Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/a6899b-3bb2-4ddc-9c91-a1e3c394ee80/1/lhGz6B59KeMcscLlwP8SPnbuK40.roa
File:                     lhGz6B59KeMcscLlwP8SPnbuK40.roa (raw, json)
Hash identifier:          XdPOOZD1AAjAW5oJyg1981KU15FOvGUGVn6k+W8CmHk=
Subject key identifier:   96:11:B3:E8:1E:7D:29:E3:1C:B1:C2:E5:C0:FF:12:3E:76:EE:2B:8D
Certificate issuer:       /CN=0b31cb530fe52fcc029e6497e778200398c29f3c
Certificate serial:       019422FB2EF1CD676105C0E4BEFC5BC5A891
Authority key identifier: 0B:31:CB:53:0F:E5:2F:CC:02:9E:64:97:E7:78:20:03:98:C2:9F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CzHLUw_lL8wCnmSX53ggA5jCnzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/a6899b-3bb2-4ddc-9c91-a1e3c394ee80/1/lhGz6B59KeMcscLlwP8SPnbuK40.roa
Signing time:             Wed 01 Jan 2025 17:47:54 +0000
ROA not before:           Wed 01 Jan 2025 17:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5483
IP address blocks:        185.51.188.0/24 maxlen: 24
                          2a01:b5e0::/104 maxlen: 104
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/a6899b-3bb2-4ddc-9c91-a1e3c394ee80/1/CzHLUw_lL8wCnmSX53ggA5jCnzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/a6899b-3bb2-4ddc-9c91-a1e3c394ee80/1/CzHLUw_lL8wCnmSX53ggA5jCnzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CzHLUw_lL8wCnmSX53ggA5jCnzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:2e:f1:cd:67:61:05:c0:e4:be:fc:5b:c5:a8:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b31cb530fe52fcc029e6497e778200398c29f3c
        Validity
            Not Before: Jan  1 17:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9611b3e81e7d29e31cb1c2e5c0ff123e76ee2b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d9:cb:77:55:eb:90:ce:a5:ee:64:95:5d:7c:
                    41:df:36:e1:b4:b9:41:24:dc:ff:dd:c9:0f:27:d3:
                    cd:4b:74:34:0b:3b:a5:20:47:fa:7a:18:3d:9d:19:
                    e0:f3:77:b6:5b:89:70:3b:be:d0:77:b1:cb:99:be:
                    07:a3:32:aa:70:0b:1f:c2:ff:4d:2f:7c:6f:5e:90:
                    23:34:fe:76:53:ac:50:9d:9f:15:2b:50:a6:9d:7b:
                    3e:23:fa:8b:90:97:b8:bc:b3:58:d9:5f:7d:8d:33:
                    b1:f8:78:a4:fc:ef:15:59:98:40:59:b6:e6:3d:72:
                    e0:89:72:fe:27:c9:7f:74:fb:1a:c7:9a:4d:7e:7a:
                    e6:ea:b9:ab:64:11:d5:1e:2b:1e:9c:44:ba:04:09:
                    3b:f3:93:c5:34:c1:5f:cb:87:51:d1:ef:5c:51:db:
                    0a:71:3c:ca:9c:cd:8b:b8:09:74:7c:07:fc:0e:d5:
                    44:78:8c:fa:d1:92:4c:b2:cb:5c:9b:b5:e9:df:7f:
                    6e:76:95:b4:1b:77:96:a8:4b:29:49:85:d3:b2:7a:
                    5d:ac:11:4f:70:20:5e:75:0f:75:40:4a:81:1a:1a:
                    7c:f5:46:56:33:2b:5d:94:e4:34:21:1e:23:11:73:
                    ce:0e:79:d5:32:c9:8e:5a:37:1c:c4:1d:38:ed:4e:
                    7e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:11:B3:E8:1E:7D:29:E3:1C:B1:C2:E5:C0:FF:12:3E:76:EE:2B:8D
            X509v3 Authority Key Identifier:
                keyid:0B:31:CB:53:0F:E5:2F:CC:02:9E:64:97:E7:78:20:03:98:C2:9F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CzHLUw_lL8wCnmSX53ggA5jCnzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/a6899b-3bb2-4ddc-9c91-a1e3c394ee80/1/lhGz6B59KeMcscLlwP8SPnbuK40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/a6899b-3bb2-4ddc-9c91-a1e3c394ee80/1/CzHLUw_lL8wCnmSX53ggA5jCnzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.188.0/24
                IPv6:
                  2a01:b5e0::/104

    Signature Algorithm: sha256WithRSAEncryption
         2e:5c:5c:c1:66:5f:b3:2e:23:a7:84:f6:ba:af:01:db:26:90:
         17:7f:06:d5:64:f5:76:f6:5f:b8:71:47:5f:25:ba:3c:7b:9b:
         fe:4a:00:32:3e:df:c3:30:ca:63:8b:1e:a5:bf:97:65:e4:66:
         bd:74:b4:8a:c4:bf:97:b2:89:3e:c8:7f:25:d3:26:f4:2f:27:
         9a:86:35:ab:52:96:6d:fc:a5:4d:24:93:6a:e9:94:fd:b1:89:
         76:62:14:90:b5:a1:0f:6e:c9:58:9b:59:1a:c7:6f:07:41:7d:
         dd:87:aa:58:86:31:ee:3a:44:40:75:ef:9b:5d:91:06:59:92:
         54:fb:66:c0:5d:c9:59:6e:16:a3:ce:45:68:93:24:91:0c:19:
         d0:0a:54:91:91:94:de:40:49:c1:75:af:af:90:62:24:c8:03:
         9f:14:57:22:dc:18:ca:cb:db:67:50:43:0f:ef:18:73:80:f5:
         ca:ce:ab:79:93:cf:1b:c6:7c:01:9a:3b:bc:0b:70:0d:09:b4:
         da:91:bf:92:06:0e:5e:2b:5b:78:47:fc:a1:6d:7a:4d:af:7b:
         d1:b3:c4:bc:4f:99:12:e6:63:8a:c5:6c:12:e5:c1:45:f6:19:
         e8:f4:ab:3f:0b:b9:53:e7:74:a9:6c:4f:49:59:f8:03:ee:07:
         44:af:bf:41
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQi+y7xzWdhBcDkvvxbxaiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMzFjYjUzMGZlNTJmY2MwMjllNjQ5N2U3NzgyMDAzOThj
MjlmM2MwHhcNMjUwMTAxMTc0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjExYjNlODFlN2QyOWUzMWNiMWMyZTVjMGZmMTIzZTc2ZWUyYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNnLd1XrkM6l7mSVXXxB3zbhtLlB
JNz/3ckPJ9PNS3Q0CzulIEf6ehg9nRng83e2W4lwO77Qd7HLmb4HozKqcAsfwv9N
L3xvXpAjNP52U6xQnZ8VK1CmnXs+I/qLkJe4vLNY2V99jTOx+Hik/O8VWZhAWbbm
PXLgiXL+J8l/dPsax5pNfnrm6rmrZBHVHisenES6BAk785PFNMFfy4dR0e9cUdsK
cTzKnM2LuAl0fAf8DtVEeIz60ZJMsstcm7Xp339udpW0G3eWqEspSYXTsnpdrBFP
cCBedQ91QEqBGhp89UZWMytdlOQ0IR4jEXPODnnVMsmOWjccxB047U5+8QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJYRs+gefSnjHLHC5cD/Ej527iuNMB8GA1UdIwQY
MBaAFAsxy1MP5S/MAp5kl+d4IAOYwp88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3pITFV3X2xMOHdDbm1TWDUzZ2dBNWpDbnp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9hNjg5OWItM2JiMi00ZGRjLTljOTEt
YTFlM2MzOTRlZTgwLzEvbGhHejZCNTlLZU1jc2NMbHdQOFNQbmJ1SzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9hNjg5OWItM2JiMi00ZGRjLTljOTEtYTFlM2MzOTRlZTgw
LzEvQ3pITFV3X2xMOHdDbm1TWDUzZ2dBNWpDbnp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQAuTO8MBYE
AgACMBADDgAqAbXgAAAAAAAAAAAAMA0GCSqGSIb3DQEBCwUAA4IBAQAuXFzBZl+z
LiOnhPa6rwHbJpAXfwbVZPV29l+4cUdfJbo8e5v+SgAyPt/DMMpjix6lv5dl5Ga9
dLSKxL+Xsok+yH8l0yb0LyeahjWrUpZt/KVNJJNq6ZT9sYl2YhSQtaEPbslYm1ka
x28HQX3dh6pYhjHuOkRAde+bXZEGWZJU+2bAXclZbhajzkVokySRDBnQClSRkZTe
QEnBda+vkGIkyAOfFFci3BjKy9tnUEMP7xhzgPXKzqt5k88bxnwBmju8C3ANCbTa
kb+SBg5eK1t4R/yhbXpNr3vRs8S8T5kS5mOKxWwS5cFF9hno9Ks/C7lT53SpbE9J
WfgD7gdEr79B
-----END CERTIFICATE-----