Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/Lz_3txo62oEOC11Rh4vR0a3aQWQ.roa
File:                     Lz_3txo62oEOC11Rh4vR0a3aQWQ.roa (raw, json)
Hash identifier:          V1l/jO67isyjdEvuiUE9Hva4iLIO8hjYi6Kz+YFaE+A=
Subject key identifier:   2F:3F:F7:B7:1A:3A:DA:81:0E:0B:5D:51:87:8B:D1:D1:AD:DA:41:64
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       018CC501538235797745EA1D5B16D48FE99D
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/Lz_3txo62oEOC11Rh4vR0a3aQWQ.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        212.18.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:53:82:35:79:77:45:ea:1d:5b:16:d4:8f:e9:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f3ff7b71a3ada810e0b5d51878bd1d1adda4164
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:cd:7c:d7:fa:36:01:39:10:4b:a5:ff:a4:09:
                    2a:34:34:05:ca:b1:a0:59:de:1b:db:ea:1c:04:71:
                    02:b9:21:50:4c:29:31:bd:5f:1a:17:39:14:1c:90:
                    84:31:e6:ec:84:03:dd:cf:c7:45:48:e3:00:a9:3a:
                    8f:fd:0f:39:d4:1c:d1:2d:bc:07:bf:1d:d1:be:0c:
                    9c:2e:2c:c0:39:4d:c4:ab:e0:52:b3:ce:9c:32:7d:
                    a3:e8:76:9c:86:95:cd:07:08:37:83:b3:77:7b:94:
                    4a:9f:b7:8b:a5:e5:5e:39:0c:2a:e5:53:83:7e:47:
                    a3:09:6b:55:d0:5b:f2:d5:0e:69:a5:8f:9a:06:b4:
                    28:bc:fd:de:bc:62:1c:c7:e8:34:5d:f8:62:8d:6a:
                    2b:5e:e8:69:52:02:b2:60:0e:5f:26:63:f4:1e:75:
                    d0:0d:31:af:81:6a:ed:d1:1f:6e:b8:2d:41:8e:80:
                    a4:12:5a:e6:5e:98:a7:e6:91:14:cb:7f:fa:37:54:
                    6e:53:95:a2:87:b4:01:ce:56:ab:ad:df:52:9a:b3:
                    e7:18:29:fe:a3:a3:38:aa:8f:ba:6f:d2:b4:9f:0c:
                    78:9d:9f:37:65:6f:7e:73:8b:e2:8c:58:2a:03:8f:
                    f6:9c:8a:37:0e:d1:0a:d5:af:90:3f:0c:ba:cc:24:
                    b2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:3F:F7:B7:1A:3A:DA:81:0E:0B:5D:51:87:8B:D1:D1:AD:DA:41:64
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/Lz_3txo62oEOC11Rh4vR0a3aQWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.18.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:0c:d2:c6:0d:64:4b:84:f3:ef:52:2c:a3:00:64:c5:6f:dc:
         7f:f8:17:bc:15:61:0b:a2:94:bd:63:d5:b5:9c:b0:16:76:d8:
         a7:66:a2:a0:21:3a:f4:08:cd:d8:f5:e1:7e:88:36:d2:fd:52:
         e1:80:5e:e5:73:5e:d2:af:07:ca:b6:44:af:cd:d3:98:77:73:
         b7:2c:6c:55:ca:25:3a:91:d1:18:5c:c6:83:0f:72:46:8f:ad:
         b1:cc:b4:ce:c7:20:3a:30:5f:0f:63:78:ae:c5:e5:be:2c:27:
         68:a9:22:1d:eb:04:88:50:02:a3:76:68:e5:4d:e3:27:99:37:
         b0:18:2c:04:9d:9c:73:0e:c3:00:fa:ba:52:fa:8a:12:76:c3:
         75:7d:7f:92:1f:13:c4:06:07:9e:7f:57:51:78:c8:57:72:39:
         ab:81:14:17:3d:84:47:d4:9b:e9:be:2e:ce:07:e7:b7:f7:da:
         1c:41:e3:02:b3:d4:a8:12:f1:0b:c0:82:fd:8c:e9:30:a2:ad:
         d8:b7:d3:69:3e:ba:55:90:ac:02:ee:88:5e:c8:cf:2d:3d:c5:
         19:65:b1:ff:e5:f5:eb:79:32:51:06:1a:84:ae:db:91:c6:c3:
         38:e8:12:05:af:b5:2c:b5:2c:5c:72:ee:ef:c6:a7:f7:9b:fa:
         1f:4d:7f:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVOCNXl3ReodWxbUj+mdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjNmZjdiNzFhM2FkYTgxMGUwYjVkNTE4NzhiZDFkMWFkZGE0MTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlM181/o2ATkQS6X/pAkqNDQFyrGg
Wd4b2+ocBHECuSFQTCkxvV8aFzkUHJCEMebshAPdz8dFSOMAqTqP/Q851BzRLbwH
vx3RvgycLizAOU3Eq+BSs86cMn2j6HachpXNBwg3g7N3e5RKn7eLpeVeOQwq5VOD
fkejCWtV0Fvy1Q5ppY+aBrQovP3evGIcx+g0XfhijWorXuhpUgKyYA5fJmP0HnXQ
DTGvgWrt0R9uuC1BjoCkElrmXpin5pEUy3/6N1RuU5Wih7QBzlarrd9SmrPnGCn+
o6M4qo+6b9K0nwx4nZ83ZW9+c4vijFgqA4/2nIo3DtEK1a+QPwy6zCSyOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8/97caOtqBDgtdUYeL0dGt2kFkMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvTHpfM3R4bzYyb0VPQzExUmg0dlIwYTNhUVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BJoMA0G
CSqGSIb3DQEBCwUAA4IBAQAFDNLGDWRLhPPvUiyjAGTFb9x/+Be8FWELopS9Y9W1
nLAWdtinZqKgITr0CM3Y9eF+iDbS/VLhgF7lc17SrwfKtkSvzdOYd3O3LGxVyiU6
kdEYXMaDD3JGj62xzLTOxyA6MF8PY3iuxeW+LCdoqSId6wSIUAKjdmjlTeMnmTew
GCwEnZxzDsMA+rpS+ooSdsN1fX+SHxPEBgeef1dReMhXcjmrgRQXPYRH1Jvpvi7O
B+e399ocQeMCs9SoEvELwIL9jOkwoq3Yt9NpPrpVkKwC7oheyM8tPcUZZbH/5fXr
eTJRBhqErtuRxsM46BIFr7UstSxccu7vxqf3m/ofTX+O
-----END CERTIFICATE-----