Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/LW6AiSBnffZ7z2LIcdZ7_BG3WTI.roa
File:                     LW6AiSBnffZ7z2LIcdZ7_BG3WTI.roa (raw, json)
Hash identifier:          Je2SbF0RuUxatfIqT2CP/1rfgX1hQngyDlJMJI6j86k=
Subject key identifier:   2D:6E:80:89:20:67:7D:F6:7B:CF:62:C8:71:D6:7B:FC:11:B7:59:32
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019425FCB458FA2F9E61FF12EC57C78660B2
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/LW6AiSBnffZ7z2LIcdZ7_BG3WTI.roa
Signing time:             Thu 02 Jan 2025 07:48:25 +0000
ROA not before:           Thu 02 Jan 2025 07:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201592
IP address blocks:        213.189.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:b4:58:fa:2f:9e:61:ff:12:ec:57:c7:86:60:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 07:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d6e808920677df67bcf62c871d67bfc11b75932
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d1:cc:b9:0e:34:b5:c1:66:1d:df:73:4c:7f:
                    d4:e2:c1:9f:cc:e7:cc:e5:a2:85:48:21:ee:5f:f6:
                    f1:b2:81:f1:94:50:b9:b0:ab:39:6c:0a:44:d0:72:
                    eb:b1:d1:c8:86:5f:2e:c9:26:67:06:80:6e:e1:f3:
                    45:3e:b8:70:d1:b4:3a:78:49:66:64:b8:1b:13:25:
                    a9:30:e4:f7:2e:96:f8:f1:6d:13:aa:6c:2d:55:3a:
                    4c:65:5b:c5:b9:92:c1:bf:c7:d9:af:2b:5c:82:6e:
                    9c:d4:cd:bc:73:93:4e:df:64:45:ad:0c:df:a5:73:
                    6d:0c:85:5c:15:6d:7e:cf:1e:9a:48:08:f3:07:fb:
                    b9:16:04:f2:ad:b4:4b:69:b6:f1:9b:c4:87:2c:a8:
                    d4:9f:0b:42:05:d8:e9:dc:f4:7c:16:4a:80:cb:86:
                    94:b1:d6:b8:2b:2e:a0:f0:b7:34:38:88:7b:49:65:
                    08:34:c5:0f:45:4e:d8:39:14:65:7f:60:31:29:ff:
                    a8:be:bb:b5:bc:66:25:91:aa:9d:91:c8:37:03:7a:
                    27:66:9e:05:f7:72:c9:38:2c:ee:86:01:7a:35:1f:
                    f5:7a:df:67:83:d4:9b:37:ad:51:9c:5f:2c:9c:3e:
                    67:3b:2a:d7:65:4d:38:cc:59:9d:56:30:89:ad:fb:
                    7a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:6E:80:89:20:67:7D:F6:7B:CF:62:C8:71:D6:7B:FC:11:B7:59:32
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/LW6AiSBnffZ7z2LIcdZ7_BG3WTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.189.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:46:ff:05:77:c3:53:99:f1:2a:6e:2c:03:ba:40:2f:72:3d:
         b0:95:38:2b:cc:9c:ac:69:88:d9:f7:ae:9b:7d:df:70:dc:d2:
         2b:8c:09:b1:ba:d6:3c:35:bf:3a:45:c2:dd:e4:41:18:c8:ca:
         21:3f:7b:88:c9:81:74:2c:3f:80:b8:89:e9:e9:9b:82:c7:d9:
         fe:09:67:22:77:d2:0f:cd:f8:da:66:2b:58:cf:d3:09:3f:1b:
         a4:08:58:19:4e:fc:4f:f2:2c:d3:3f:5b:6a:83:b8:04:df:32:
         df:48:a6:aa:69:ba:75:ce:00:19:78:8d:09:ad:f9:47:b1:61:
         1f:5c:f7:7d:ee:3f:48:9a:04:5d:e6:05:d9:4e:48:8d:1f:45:
         b0:2b:7a:0c:0f:d9:7c:0a:97:fd:15:29:93:16:a8:06:ba:e6:
         94:71:12:b8:2d:d0:ea:c0:eb:17:7c:c2:07:f3:b3:a4:1c:1d:
         39:08:4d:cf:cb:2f:11:24:fa:29:73:99:e9:ab:4b:87:44:13:
         1a:05:55:8a:2c:cf:f5:a2:c0:3b:b2:3d:23:f0:76:db:0a:9c:
         39:06:0e:72:6c:aa:4a:8b:d1:55:37:ad:ab:8a:fc:c1:63:71:
         ef:03:49:c4:75:77:ff:87:cc:45:ac:3c:6b:0a:d1:72:bd:52:
         1f:2a:94:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/LRY+i+eYf8S7FfHhmCyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjUwMTAyMDc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDZlODA4OTIwNjc3ZGY2N2JjZjYyYzg3MWQ2N2JmYzExYjc1OTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNHMuQ40tcFmHd9zTH/U4sGfzOfM
5aKFSCHuX/bxsoHxlFC5sKs5bApE0HLrsdHIhl8uySZnBoBu4fNFPrhw0bQ6eElm
ZLgbEyWpMOT3Lpb48W0TqmwtVTpMZVvFuZLBv8fZrytcgm6c1M28c5NO32RFrQzf
pXNtDIVcFW1+zx6aSAjzB/u5FgTyrbRLabbxm8SHLKjUnwtCBdjp3PR8FkqAy4aU
sda4Ky6g8Lc0OIh7SWUINMUPRU7YORRlf2AxKf+ovru1vGYlkaqdkcg3A3onZp4F
93LJOCzuhgF6NR/1et9ng9SbN61RnF8snD5nOyrXZU04zFmdVjCJrft6pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1ugIkgZ332e89iyHHWe/wRt1kyMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvTFc2QWlTQm5mZlo3ejJMSWNkWjdfQkczV1RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1b0oMA0G
CSqGSIb3DQEBCwUAA4IBAQBoRv8Fd8NTmfEqbiwDukAvcj2wlTgrzJysaYjZ966b
fd9w3NIrjAmxutY8Nb86RcLd5EEYyMohP3uIyYF0LD+AuInp6ZuCx9n+CWcid9IP
zfjaZitYz9MJPxukCFgZTvxP8izTP1tqg7gE3zLfSKaqabp1zgAZeI0JrflHsWEf
XPd97j9ImgRd5gXZTkiNH0WwK3oMD9l8Cpf9FSmTFqgGuuaUcRK4LdDqwOsXfMIH
87OkHB05CE3Pyy8RJPopc5npq0uHRBMaBVWKLM/1osA7sj0j8HbbCpw5Bg5ybKpK
i9FVN62rivzBY3HvA0nEdXf/h8xFrDxrCtFyvVIfKpQs
-----END CERTIFICATE-----