Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/c1f20e-d94f-43c5-bb8d-ad3629b202c0/1/Lpcsk8pQMiEPT6ApZhOXx9JAafQ.roa
File:                     Lpcsk8pQMiEPT6ApZhOXx9JAafQ.roa (raw, json)
Hash identifier:          UQY6sisXum2gKK35fkWx14SykCBKN5d6dEz3tT5FKwk=
Subject key identifier:   2E:97:2C:93:CA:50:32:21:0F:4F:A0:29:66:13:97:C7:D2:40:69:F4
Certificate issuer:       /CN=9521a262f5075e24b2b3c9b69c8af40e2988a1e4
Certificate serial:       01942521689CC52B89FC1B9885943014E99D
Authority key identifier: 95:21:A2:62:F5:07:5E:24:B2:B3:C9:B6:9C:8A:F4:0E:29:88:A1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSGiYvUHXiSys8m2nIr0DimIoeQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/c1f20e-d94f-43c5-bb8d-ad3629b202c0/1/Lpcsk8pQMiEPT6ApZhOXx9JAafQ.roa
Signing time:             Thu 02 Jan 2025 03:48:54 +0000
ROA not before:           Thu 02 Jan 2025 03:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216292
IP address blocks:        83.101.164.0/22 maxlen: 22
                          83.101.164.0/24 maxlen: 24
                          83.101.165.0/24 maxlen: 24
                          83.101.166.0/24 maxlen: 24
                          83.101.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/c1f20e-d94f-43c5-bb8d-ad3629b202c0/1/lSGiYvUHXiSys8m2nIr0DimIoeQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/c1f20e-d94f-43c5-bb8d-ad3629b202c0/1/lSGiYvUHXiSys8m2nIr0DimIoeQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSGiYvUHXiSys8m2nIr0DimIoeQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:68:9c:c5:2b:89:fc:1b:98:85:94:30:14:e9:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9521a262f5075e24b2b3c9b69c8af40e2988a1e4
        Validity
            Not Before: Jan  2 03:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e972c93ca5032210f4fa029661397c7d24069f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:59:b7:fc:5b:15:c5:e0:66:eb:87:69:b6:65:
                    fa:63:a3:84:70:6d:66:c9:6e:03:35:16:f4:2f:45:
                    83:d7:6b:8c:eb:e0:a9:1f:60:66:4f:11:d4:a3:65:
                    7e:a5:d9:98:33:f7:81:1e:8c:85:ce:4e:3a:fa:2e:
                    25:d0:92:f1:40:0b:b6:e6:31:93:12:3b:9e:7d:fd:
                    ab:12:0d:16:c5:16:02:6d:41:d8:64:6e:4f:68:b5:
                    22:a3:bf:6e:f7:bc:d0:33:68:22:50:7b:54:fa:7a:
                    12:bb:67:f4:82:2f:3c:f2:19:a0:f6:bf:32:aa:63:
                    7c:8c:ba:46:15:27:24:b4:bc:e6:40:d9:bb:59:19:
                    cc:7b:61:bb:fa:cc:39:72:de:4d:2b:54:08:00:2a:
                    c7:ed:1b:cb:f8:d0:a7:db:e8:9e:53:35:75:92:61:
                    cb:37:e6:99:21:58:56:14:a8:e6:5b:11:9a:56:d6:
                    c1:04:a8:ce:e2:64:d7:ce:4a:41:ac:3c:76:29:d5:
                    44:94:9e:15:99:2f:5a:d3:3e:66:ed:7c:12:db:8b:
                    52:23:cc:4c:dc:f1:c6:8f:69:b4:24:8c:be:e3:89:
                    a1:0a:6b:f9:0e:99:e2:31:76:4a:e3:35:12:ff:e8:
                    0b:46:ac:c6:65:c8:df:06:cc:3e:d3:4a:85:49:75:
                    5c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:97:2C:93:CA:50:32:21:0F:4F:A0:29:66:13:97:C7:D2:40:69:F4
            X509v3 Authority Key Identifier:
                keyid:95:21:A2:62:F5:07:5E:24:B2:B3:C9:B6:9C:8A:F4:0E:29:88:A1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSGiYvUHXiSys8m2nIr0DimIoeQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/c1f20e-d94f-43c5-bb8d-ad3629b202c0/1/Lpcsk8pQMiEPT6ApZhOXx9JAafQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/c1f20e-d94f-43c5-bb8d-ad3629b202c0/1/lSGiYvUHXiSys8m2nIr0DimIoeQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.101.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:a3:33:c1:18:d6:fd:d6:71:2a:2d:55:fa:fb:bf:2a:15:35:
         09:ce:89:1e:b7:5d:de:fa:4a:79:10:d9:a3:29:dd:20:c9:d8:
         48:cb:e5:87:7d:79:fe:3b:92:a7:89:2b:0b:da:9d:07:a5:e8:
         1d:bd:a6:9d:7c:63:44:4a:40:42:45:d6:ae:1d:1f:c8:5d:a4:
         63:06:6e:15:1b:e8:dd:dd:be:65:22:10:29:ed:b2:9a:59:a8:
         79:02:24:4e:da:8d:ac:7e:47:dd:2a:02:d0:34:e7:9b:a0:ec:
         92:40:d1:46:60:b5:e8:66:cb:68:fb:a4:80:61:9d:d5:dc:16:
         c2:5d:d4:0e:6c:61:7f:8e:5f:a4:94:4f:7c:2a:a3:b5:cd:a0:
         f2:46:11:39:26:4d:73:ef:60:30:18:a6:8e:e7:30:60:2e:77:
         12:f4:23:57:be:ff:c7:ad:94:af:5a:63:06:33:a2:9c:af:c7:
         dc:b3:de:31:73:ae:2b:a6:72:ef:80:a4:f3:25:5f:9a:5b:8a:
         7e:f5:12:50:e9:24:51:2d:87:7a:4d:c5:5c:8e:c1:9d:f0:56:
         7b:80:60:38:84:50:c3:5f:6b:f4:35:92:65:e1:a3:c6:18:58:
         4a:62:48:a2:a5:8e:40:fa:7c:7b:d1:dd:88:17:fa:9a:ff:5b:
         1d:7e:32:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIWicxSuJ/BuYhZQwFOmdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjFhMjYyZjUwNzVlMjRiMmIzYzliNjljOGFmNDBlMjk4
OGExZTQwHhcNMjUwMTAyMDM0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTk3MmM5M2NhNTAzMjIxMGY0ZmEwMjk2NjEzOTdjN2QyNDA2OWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFm3/FsVxeBm64dptmX6Y6OEcG1m
yW4DNRb0L0WD12uM6+CpH2BmTxHUo2V+pdmYM/eBHoyFzk46+i4l0JLxQAu25jGT
Ejueff2rEg0WxRYCbUHYZG5PaLUio79u97zQM2giUHtU+noSu2f0gi888hmg9r8y
qmN8jLpGFScktLzmQNm7WRnMe2G7+sw5ct5NK1QIACrH7RvL+NCn2+ieUzV1kmHL
N+aZIVhWFKjmWxGaVtbBBKjO4mTXzkpBrDx2KdVElJ4VmS9a0z5m7XwS24tSI8xM
3PHGj2m0JIy+44mhCmv5DpniMXZK4zUS/+gLRqzGZcjfBsw+00qFSXVciwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6XLJPKUDIhD0+gKWYTl8fSQGn0MB8GA1UdIwQY
MBaAFJUhomL1B14ksrPJtpyK9A4piKHkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNHaVl2VUhYaVN5czhtMm5JcjBEaW1Jb2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9jMWYyMGUtZDk0Zi00M2M1LWJiOGQt
YWQzNjI5YjIwMmMwLzEvTHBjc2s4cFFNaUVQVDZBcFpoT1h4OUpBYWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9jMWYyMGUtZDk0Zi00M2M1LWJiOGQtYWQzNjI5YjIwMmMw
LzEvbFNHaVl2VUhYaVN5czhtMm5JcjBEaW1Jb2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU2WkMA0G
CSqGSIb3DQEBCwUAA4IBAQBuozPBGNb91nEqLVX6+78qFTUJzoket13e+kp5ENmj
Kd0gydhIy+WHfXn+O5KniSsL2p0HpegdvaadfGNESkBCRdauHR/IXaRjBm4VG+jd
3b5lIhAp7bKaWah5AiRO2o2sfkfdKgLQNOeboOySQNFGYLXoZsto+6SAYZ3V3BbC
XdQObGF/jl+klE98KqO1zaDyRhE5Jk1z72AwGKaO5zBgLncS9CNXvv/HrZSvWmMG
M6Kcr8fcs94xc64rpnLvgKTzJV+aW4p+9RJQ6SRRLYd6TcVcjsGd8FZ7gGA4hFDD
X2v0NZJl4aPGGFhKYkiipY5A+nx70d2IF/qa/1sdfjKD
-----END CERTIFICATE-----