Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/EXLK004LpHUebQns5i83b_nNjPk.roa
File:                     EXLK004LpHUebQns5i83b_nNjPk.roa (raw, json)
Hash identifier:          lpoh/xDbyxYVCQHHRF1J1CBTdGPiAKOsCqGz2ddVfyk=
Subject key identifier:   11:72:CA:D3:4E:0B:A4:75:1E:6D:09:EC:E6:2F:37:6F:F9:CD:8C:F9
Certificate issuer:       /CN=a7f94ab935054b86dcb5d6adbad2dfdb564b5248
Certificate serial:       018CC348A5B514D5E9FFB15A3EBD03482EA6
Authority key identifier: A7:F9:4A:B9:35:05:4B:86:DC:B5:D6:AD:BA:D2:DF:DB:56:4B:52:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_lKuTUFS4bctdatutLf21ZLUkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/EXLK004LpHUebQns5i83b_nNjPk.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205766
IP address blocks:        185.139.156.0/22 maxlen: 24
                          2a0b:20c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/p_lKuTUFS4bctdatutLf21ZLUkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/p_lKuTUFS4bctdatutLf21ZLUkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_lKuTUFS4bctdatutLf21ZLUkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a5:b5:14:d5:e9:ff:b1:5a:3e:bd:03:48:2e:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7f94ab935054b86dcb5d6adbad2dfdb564b5248
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1172cad34e0ba4751e6d09ece62f376ff9cd8cf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:50:85:4e:a8:ce:1e:ba:11:5e:66:d9:ba:35:
                    a2:e9:ff:8a:99:a0:2c:1d:11:2e:9b:b2:c6:88:85:
                    be:f8:05:9e:d5:18:19:f1:21:d1:29:d8:ba:e2:99:
                    50:27:57:2f:8a:ae:4b:31:8f:7c:28:32:8a:21:0a:
                    fb:36:f9:4a:b2:cd:c1:85:86:9e:60:be:56:0c:db:
                    3a:c3:f5:e9:2f:20:a7:2c:de:1a:87:fd:46:f7:a8:
                    aa:6c:c3:a7:1c:6a:9b:3d:ab:4f:a0:54:f1:8d:cf:
                    da:ce:f1:f1:79:53:f9:de:09:b4:01:e7:7b:76:1c:
                    89:52:2d:2f:4d:e4:a9:7c:63:e3:8b:8c:ba:3f:e7:
                    6b:e3:ac:b0:21:10:6e:00:63:c2:f1:02:18:35:90:
                    79:7a:b6:ca:f9:00:44:01:dd:44:7d:b3:68:a0:23:
                    c7:22:93:39:17:a7:9a:b5:b5:36:4d:cc:9c:41:a7:
                    6d:f0:16:79:c4:e0:ae:44:ff:49:1d:e4:f5:3f:04:
                    4b:85:44:d2:70:04:bb:76:55:b1:f8:80:e9:29:ce:
                    3d:fc:49:41:40:21:78:ef:5a:95:1c:aa:26:73:2f:
                    6f:81:0e:40:db:3a:45:d4:63:7f:a9:7c:d0:81:c0:
                    69:3e:37:31:80:47:a6:99:4f:8f:b6:c1:7d:6f:f7:
                    5a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:72:CA:D3:4E:0B:A4:75:1E:6D:09:EC:E6:2F:37:6F:F9:CD:8C:F9
            X509v3 Authority Key Identifier:
                keyid:A7:F9:4A:B9:35:05:4B:86:DC:B5:D6:AD:BA:D2:DF:DB:56:4B:52:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_lKuTUFS4bctdatutLf21ZLUkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/EXLK004LpHUebQns5i83b_nNjPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/p_lKuTUFS4bctdatutLf21ZLUkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.156.0/22
                IPv6:
                  2a0b:20c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         26:6d:d4:66:4e:bb:59:c8:57:b2:5a:93:03:67:d2:21:39:4c:
         e7:cc:e8:ad:cb:0f:b9:9d:49:c0:c8:32:50:82:23:2f:a2:26:
         b4:1c:47:ab:d0:3c:8b:fa:af:32:8c:34:2f:c0:07:a0:19:64:
         93:33:e9:8a:3d:2e:75:eb:6d:b3:21:47:97:bd:ae:73:d2:f1:
         2e:73:9d:57:e2:fe:13:8b:06:d6:e5:9e:8f:80:ac:54:ab:b6:
         bd:5f:fa:04:2a:9f:98:d1:a9:b6:2e:9b:9e:bf:53:05:29:0d:
         b9:29:6c:5c:c5:55:5d:62:e6:5f:eb:9e:97:54:03:6a:d3:e3:
         a6:7d:d4:61:67:4a:c2:00:4b:03:25:24:c1:60:65:73:b7:6e:
         9e:d9:a4:5a:0a:63:07:2c:4c:52:06:6f:5d:54:76:1e:3f:0c:
         72:f0:f8:cf:ed:04:ca:e6:95:d2:0a:48:36:8d:40:9f:bf:5f:
         87:9a:82:8d:22:5f:f0:ca:10:ae:47:da:24:cd:b8:27:ad:93:
         c7:dd:82:64:c2:7f:0e:fd:c8:aa:cf:58:e9:6a:b8:e6:2c:95:
         e9:d2:4c:c6:7c:bb:d2:de:03:74:a1:93:d4:bf:ed:8a:26:6c:
         58:c6:28:f3:37:23:c5:ce:58:70:ae:db:6c:0f:70:cf:31:e3:
         13:ae:b9:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSKW1FNXp/7FaPr0DSC6mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3Zjk0YWI5MzUwNTRiODZkY2I1ZDZhZGJhZDJkZmRiNTY0
YjUyNDgwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTcyY2FkMzRlMGJhNDc1MWU2ZDA5ZWNlNjJmMzc2ZmY5Y2Q4Y2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFCFTqjOHroRXmbZujWi6f+KmaAs
HREum7LGiIW++AWe1RgZ8SHRKdi64plQJ1cviq5LMY98KDKKIQr7NvlKss3BhYae
YL5WDNs6w/XpLyCnLN4ah/1G96iqbMOnHGqbPatPoFTxjc/azvHxeVP53gm0Aed7
dhyJUi0vTeSpfGPji4y6P+dr46ywIRBuAGPC8QIYNZB5erbK+QBEAd1EfbNooCPH
IpM5F6eatbU2TcycQadt8BZ5xOCuRP9JHeT1PwRLhUTScAS7dlWx+IDpKc49/ElB
QCF471qVHKomcy9vgQ5A2zpF1GN/qXzQgcBpPjcxgEemmU+PtsF9b/da4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBFyytNOC6R1Hm0J7OYvN2/5zYz5MB8GA1UdIwQY
MBaAFKf5Srk1BUuG3LXWrbrS39tWS1JIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF9sS3VUVUZTNGJjdGRhdHV0TGYyMVpMVWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy83ZTM4YjItYmVjMS00NDY0LWEwY2Et
N2QyNThiNjIwMTY5LzEvRVhMSzAwNExwSFVlYlFuczVpODNiX25OalBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy83ZTM4YjItYmVjMS00NDY0LWEwY2EtN2QyNThiNjIwMTY5
LzEvcF9sS3VUVUZTNGJjdGRhdHV0TGYyMVpMVWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYucMA0E
AgACMAcDBQAqCyDAMA0GCSqGSIb3DQEBCwUAA4IBAQAmbdRmTrtZyFeyWpMDZ9Ih
OUznzOityw+5nUnAyDJQgiMvoia0HEer0DyL+q8yjDQvwAegGWSTM+mKPS51622z
IUeXva5z0vEuc51X4v4TiwbW5Z6PgKxUq7a9X/oEKp+Y0am2Lpuev1MFKQ25KWxc
xVVdYuZf656XVANq0+OmfdRhZ0rCAEsDJSTBYGVzt26e2aRaCmMHLExSBm9dVHYe
Pwxy8PjP7QTK5pXSCkg2jUCfv1+HmoKNIl/wyhCuR9okzbgnrZPH3YJkwn8O/ciq
z1jparjmLJXp0kzGfLvS3gN0oZPUv+2KJmxYxijzNyPFzlhwrttsD3DPMeMTrrnA
-----END CERTIFICATE-----