Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/LKV7yhCGt0hkH1Iq_3IYZcE641s.roa
File:                     LKV7yhCGt0hkH1Iq_3IYZcE641s.roa (raw, json)
Hash identifier:          D7LiBZ1bYl+XLNrNHZ6UiD87vfxECmSbtT8earIeWFc=
Subject key identifier:   2C:A5:7B:CA:10:86:B7:48:64:1F:52:2A:FF:72:18:65:C1:3A:E3:5B
Certificate issuer:       /CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
Certificate serial:       0191362167E4A20686157039C8C27ECE3E46
Authority key identifier: B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/LKV7yhCGt0hkH1Iq_3IYZcE641s.roa
Signing time:             Fri 09 Aug 2024 07:54:04 +0000
ROA not before:           Fri 09 Aug 2024 07:54:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215984
IP address blocks:        89.150.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:36:21:67:e4:a2:06:86:15:70:39:c8:c2:7e:ce:3e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
        Validity
            Not Before: Aug  9 07:54:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ca57bca1086b748641f522aff721865c13ae35b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ce:f7:7a:38:51:ea:a7:d4:e0:77:17:e7:d0:
                    62:5d:28:79:e7:d2:55:28:ff:4a:0e:f7:6f:e3:2e:
                    75:78:19:ee:6f:63:ff:b0:55:34:91:68:55:b5:e1:
                    72:0e:67:c2:75:81:4c:70:9c:60:4a:6b:cb:93:32:
                    b5:08:0e:8d:55:c6:74:d6:be:5e:a7:34:91:61:dd:
                    d0:05:dd:72:2a:b5:0b:15:5b:88:e7:26:76:4a:58:
                    4e:d4:83:70:a6:7b:89:83:62:1b:f4:dc:34:1a:58:
                    61:08:8d:47:af:ea:df:cb:f6:14:98:d6:b6:dd:4c:
                    bb:96:20:10:79:fc:16:a1:7c:87:e2:eb:3d:89:b7:
                    bd:b0:ff:ba:77:a8:99:31:04:4f:ca:ff:d3:55:6f:
                    0e:3b:fb:5a:09:3d:0f:e5:f2:89:27:7b:ce:cf:40:
                    95:41:ca:c1:c1:70:69:54:7f:f9:95:d1:1c:d2:35:
                    f8:61:14:16:27:e8:6d:a8:e5:c6:00:c8:3c:76:e5:
                    23:04:7e:6b:18:ee:25:2b:10:ea:e5:38:93:67:76:
                    76:15:66:9f:c5:e4:87:ec:73:9a:bd:80:be:48:cf:
                    db:18:0e:e6:fd:09:b1:75:48:e5:28:c7:9e:a6:9f:
                    2b:9b:75:f4:a9:07:05:27:2d:62:7a:75:fa:7a:ac:
                    5f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:A5:7B:CA:10:86:B7:48:64:1F:52:2A:FF:72:18:65:C1:3A:E3:5B
            X509v3 Authority Key Identifier:
                keyid:B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/LKV7yhCGt0hkH1Iq_3IYZcE641s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.150.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e9:dc:69:2d:01:ba:1d:4c:58:aa:50:83:ef:0a:0e:dd:30:f6:
         7c:af:28:ad:18:96:26:f7:24:b4:7f:4d:41:42:fe:a5:ea:16:
         02:b5:d7:74:33:7a:36:c7:28:72:82:6f:39:c9:aa:6a:1f:57:
         ba:d2:32:09:2c:f6:2f:3c:e8:98:70:3e:e1:41:3f:66:6b:b9:
         df:07:79:10:2c:24:94:31:7c:82:a3:33:f3:54:80:76:dc:4d:
         8f:b1:d1:88:1e:2b:ab:32:73:d2:2a:ef:1c:83:b7:7a:21:cf:
         ae:74:ff:d1:3a:bc:b5:ab:11:b6:29:69:95:bf:98:a6:5f:9a:
         77:19:dc:4b:9f:4b:1f:6e:b6:44:ca:6c:94:9d:ab:de:18:4d:
         67:63:de:7f:78:14:e5:a1:f9:11:6f:7f:17:9c:cc:fa:ff:4b:
         a9:fe:4a:fb:14:ac:ec:30:de:6b:fc:85:d4:b6:d9:d2:64:30:
         b3:94:19:40:24:f9:25:9d:3d:19:64:ad:ab:c0:b5:0d:30:a0:
         80:0e:a3:d3:80:f8:f3:8e:d8:91:1f:10:87:0b:78:f9:59:55:
         53:f9:12:e6:fe:79:17:f2:ac:aa:e7:cd:d8:fc:38:b9:e9:62:
         d7:a2:f1:bf:76:67:44:05:6b:dd:41:b2:a7:d2:90:27:2e:b7:
         12:0e:37:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE2IWfkogaGFXA5yMJ+zj5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMWEzZjRhZjk0YTU4MGViOWU3YjU4NTQyYTAwODRiMjFj
MmIwOWIwHhcNMjQwODA5MDc1NDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2E1N2JjYTEwODZiNzQ4NjQxZjUyMmFmZjcyMTg2NWMxM2FlMzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv873ejhR6qfU4HcX59BiXSh559JV
KP9KDvdv4y51eBnub2P/sFU0kWhVteFyDmfCdYFMcJxgSmvLkzK1CA6NVcZ01r5e
pzSRYd3QBd1yKrULFVuI5yZ2SlhO1INwpnuJg2Ib9Nw0GlhhCI1Hr+rfy/YUmNa2
3Uy7liAQefwWoXyH4us9ibe9sP+6d6iZMQRPyv/TVW8OO/taCT0P5fKJJ3vOz0CV
QcrBwXBpVH/5ldEc0jX4YRQWJ+htqOXGAMg8duUjBH5rGO4lKxDq5TiTZ3Z2FWaf
xeSH7HOavYC+SM/bGA7m/QmxdUjlKMeepp8rm3X0qQcFJy1ienX6eqxfxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCyle8oQhrdIZB9SKv9yGGXBOuNbMB8GA1UdIwQY
MBaAFLIaP0r5SlgOuee1hUKgCEshwrCbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYt
NTEyOTE3MmI2OTY2LzEvTEtWN3loQ0d0MGhrSDFJcV8zSVlaY0U2NDFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYtNTEyOTE3MmI2OTY2
LzEvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZYpMA0G
CSqGSIb3DQEBCwUAA4IBAQDp3GktAbodTFiqUIPvCg7dMPZ8ryitGJYm9yS0f01B
Qv6l6hYCtdd0M3o2xyhygm85yapqH1e60jIJLPYvPOiYcD7hQT9ma7nfB3kQLCSU
MXyCozPzVIB23E2PsdGIHiurMnPSKu8cg7d6Ic+udP/ROry1qxG2KWmVv5imX5p3
GdxLn0sfbrZEymyUnaveGE1nY95/eBTlofkRb38XnMz6/0up/kr7FKzsMN5r/IXU
ttnSZDCzlBlAJPklnT0ZZK2rwLUNMKCADqPTgPjzjtiRHxCHC3j5WVVT+RLm/nkX
8qyq583Y/Di56WLXovG/dmdEBWvdQbKn0pAnLrcSDjfQ
-----END CERTIFICATE-----