Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/LWzTzZdjWMUN6aHhKOz142wnEVE.roa
File:                     LWzTzZdjWMUN6aHhKOz142wnEVE.roa (raw, json)
Hash identifier:          6geZ0fuYWwZAZvQU/5+QCK0FxKviFqgDA0CHRGs0xrE=
Subject key identifier:   2D:6C:D3:CD:97:63:58:C5:0D:E9:A1:E1:28:EC:F5:E3:6C:27:11:51
Certificate issuer:       /CN=086438e9889389829fa5f51b6a210731082eac22
Certificate serial:       018EA568FDDA3272AC5FF6C959D4B1D426F9
Authority key identifier: 08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/LWzTzZdjWMUN6aHhKOz142wnEVE.roa
Signing time:             Wed 03 Apr 2024 19:21:45 +0000
ROA not before:           Wed 03 Apr 2024 19:21:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        194.165.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a5:68:fd:da:32:72:ac:5f:f6:c9:59:d4:b1:d4:26:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=086438e9889389829fa5f51b6a210731082eac22
        Validity
            Not Before: Apr  3 19:21:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d6cd3cd976358c50de9a1e128ecf5e36c271151
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2a:07:ac:d3:18:86:5e:bd:02:ef:17:ec:84:
                    ce:d6:f6:8f:68:f7:14:38:41:6a:da:7f:74:bb:8d:
                    f4:db:40:9d:3c:62:96:cf:fd:f6:7a:1e:4a:52:f8:
                    f0:f7:e5:06:bc:54:30:e7:9e:d7:cd:f1:f9:dc:55:
                    25:23:55:2e:5f:be:1a:95:22:5b:d1:3e:14:77:2a:
                    79:eb:66:f7:68:d8:d8:fa:c3:67:a8:22:51:f1:d2:
                    20:94:6c:68:49:d4:b3:9c:a9:e0:46:67:69:c7:8c:
                    94:60:82:ec:5e:54:35:ce:14:1c:6a:84:0d:fa:ea:
                    b2:f8:e1:0b:fc:51:f4:0f:15:fb:3d:6d:e4:2a:66:
                    7c:6e:cf:ac:f4:7c:42:c5:4a:f7:e7:85:d0:ff:4b:
                    bc:75:7d:49:48:b5:d9:ea:ea:d7:75:4a:9b:44:bb:
                    b9:37:54:ca:80:9a:f1:0a:90:b1:07:6a:a7:81:26:
                    d7:60:ca:a3:0d:f1:e5:97:fb:d9:71:18:3a:38:a0:
                    2e:08:16:b6:5f:1e:97:10:4d:22:df:b9:95:a6:0a:
                    7e:60:67:22:22:91:12:35:97:ac:a8:6f:a5:2b:d9:
                    cd:7b:03:67:01:03:e1:50:06:dd:31:3f:9f:bb:f1:
                    9e:de:7b:44:88:e8:81:da:97:30:6c:28:ec:aa:8c:
                    64:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:6C:D3:CD:97:63:58:C5:0D:E9:A1:E1:28:EC:F5:E3:6C:27:11:51
            X509v3 Authority Key Identifier:
                keyid:08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/LWzTzZdjWMUN6aHhKOz142wnEVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:73:a5:ad:1a:6d:b4:49:37:1b:ca:48:b5:06:5b:88:a7:a8:
         71:9e:ad:d1:e9:97:03:e9:78:99:39:b4:ca:ae:07:18:86:19:
         6a:e6:98:90:ba:66:22:a1:3b:3f:d2:29:38:f2:ed:68:ae:58:
         54:65:ea:a6:02:4e:89:0b:b2:32:30:bf:9b:ca:2f:31:ce:06:
         f5:f8:91:d9:14:d1:67:98:f0:e6:b4:2b:ac:98:a9:76:33:1a:
         c8:52:9e:df:33:be:7d:0e:ce:7a:19:0c:ce:3c:4b:5a:87:eb:
         22:a6:ef:68:3b:1b:d9:a3:b1:8d:f6:ad:d3:37:56:ef:cd:07:
         ca:71:11:1c:bb:4e:5c:d9:e2:d5:c3:71:b7:df:0b:00:4a:04:
         ef:a2:53:96:fe:ae:36:23:6e:b6:7b:d6:3e:0d:fd:08:2b:be:
         f9:23:aa:a4:cb:95:83:ce:58:f1:5a:42:5e:b4:01:8a:98:86:
         70:aa:ca:65:3a:ba:66:13:77:da:8f:c5:50:07:68:f5:32:ef:
         86:46:72:72:ae:83:04:59:75:c4:4d:21:1d:42:37:2d:c5:1b:
         0d:65:32:8e:fe:c0:90:c7:6d:fc:69:ea:ce:aa:28:88:f9:6e:
         82:fe:db:21:bb:b5:13:4c:10:f6:2e:75:2f:05:da:9b:b4:4c:
         e8:8e:63:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6laP3aMnKsX/bJWdSx1Cb5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NjQzOGU5ODg5Mzg5ODI5ZmE1ZjUxYjZhMjEwNzMxMDgy
ZWFjMjIwHhcNMjQwNDAzMTkyMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDZjZDNjZDk3NjM1OGM1MGRlOWExZTEyOGVjZjVlMzZjMjcxMTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCoHrNMYhl69Au8X7ITO1vaPaPcU
OEFq2n90u43020CdPGKWz/32eh5KUvjw9+UGvFQw557XzfH53FUlI1UuX74alSJb
0T4Udyp562b3aNjY+sNnqCJR8dIglGxoSdSznKngRmdpx4yUYILsXlQ1zhQcaoQN
+uqy+OEL/FH0DxX7PW3kKmZ8bs+s9HxCxUr354XQ/0u8dX1JSLXZ6urXdUqbRLu5
N1TKgJrxCpCxB2qngSbXYMqjDfHll/vZcRg6OKAuCBa2Xx6XEE0i37mVpgp+YGci
IpESNZesqG+lK9nNewNnAQPhUAbdMT+fu/Ge3ntEiOiB2pcwbCjsqoxkvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1s082XY1jFDemh4Sjs9eNsJxFRMB8GA1UdIwQY
MBaAFAhkOOmIk4mCn6X1G2ohBzEILqwiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1Yzgt
YTc4MTBlM2ExYmViLzEvTFd6VHpaZGpXTVVONmFIaEtPejE0MnduRVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1YzgtYTc4MTBlM2ExYmVi
LzEvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqUlMA0G
CSqGSIb3DQEBCwUAA4IBAQBPc6WtGm20STcbyki1BluIp6hxnq3R6ZcD6XiZObTK
rgcYhhlq5piQumYioTs/0ik48u1orlhUZeqmAk6JC7IyML+byi8xzgb1+JHZFNFn
mPDmtCusmKl2MxrIUp7fM759Ds56GQzOPEtah+sipu9oOxvZo7GN9q3TN1bvzQfK
cREcu05c2eLVw3G33wsASgTvolOW/q42I262e9Y+Df0IK775I6qky5WDzljxWkJe
tAGKmIZwqsplOrpmE3faj8VQB2j1Mu+GRnJyroMEWXXETSEdQjctxRsNZTKO/sCQ
x238aerOqiiI+W6C/tshu7UTTBD2LnUvBdqbtEzojmMW
-----END CERTIFICATE-----