Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/a94966-03e5-42ea-ac26-a8beb5657d76/1/LQn8_Xfg9uvar4TReHEb3nmHd5w.roa
File:                     LQn8_Xfg9uvar4TReHEb3nmHd5w.roa (raw, json)
Hash identifier:          Pu/maEM0ar8F0hLskJTrhG0mCJcJUxMGZs6IfxL91Z8=
Subject key identifier:   2D:09:FC:FD:77:E0:F6:EB:DA:AF:84:D1:78:71:1B:DE:79:87:77:9C
Certificate issuer:       /CN=695c537d2656db4dd0c3c32fe981b3c771443e5b
Certificate serial:       018CC72705F365097EAD4FA861F27E2B0CE3
Authority key identifier: 69:5C:53:7D:26:56:DB:4D:D0:C3:C3:2F:E9:81:B3:C7:71:44:3E:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aVxTfSZW203Qw8Mv6YGzx3FEPls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/a94966-03e5-42ea-ac26-a8beb5657d76/1/LQn8_Xfg9uvar4TReHEb3nmHd5w.roa
Signing time:             Mon 01 Jan 2024 22:31:12 +0000
ROA not before:           Mon 01 Jan 2024 22:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31305
IP address blocks:        193.151.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/a94966-03e5-42ea-ac26-a8beb5657d76/1/aVxTfSZW203Qw8Mv6YGzx3FEPls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/a94966-03e5-42ea-ac26-a8beb5657d76/1/aVxTfSZW203Qw8Mv6YGzx3FEPls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aVxTfSZW203Qw8Mv6YGzx3FEPls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:05:f3:65:09:7e:ad:4f:a8:61:f2:7e:2b:0c:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=695c537d2656db4dd0c3c32fe981b3c771443e5b
        Validity
            Not Before: Jan  1 22:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d09fcfd77e0f6ebdaaf84d178711bde7987779c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:54:fc:3c:11:8e:a2:5c:6a:19:a2:e1:39:82:
                    18:01:77:a5:78:fc:4d:21:56:a1:46:6e:ed:61:b5:
                    42:13:95:11:4b:55:85:73:ec:44:b7:78:5c:12:10:
                    5d:80:88:2c:37:32:e2:ea:07:da:86:ff:63:28:7a:
                    55:5f:74:77:33:2c:e7:17:cf:c3:3e:3e:42:c6:99:
                    15:29:32:e2:d8:38:2b:d8:cb:82:98:0a:0d:4b:1f:
                    96:4b:25:af:85:1f:04:37:de:d7:34:8b:b4:58:bc:
                    3e:ce:34:83:4f:b5:7b:1f:10:41:5f:b2:99:a3:f6:
                    1e:93:aa:f8:28:4f:3d:ab:a1:23:c4:b2:75:e8:bf:
                    16:e2:01:84:f7:4b:0c:b6:5e:e0:ed:8d:93:df:d8:
                    09:fe:82:d4:57:0c:0e:ee:e6:91:80:ed:59:13:ed:
                    65:ac:b7:cb:ea:f3:a1:a2:75:cd:2a:e5:13:46:b2:
                    58:e3:62:57:dd:46:67:ff:f5:f9:4f:59:66:57:fe:
                    f3:37:e1:b3:fb:cd:b8:4c:7a:08:3b:bf:93:19:73:
                    02:3a:c0:0c:13:2c:99:ae:0a:bf:b4:4a:f6:ad:5e:
                    e4:8c:f9:57:b6:63:0e:d7:fc:2f:13:a4:99:ce:39:
                    fc:29:20:75:fa:e3:c2:02:2d:71:6a:d4:3f:76:3e:
                    1e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:09:FC:FD:77:E0:F6:EB:DA:AF:84:D1:78:71:1B:DE:79:87:77:9C
            X509v3 Authority Key Identifier:
                keyid:69:5C:53:7D:26:56:DB:4D:D0:C3:C3:2F:E9:81:B3:C7:71:44:3E:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aVxTfSZW203Qw8Mv6YGzx3FEPls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a94966-03e5-42ea-ac26-a8beb5657d76/1/LQn8_Xfg9uvar4TReHEb3nmHd5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a94966-03e5-42ea-ac26-a8beb5657d76/1/aVxTfSZW203Qw8Mv6YGzx3FEPls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:18:9d:3d:f2:54:5c:3c:42:ce:b8:60:73:59:a7:f4:af:a9:
         61:ed:22:df:01:d6:e6:bd:29:b3:0f:02:e0:44:be:dc:c6:4e:
         49:2a:17:0d:c9:19:f5:d6:ba:77:d5:5c:8d:d4:24:93:ff:e6:
         0d:e2:20:45:05:f4:67:f1:9e:53:ae:e8:a4:d7:03:32:60:36:
         f7:9b:b3:02:41:d8:9b:c9:c0:a4:0e:38:f5:b6:33:10:b3:5c:
         fa:46:82:f1:51:bd:76:66:a0:b5:d9:d1:a4:a2:3a:a8:f6:59:
         a8:55:86:0e:25:5c:85:8e:45:1d:d4:b5:63:a7:0f:2c:2d:e8:
         c4:ea:34:ea:7c:63:f5:8c:75:30:65:8b:3b:ab:ff:61:ce:7d:
         1f:e0:33:51:7c:e7:0d:f4:11:e3:ae:60:c5:ef:08:66:34:2e:
         ee:15:c7:88:2f:bc:a1:90:94:6e:e7:0c:78:52:cc:b1:db:f4:
         22:1a:b2:58:33:28:d3:3b:fe:e1:64:4a:f0:ef:8e:ea:47:ca:
         8e:01:ff:1a:75:37:a7:00:7a:c4:0a:ed:b4:be:8f:d4:99:db:
         78:1a:2c:73:3d:b3:a9:bf:09:1b:0c:1e:f0:8f:d9:c0:c9:c6:
         8c:a4:0a:3a:c6:88:d0:6d:a9:f5:63:cb:21:87:0c:83:11:27:
         92:22:ae:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJwXzZQl+rU+oYfJ+KwzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NWM1MzdkMjY1NmRiNGRkMGMzYzMyZmU5ODFiM2M3NzE0
NDNlNWIwHhcNMjQwMTAxMjIzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDA5ZmNmZDc3ZTBmNmViZGFhZjg0ZDE3ODcxMWJkZTc5ODc3NzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1T8PBGOolxqGaLhOYIYAXelePxN
IVahRm7tYbVCE5URS1WFc+xEt3hcEhBdgIgsNzLi6gfahv9jKHpVX3R3MyznF8/D
Pj5CxpkVKTLi2Dgr2MuCmAoNSx+WSyWvhR8EN97XNIu0WLw+zjSDT7V7HxBBX7KZ
o/Yek6r4KE89q6EjxLJ16L8W4gGE90sMtl7g7Y2T39gJ/oLUVwwO7uaRgO1ZE+1l
rLfL6vOhonXNKuUTRrJY42JX3UZn//X5T1lmV/7zN+Gz+824THoIO7+TGXMCOsAM
EyyZrgq/tEr2rV7kjPlXtmMO1/wvE6SZzjn8KSB1+uPCAi1xatQ/dj4ehQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC0J/P134Pbr2q+E0XhxG955h3ecMB8GA1UdIwQY
MBaAFGlcU30mVttN0MPDL+mBs8dxRD5bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVZ4VGZTWlcyMDNRdzhNdjZZR3p4M0ZFUGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9hOTQ5NjYtMDNlNS00MmVhLWFjMjYt
YThiZWI1NjU3ZDc2LzEvTFFuOF9YZmc5dXZhcjRUUmVIRWIzbm1IZDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9hOTQ5NjYtMDNlNS00MmVhLWFjMjYtYThiZWI1NjU3ZDc2
LzEvYVZ4VGZTWlcyMDNRdzhNdjZZR3p4M0ZFUGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwZcMMA0G
CSqGSIb3DQEBCwUAA4IBAQChGJ098lRcPELOuGBzWaf0r6lh7SLfAdbmvSmzDwLg
RL7cxk5JKhcNyRn11rp31VyN1CST/+YN4iBFBfRn8Z5Truik1wMyYDb3m7MCQdib
ycCkDjj1tjMQs1z6RoLxUb12ZqC12dGkojqo9lmoVYYOJVyFjkUd1LVjpw8sLejE
6jTqfGP1jHUwZYs7q/9hzn0f4DNRfOcN9BHjrmDF7whmNC7uFceIL7yhkJRu5wx4
Usyx2/QiGrJYMyjTO/7hZErw747qR8qOAf8adTenAHrECu20vo/Umdt4GixzPbOp
vwkbDB7wj9nAycaMpAo6xojQban1Y8shhwyDESeSIq7D
-----END CERTIFICATE-----