Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/e849bb-1304-44ea-838f-1a39c3d34f08/1/lvr0cznDn9OLv8_GSLRIXI64Wxo.roa
File:                     lvr0cznDn9OLv8_GSLRIXI64Wxo.roa (raw, json)
Hash identifier:          zu8w05vyZSovZLtJMQNXGH94uFEApQY9SVsNop1J/y8=
Subject key identifier:   96:FA:F4:73:39:C3:9F:D3:8B:BF:CF:C6:48:B4:48:5C:8E:B8:5B:1A
Certificate issuer:       /CN=be604ff35a29c91156be4bd229b3baf77c8397bd
Certificate serial:       018CC8DF6944A4CE41F4CD13DE3A2F187D93
Authority key identifier: BE:60:4F:F3:5A:29:C9:11:56:BE:4B:D2:29:B3:BA:F7:7C:83:97:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vmBP81opyRFWvkvSKbO693yDl70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/e849bb-1304-44ea-838f-1a39c3d34f08/1/lvr0cznDn9OLv8_GSLRIXI64Wxo.roa
Signing time:             Tue 02 Jan 2024 06:32:13 +0000
ROA not before:           Tue 02 Jan 2024 06:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208795
IP address blocks:        5.35.104.0/21 maxlen: 24
                          2a07:aa40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/e849bb-1304-44ea-838f-1a39c3d34f08/1/vmBP81opyRFWvkvSKbO693yDl70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/e849bb-1304-44ea-838f-1a39c3d34f08/1/vmBP81opyRFWvkvSKbO693yDl70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vmBP81opyRFWvkvSKbO693yDl70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:69:44:a4:ce:41:f4:cd:13:de:3a:2f:18:7d:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be604ff35a29c91156be4bd229b3baf77c8397bd
        Validity
            Not Before: Jan  2 06:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96faf47339c39fd38bbfcfc648b4485c8eb85b1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:77:39:90:2a:f4:ba:fb:a5:c3:55:f6:c6:71:
                    ec:e8:eb:36:b2:2f:09:ef:07:b6:1c:86:90:75:74:
                    da:d0:b6:f3:96:0e:7b:03:79:3d:73:b0:7e:0c:9d:
                    98:75:8d:a0:f4:54:b9:1e:cc:70:bc:4d:77:e0:f9:
                    dc:70:36:43:01:4f:4f:0f:15:d5:2b:aa:4e:9a:d2:
                    4e:4d:51:90:8c:c8:d8:45:42:26:d1:a4:0d:3a:95:
                    6e:14:db:9f:70:d0:76:17:20:6d:b8:dd:2a:d0:71:
                    75:1b:99:9c:37:46:5d:14:61:e0:a0:bf:ec:c9:f5:
                    a6:d0:8d:ee:70:fe:cc:dc:62:87:6f:81:bf:fb:43:
                    2a:01:52:3f:f6:57:58:04:11:d5:62:39:47:f2:59:
                    01:dd:a1:b0:9b:94:51:18:62:ca:46:5d:13:9b:ce:
                    c2:b0:00:04:81:8a:91:24:56:3c:a9:1b:3c:c0:7a:
                    bc:27:8c:c4:b3:d1:95:92:0d:6a:b2:9a:2d:b9:d5:
                    d3:34:d9:7a:4f:83:9e:8b:c9:5c:4e:da:66:92:b8:
                    99:06:d6:17:ec:ca:c5:06:7e:aa:c3:d9:71:83:3e:
                    6b:86:54:6b:5e:df:cc:31:21:b5:fc:7e:f6:c5:52:
                    6c:07:91:47:ab:8e:88:ef:17:70:97:41:96:87:29:
                    75:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:FA:F4:73:39:C3:9F:D3:8B:BF:CF:C6:48:B4:48:5C:8E:B8:5B:1A
            X509v3 Authority Key Identifier:
                keyid:BE:60:4F:F3:5A:29:C9:11:56:BE:4B:D2:29:B3:BA:F7:7C:83:97:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vmBP81opyRFWvkvSKbO693yDl70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e849bb-1304-44ea-838f-1a39c3d34f08/1/lvr0cznDn9OLv8_GSLRIXI64Wxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e849bb-1304-44ea-838f-1a39c3d34f08/1/vmBP81opyRFWvkvSKbO693yDl70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.104.0/21
                IPv6:
                  2a07:aa40::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:3a:91:e9:c3:2f:c9:f3:d7:78:48:c2:1d:9c:6a:ef:1f:5b:
         7f:40:4f:97:d3:04:a8:10:08:b8:ac:8d:b5:51:34:90:17:82:
         99:af:e8:12:28:bf:62:db:e3:36:c6:b4:e9:1f:df:39:5b:e9:
         30:84:b4:62:6f:b1:8e:89:db:2a:d7:7e:a6:c9:e5:ec:c0:64:
         c3:c1:1f:92:fa:e3:15:1c:30:4a:85:d3:8b:86:c0:87:f6:44:
         b7:3c:64:7b:45:c8:d4:b1:4f:09:ab:bf:c9:89:0c:73:e9:a5:
         f2:91:56:5d:10:a8:2e:11:a1:b3:db:5d:48:a8:2b:b2:4b:23:
         37:30:71:de:ab:d7:65:77:47:d4:c6:8c:8b:4e:c0:11:1b:20:
         3f:b6:5c:86:4c:82:67:48:75:a8:c2:17:a5:84:c8:d3:1e:68:
         c9:e5:11:80:44:c3:2f:26:6b:8d:0e:7a:f7:58:49:70:20:5a:
         dc:25:d5:6d:29:c8:b8:ee:87:1f:84:29:79:72:11:59:10:57:
         f8:8b:0e:a4:52:54:f1:34:07:79:fc:82:fa:db:09:52:bc:d9:
         2b:85:db:51:46:97:a3:30:46:d7:e4:96:77:6c:be:bd:31:1a:
         c3:3a:df:c4:86:ac:62:21:dc:2b:df:12:e6:e4:07:d0:8f:d2:
         4f:1e:10:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI32lEpM5B9M0T3jovGH2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNjA0ZmYzNWEyOWM5MTE1NmJlNGJkMjI5YjNiYWY3N2M4
Mzk3YmQwHhcNMjQwMTAyMDYzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmZhZjQ3MzM5YzM5ZmQzOGJiZmNmYzY0OGI0NDg1YzhlYjg1YjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Hc5kCr0uvulw1X2xnHs6Os2si8J
7we2HIaQdXTa0Lbzlg57A3k9c7B+DJ2YdY2g9FS5HsxwvE134PnccDZDAU9PDxXV
K6pOmtJOTVGQjMjYRUIm0aQNOpVuFNufcNB2FyBtuN0q0HF1G5mcN0ZdFGHgoL/s
yfWm0I3ucP7M3GKHb4G/+0MqAVI/9ldYBBHVYjlH8lkB3aGwm5RRGGLKRl0Tm87C
sAAEgYqRJFY8qRs8wHq8J4zEs9GVkg1qspotudXTNNl6T4Oei8lcTtpmkriZBtYX
7MrFBn6qw9lxgz5rhlRrXt/MMSG1/H72xVJsB5FHq46I7xdwl0GWhyl1fQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJb69HM5w5/Ti7/Pxki0SFyOuFsaMB8GA1UdIwQY
MBaAFL5gT/NaKckRVr5L0imzuvd8g5e9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm1CUDgxb3B5UkZXdmt2U0tiTzY5M3lEbDcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9lODQ5YmItMTMwNC00NGVhLTgzOGYt
MWEzOWMzZDM0ZjA4LzEvbHZyMGN6bkRuOU9MdjhfR1NMUklYSTY0V3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9lODQ5YmItMTMwNC00NGVhLTgzOGYtMWEzOWMzZDM0ZjA4
LzEvdm1CUDgxb3B5UkZXdmt2U0tiTzY5M3lEbDcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDBSNoMA0E
AgACMAcDBQMqB6pAMA0GCSqGSIb3DQEBCwUAA4IBAQCiOpHpwy/J89d4SMIdnGrv
H1t/QE+X0wSoEAi4rI21UTSQF4KZr+gSKL9i2+M2xrTpH985W+kwhLRib7GOidsq
136myeXswGTDwR+S+uMVHDBKhdOLhsCH9kS3PGR7RcjUsU8Jq7/JiQxz6aXykVZd
EKguEaGz211IqCuySyM3MHHeq9dld0fUxoyLTsARGyA/tlyGTIJnSHWowhelhMjT
HmjJ5RGARMMvJmuNDnr3WElwIFrcJdVtKci47ocfhCl5chFZEFf4iw6kUlTxNAd5
/IL62wlSvNkrhdtRRpejMEbX5JZ3bL69MRrDOt/EhqxiIdwr3xLm5AfQj9JPHhAq
-----END CERTIFICATE-----