Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/LhU7Df9fhKwVrEGoWFqy2at33LA.roa
File:                     LhU7Df9fhKwVrEGoWFqy2at33LA.roa (raw, json)
Hash identifier:          1oOFZ7o00/UMBaggFRbDdxDb2dA6tqDMGLVvKeFhHhQ=
Subject key identifier:   2E:15:3B:0D:FF:5F:84:AC:15:AC:41:A8:58:5A:B2:D9:AB:77:DC:B0
Certificate issuer:       /CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
Certificate serial:       018CC64AF59D7775B619FFCCB471B93A2AE1
Authority key identifier: 7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/LhU7Df9fhKwVrEGoWFqy2at33LA.roa
Signing time:             Mon 01 Jan 2024 18:30:50 +0000
ROA not before:           Mon 01 Jan 2024 18:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9255
IP address blocks:        146.255.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f5:9d:77:75:b6:19:ff:cc:b4:71:b9:3a:2a:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
        Validity
            Not Before: Jan  1 18:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e153b0dff5f84ac15ac41a8585ab2d9ab77dcb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bd:89:8c:21:d9:a3:c9:ca:13:c1:00:2e:fb:
                    65:a8:4c:34:14:19:06:8c:ec:b4:c6:d7:d0:04:08:
                    d5:da:bd:db:25:8a:e7:b8:43:d5:b6:b6:41:ce:6a:
                    8b:76:29:0c:cc:c9:de:cf:48:f1:22:52:46:dd:ef:
                    51:e8:f9:cd:b1:2d:90:ba:5e:ff:1c:89:1e:33:50:
                    e5:b3:28:e8:3d:8e:10:ca:17:d3:69:db:56:cd:7f:
                    c3:a1:bb:eb:5a:a4:73:cf:4e:f4:00:f9:da:9e:52:
                    b4:df:3b:3c:2e:24:a2:26:bb:e5:43:b3:67:58:b7:
                    97:27:97:e9:e4:a9:15:65:42:8a:cd:cb:35:ad:b2:
                    9b:4c:40:7a:ea:c5:72:11:92:dd:15:69:1b:98:ba:
                    43:f0:b1:e0:b8:43:32:ae:06:9b:e3:f6:d6:69:42:
                    0d:a5:7e:1c:55:27:0b:a9:75:2f:11:f3:3c:4c:42:
                    ca:a7:7b:a7:f5:d2:6d:43:c3:52:1d:ad:a7:1a:ad:
                    63:94:74:4f:53:af:76:a6:52:6a:95:89:de:dc:1a:
                    23:c5:a4:42:0d:55:25:e4:8d:da:56:ab:5a:a8:74:
                    07:44:ed:c7:6f:69:66:85:6a:3d:98:cd:0e:30:b7:
                    66:9c:81:8c:7b:c9:28:6c:96:4f:2c:b1:64:e0:38:
                    7b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:15:3B:0D:FF:5F:84:AC:15:AC:41:A8:58:5A:B2:D9:AB:77:DC:B0
            X509v3 Authority Key Identifier:
                keyid:7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/LhU7Df9fhKwVrEGoWFqy2at33LA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.255.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:da:91:51:98:88:4b:38:62:97:99:f0:78:c6:57:da:e6:34:
         47:e3:92:27:ef:03:da:e6:e4:c1:f7:e1:b4:fe:15:78:0a:e5:
         3e:9d:6e:b0:61:dc:25:f8:be:84:eb:c8:41:bf:0e:28:a8:c3:
         49:50:7d:f9:64:88:11:f7:ff:9b:64:9b:3e:10:c7:29:3a:ea:
         7a:b8:60:1a:e5:35:ef:b9:1d:a3:d3:ce:e6:1a:aa:04:7d:ca:
         de:b8:28:f2:bd:14:90:44:2d:64:2b:b6:47:71:27:a8:aa:f0:
         4a:7a:f4:0d:d1:73:46:e9:43:8a:4a:2b:c0:65:80:14:1b:f2:
         b9:ea:35:7d:af:00:2c:37:92:d9:e7:a6:db:8d:90:72:aa:dc:
         03:fc:b7:70:0b:0f:ec:22:86:f4:27:86:e6:5f:09:a9:e6:d0:
         a1:e1:d4:40:77:ac:ed:fb:ad:03:83:5d:a0:f0:53:af:60:b2:
         84:13:4d:20:37:db:f8:d8:9a:5c:39:4d:03:62:ba:20:a8:64:
         91:f4:6b:ab:ce:fa:bc:d2:a6:c2:fe:a2:5b:0d:4a:81:5c:40:
         64:b8:8e:ec:7e:6c:9a:33:c6:9b:8b:dd:b5:ae:80:50:c0:78:
         ab:11:85:16:3c:2e:a4:31:e2:b7:7c:8a:83:6d:ac:e4:52:ed:
         8a:af:30:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvWdd3W2Gf/MtHG5OirhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzg5MTE2ODJiYzVjYTcxY2VjZTFlZmUzYWMxMzViZmRi
NTlkZDYwHhcNMjQwMTAxMTgzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTE1M2IwZGZmNWY4NGFjMTVhYzQxYTg1ODVhYjJkOWFiNzdkY2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoL2JjCHZo8nKE8EALvtlqEw0FBkG
jOy0xtfQBAjV2r3bJYrnuEPVtrZBzmqLdikMzMnez0jxIlJG3e9R6PnNsS2Qul7/
HIkeM1DlsyjoPY4QyhfTadtWzX/DobvrWqRzz070APnanlK03zs8LiSiJrvlQ7Nn
WLeXJ5fp5KkVZUKKzcs1rbKbTEB66sVyEZLdFWkbmLpD8LHguEMyrgab4/bWaUIN
pX4cVScLqXUvEfM8TELKp3un9dJtQ8NSHa2nGq1jlHRPU692plJqlYne3BojxaRC
DVUl5I3aVqtaqHQHRO3Hb2lmhWo9mM0OMLdmnIGMe8kobJZPLLFk4Dh7sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4VOw3/X4SsFaxBqFhastmrd9ywMB8GA1UdIwQY
MBaAFH3IkRaCvFynHOzh7+OsE1v9tZ3WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNpUkZvSzhYS2NjN09IdjQ2d1RXXzIxbmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wODMxYmYtMTE4Yy00ZWNlLTkzNGQt
NzUyOTUyNTFiMWU4LzEvTGhVN0RmOWZoS3dWckVHb1dGcXkyYXQzM0xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wODMxYmYtMTE4Yy00ZWNlLTkzNGQtNzUyOTUyNTFiMWU4
LzEvZmNpUkZvSzhYS2NjN09IdjQ2d1RXXzIxbmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkv98MA0G
CSqGSIb3DQEBCwUAA4IBAQCO2pFRmIhLOGKXmfB4xlfa5jRH45In7wPa5uTB9+G0
/hV4CuU+nW6wYdwl+L6E68hBvw4oqMNJUH35ZIgR9/+bZJs+EMcpOup6uGAa5TXv
uR2j087mGqoEfcreuCjyvRSQRC1kK7ZHcSeoqvBKevQN0XNG6UOKSivAZYAUG/K5
6jV9rwAsN5LZ56bbjZByqtwD/LdwCw/sIob0J4bmXwmp5tCh4dRAd6zt+60Dg12g
8FOvYLKEE00gN9v42JpcOU0DYrogqGSR9Gurzvq80qbC/qJbDUqBXEBkuI7sfmya
M8abi921roBQwHirEYUWPC6kMeK3fIqDbazkUu2KrzBo
-----END CERTIFICATE-----