Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lHY__Bey6zpylPYxtmVDWcTxTdY.roa
File:                     lHY__Bey6zpylPYxtmVDWcTxTdY.roa (raw, json)
Hash identifier:          2mH9bm/0Pzk6Q2ZMlDiAkb9EmU5E7UJ8VOpe2VEe5AE=
Subject key identifier:   94:76:3F:FC:17:B2:EB:3A:72:94:F6:31:B6:65:43:59:C4:F1:4D:D6
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019565A2744C66A0CCD3C1EE37CD7BC0AF11
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lHY__Bey6zpylPYxtmVDWcTxTdY.roa
Signing time:             Wed 05 Mar 2025 09:28:20 +0000
ROA not before:           Wed 05 Mar 2025 09:28:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58022
IP address blocks:        81.180.136.0/23 maxlen: 23
                          81.181.196.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:65:a2:74:4c:66:a0:cc:d3:c1:ee:37:cd:7b:c0:af:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Mar  5 09:28:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94763ffc17b2eb3a7294f631b6654359c4f14dd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:da:5d:33:b2:90:92:17:73:ad:4e:93:c9:e5:
                    05:94:d6:1e:e4:e7:1d:6a:0a:5a:ba:7a:e6:7a:d8:
                    f4:e7:d7:01:ce:9b:79:67:71:fc:4b:b0:96:e7:55:
                    6e:b6:23:f5:d5:d4:07:a3:ca:ff:96:df:a3:4f:8c:
                    63:53:af:8b:9b:78:4f:73:b0:16:96:b0:47:55:50:
                    be:23:21:d4:41:2d:19:0e:9f:58:2d:6a:7b:ef:cc:
                    90:bd:f6:63:04:69:60:b6:e7:8a:ac:fb:8a:56:8a:
                    83:28:25:eb:9e:80:19:c6:32:10:60:78:59:3f:47:
                    9b:68:23:41:f4:e3:ff:e2:84:ff:4c:de:80:c3:91:
                    0a:87:18:83:b2:7d:ca:5a:4f:ee:46:8a:65:6d:1d:
                    b5:a5:61:04:b0:16:52:f2:bb:04:e8:da:86:bc:1e:
                    79:82:c9:69:e5:90:3e:93:2f:71:4c:e5:69:60:fc:
                    b1:66:c7:6d:10:b3:40:89:a9:54:eb:87:c8:f0:3c:
                    8b:96:71:1e:99:33:ce:4e:2f:6b:78:1a:58:48:18:
                    f7:a0:a8:ca:cc:78:f3:a7:cd:6a:17:7d:3b:2b:f6:
                    66:b1:54:c8:da:85:b9:f8:05:be:77:c1:6d:ff:f4:
                    a3:b1:e8:88:8e:2d:2e:b3:fb:d7:50:0a:87:71:c1:
                    86:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:76:3F:FC:17:B2:EB:3A:72:94:F6:31:B6:65:43:59:C4:F1:4D:D6
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lHY__Bey6zpylPYxtmVDWcTxTdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.180.136.0/23
                  81.181.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:b4:12:6f:00:b9:73:eb:d6:95:15:47:0e:f5:c1:49:96:83:
         bf:27:44:3c:84:3d:17:1a:b2:59:a3:74:7b:4c:62:83:b2:b3:
         84:94:42:59:f7:ee:4e:8f:ab:51:15:5b:0b:3e:ac:00:f0:02:
         9f:b0:b0:1c:4b:ca:00:c6:f0:a1:60:dc:c0:c7:e5:ca:2e:6e:
         70:e5:f4:9a:05:74:11:fa:92:ad:f5:41:e0:a9:3d:f4:3d:bb:
         bb:49:40:71:28:93:0c:58:52:93:2d:69:f3:61:21:10:c1:0d:
         bd:a2:08:c9:a8:a5:4e:e7:16:eb:85:01:14:c3:55:39:93:9a:
         8c:e8:74:d6:8d:e6:ea:3a:e8:7a:4d:9a:f4:8a:d7:f2:3a:36:
         8a:f5:15:eb:75:a1:65:e5:ee:24:40:76:cb:52:95:9a:58:39:
         41:6f:f3:27:f7:04:bb:3c:dc:90:44:14:5d:91:63:74:4c:d9:
         07:98:3f:74:4b:e2:b8:38:e8:e2:aa:57:00:90:96:b1:de:2b:
         97:f2:64:01:b4:0e:68:83:71:85:c8:02:03:0e:ab:83:ba:69:
         cf:0b:5a:ab:43:c1:9b:44:fd:36:fb:a6:38:86:56:ed:a6:65:
         42:f3:46:11:77:f1:64:73:ec:b9:b0:4a:db:d0:1e:6b:87:b0:
         3a:a3:26:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVlonRMZqDM08HuN817wK8RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMzA1MDkyODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDc2M2ZmYzE3YjJlYjNhNzI5NGY2MzFiNjY1NDM1OWM0ZjE0ZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9pdM7KQkhdzrU6TyeUFlNYe5Ocd
agpaunrmetj059cBzpt5Z3H8S7CW51VutiP11dQHo8r/lt+jT4xjU6+Lm3hPc7AW
lrBHVVC+IyHUQS0ZDp9YLWp778yQvfZjBGlgtueKrPuKVoqDKCXrnoAZxjIQYHhZ
P0ebaCNB9OP/4oT/TN6Aw5EKhxiDsn3KWk/uRoplbR21pWEEsBZS8rsE6NqGvB55
gslp5ZA+ky9xTOVpYPyxZsdtELNAialU64fI8DyLlnEemTPOTi9reBpYSBj3oKjK
zHjzp81qF307K/ZmsVTI2oW5+AW+d8Ft//SjseiIji0us/vXUAqHccGGzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJR2P/wXsus6cpT2MbZlQ1nE8U3WMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvbEhZX19CZXk2enB5bFBZeHRtVkRXY1R4VGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUbSIAwQB
UbXEMA0GCSqGSIb3DQEBCwUAA4IBAQBLtBJvALlz69aVFUcO9cFJloO/J0Q8hD0X
GrJZo3R7TGKDsrOElEJZ9+5Oj6tRFVsLPqwA8AKfsLAcS8oAxvChYNzAx+XKLm5w
5fSaBXQR+pKt9UHgqT30Pbu7SUBxKJMMWFKTLWnzYSEQwQ29ogjJqKVO5xbrhQEU
w1U5k5qM6HTWjebqOuh6TZr0itfyOjaK9RXrdaFl5e4kQHbLUpWaWDlBb/Mn9wS7
PNyQRBRdkWN0TNkHmD90S+K4OOjiqlcAkJax3iuX8mQBtA5og3GFyAIDDquDumnP
C1qrQ8GbRP02+6Y4hlbtpmVC80YRd/Fkc+y5sErb0B5rh7A6oyaP
-----END CERTIFICATE-----