Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/90add8-f3be-48a8-9e92-3b32c19f6385/1/LkMa7K_ynjx2D7qdLEBL4o86Kq0.roa
File:                     LkMa7K_ynjx2D7qdLEBL4o86Kq0.roa (raw, json)
Hash identifier:          zdY3dmOFzq9rfGz/BJ2n8IxPXEwRzlT0u/pF28Zr6cg=
Subject key identifier:   2E:43:1A:EC:AF:F2:9E:3C:76:0F:BA:9D:2C:40:4B:E2:8F:3A:2A:AD
Certificate issuer:       /CN=241455f852c6ad4a0412e5ea308aa66172d1d147
Certificate serial:       018D4564C599C33EA4AC5B42D15016C057C5
Authority key identifier: 24:14:55:F8:52:C6:AD:4A:04:12:E5:EA:30:8A:A6:61:72:D1:D1:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBRV-FLGrUoEEuXqMIqmYXLR0Uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/90add8-f3be-48a8-9e92-3b32c19f6385/1/LkMa7K_ynjx2D7qdLEBL4o86Kq0.roa
Signing time:             Fri 26 Jan 2024 10:50:48 +0000
ROA not before:           Fri 26 Jan 2024 10:50:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        46.20.80.0/20 maxlen: 24
                          185.159.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/90add8-f3be-48a8-9e92-3b32c19f6385/1/JBRV-FLGrUoEEuXqMIqmYXLR0Uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/90add8-f3be-48a8-9e92-3b32c19f6385/1/JBRV-FLGrUoEEuXqMIqmYXLR0Uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBRV-FLGrUoEEuXqMIqmYXLR0Uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:45:64:c5:99:c3:3e:a4:ac:5b:42:d1:50:16:c0:57:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=241455f852c6ad4a0412e5ea308aa66172d1d147
        Validity
            Not Before: Jan 26 10:50:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e431aecaff29e3c760fba9d2c404be28f3a2aad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:fa:08:48:16:9f:78:f4:6d:fa:58:3c:dd:a9:
                    3c:e6:fe:df:71:fc:6b:fb:8b:9d:c4:87:60:5d:5a:
                    3f:61:98:cc:96:17:f6:05:78:cf:6b:8b:be:86:5f:
                    54:15:b4:93:6d:ff:b9:f9:b9:3e:d2:19:6c:59:53:
                    75:17:af:2a:df:1e:7e:15:93:a3:21:c0:e5:2b:57:
                    61:a5:51:d4:23:2b:a9:15:66:71:1d:5e:17:d6:dc:
                    d0:84:34:ae:e6:65:b1:73:3d:45:6c:15:61:41:84:
                    2d:9d:1f:91:a0:1f:33:c9:49:8c:f7:f2:65:85:da:
                    1d:e0:93:bf:cc:2e:33:f8:40:ea:8f:eb:82:20:12:
                    f7:08:54:de:33:50:d4:f6:4e:3b:35:d7:80:ce:6d:
                    e2:82:e8:05:a6:a0:af:04:72:11:9a:bd:27:a9:06:
                    57:dc:07:92:99:8b:51:6c:6a:ba:e8:10:2d:c6:a5:
                    d0:de:fe:8d:ca:ef:bc:c5:6f:f6:77:98:47:d3:d3:
                    75:da:86:fe:f4:9d:95:c1:32:41:50:54:c8:d5:30:
                    9f:88:3b:cd:e3:d7:b1:ec:7d:15:77:bf:37:05:ec:
                    af:08:86:2c:e0:27:a4:ae:40:3c:9d:75:6c:6e:e0:
                    25:1e:93:13:0a:da:f4:11:23:eb:d4:cf:9c:50:02:
                    aa:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:43:1A:EC:AF:F2:9E:3C:76:0F:BA:9D:2C:40:4B:E2:8F:3A:2A:AD
            X509v3 Authority Key Identifier:
                keyid:24:14:55:F8:52:C6:AD:4A:04:12:E5:EA:30:8A:A6:61:72:D1:D1:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBRV-FLGrUoEEuXqMIqmYXLR0Uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/90add8-f3be-48a8-9e92-3b32c19f6385/1/LkMa7K_ynjx2D7qdLEBL4o86Kq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/90add8-f3be-48a8-9e92-3b32c19f6385/1/JBRV-FLGrUoEEuXqMIqmYXLR0Uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.80.0/20
                  185.159.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c3:6a:4b:76:76:1a:44:a4:85:90:3d:0d:22:7f:f7:45:69:0b:
         17:59:9c:86:9d:c9:f2:74:8c:3e:e3:f2:c9:a4:5a:48:f6:12:
         75:d6:13:08:5a:e2:dd:5f:5f:f4:1b:d0:ef:af:57:c3:e9:f0:
         c0:68:53:64:48:1b:87:c6:c0:88:42:36:43:16:bd:40:bb:ab:
         da:fb:27:6f:f5:d2:ef:f4:69:34:ee:86:11:a9:67:26:52:d0:
         ae:12:f8:03:99:a5:a1:47:71:ec:f8:cf:93:cc:d6:fc:5b:69:
         71:ac:b6:52:36:ef:40:0c:2a:93:8f:9a:23:89:c3:e6:0b:f9:
         46:a6:4e:cf:8c:fc:06:52:ab:e9:66:de:45:73:96:cc:0d:4c:
         2d:16:52:48:27:e1:de:4f:e5:26:2a:65:48:6b:cd:bd:0b:ab:
         90:2c:d8:42:3b:c3:c1:a4:65:44:c0:07:0e:ea:1e:6a:b5:93:
         6a:5a:44:db:c0:37:5d:30:fa:a3:f7:37:23:3a:65:29:22:5a:
         11:0a:a5:9e:5f:0f:e7:9b:62:af:9e:c9:ad:3f:04:2b:7a:c3:
         03:b5:b1:4e:d7:fb:78:1c:44:58:c1:ee:f3:72:bb:f9:7d:31:
         f0:21:0a:9a:67:0a:53:fc:f2:71:27:1f:28:e0:cd:92:66:e8:
         0a:80:5e:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1FZMWZwz6krFtC0VAWwFfFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTQ1NWY4NTJjNmFkNGEwNDEyZTVlYTMwOGFhNjYxNzJk
MWQxNDcwHhcNMjQwMTI2MTA1MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTQzMWFlY2FmZjI5ZTNjNzYwZmJhOWQyYzQwNGJlMjhmM2EyYWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/oISBafePRt+lg83ak85v7fcfxr
+4udxIdgXVo/YZjMlhf2BXjPa4u+hl9UFbSTbf+5+bk+0hlsWVN1F68q3x5+FZOj
IcDlK1dhpVHUIyupFWZxHV4X1tzQhDSu5mWxcz1FbBVhQYQtnR+RoB8zyUmM9/Jl
hdod4JO/zC4z+EDqj+uCIBL3CFTeM1DU9k47NdeAzm3igugFpqCvBHIRmr0nqQZX
3AeSmYtRbGq66BAtxqXQ3v6Nyu+8xW/2d5hH09N12ob+9J2VwTJBUFTI1TCfiDvN
49ex7H0Vd783BeyvCIYs4CekrkA8nXVsbuAlHpMTCtr0ESPr1M+cUAKqlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC5DGuyv8p48dg+6nSxAS+KPOiqtMB8GA1UdIwQY
MBaAFCQUVfhSxq1KBBLl6jCKpmFy0dFHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJSVi1GTEdyVW9FRXVYcU1JcW1ZWExSMFVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi85MGFkZDgtZjNiZS00OGE4LTllOTIt
M2IzMmMxOWY2Mzg1LzEvTGtNYTdLX3luangyRDdxZExFQkw0bzg2S3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi85MGFkZDgtZjNiZS00OGE4LTllOTItM2IzMmMxOWY2Mzg1
LzEvSkJSVi1GTEdyVW9FRXVYcU1JcW1ZWExSMFVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQELhRQAwQC
uZ80MA0GCSqGSIb3DQEBCwUAA4IBAQDDakt2dhpEpIWQPQ0if/dFaQsXWZyGncny
dIw+4/LJpFpI9hJ11hMIWuLdX1/0G9Dvr1fD6fDAaFNkSBuHxsCIQjZDFr1Au6va
+ydv9dLv9Gk07oYRqWcmUtCuEvgDmaWhR3Hs+M+TzNb8W2lxrLZSNu9ADCqTj5oj
icPmC/lGpk7PjPwGUqvpZt5Fc5bMDUwtFlJIJ+HeT+UmKmVIa829C6uQLNhCO8PB
pGVEwAcO6h5qtZNqWkTbwDddMPqj9zcjOmUpIloRCqWeXw/nm2KvnsmtPwQresMD
tbFO1/t4HERYwe7zcrv5fTHwIQqaZwpT/PJxJx8o4M2SZugKgF4g
-----END CERTIFICATE-----