Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/LoUzoDR6zvXn6BBNsYhr15p268Q.roa
File:                     LoUzoDR6zvXn6BBNsYhr15p268Q.roa (raw, json)
Hash identifier:          zENAXa04B/BY1tuLkhKvGvfur8Ml55yCjNP3Pn0ExJM=
Subject key identifier:   2E:85:33:A0:34:7A:CE:F5:E7:E8:10:4D:B1:88:6B:D7:9A:76:EB:C4
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019425FCB3233157E67EA2D3C939BE1C8D12
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/LoUzoDR6zvXn6BBNsYhr15p268Q.roa
Signing time:             Thu 02 Jan 2025 07:48:25 +0000
ROA not before:           Thu 02 Jan 2025 07:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199453
IP address blocks:        213.189.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:b3:23:31:57:e6:7e:a2:d3:c9:39:be:1c:8d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 07:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e8533a0347acef5e7e8104db1886bd79a76ebc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9c:b9:b2:11:a0:39:8a:52:ff:49:f9:42:6e:
                    e7:b2:1d:f4:75:86:63:52:c3:a1:db:5e:a6:84:e8:
                    7f:b2:24:52:88:59:05:94:7b:0d:1e:73:59:6a:f4:
                    31:fb:55:19:c3:bd:a5:10:20:59:78:16:e2:d3:68:
                    0c:f6:85:55:c5:b1:84:58:61:39:c1:99:22:18:40:
                    df:f0:0e:49:94:95:13:cc:db:85:43:47:a2:a9:53:
                    66:f2:40:34:b0:95:9a:02:0f:df:87:a0:a4:07:5e:
                    33:83:b8:be:d3:05:b7:82:1d:ae:84:98:79:e3:be:
                    a4:b9:94:d8:ce:9e:71:83:56:a2:3f:9b:a8:23:c9:
                    6b:97:be:79:b9:15:87:d5:d2:c1:b0:94:f3:f3:bf:
                    44:90:fd:2a:2e:ee:61:10:09:55:02:51:21:bd:50:
                    6e:ba:a6:6c:61:97:35:ee:85:12:80:bf:f3:6c:6c:
                    a1:54:a9:70:1b:96:4c:db:ba:ff:b3:2d:7e:a8:29:
                    97:7f:dc:85:e9:b2:db:aa:d3:5c:dc:c4:55:87:69:
                    98:d9:cb:a2:c0:3e:33:42:ee:8c:6d:50:52:83:fc:
                    ae:fd:db:72:f8:e5:f0:c2:d8:d3:fe:3e:dd:e3:e8:
                    04:e2:50:19:62:60:3b:fb:54:0d:8c:08:35:bf:e9:
                    e0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:85:33:A0:34:7A:CE:F5:E7:E8:10:4D:B1:88:6B:D7:9A:76:EB:C4
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/LoUzoDR6zvXn6BBNsYhr15p268Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.189.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:d9:f2:ee:24:30:48:5b:6a:5e:9c:65:bb:b1:b3:7a:a8:83:
         a4:ba:e2:5a:f9:d4:d8:e4:a4:eb:d3:22:52:88:5d:35:eb:6e:
         56:82:f0:89:25:11:f8:a5:99:c5:58:79:cc:ea:6c:f0:88:e0:
         ba:73:be:58:4e:60:e2:76:e2:2b:f8:b0:47:c1:95:c4:54:36:
         ff:94:d2:2b:f2:01:a3:dd:ab:93:8f:9b:c7:d7:0f:56:d5:ed:
         eb:56:5c:62:ed:e2:0b:84:e6:d2:ce:ef:55:89:27:2c:24:cd:
         33:41:72:11:40:64:a9:28:c0:bb:d0:5e:b2:2f:a5:c4:66:76:
         17:7f:bc:75:80:1d:c4:cd:a8:be:4d:62:a9:ca:8f:50:ef:f6:
         5d:4d:cc:4f:49:52:2c:bc:7f:14:99:61:19:42:46:0f:e7:65:
         a8:b2:0c:86:66:03:8c:fa:4c:02:8b:3a:da:c0:74:37:8e:d2:
         90:a5:12:57:5c:26:7d:53:72:e5:ab:7b:96:4a:2c:c1:6a:4b:
         01:7a:77:15:64:1c:a6:a3:26:76:9c:8b:cd:7d:06:2e:59:4f:
         0e:c1:de:f1:f5:60:c0:4c:5a:27:d9:e8:f9:74:30:0a:c2:4a:
         04:61:42:b4:f0:e1:79:d7:05:33:5d:7f:e1:70:f6:cf:91:01:
         05:41:e0:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/LMjMVfmfqLTyTm+HI0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjUwMTAyMDc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTg1MzNhMDM0N2FjZWY1ZTdlODEwNGRiMTg4NmJkNzlhNzZlYmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZy5shGgOYpS/0n5Qm7nsh30dYZj
UsOh216mhOh/siRSiFkFlHsNHnNZavQx+1UZw72lECBZeBbi02gM9oVVxbGEWGE5
wZkiGEDf8A5JlJUTzNuFQ0eiqVNm8kA0sJWaAg/fh6CkB14zg7i+0wW3gh2uhJh5
476kuZTYzp5xg1aiP5uoI8lrl755uRWH1dLBsJTz879EkP0qLu5hEAlVAlEhvVBu
uqZsYZc17oUSgL/zbGyhVKlwG5ZM27r/sy1+qCmXf9yF6bLbqtNc3MRVh2mY2cui
wD4zQu6MbVBSg/yu/dty+OXwwtjT/j7d4+gE4lAZYmA7+1QNjAg1v+ngdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6FM6A0es715+gQTbGIa9eaduvEMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvTG9Vem9EUjZ6dlhuNkJCTnNZaHIxNXAyNjhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1b0nMA0G
CSqGSIb3DQEBCwUAA4IBAQCK2fLuJDBIW2penGW7sbN6qIOkuuJa+dTY5KTr0yJS
iF01625WgvCJJRH4pZnFWHnM6mzwiOC6c75YTmDiduIr+LBHwZXEVDb/lNIr8gGj
3auTj5vH1w9W1e3rVlxi7eILhObSzu9ViScsJM0zQXIRQGSpKMC70F6yL6XEZnYX
f7x1gB3Ezai+TWKpyo9Q7/ZdTcxPSVIsvH8UmWEZQkYP52WosgyGZgOM+kwCizra
wHQ3jtKQpRJXXCZ9U3Llq3uWSizBaksBencVZBymoyZ2nIvNfQYuWU8Owd7x9WDA
TFon2ej5dDAKwkoEYUK08OF51wUzXX/hcPbPkQEFQeBK
-----END CERTIFICATE-----