Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/lbj2mwnH48qeplamgocoQ3raks4.roa
File:                     lbj2mwnH48qeplamgocoQ3raks4.roa (raw, json)
Hash identifier:          E+SSwQyOGstaEG5024Plebnjm1r0loOdNF0IIUjG9UM=
Subject key identifier:   95:B8:F6:9B:09:C7:E3:CA:9E:A6:56:A6:82:87:28:43:7A:DA:92:CE
Certificate issuer:       /CN=acc48f7a59120588d4170ea2815e6ae51be6bcff
Certificate serial:       018CC725A0C5DAFDF0D146023E8BDCCF4033
Authority key identifier: AC:C4:8F:7A:59:12:05:88:D4:17:0E:A2:81:5E:6A:E5:1B:E6:BC:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rMSPelkSBYjUFw6igV5q5RvmvP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/lbj2mwnH48qeplamgocoQ3raks4.roa
Signing time:             Mon 01 Jan 2024 22:29:41 +0000
ROA not before:           Mon 01 Jan 2024 22:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        193.56.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/rMSPelkSBYjUFw6igV5q5RvmvP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/rMSPelkSBYjUFw6igV5q5RvmvP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rMSPelkSBYjUFw6igV5q5RvmvP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:a0:c5:da:fd:f0:d1:46:02:3e:8b:dc:cf:40:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acc48f7a59120588d4170ea2815e6ae51be6bcff
        Validity
            Not Before: Jan  1 22:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95b8f69b09c7e3ca9ea656a6828728437ada92ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:af:8e:2a:98:61:60:51:2e:a4:09:4f:c1:2c:
                    d1:e6:e0:00:13:d9:c3:96:a4:dd:a4:1e:99:11:51:
                    49:aa:5d:66:0d:09:25:55:a5:c6:af:38:8b:eb:85:
                    bf:6e:f6:ca:2c:77:d9:9f:d1:ae:3d:0c:12:ee:12:
                    34:58:5c:4d:a3:f5:08:5d:94:d9:77:83:e3:4d:4d:
                    1c:cb:ed:92:8d:a6:0e:99:0e:d3:dd:9e:e0:82:56:
                    f1:49:62:b0:e9:6e:96:50:25:28:b6:35:36:ca:2b:
                    39:41:b8:b2:1d:eb:f4:6d:b5:c8:b4:ef:9b:86:48:
                    ac:f3:70:18:61:00:ad:a0:b1:4b:e3:2c:50:f5:57:
                    41:b3:5a:05:f3:3c:36:3f:2e:37:2a:5a:93:c5:44:
                    2f:3b:4f:bb:2a:3b:59:05:89:fb:f0:fd:0f:42:67:
                    d4:51:d0:1f:da:dd:16:02:21:65:fb:cc:c8:35:18:
                    cb:9a:14:14:d4:9f:01:97:5f:e8:fc:d0:6a:00:e9:
                    af:54:21:7c:8f:c9:d5:2a:a4:04:02:8d:45:5b:c4:
                    01:3b:90:f0:15:e1:75:56:37:2f:09:03:d1:41:71:
                    f3:1d:a9:f5:f8:fd:21:ee:19:de:90:5f:aa:0d:7b:
                    03:51:61:c0:a5:7c:bd:56:13:c7:57:8d:0c:e4:9c:
                    51:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B8:F6:9B:09:C7:E3:CA:9E:A6:56:A6:82:87:28:43:7A:DA:92:CE
            X509v3 Authority Key Identifier:
                keyid:AC:C4:8F:7A:59:12:05:88:D4:17:0E:A2:81:5E:6A:E5:1B:E6:BC:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rMSPelkSBYjUFw6igV5q5RvmvP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/lbj2mwnH48qeplamgocoQ3raks4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d8679e-46bb-44f5-ba52-b52b3a236fa7/1/rMSPelkSBYjUFw6igV5q5RvmvP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:70:62:2e:63:b5:f0:54:cf:69:2c:42:e1:6e:6d:bb:59:5d:
         f0:b9:d9:74:f8:30:c9:4e:f8:23:bb:63:f8:21:20:da:0e:90:
         86:c3:26:fb:5a:a6:db:f5:17:74:42:2b:b6:83:70:80:b9:97:
         87:eb:01:ab:64:dd:7a:f2:51:b5:04:1a:e7:0c:66:9c:fd:c8:
         7f:5c:11:2b:3b:44:f8:36:b4:f8:7e:4f:18:e5:67:4d:37:dd:
         fc:99:28:22:98:ea:71:63:3b:b0:9b:4f:f0:28:b3:25:0d:f4:
         fa:27:8e:59:59:d1:ce:72:a5:67:58:4b:cd:7f:7a:af:fa:eb:
         37:4c:d2:ad:fd:9c:cc:56:5b:73:30:78:97:c7:31:fb:79:c1:
         ed:65:03:21:82:5d:dd:3f:76:f2:1f:51:04:3a:db:ca:c4:01:
         b5:62:c3:3c:b4:8e:af:0f:b0:2d:93:90:9e:c8:ce:58:f2:30:
         fe:a5:9b:02:0f:a3:58:83:b9:92:b5:37:92:02:64:ff:51:a6:
         ef:88:58:56:b7:b2:2a:96:3f:bd:64:9d:7e:a0:e4:76:10:e1:
         17:a2:7d:62:3d:5e:55:f3:3a:f9:d3:4b:97:e1:e8:f9:b7:9d:
         bf:13:b1:9b:5c:f4:14:7b:12:13:2d:fd:39:7a:2a:ab:1c:49:
         99:ba:bd:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJaDF2v3w0UYCPovcz0AzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYzQ4ZjdhNTkxMjA1ODhkNDE3MGVhMjgxNWU2YWU1MWJl
NmJjZmYwHhcNMjQwMTAxMjIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWI4ZjY5YjA5YzdlM2NhOWVhNjU2YTY4Mjg3Mjg0MzdhZGE5MmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhK+OKphhYFEupAlPwSzR5uAAE9nD
lqTdpB6ZEVFJql1mDQklVaXGrziL64W/bvbKLHfZn9GuPQwS7hI0WFxNo/UIXZTZ
d4PjTU0cy+2SjaYOmQ7T3Z7gglbxSWKw6W6WUCUotjU2yis5QbiyHev0bbXItO+b
hkis83AYYQCtoLFL4yxQ9VdBs1oF8zw2Py43KlqTxUQvO0+7KjtZBYn78P0PQmfU
UdAf2t0WAiFl+8zINRjLmhQU1J8Bl1/o/NBqAOmvVCF8j8nVKqQEAo1FW8QBO5Dw
FeF1VjcvCQPRQXHzHan1+P0h7hnekF+qDXsDUWHApXy9VhPHV40M5JxRFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJW49psJx+PKnqZWpoKHKEN62pLOMB8GA1UdIwQY
MBaAFKzEj3pZEgWI1BcOooFeauUb5rz/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck1TUGVsa1NCWWpVRnc2aWdWNXE1UnZtdlA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kODY3OWUtNDZiYi00NGY1LWJhNTIt
YjUyYjNhMjM2ZmE3LzEvbGJqMm13bkg0OHFlcGxhbWdvY29RM3Jha3M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kODY3OWUtNDZiYi00NGY1LWJhNTItYjUyYjNhMjM2ZmE3
LzEvck1TUGVsa1NCWWpVRnc2aWdWNXE1UnZtdlA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTghMA0G
CSqGSIb3DQEBCwUAA4IBAQCHcGIuY7XwVM9pLELhbm27WV3wudl0+DDJTvgju2P4
ISDaDpCGwyb7Wqbb9Rd0Qiu2g3CAuZeH6wGrZN168lG1BBrnDGac/ch/XBErO0T4
NrT4fk8Y5WdNN938mSgimOpxYzuwm0/wKLMlDfT6J45ZWdHOcqVnWEvNf3qv+us3
TNKt/ZzMVltzMHiXxzH7ecHtZQMhgl3dP3byH1EEOtvKxAG1YsM8tI6vD7Atk5Ce
yM5Y8jD+pZsCD6NYg7mStTeSAmT/UabviFhWt7Iqlj+9ZJ1+oOR2EOEXon1iPV5V
8zr500uX4ej5t52/E7GbXPQUexITLf05eiqrHEmZur2H
-----END CERTIFICATE-----