24SY7o97OrXKroOClZZiBwLBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmVMYmhKanVqM3M2dGNxdWc0S1ZsbUlIQXNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iMTliZDgtZTFkOC00Mzg4LWEzYjYt
MTIyNTVlMzYxMmVjLzEvbFpabmJhM0FLclBqbTlvVHkySlZyaFVuX09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iMTliZDgtZTFkOC00Mzg4LWEzYjYtMTIyNTVlMzYxMmVj
LzEvdmVMYmhKanVqM3M2dGNxdWc0S1ZsbUlIQXNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVCYwMA0G
CSqGSIb3DQEBCwUAA4IBAQA+d6Y+DaMaRQqXmJbNXyMn34qQLfKARTsflKGBZRq9
FdwQ6lvfukSKpuhMmjhJlONRl4dqWMC2y0+MYNK7G1SH9e3VS2oakqdYhBjpQlRR
218rXc1O5R5jWS/eGw2AEz8c3Ckm2fXb37aLlgk1xCwbyjqT0KJ+Dhfzpygs6zEa
h0cXCkyDJZm5MBTBTADsNZsIDJT24jArv7Ht3biHZLX76Fabql1kf07xgfSrv46K
EOMDyUmz6MWUfcV0+DSQ2l/vVLiu/d4Up/Nfajs3d8CzGYdaAZWOUhB+zJnVCCZW
eF3tgnIqlC0uMyZYS1lK4348JbWvWt9ZhRhPVXQTM/Fm
-----END CERTIFICATE-----