Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/lvkT13tErtj_CzjY-OPkImtORDI.roa
File:                     lvkT13tErtj_CzjY-OPkImtORDI.roa (raw, json)
Hash identifier:          MAdXdXOy4yT73MFuX3kHkZCyt0QnP82UuaKhsgkkrUo=
Subject key identifier:   96:F9:13:D7:7B:44:AE:D8:FF:0B:38:D8:F8:E3:E4:22:6B:4E:44:32
Certificate issuer:       /CN=6eab53640b0931924b73f760925845150a6ccca5
Certificate serial:       018CC4930C67CC0B7D737AE6F49922CAFFFD
Authority key identifier: 6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/lvkT13tErtj_CzjY-OPkImtORDI.roa
Signing time:             Mon 01 Jan 2024 10:30:20 +0000
ROA not before:           Mon 01 Jan 2024 10:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43003
IP address blocks:        62.93.120.0/21 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:0c:67:cc:0b:7d:73:7a:e6:f4:99:22:ca:ff:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eab53640b0931924b73f760925845150a6ccca5
        Validity
            Not Before: Jan  1 10:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96f913d77b44aed8ff0b38d8f8e3e4226b4e4432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d8:f8:4c:88:9f:43:4d:17:0f:ed:02:84:d8:
                    3e:02:13:a7:6a:78:0d:cc:f8:3d:3e:78:65:c9:c3:
                    4e:14:6c:bf:1d:30:23:08:47:eb:b6:f9:1c:da:9c:
                    2e:de:1d:1d:76:1d:fe:8a:ec:5e:6d:06:f6:3b:a9:
                    43:f1:9f:08:31:f9:1d:81:b6:87:72:f4:83:0d:f7:
                    be:5b:76:4e:2a:b8:1f:5c:c9:58:ca:27:de:5e:21:
                    d4:6b:dd:79:39:e6:ef:2a:dd:75:6e:cf:0b:15:ac:
                    75:8f:33:d1:21:80:1b:25:bf:cb:12:2f:c1:7d:05:
                    68:1a:af:4b:58:79:33:9d:94:86:d7:64:51:e5:96:
                    e2:30:84:63:3d:80:45:35:48:4f:3c:48:55:8f:a9:
                    fe:70:46:b4:8d:6f:2d:74:5e:71:c8:5f:cf:31:3a:
                    88:e0:6c:81:d0:a6:af:1b:f2:77:b9:0e:f2:58:8c:
                    ba:2a:19:ee:61:72:10:8f:70:f2:2b:ef:5e:b0:0d:
                    fb:45:b9:71:e8:d6:b7:8f:69:14:1f:20:23:f8:19:
                    34:60:1a:43:bf:1c:32:d3:a9:dc:a1:fa:a5:1f:cd:
                    e2:9b:53:7a:ba:f4:8e:5e:c5:e2:f8:75:f7:a9:bd:
                    9a:5d:52:c8:3b:6b:f9:81:2f:f7:d1:c6:30:27:05:
                    12:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:F9:13:D7:7B:44:AE:D8:FF:0B:38:D8:F8:E3:E4:22:6B:4E:44:32
            X509v3 Authority Key Identifier:
                keyid:6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/lvkT13tErtj_CzjY-OPkImtORDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.93.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9e:9f:bf:75:0a:98:64:89:a2:33:27:19:e3:ae:04:3f:1b:09:
         a7:a5:bd:c3:b9:6f:0b:99:18:89:5b:76:55:40:87:c0:b7:7e:
         61:2f:c0:8f:e6:75:4a:c1:fc:80:8d:8f:99:97:a0:56:6b:e6:
         40:ca:68:dd:15:c6:63:23:a1:06:10:e5:6c:f9:1a:ad:3b:9f:
         32:6e:cb:6b:77:1c:24:0d:6c:4c:d6:d6:1b:5c:d5:00:aa:87:
         3c:81:92:e2:aa:3c:81:60:72:ed:0f:76:e0:73:41:ca:85:94:
         d7:35:d6:8d:88:b7:27:59:2c:37:bd:08:2c:31:ac:31:c1:3f:
         cf:3b:bd:5f:5b:af:93:32:09:68:1e:cd:99:bc:36:d5:00:63:
         1a:8a:77:9e:0d:bc:0a:3f:ff:cb:e8:00:ef:23:8f:be:70:84:
         d3:19:ea:bc:f3:8a:52:82:c6:8d:33:59:cc:c1:5e:17:06:b3:
         bd:ad:5c:bc:ba:5e:88:e8:6a:1f:73:43:78:2e:60:1e:2f:73:
         0c:a4:ca:8b:1b:ad:44:b3:c9:d7:b7:ef:d7:80:ab:e7:c2:1e:
         08:af:16:f4:50:c7:b9:dd:9a:00:81:b6:a0:36:ec:2e:63:e0:
         25:16:31:57:4e:65:96:48:ed:55:0c:3e:ea:80:42:81:4c:f3:
         f8:fb:72:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkwxnzAt9c3rm9Jkiyv/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYWI1MzY0MGIwOTMxOTI0YjczZjc2MDkyNTg0NTE1MGE2
Y2NjYTUwHhcNMjQwMTAxMTAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmY5MTNkNzdiNDRhZWQ4ZmYwYjM4ZDhmOGUzZTQyMjZiNGU0NDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9j4TIifQ00XD+0ChNg+AhOnangN
zPg9PnhlycNOFGy/HTAjCEfrtvkc2pwu3h0ddh3+iuxebQb2O6lD8Z8IMfkdgbaH
cvSDDfe+W3ZOKrgfXMlYyifeXiHUa915OebvKt11bs8LFax1jzPRIYAbJb/LEi/B
fQVoGq9LWHkznZSG12RR5ZbiMIRjPYBFNUhPPEhVj6n+cEa0jW8tdF5xyF/PMTqI
4GyB0KavG/J3uQ7yWIy6KhnuYXIQj3DyK+9esA37Rblx6Na3j2kUHyAj+Bk0YBpD
vxwy06ncofqlH83im1N6uvSOXsXi+HX3qb2aXVLIO2v5gS/30cYwJwUS4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJb5E9d7RK7Y/ws42Pjj5CJrTkQyMB8GA1UdIwQY
MBaAFG6rU2QLCTGSS3P3YJJYRRUKbMylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAt
NTMwNDYzMjM5NTFmLzEvbHZrVDEzdEVydGpfQ3pqWS1PUGtJbXRPUkRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAtNTMwNDYzMjM5NTFm
LzEvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPl14MA0G
CSqGSIb3DQEBCwUAA4IBAQCen791CphkiaIzJxnjrgQ/Gwmnpb3DuW8LmRiJW3ZV
QIfAt35hL8CP5nVKwfyAjY+Zl6BWa+ZAymjdFcZjI6EGEOVs+RqtO58ybstrdxwk
DWxM1tYbXNUAqoc8gZLiqjyBYHLtD3bgc0HKhZTXNdaNiLcnWSw3vQgsMawxwT/P
O71fW6+TMgloHs2ZvDbVAGMaineeDbwKP//L6ADvI4++cITTGeq884pSgsaNM1nM
wV4XBrO9rVy8ul6I6Gofc0N4LmAeL3MMpMqLG61Es8nXt+/XgKvnwh4Irxb0UMe5
3ZoAgbagNuwuY+AlFjFXTmWWSO1VDD7qgEKBTPP4+3Kn
-----END CERTIFICATE-----