Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/13d50b-7db3-4d10-8a4e-6eb3aa6a21af/1/LsbIPHk2s3mV4iqksyR9gbls5OU.roa
File:                     LsbIPHk2s3mV4iqksyR9gbls5OU.roa (raw, json)
Hash identifier:          mQWpK4Vqt6IazIwKFJZsCLc/c+XC/FyIFIfQNHxwaO0=
Subject key identifier:   2E:C6:C8:3C:79:36:B3:79:95:E2:2A:A4:B3:24:7D:81:B9:6C:E4:E5
Certificate issuer:       /CN=80d67a84409cedba022eeb035bd8ad620d683ea7
Certificate serial:       018CCA29F224CBCD1903B5DEF0BEDF13800B
Authority key identifier: 80:D6:7A:84:40:9C:ED:BA:02:2E:EB:03:5B:D8:AD:62:0D:68:3E:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gNZ6hECc7boCLusDW9itYg1oPqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/13d50b-7db3-4d10-8a4e-6eb3aa6a21af/1/LsbIPHk2s3mV4iqksyR9gbls5OU.roa
Signing time:             Tue 02 Jan 2024 12:33:15 +0000
ROA not before:           Tue 02 Jan 2024 12:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39686
IP address blocks:        193.242.97.0/24 maxlen: 24
                          2001:67c:18a0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/13d50b-7db3-4d10-8a4e-6eb3aa6a21af/1/gNZ6hECc7boCLusDW9itYg1oPqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/13d50b-7db3-4d10-8a4e-6eb3aa6a21af/1/gNZ6hECc7boCLusDW9itYg1oPqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gNZ6hECc7boCLusDW9itYg1oPqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f2:24:cb:cd:19:03:b5:de:f0:be:df:13:80:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80d67a84409cedba022eeb035bd8ad620d683ea7
        Validity
            Not Before: Jan  2 12:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ec6c83c7936b37995e22aa4b3247d81b96ce4e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:66:99:33:d6:f6:f3:7a:81:8a:7b:c3:4a:05:
                    48:fd:a4:b2:ca:28:57:44:e9:bc:a8:40:d7:ea:3d:
                    d8:17:d5:83:e7:82:af:cb:7b:5c:8f:c6:c2:fb:38:
                    dd:fe:f2:17:bb:1e:86:47:c8:9a:f6:6a:50:eb:f3:
                    24:17:c1:c0:23:bd:58:e0:08:00:8d:3d:c5:28:89:
                    4d:2f:7b:15:b1:03:a2:9c:be:40:f2:5b:4c:6e:a8:
                    a7:63:47:38:9e:63:09:b5:24:a4:68:7d:0b:13:c5:
                    15:d9:e2:8e:3d:c4:d5:70:98:1f:d3:dc:f7:e6:cf:
                    90:59:49:c9:19:f8:35:aa:37:5f:15:33:9b:57:a7:
                    dd:30:70:ac:64:c1:e0:35:a8:49:e6:4d:5e:bb:5b:
                    51:c3:e2:5b:77:6d:a6:a0:6e:a0:f1:1a:26:26:7e:
                    9c:ba:1c:ec:98:ac:dd:37:6c:c5:35:0c:b6:a3:7e:
                    05:2d:0c:70:13:1b:0a:ae:d6:89:58:d6:0b:a6:5f:
                    3b:ba:97:ba:90:67:08:c9:f1:30:02:88:f7:ca:ff:
                    a4:69:1b:62:c5:5c:ae:de:df:04:54:14:53:a9:82:
                    48:03:4e:8b:5b:2a:30:43:42:fc:13:ee:75:68:38:
                    48:b9:ca:d8:74:36:d3:6f:22:24:55:5a:e8:5f:13:
                    5e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:C6:C8:3C:79:36:B3:79:95:E2:2A:A4:B3:24:7D:81:B9:6C:E4:E5
            X509v3 Authority Key Identifier:
                keyid:80:D6:7A:84:40:9C:ED:BA:02:2E:EB:03:5B:D8:AD:62:0D:68:3E:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gNZ6hECc7boCLusDW9itYg1oPqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/13d50b-7db3-4d10-8a4e-6eb3aa6a21af/1/LsbIPHk2s3mV4iqksyR9gbls5OU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/13d50b-7db3-4d10-8a4e-6eb3aa6a21af/1/gNZ6hECc7boCLusDW9itYg1oPqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.97.0/24
                IPv6:
                  2001:67c:18a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:ec:ca:00:38:44:c7:fb:79:bc:25:f1:39:e8:35:05:63:97:
         94:30:2f:1c:41:4b:f9:f8:bb:36:80:40:f0:f3:16:79:45:a2:
         44:78:b1:dc:47:e8:8c:09:75:bc:be:0c:0e:21:39:dc:9e:5a:
         15:1f:28:c5:0f:ed:1f:84:11:2f:ec:a8:aa:3b:56:1f:40:a6:
         49:6d:0e:91:bc:50:c3:d3:ae:fa:bd:c8:bc:44:23:3b:ee:55:
         ca:77:de:88:b8:15:a1:4c:5e:be:61:13:04:37:7d:54:10:65:
         e9:9b:1f:f9:57:f8:b1:c1:77:37:63:a9:7a:50:b3:41:b6:06:
         40:6f:9e:da:77:ce:f5:6f:af:e4:d5:3c:9e:d3:b1:ec:6f:ba:
         48:d2:69:63:4c:7f:26:e7:f2:b6:77:a2:1c:48:9b:dc:c1:88:
         c9:9b:5d:89:f4:9e:71:77:85:12:c3:39:6d:00:18:d7:22:e8:
         8e:9d:25:a4:68:fd:6e:63:5e:36:d7:21:3c:db:51:df:bc:1b:
         05:9c:ce:39:9c:cd:fb:0a:fb:f5:8a:90:6e:0f:bb:50:1a:14:
         a2:8f:1c:f2:ec:68:4c:62:5b:56:a1:60:9f:15:f4:c6:86:4c:
         68:00:26:7b:0b:60:89:66:f7:99:66:34:b6:7c:69:91:97:73:
         ba:8e:2b:b0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKfIky80ZA7Xe8L7fE4ALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZDY3YTg0NDA5Y2VkYmEwMjJlZWIwMzViZDhhZDYyMGQ2
ODNlYTcwHhcNMjQwMTAyMTIzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWM2YzgzYzc5MzZiMzc5OTVlMjJhYTRiMzI0N2Q4MWI5NmNlNGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5maZM9b283qBinvDSgVI/aSyyihX
ROm8qEDX6j3YF9WD54Kvy3tcj8bC+zjd/vIXux6GR8ia9mpQ6/MkF8HAI71Y4AgA
jT3FKIlNL3sVsQOinL5A8ltMbqinY0c4nmMJtSSkaH0LE8UV2eKOPcTVcJgf09z3
5s+QWUnJGfg1qjdfFTObV6fdMHCsZMHgNahJ5k1eu1tRw+Jbd22moG6g8RomJn6c
uhzsmKzdN2zFNQy2o34FLQxwExsKrtaJWNYLpl87upe6kGcIyfEwAoj3yv+kaRti
xVyu3t8EVBRTqYJIA06LWyowQ0L8E+51aDhIucrYdDbTbyIkVVroXxNe/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC7GyDx5NrN5leIqpLMkfYG5bOTlMB8GA1UdIwQY
MBaAFIDWeoRAnO26Ai7rA1vYrWINaD6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ05aNmhFQ2M3Ym9DTHVzRFc5aXRZZzFvUHFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8xM2Q1MGItN2RiMy00ZDEwLThhNGUt
NmViM2FhNmEyMWFmLzEvTHNiSVBIazJzM21WNGlxa3N5UjlnYmxzNU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8xM2Q1MGItN2RiMy00ZDEwLThhNGUtNmViM2FhNmEyMWFm
LzEvZ05aNmhFQ2M3Ym9DTHVzRFc5aXRZZzFvUHFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwfJhMA8E
AgACMAkDBwAgAQZ8GKAwDQYJKoZIhvcNAQELBQADggEBAD7sygA4RMf7ebwl8Tno
NQVjl5QwLxxBS/n4uzaAQPDzFnlFokR4sdxH6IwJdby+DA4hOdyeWhUfKMUP7R+E
ES/sqKo7Vh9ApkltDpG8UMPTrvq9yLxEIzvuVcp33oi4FaFMXr5hEwQ3fVQQZemb
H/lX+LHBdzdjqXpQs0G2BkBvntp3zvVvr+TVPJ7TsexvukjSaWNMfybn8rZ3ohxI
m9zBiMmbXYn0nnF3hRLDOW0AGNci6I6dJaRo/W5jXjbXITzbUd+8GwWczjmczfsK
+/WKkG4Pu1AaFKKPHPLsaExiW1ahYJ8V9MaGTGgAJnsLYIlm95lmNLZ8aZGXc7qO
K7A=
-----END CERTIFICATE-----