Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/lOv_CyS_LoWTbRYagGOXw3eTf2Q.roa
File:                     lOv_CyS_LoWTbRYagGOXw3eTf2Q.roa (raw, json)
Hash identifier:          td1zqKa1LRft5c8AvRHfbgAjOmxD0HCUnKuwYURtwjU=
Subject key identifier:   94:EB:FF:0B:24:BF:2E:85:93:6D:16:1A:80:63:97:C3:77:93:7F:64
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       01926C0C354453063F1B9EA2E41E5617FD31
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/lOv_CyS_LoWTbRYagGOXw3eTf2Q.roa
Signing time:             Tue 08 Oct 2024 12:13:12 +0000
ROA not before:           Tue 08 Oct 2024 12:13:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207204
IP address blocks:        148.81.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6c:0c:35:44:53:06:3f:1b:9e:a2:e4:1e:56:17:fd:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Oct  8 12:13:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94ebff0b24bf2e85936d161a806397c377937f64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:65:ce:21:92:94:64:0c:fd:19:55:3b:2b:1e:
                    66:8c:e0:03:25:d8:63:c0:5d:64:83:2d:8d:50:bb:
                    6e:ab:15:a5:78:6b:3a:c6:83:e9:9a:3f:9a:39:39:
                    49:ee:53:cf:b9:7b:25:71:2e:76:68:19:a3:b0:c4:
                    02:de:9d:48:e4:7c:fa:64:77:82:f3:ae:66:2a:0c:
                    1c:84:dd:a7:7b:ff:52:b4:c1:b9:15:c9:8d:ed:17:
                    3f:83:10:32:87:4d:6b:6a:9a:9e:28:51:5d:f5:eb:
                    d9:7f:0a:21:86:25:74:b8:26:14:b5:92:f7:b1:88:
                    c6:50:35:e1:bf:25:21:b1:65:af:92:ec:c8:0d:39:
                    70:31:05:46:a4:06:f6:71:b9:e8:e0:d6:b9:12:5e:
                    d6:f7:21:af:74:06:5d:2a:ee:bf:93:f8:7f:77:51:
                    f0:a0:62:11:96:7b:f3:ca:c8:47:69:52:73:a7:82:
                    bd:c4:38:2c:d9:93:ff:ef:dd:79:e6:94:d8:ab:8b:
                    17:73:e8:74:72:c2:ff:ce:59:0b:af:e0:c5:2e:60:
                    84:78:02:87:14:c4:7d:72:1f:93:06:18:8a:03:36:
                    44:c1:5b:a9:ae:bc:82:e8:f6:27:66:06:59:ef:80:
                    4f:9b:6e:dd:cc:07:dc:93:3d:b5:d6:c5:0a:ee:c6:
                    0d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:EB:FF:0B:24:BF:2E:85:93:6D:16:1A:80:63:97:C3:77:93:7F:64
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/lOv_CyS_LoWTbRYagGOXw3eTf2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.81.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:63:db:64:46:3b:2f:48:2f:86:ef:84:d9:87:e5:e3:28:f4:
         79:89:92:b6:11:a9:1d:30:aa:43:fe:b1:83:ab:55:ce:d6:58:
         d8:38:40:7a:96:65:0f:39:c4:9c:91:6f:38:54:52:bc:2c:3a:
         53:64:9f:a7:06:4c:27:dc:df:68:e2:90:d3:f0:83:7e:35:9f:
         8a:77:47:c0:f4:26:ef:2d:ad:07:f9:d0:e9:b9:98:5e:cd:fd:
         b1:7e:39:5a:ac:cb:7c:51:11:ab:73:90:80:21:dd:79:21:96:
         d3:b8:d7:a6:28:57:ad:0a:67:03:0a:02:ab:60:b6:f8:c8:c7:
         67:dc:81:b5:50:95:b3:c0:9a:2a:6c:74:b5:be:58:1a:e6:41:
         6a:32:28:ac:a8:f7:25:54:e0:92:e4:51:33:0c:64:a4:db:1e:
         f2:61:16:20:d2:4e:e2:ee:28:8d:6a:39:d8:02:ac:8e:3c:eb:
         67:69:78:b9:b3:66:45:64:9a:33:36:2a:ce:90:5d:94:d8:bd:
         79:16:9e:41:c5:22:32:ac:bc:ce:dd:27:70:e9:30:3c:1e:b4:
         1c:3b:5e:e5:aa:ed:61:64:8b:b8:4b:10:74:33:39:26:46:56:
         d7:12:52:87:ec:eb:96:96:39:04:22:ea:cd:5a:b5:1f:b9:8f:
         6b:d8:71:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJsDDVEUwY/G56i5B5WF/0xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQxMDA4MTIxMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGViZmYwYjI0YmYyZTg1OTM2ZDE2MWE4MDYzOTdjMzc3OTM3ZjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGXOIZKUZAz9GVU7Kx5mjOADJdhj
wF1kgy2NULtuqxWleGs6xoPpmj+aOTlJ7lPPuXslcS52aBmjsMQC3p1I5Hz6ZHeC
865mKgwchN2ne/9StMG5FcmN7Rc/gxAyh01rapqeKFFd9evZfwohhiV0uCYUtZL3
sYjGUDXhvyUhsWWvkuzIDTlwMQVGpAb2cbno4Na5El7W9yGvdAZdKu6/k/h/d1Hw
oGIRlnvzyshHaVJzp4K9xDgs2ZP/79155pTYq4sXc+h0csL/zlkLr+DFLmCEeAKH
FMR9ch+TBhiKAzZEwVuprryC6PYnZgZZ74BPm27dzAfckz211sUK7sYNvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTr/wskvy6Fk20WGoBjl8N3k39kMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvbE92X0N5U19Mb1dUYlJZYWdHT1h3M2VUZjJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlFHOMA0G
CSqGSIb3DQEBCwUAA4IBAQB5Y9tkRjsvSC+G74TZh+XjKPR5iZK2EakdMKpD/rGD
q1XO1ljYOEB6lmUPOcSckW84VFK8LDpTZJ+nBkwn3N9o4pDT8IN+NZ+Kd0fA9Cbv
La0H+dDpuZhezf2xfjlarMt8URGrc5CAId15IZbTuNemKFetCmcDCgKrYLb4yMdn
3IG1UJWzwJoqbHS1vlga5kFqMiisqPclVOCS5FEzDGSk2x7yYRYg0k7i7iiNajnY
AqyOPOtnaXi5s2ZFZJozNirOkF2U2L15Fp5BxSIyrLzO3Sdw6TA8HrQcO17lqu1h
ZIu4SxB0MzkmRlbXElKH7OuWljkEIurNWrUfuY9r2HGJ
-----END CERTIFICATE-----