Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lWbnRExnSW03_U5olpBu9sZYkLs.roa
File:                     lWbnRExnSW03_U5olpBu9sZYkLs.roa (raw, json)
Hash identifier:          uqrMbJ4pQimVGZXZLF2tQNSaIAFtyzwa6Iu8wZXXPzg=
Subject key identifier:   95:66:E7:44:4C:67:49:6D:37:FD:4E:68:96:90:6E:F6:C6:58:90:BB
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0190DDDFA232F2D27C48CC83CC512B708B61
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lWbnRExnSW03_U5olpBu9sZYkLs.roa
Signing time:             Tue 23 Jul 2024 04:35:39 +0000
ROA not before:           Tue 23 Jul 2024 04:35:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46562
IP address blocks:        85.122.229.0/24 maxlen: 24
                          85.122.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:dd:df:a2:32:f2:d2:7c:48:cc:83:cc:51:2b:70:8b:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jul 23 04:35:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9566e7444c67496d37fd4e6896906ef6c65890bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:21:cb:9f:61:76:ed:1f:a2:ef:46:9e:96:6f:
                    15:b6:6c:41:91:d0:39:37:8a:62:c4:33:c8:4d:d7:
                    85:c5:f8:27:54:e7:bc:e0:53:0e:2f:be:61:64:92:
                    68:a6:09:81:41:34:6b:5a:74:f0:f4:05:6d:90:c9:
                    f4:54:c4:c7:94:9f:2b:38:e7:ec:c2:2e:7b:d3:a0:
                    cd:e6:a3:51:05:ec:17:09:d4:cc:10:a6:02:b1:d2:
                    7e:9b:b1:c7:f8:98:1e:e8:fa:92:e4:57:3b:31:57:
                    de:61:9f:e1:57:d5:06:1b:c8:30:dd:db:eb:05:c9:
                    09:09:c8:e1:3a:6a:16:fa:af:db:7f:fe:0c:da:e8:
                    7c:d1:b0:c4:1e:b6:4b:0c:0b:c8:19:3e:0e:61:ed:
                    d6:54:67:40:6a:63:5d:be:4e:72:78:7a:5b:5a:0c:
                    9e:2e:2c:31:81:bb:e1:b5:ae:55:ea:10:f7:97:50:
                    81:e3:3c:9c:fc:52:1a:ad:f5:47:75:b6:15:3a:13:
                    89:a9:76:60:07:79:c5:7f:10:9e:99:16:94:c1:1c:
                    2d:c2:7f:72:db:9b:63:dc:a0:15:6f:0c:b2:8a:08:
                    ef:c6:e1:a1:69:bc:70:5c:a2:f2:2d:ea:08:21:2b:
                    7d:0d:40:2d:d1:3b:e1:ca:ea:ed:f4:77:77:17:db:
                    87:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:66:E7:44:4C:67:49:6D:37:FD:4E:68:96:90:6E:F6:C6:58:90:BB
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lWbnRExnSW03_U5olpBu9sZYkLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.122.229.0-85.122.230.255

    Signature Algorithm: sha256WithRSAEncryption
         78:66:17:3c:56:5b:3b:1f:47:f9:bb:3e:55:a7:26:ed:ec:83:
         b2:72:52:51:3f:1a:08:b8:58:90:e7:79:ca:49:9a:c3:4c:b8:
         90:3e:41:26:12:2d:c8:6c:79:8e:5a:87:09:fb:ce:da:f4:04:
         1f:c5:00:6c:0a:7c:0b:1f:b7:96:f6:f9:9f:aa:ba:9f:3c:36:
         9a:d2:a2:fa:9a:59:c2:d7:33:ee:e8:17:69:9b:0e:60:ef:64:
         13:c7:bc:37:d0:8b:ff:85:90:b5:42:6b:3b:c8:91:36:97:b2:
         b9:6f:04:39:ca:0b:08:cd:0e:1b:b0:76:59:5c:8d:73:3c:e0:
         7c:dc:8b:7e:ef:fa:3f:72:35:cb:fa:43:24:53:fc:ed:6a:d9:
         ab:51:43:bd:58:67:5e:1b:0f:a6:d9:26:3c:0a:15:c5:4e:b7:
         0d:ae:70:1b:0b:13:80:6b:09:c2:bc:82:2d:47:95:eb:fd:6b:
         88:32:76:da:0f:bf:0f:ad:81:ed:27:da:1d:4d:2f:18:fa:f3:
         4e:f3:68:3c:9c:f1:91:34:2a:5b:b0:35:a3:b2:5c:92:46:58:
         73:9b:14:fa:4c:d9:75:18:46:21:16:d8:04:ff:86:8d:56:10:
         f5:22:48:a4:d9:93:dd:81:59:54:cc:61:83:37:58:7c:46:4d:
         0f:f7:d8:ab
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZDd36Iy8tJ8SMyDzFErcIthMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwNzIzMDQzNTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTY2ZTc0NDRjNjc0OTZkMzdmZDRlNjg5NjkwNmVmNmM2NTg5MGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSHLn2F27R+i70aelm8VtmxBkdA5
N4pixDPITdeFxfgnVOe84FMOL75hZJJopgmBQTRrWnTw9AVtkMn0VMTHlJ8rOOfs
wi5706DN5qNRBewXCdTMEKYCsdJ+m7HH+Jge6PqS5Fc7MVfeYZ/hV9UGG8gw3dvr
BckJCcjhOmoW+q/bf/4M2uh80bDEHrZLDAvIGT4OYe3WVGdAamNdvk5yeHpbWgye
Liwxgbvhta5V6hD3l1CB4zyc/FIarfVHdbYVOhOJqXZgB3nFfxCemRaUwRwtwn9y
25tj3KAVbwyyigjvxuGhabxwXKLyLeoIISt9DUAt0Tvhyurt9Hd3F9uHXwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJVm50RMZ0ltN/1OaJaQbvbGWJC7MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvbFdiblJFeG5TVzAzX1U1b2xwQnU5c1pZa0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABVeuUD
BABVeuYwDQYJKoZIhvcNAQELBQADggEBAHhmFzxWWzsfR/m7PlWnJu3sg7JyUlE/
Ggi4WJDnecpJmsNMuJA+QSYSLchseY5ahwn7ztr0BB/FAGwKfAsft5b2+Z+qup88
NprSovqaWcLXM+7oF2mbDmDvZBPHvDfQi/+FkLVCazvIkTaXsrlvBDnKCwjNDhuw
dllcjXM84Hzci37v+j9yNcv6QyRT/O1q2atRQ71YZ14bD6bZJjwKFcVOtw2ucBsL
E4BrCcK8gi1Hlev9a4gydtoPvw+tge0n2h1NLxj6807zaDyc8ZE0KluwNaOyXJJG
WHObFPpM2XUYRiEW2AT/ho1WEPUiSKTZk92BWVTMYYM3WHxGTQ/32Ks=
-----END CERTIFICATE-----