Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/lvnkvAk4IcbHl7WPJUw-5R7opA4.roa
File:                     lvnkvAk4IcbHl7WPJUw-5R7opA4.roa (raw, json)
Hash identifier:          sBXAa13E/VPjhQjtV08838jCw+eIScfWcYpqnE8iwrs=
Subject key identifier:   96:F9:E4:BC:09:38:21:C6:C7:97:B5:8F:25:4C:3E:E5:1E:E8:A4:0E
Certificate issuer:       /CN=74b03f050c9f946be2b258dc4960ec09085fc157
Certificate serial:       019069105DB2EBF71EACEFF4ECCD4260EC15
Authority key identifier: 74:B0:3F:05:0C:9F:94:6B:E2:B2:58:DC:49:60:EC:09:08:5F:C1:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dLA_BQyflGvisljcSWDsCQhfwVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/lvnkvAk4IcbHl7WPJUw-5R7opA4.roa
Signing time:             Sun 30 Jun 2024 12:13:18 +0000
ROA not before:           Sun 30 Jun 2024 12:13:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49070
IP address blocks:        91.215.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/dLA_BQyflGvisljcSWDsCQhfwVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/dLA_BQyflGvisljcSWDsCQhfwVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dLA_BQyflGvisljcSWDsCQhfwVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:69:10:5d:b2:eb:f7:1e:ac:ef:f4:ec:cd:42:60:ec:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74b03f050c9f946be2b258dc4960ec09085fc157
        Validity
            Not Before: Jun 30 12:13:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96f9e4bc093821c6c797b58f254c3ee51ee8a40e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c3:82:83:f3:d0:2a:4e:d6:85:fd:29:4d:f1:
                    2b:2f:7e:71:7c:71:de:52:5a:2d:cc:98:54:18:49:
                    d1:08:91:f7:13:7f:15:71:c4:10:bc:f8:a6:53:18:
                    37:6b:9f:25:b9:89:48:f4:de:4c:8c:e9:d5:64:0d:
                    56:fa:26:a6:55:79:8a:26:b2:42:94:a1:4e:c7:90:
                    33:06:42:3d:fd:a2:99:98:ad:3b:2f:4d:6d:4f:3a:
                    7c:87:2a:d7:e3:49:18:6a:f8:3a:c8:27:9b:c1:52:
                    90:41:cc:f5:7e:2a:6b:68:e8:34:7d:b4:9b:0b:09:
                    cb:9f:6c:42:31:9f:19:c5:ca:ec:72:3c:9f:11:77:
                    c9:20:9d:b9:40:4f:7e:8a:74:2e:dc:24:b8:1c:27:
                    5f:62:bd:96:d9:a0:86:b6:d4:47:ee:3e:f5:1d:d7:
                    e9:35:24:95:d5:e8:85:c9:97:a2:ab:8d:fe:8c:fe:
                    ba:91:c3:97:39:fa:46:f8:68:8f:e6:b8:a4:48:6c:
                    d7:ab:8a:a3:a7:4a:c5:17:7c:27:1a:fb:2f:a7:d9:
                    0c:c0:01:f8:50:fb:52:97:10:10:30:1e:ae:2e:67:
                    24:a0:d8:b9:76:51:7c:54:f2:8b:ba:26:a2:ea:f2:
                    39:32:d4:92:3f:00:9b:43:2a:ac:cf:ff:30:22:8d:
                    99:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:F9:E4:BC:09:38:21:C6:C7:97:B5:8F:25:4C:3E:E5:1E:E8:A4:0E
            X509v3 Authority Key Identifier:
                keyid:74:B0:3F:05:0C:9F:94:6B:E2:B2:58:DC:49:60:EC:09:08:5F:C1:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dLA_BQyflGvisljcSWDsCQhfwVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/lvnkvAk4IcbHl7WPJUw-5R7opA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/c75753-17c2-4324-8264-37c72a7ac8d1/1/dLA_BQyflGvisljcSWDsCQhfwVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:b7:90:5d:eb:f4:99:5e:90:53:be:1b:af:fc:3a:3c:e5:bb:
         1f:b0:0c:10:af:df:e0:95:fb:0b:a8:13:73:ec:66:70:f8:23:
         1a:47:eb:31:1c:d3:15:01:c3:6b:71:61:98:5f:6a:c1:85:eb:
         20:fc:bc:ca:8f:15:9c:a3:a9:b7:45:0f:39:4a:83:33:a4:9d:
         89:38:29:e5:81:d3:63:2b:6c:a2:d5:75:91:60:f7:a2:b1:9d:
         89:a9:7e:4f:11:40:65:94:38:90:cf:87:30:a1:60:01:79:72:
         15:38:77:bc:42:6b:8f:cc:8c:36:a3:ef:ca:63:49:5a:c4:30:
         85:28:6c:be:82:27:a5:c5:26:a4:c4:7d:a2:84:58:49:94:d9:
         a0:05:66:6d:25:43:27:78:21:f7:a4:f9:a9:9c:ca:f7:85:99:
         91:ff:ec:19:d0:91:8c:90:13:85:c1:01:25:b3:d6:cf:73:24:
         1e:70:2b:28:43:98:05:ea:79:07:87:81:3e:20:a6:a6:21:e1:
         35:92:4a:b2:0f:72:18:b0:cb:5c:a7:63:3d:83:52:64:94:b2:
         3c:c5:cb:b2:41:c9:9d:1e:13:2d:8e:fb:22:60:e1:0f:ec:ea:
         b7:c4:cb:b9:3a:59:41:d5:a2:d1:42:f9:ec:f0:37:43:20:f2:
         3f:04:72:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBpEF2y6/cerO/07M1CYOwVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YjAzZjA1MGM5Zjk0NmJlMmIyNThkYzQ5NjBlYzA5MDg1
ZmMxNTcwHhcNMjQwNjMwMTIxMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmY5ZTRiYzA5MzgyMWM2Yzc5N2I1OGYyNTRjM2VlNTFlZThhNDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8OCg/PQKk7Whf0pTfErL35xfHHe
UlotzJhUGEnRCJH3E38VccQQvPimUxg3a58luYlI9N5MjOnVZA1W+iamVXmKJrJC
lKFOx5AzBkI9/aKZmK07L01tTzp8hyrX40kYavg6yCebwVKQQcz1fipraOg0fbSb
CwnLn2xCMZ8ZxcrscjyfEXfJIJ25QE9+inQu3CS4HCdfYr2W2aCGttRH7j71Hdfp
NSSV1eiFyZeiq43+jP66kcOXOfpG+GiP5rikSGzXq4qjp0rFF3wnGvsvp9kMwAH4
UPtSlxAQMB6uLmckoNi5dlF8VPKLuiai6vI5MtSSPwCbQyqsz/8wIo2Z4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJb55LwJOCHGx5e1jyVMPuUe6KQOMB8GA1UdIwQY
MBaAFHSwPwUMn5Rr4rJY3Elg7AkIX8FXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZExBX0JReWZsR3Zpc2xqY1NXRHNDUWhmd1ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jNzU3NTMtMTdjMi00MzI0LTgyNjQt
MzdjNzJhN2FjOGQxLzEvbHZua3ZBazRJY2JIbDdXUEpVdy01UjdvcEE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jNzU3NTMtMTdjMi00MzI0LTgyNjQtMzdjNzJhN2FjOGQx
LzEvZExBX0JReWZsR3Zpc2xqY1NXRHNDUWhmd1ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9fEMA0G
CSqGSIb3DQEBCwUAA4IBAQCyt5Bd6/SZXpBTvhuv/Do85bsfsAwQr9/glfsLqBNz
7GZw+CMaR+sxHNMVAcNrcWGYX2rBhesg/LzKjxWco6m3RQ85SoMzpJ2JOCnlgdNj
K2yi1XWRYPeisZ2JqX5PEUBllDiQz4cwoWABeXIVOHe8QmuPzIw2o+/KY0laxDCF
KGy+gielxSakxH2ihFhJlNmgBWZtJUMneCH3pPmpnMr3hZmR/+wZ0JGMkBOFwQEl
s9bPcyQecCsoQ5gF6nkHh4E+IKamIeE1kkqyD3IYsMtcp2M9g1JklLI8xcuyQcmd
HhMtjvsiYOEP7Oq3xMu5OllB1aLRQvns8DdDIPI/BHJr
-----END CERTIFICATE-----