Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/e2831a-4e74-4ea5-9097-0e445895a172/1/LqaxSLPsuVzJ-AOUZvX9VjuHLAc.roa
File:                     LqaxSLPsuVzJ-AOUZvX9VjuHLAc.roa (raw, json)
Hash identifier:          9AeXW10v8C91oj9hyO04nlEZIWQsNLUZJreVbpUQJMs=
Subject key identifier:   2E:A6:B1:48:B3:EC:B9:5C:C9:F8:03:94:66:F5:FD:56:3B:87:2C:07
Certificate issuer:       /CN=e99125e9ea822e034667c821a85ca5ab14ec0ad8
Certificate serial:       018CC9BBE0328380A9CC93085848CE4AD231
Authority key identifier: E9:91:25:E9:EA:82:2E:03:46:67:C8:21:A8:5C:A5:AB:14:EC:0A:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6ZEl6eqCLgNGZ8ghqFylqxTsCtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/e2831a-4e74-4ea5-9097-0e445895a172/1/LqaxSLPsuVzJ-AOUZvX9VjuHLAc.roa
Signing time:             Tue 02 Jan 2024 10:33:02 +0000
ROA not before:           Tue 02 Jan 2024 10:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59571
IP address blocks:        91.243.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/e2831a-4e74-4ea5-9097-0e445895a172/1/6ZEl6eqCLgNGZ8ghqFylqxTsCtg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/e2831a-4e74-4ea5-9097-0e445895a172/1/6ZEl6eqCLgNGZ8ghqFylqxTsCtg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6ZEl6eqCLgNGZ8ghqFylqxTsCtg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 16:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:e0:32:83:80:a9:cc:93:08:58:48:ce:4a:d2:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e99125e9ea822e034667c821a85ca5ab14ec0ad8
        Validity
            Not Before: Jan  2 10:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ea6b148b3ecb95cc9f8039466f5fd563b872c07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d0:25:e1:85:10:14:5e:ab:d6:36:df:a7:b4:
                    f5:96:d2:da:c2:40:17:ea:07:a8:12:9e:d7:39:a4:
                    20:1c:25:d6:21:f2:70:ae:e8:56:94:52:18:87:e8:
                    03:77:f6:ff:03:bb:e8:53:87:92:c9:38:f5:91:5c:
                    8b:66:ec:61:a3:f5:97:e4:d0:d0:6c:7d:59:de:ee:
                    2c:3e:88:9e:6e:e8:55:ab:1a:a0:30:9f:37:50:bd:
                    75:0b:39:cc:33:df:b4:47:c7:0f:7c:89:10:99:15:
                    19:fb:f2:68:06:1b:f5:0d:33:87:f1:f0:ec:90:58:
                    5f:0d:d9:c9:ae:dc:f3:de:7f:70:20:7c:7a:87:e4:
                    a5:ae:33:fe:ed:97:00:1c:73:d2:c4:63:37:47:f9:
                    d3:77:35:38:95:c6:4a:0e:a2:b7:30:07:0f:db:d3:
                    a6:b5:ae:a5:de:32:45:38:02:1c:07:68:f5:21:e8:
                    35:a1:60:f2:e4:9b:5a:cb:2d:71:75:ed:10:ce:dc:
                    bb:17:9b:30:67:05:3d:94:1d:b0:98:55:3f:82:b1:
                    36:6d:48:f6:c2:13:83:b6:3b:7d:b1:de:22:5d:e7:
                    65:fc:bb:7c:b2:41:14:f3:93:46:43:d5:d3:68:49:
                    1d:f2:c7:c6:40:12:b4:00:68:d3:d1:b0:a3:2a:f3:
                    98:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:A6:B1:48:B3:EC:B9:5C:C9:F8:03:94:66:F5:FD:56:3B:87:2C:07
            X509v3 Authority Key Identifier:
                keyid:E9:91:25:E9:EA:82:2E:03:46:67:C8:21:A8:5C:A5:AB:14:EC:0A:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6ZEl6eqCLgNGZ8ghqFylqxTsCtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/e2831a-4e74-4ea5-9097-0e445895a172/1/LqaxSLPsuVzJ-AOUZvX9VjuHLAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/e2831a-4e74-4ea5-9097-0e445895a172/1/6ZEl6eqCLgNGZ8ghqFylqxTsCtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:76:3c:6b:51:18:c4:76:aa:73:08:a4:34:03:71:40:e8:ef:
         24:35:17:23:a7:ca:5f:7f:47:de:cc:b6:89:4f:d7:49:d2:36:
         2f:85:16:f5:f9:a4:82:5f:cb:ac:47:bc:dd:c5:c4:8c:3a:46:
         d5:23:a5:30:36:e0:f4:8c:7d:e9:2c:bc:cf:fb:18:d8:68:f9:
         70:a7:ae:7f:f5:1e:bd:39:91:c3:aa:ab:3c:55:fc:8b:51:8a:
         f0:dd:82:e8:fd:8d:b6:cf:6f:31:d0:4e:e5:af:55:9a:cc:cc:
         9c:4c:90:57:75:ab:b8:b4:a7:18:82:87:d5:c2:97:dd:01:d2:
         51:28:dd:de:97:40:79:f1:ac:f9:3f:f2:1c:c4:e5:2a:5a:fe:
         51:12:a6:f8:9b:dd:95:4e:66:b5:04:7c:9e:bc:23:d8:a6:03:
         82:ce:af:f7:2b:2d:0d:00:35:10:73:b3:4a:bf:0b:08:bc:35:
         c2:21:89:81:ea:07:dd:98:8c:5a:b3:c4:a2:67:db:a8:14:fc:
         04:4e:d3:aa:c2:17:54:62:1e:07:76:25:78:73:f4:2f:a8:47:
         94:40:8c:9b:f3:61:ec:e5:98:83:8a:23:fe:82:27:fc:39:c2:
         f4:e8:fc:d0:61:1f:a1:46:78:02:75:06:b3:d2:f7:2b:02:f4:
         9a:da:39:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu+Ayg4CpzJMIWEjOStIxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5OTEyNWU5ZWE4MjJlMDM0NjY3YzgyMWE4NWNhNWFiMTRl
YzBhZDgwHhcNMjQwMTAyMTAzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWE2YjE0OGIzZWNiOTVjYzlmODAzOTQ2NmY1ZmQ1NjNiODcyYzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9Al4YUQFF6r1jbfp7T1ltLawkAX
6geoEp7XOaQgHCXWIfJwruhWlFIYh+gDd/b/A7voU4eSyTj1kVyLZuxho/WX5NDQ
bH1Z3u4sPoiebuhVqxqgMJ83UL11CznMM9+0R8cPfIkQmRUZ+/JoBhv1DTOH8fDs
kFhfDdnJrtzz3n9wIHx6h+SlrjP+7ZcAHHPSxGM3R/nTdzU4lcZKDqK3MAcP29Om
ta6l3jJFOAIcB2j1Ieg1oWDy5Jtayy1xde0Qzty7F5swZwU9lB2wmFU/grE2bUj2
whODtjt9sd4iXedl/Lt8skEU85NGQ9XTaEkd8sfGQBK0AGjT0bCjKvOYgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6msUiz7LlcyfgDlGb1/VY7hywHMB8GA1UdIwQY
MBaAFOmRJenqgi4DRmfIIahcpasU7ArYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlpFbDZlcUNMZ05HWjhnaHFGeWxxeFRzQ3RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lMjgzMWEtNGU3NC00ZWE1LTkwOTct
MGU0NDU4OTVhMTcyLzEvTHFheFNMUHN1VnpKLUFPVVp2WDlWanVITEFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lMjgzMWEtNGU3NC00ZWE1LTkwOTctMGU0NDU4OTVhMTcy
LzEvNlpFbDZlcUNMZ05HWjhnaHFGeWxxeFRzQ3RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/NEMA0G
CSqGSIb3DQEBCwUAA4IBAQBzdjxrURjEdqpzCKQ0A3FA6O8kNRcjp8pff0fezLaJ
T9dJ0jYvhRb1+aSCX8usR7zdxcSMOkbVI6UwNuD0jH3pLLzP+xjYaPlwp65/9R69
OZHDqqs8VfyLUYrw3YLo/Y22z28x0E7lr1WazMycTJBXdau4tKcYgofVwpfdAdJR
KN3el0B58az5P/IcxOUqWv5REqb4m92VTma1BHyevCPYpgOCzq/3Ky0NADUQc7NK
vwsIvDXCIYmB6gfdmIxas8SiZ9uoFPwETtOqwhdUYh4HdiV4c/QvqEeUQIyb82Hs
5ZiDiiP+gif8OcL06PzQYR+hRngCdQaz0vcrAvSa2jla
-----END CERTIFICATE-----