Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/LtPXIJBODsTgHOTG4NK5yVKpj5k.roa
File:                     LtPXIJBODsTgHOTG4NK5yVKpj5k.roa (raw, json)
Hash identifier:          ITX8aC19jlc3FBy1kQN9LCE6ibXilzDMrJg98+CkzVM=
Subject key identifier:   2E:D3:D7:20:90:4E:0E:C4:E0:1C:E4:C6:E0:D2:B9:C9:52:A9:8F:99
Certificate issuer:       /CN=abdc402cd535fc9123ea026c62ae9cf0f80e9418
Certificate serial:       01942747253E0E7B879F4F03C11E5D94EC73
Authority key identifier: AB:DC:40:2C:D5:35:FC:91:23:EA:02:6C:62:AE:9C:F0:F8:0E:94:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q9xALNU1_JEj6gJsYq6c8PgOlBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/LtPXIJBODsTgHOTG4NK5yVKpj5k.roa
Signing time:             Thu 02 Jan 2025 13:49:21 +0000
ROA not before:           Thu 02 Jan 2025 13:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13101
IP address blocks:        62.93.0.0/19 maxlen: 19
                          185.119.72.0/22 maxlen: 22
                          2a06:9040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/q9xALNU1_JEj6gJsYq6c8PgOlBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/q9xALNU1_JEj6gJsYq6c8PgOlBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q9xALNU1_JEj6gJsYq6c8PgOlBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:25:3e:0e:7b:87:9f:4f:03:c1:1e:5d:94:ec:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abdc402cd535fc9123ea026c62ae9cf0f80e9418
        Validity
            Not Before: Jan  2 13:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ed3d720904e0ec4e01ce4c6e0d2b9c952a98f99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:fd:26:ed:a5:5c:3f:ca:d5:65:83:0d:3f:fc:
                    b4:f4:9c:49:a5:33:e9:09:75:2a:ec:aa:19:15:a6:
                    cc:64:b6:4b:c2:06:37:a2:d5:56:74:9f:4e:c8:eb:
                    ef:36:76:3f:81:33:e2:52:a9:d3:ef:44:85:a9:4a:
                    5a:16:ac:33:7e:24:3c:ff:b4:16:41:89:13:23:40:
                    73:0e:f9:8f:a9:45:bf:0f:38:c6:46:d5:21:d2:07:
                    95:ac:27:eb:0f:bf:6f:d2:11:20:64:c0:c0:31:36:
                    5b:1e:ac:91:2f:60:5f:c1:29:cd:8b:7b:24:2c:0a:
                    ac:f4:0f:2f:02:2f:19:65:73:9c:54:d4:6f:00:37:
                    c1:45:ef:e5:c1:f3:06:24:69:65:79:0a:32:ca:97:
                    ce:98:88:a5:39:8d:2c:61:b5:d0:f7:b8:e3:99:39:
                    84:1e:12:52:5a:a8:42:b3:6f:75:d8:a9:71:2a:e7:
                    39:c5:f3:56:d4:93:37:a5:25:68:16:15:9d:0b:43:
                    5b:34:ad:54:18:e8:e7:75:a7:12:66:af:3f:29:27:
                    69:90:83:2c:e4:e4:d3:cf:b9:1b:d9:4f:80:8b:1f:
                    00:15:58:36:67:a9:97:96:16:9e:a9:59:5c:0a:d5:
                    7f:92:fe:70:0c:51:12:57:93:ca:d1:a8:4f:ae:6c:
                    a5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D3:D7:20:90:4E:0E:C4:E0:1C:E4:C6:E0:D2:B9:C9:52:A9:8F:99
            X509v3 Authority Key Identifier:
                keyid:AB:DC:40:2C:D5:35:FC:91:23:EA:02:6C:62:AE:9C:F0:F8:0E:94:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q9xALNU1_JEj6gJsYq6c8PgOlBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/LtPXIJBODsTgHOTG4NK5yVKpj5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/q9xALNU1_JEj6gJsYq6c8PgOlBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.93.0.0/19
                  185.119.72.0/22
                IPv6:
                  2a06:9040::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:ba:58:70:91:92:8d:ee:08:14:61:f1:a2:fa:9b:a0:69:d7:
         ba:c1:7d:a2:fb:3a:d1:74:05:60:1e:fd:93:e2:04:64:ca:f9:
         4c:26:0e:85:01:e1:90:31:8a:77:6c:71:cf:b2:7b:87:f7:48:
         f3:6e:76:14:58:e2:5f:b6:9b:f4:52:e9:00:6b:94:a6:18:13:
         0b:cf:7c:e1:32:05:73:1b:9b:dd:58:a9:0f:ec:5c:d8:77:12:
         7a:01:9b:30:77:ec:dc:62:5f:14:b4:fc:35:fb:42:da:ec:d9:
         e2:98:7d:c4:3f:9d:6d:2d:fb:57:92:87:99:41:a3:a7:56:88:
         0a:70:ec:bf:00:70:0f:63:1c:9c:49:78:9b:fb:de:d6:15:3a:
         2e:4d:5b:4c:f0:cc:f9:b1:29:fa:b5:82:11:b2:4f:10:ec:aa:
         2d:df:13:bb:44:87:96:ce:32:c1:bc:42:5b:0d:09:ed:9d:45:
         ee:ba:f8:2c:bc:12:11:44:89:e5:2d:86:f8:7d:b9:7f:79:aa:
         15:1a:e2:f6:34:8a:05:70:74:c5:1f:42:16:d1:d7:2e:18:8a:
         c3:cf:e8:94:fc:b1:4d:e3:2d:e1:7e:85:4a:47:3a:42:f8:16:
         e4:d9:36:dc:da:b5:a3:86:2f:54:03:c1:ed:c0:25:b3:d9:e0:
         4c:76:ae:4a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnRyU+DnuHn08DwR5dlOxzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZGM0MDJjZDUzNWZjOTEyM2VhMDI2YzYyYWU5Y2YwZjgw
ZTk0MTgwHhcNMjUwMTAyMTM0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQzZDcyMDkwNGUwZWM0ZTAxY2U0YzZlMGQyYjljOTUyYTk4Zjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/0m7aVcP8rVZYMNP/y09JxJpTPp
CXUq7KoZFabMZLZLwgY3otVWdJ9OyOvvNnY/gTPiUqnT70SFqUpaFqwzfiQ8/7QW
QYkTI0BzDvmPqUW/DzjGRtUh0geVrCfrD79v0hEgZMDAMTZbHqyRL2BfwSnNi3sk
LAqs9A8vAi8ZZXOcVNRvADfBRe/lwfMGJGlleQoyypfOmIilOY0sYbXQ97jjmTmE
HhJSWqhCs2912KlxKuc5xfNW1JM3pSVoFhWdC0NbNK1UGOjndacSZq8/KSdpkIMs
5OTTz7kb2U+Aix8AFVg2Z6mXlhaeqVlcCtV/kv5wDFESV5PK0ahPrmylaQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFC7T1yCQTg7E4BzkxuDSuclSqY+ZMB8GA1UdIwQY
MBaAFKvcQCzVNfyRI+oCbGKunPD4DpQYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTl4QUxOVTFfSkVqNmdKc1lxNmM4UGdPbEJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS83NTIzZDktNDY0OC00MzVlLTk5NjEt
NDA3MzViMmY4NDgxLzEvTHRQWElKQk9Ec1RnSE9URzROSzV5VktwajVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS83NTIzZDktNDY0OC00MzVlLTk5NjEtNDA3MzViMmY4NDgx
LzEvcTl4QUxOVTFfSkVqNmdKc1lxNmM4UGdPbEJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFPl0AAwQC
uXdIMA0EAgACMAcDBQMqBpBAMA0GCSqGSIb3DQEBCwUAA4IBAQA5ulhwkZKN7ggU
YfGi+pugade6wX2i+zrRdAVgHv2T4gRkyvlMJg6FAeGQMYp3bHHPsnuH90jzbnYU
WOJftpv0UukAa5SmGBMLz3zhMgVzG5vdWKkP7FzYdxJ6AZswd+zcYl8UtPw1+0La
7NnimH3EP51tLftXkoeZQaOnVogKcOy/AHAPYxycSXib+97WFTouTVtM8Mz5sSn6
tYIRsk8Q7Kot3xO7RIeWzjLBvEJbDQntnUXuuvgsvBIRRInlLYb4fbl/eaoVGuL2
NIoFcHTFH0IW0dcuGIrDz+iU/LFN4y3hfoVKRzpC+Bbk2Tbc2rWjhi9UA8HtwCWz
2eBMdq5K
-----END CERTIFICATE-----