Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/lvhW-5gG1d7s0xRuajaOzZcrjmc.roa
File:                     lvhW-5gG1d7s0xRuajaOzZcrjmc.roa (raw, json)
Hash identifier:          wyWBBM7VxY7dUmwGsLkWr3RC9unH4M0ZblDs1miD2Do=
Subject key identifier:   96:F8:56:FB:98:06:D5:DE:EC:D3:14:6E:6A:36:8E:CD:97:2B:8E:67
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256F492ADCB9488D9FC3A721BE4AD5
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/lvhW-5gG1d7s0xRuajaOzZcrjmc.roa
Signing time:             Mon 01 Jan 2024 08:30:36 +0000
ROA not before:           Mon 01 Jan 2024 08:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210718
IP address blocks:        2a0b:b87:ff12::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6f:49:2a:dc:b9:48:8d:9f:c3:a7:21:be:4a:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96f856fb9806d5deecd3146e6a368ecd972b8e67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c6:bd:ea:dc:96:5d:e7:e2:59:19:1c:41:16:
                    fe:10:82:7a:af:fe:af:73:a5:61:1f:be:96:79:88:
                    4f:25:8a:7d:69:8e:88:ae:6d:ab:88:46:3e:4e:b5:
                    f2:24:19:00:5b:32:b3:cb:e3:64:4a:c3:a7:4e:af:
                    57:25:63:3d:57:6c:bc:59:17:e2:1c:b9:af:df:4f:
                    01:1a:e2:b2:e8:66:39:1d:1c:75:38:cc:0f:02:4c:
                    c5:df:09:14:39:b5:c3:6e:c7:e1:34:a4:c1:d1:80:
                    8d:14:7d:b9:2b:8f:c5:4c:43:db:2b:11:34:c3:15:
                    f9:72:6b:cc:2d:00:83:32:b9:60:f2:56:c1:51:4f:
                    2b:b2:9a:56:dc:91:99:32:2e:96:d0:e7:c8:79:35:
                    a4:f7:38:0a:b3:c4:51:3e:a4:55:9c:b2:a5:d3:0f:
                    a7:f5:5b:f4:87:b5:ba:e8:53:bc:a1:66:86:bf:5d:
                    98:8f:de:bf:bc:2e:e8:da:19:5c:47:48:ce:52:a3:
                    fb:cd:86:b3:c5:ab:cd:37:3c:29:ca:6c:32:96:ce:
                    b1:28:13:37:d1:7e:b1:06:d4:44:9a:96:6c:96:55:
                    74:03:cb:81:7a:0a:9a:a1:eb:94:4d:35:a7:be:21:
                    85:40:47:30:30:dd:5a:cc:e4:a6:5a:78:8a:b8:d0:
                    1a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:F8:56:FB:98:06:D5:DE:EC:D3:14:6E:6A:36:8E:CD:97:2B:8E:67
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/lvhW-5gG1d7s0xRuajaOzZcrjmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ff12::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:4d:3a:91:d6:ac:da:c0:48:75:33:2d:d1:c1:d6:01:f8:79:
         f3:11:9e:4f:ee:7e:d7:f4:27:54:91:42:ae:b6:94:1d:0a:e3:
         09:9a:b7:d1:59:0f:74:f2:98:fd:b1:5f:38:b9:d7:9c:34:3a:
         e2:7b:12:c4:4d:97:35:e4:7d:be:b4:32:90:56:22:37:1e:c8:
         41:f2:be:75:93:01:95:1a:6c:13:ea:24:9b:d4:d1:5c:c7:61:
         3a:5e:67:f9:f9:70:f2:50:a4:02:90:9c:5c:13:72:16:4f:8d:
         9f:75:a8:91:2e:f2:d7:5d:54:43:63:d7:fa:97:c2:a8:d8:94:
         6f:c6:20:2e:b7:19:50:20:85:b0:7d:df:48:3d:fc:fe:ad:d4:
         ab:2d:26:52:01:92:42:f8:4c:a1:d0:6a:b2:b8:1f:6a:93:b3:
         63:7a:81:8e:9e:a7:ed:b7:a7:88:d2:15:f5:ef:73:3d:d1:4e:
         63:02:d9:3d:c2:5b:70:77:07:fe:4d:d6:fa:68:41:73:a1:32:
         a5:fc:0a:40:1a:5e:09:82:a3:c0:16:47:94:f5:12:f4:1a:1c:
         43:64:ed:93:c8:e7:cb:e8:b7:69:5d:6e:ab:ce:d1:0f:ec:88:
         e2:eb:31:a9:1e:db:5d:df:fb:e3:a3:7a:cd:79:a5:80:54:47:
         7f:39:93:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJW9JKty5SI2fw6chvkrVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmY4NTZmYjk4MDZkNWRlZWNkMzE0NmU2YTM2OGVjZDk3MmI4ZTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMa96tyWXefiWRkcQRb+EIJ6r/6v
c6VhH76WeYhPJYp9aY6Irm2riEY+TrXyJBkAWzKzy+NkSsOnTq9XJWM9V2y8WRfi
HLmv308BGuKy6GY5HRx1OMwPAkzF3wkUObXDbsfhNKTB0YCNFH25K4/FTEPbKxE0
wxX5cmvMLQCDMrlg8lbBUU8rsppW3JGZMi6W0OfIeTWk9zgKs8RRPqRVnLKl0w+n
9Vv0h7W66FO8oWaGv12Yj96/vC7o2hlcR0jOUqP7zYazxavNNzwpymwyls6xKBM3
0X6xBtREmpZsllV0A8uBegqaoeuUTTWnviGFQEcwMN1azOSmWniKuNAaWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJb4VvuYBtXe7NMUbmo2js2XK45nMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvbHZoVy01Z0cxZDdzMHhSdWFqYU96WmNyam1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/8S
MA0GCSqGSIb3DQEBCwUAA4IBAQCYTTqR1qzawEh1My3RwdYB+HnzEZ5P7n7X9CdU
kUKutpQdCuMJmrfRWQ908pj9sV84udecNDriexLETZc15H2+tDKQViI3HshB8r51
kwGVGmwT6iSb1NFcx2E6Xmf5+XDyUKQCkJxcE3IWT42fdaiRLvLXXVRDY9f6l8Ko
2JRvxiAutxlQIIWwfd9IPfz+rdSrLSZSAZJC+Eyh0GqyuB9qk7NjeoGOnqftt6eI
0hX173M90U5jAtk9wltwdwf+Tdb6aEFzoTKl/ApAGl4JgqPAFkeU9RL0GhxDZO2T
yOfL6LdpXW6rztEP7Iji6zGpHttd3/vjo3rNeaWAVEd/OZPp
-----END CERTIFICATE-----