Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/lzHOgZrHrqQGVQqwSt6ZNKYpMu0.roa
File:                     lzHOgZrHrqQGVQqwSt6ZNKYpMu0.roa (raw, json)
Hash identifier:          cTqvJjyFjEDkOGNX3msbSp1Vviegaq0SPh0Fb4MUNxg=
Subject key identifier:   97:31:CE:81:9A:C7:AE:A4:06:55:0A:B0:4A:DE:99:34:A6:29:32:ED
Certificate issuer:       /CN=0324d16977eee2f58beb1bb7aa2f4b2fa1abfc48
Certificate serial:       018CC26D47CE08857D95353C5DDD5F7382AD
Authority key identifier: 03:24:D1:69:77:EE:E2:F5:8B:EB:1B:B7:AA:2F:4B:2F:A1:AB:FC:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/lzHOgZrHrqQGVQqwSt6ZNKYpMu0.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5610
IP address blocks:        78.24.232.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:47:ce:08:85:7d:95:35:3c:5d:dd:5f:73:82:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0324d16977eee2f58beb1bb7aa2f4b2fa1abfc48
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9731ce819ac7aea406550ab04ade9934a62932ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cd:e0:87:72:32:fc:3b:d8:2f:2a:92:c2:b1:
                    7b:aa:58:a1:ac:47:d9:36:78:fb:b0:98:be:9a:63:
                    c6:d6:23:c9:54:ca:66:fc:59:a5:bd:47:2a:2c:ce:
                    67:02:5d:9f:6d:75:d8:f4:40:ed:b9:80:82:15:fe:
                    a4:49:c6:af:45:b8:ed:98:72:80:55:8c:95:46:74:
                    8a:aa:25:c4:15:0a:a4:f8:40:54:5e:be:a2:4d:90:
                    b0:05:fc:26:78:0d:35:bd:33:8e:30:50:81:19:43:
                    a6:ee:05:25:59:86:e9:ac:07:dc:0a:fc:36:5a:e7:
                    cb:1e:5b:ee:07:89:ca:e5:6e:fa:73:6e:7d:e0:63:
                    11:0d:3c:23:35:79:83:54:ac:2e:cd:60:07:df:37:
                    ef:5d:f6:5b:d1:fb:87:2b:be:58:3a:c5:ee:d6:e9:
                    8c:bf:a2:29:f6:2e:23:96:28:30:3d:f4:dd:07:25:
                    28:ed:09:b6:fd:c2:b0:91:cf:f0:d4:33:72:5f:50:
                    94:66:56:b0:84:4a:53:d9:79:e3:f2:eb:bf:41:5d:
                    3e:d7:2c:2c:91:fe:c5:68:ea:39:13:3a:bd:de:08:
                    78:7b:55:73:25:83:4d:98:98:7d:cb:6a:74:a9:f9:
                    7f:d4:4d:63:88:0a:5b:59:8a:f9:73:8f:8b:da:d0:
                    75:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:31:CE:81:9A:C7:AE:A4:06:55:0A:B0:4A:DE:99:34:A6:29:32:ED
            X509v3 Authority Key Identifier:
                keyid:03:24:D1:69:77:EE:E2:F5:8B:EB:1B:B7:AA:2F:4B:2F:A1:AB:FC:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/lzHOgZrHrqQGVQqwSt6ZNKYpMu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/4578a6-1a1c-4944-a773-c25d7fca0037/1/AyTRaXfu4vWL6xu3qi9LL6Gr_Eg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6e:4a:2b:e7:ae:df:8b:1d:b0:a1:d2:40:86:c9:ae:15:35:42:
         bc:ca:c7:3c:fe:cc:5a:8a:a8:6f:65:c6:e2:e9:68:16:62:bf:
         3a:6c:d5:5c:ca:09:98:2d:a9:e8:4f:c7:76:b1:64:1e:b8:b0:
         65:56:f0:50:41:75:aa:6b:0d:9c:95:7e:7b:25:9e:d5:4b:7c:
         30:95:31:b2:c7:51:77:41:f6:ba:89:d0:1f:a7:be:7a:c2:5c:
         21:fc:38:5e:24:fe:ed:5b:8c:d6:4b:49:61:43:85:73:69:cd:
         e8:26:99:49:bd:11:f0:8f:de:84:69:5e:ee:96:3b:71:b4:d8:
         06:0d:ea:14:73:34:a4:a7:84:f4:0e:e4:b4:e5:f3:63:21:fd:
         24:5c:27:17:12:7f:84:9b:b5:67:a0:3b:b3:d5:32:6f:37:98:
         a2:b2:7f:ac:32:64:24:8a:c7:7b:c0:47:07:e5:9d:e3:04:69:
         29:3a:9b:1d:59:ce:07:c1:76:b0:bb:98:22:03:94:6b:da:3d:
         c9:30:85:9b:8f:34:e1:ed:7e:cc:3e:a7:01:7a:d9:ec:81:6f:
         96:c8:8d:e4:ef:16:fd:a7:be:be:8b:ba:81:3a:fd:8a:f8:54:
         67:e1:6a:a0:1d:29:42:10:1f:9e:e9:44:66:2d:49:3d:1e:4e:
         90:44:c4:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUfOCIV9lTU8Xd1fc4KtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMjRkMTY5NzdlZWUyZjU4YmViMWJiN2FhMmY0YjJmYTFh
YmZjNDgwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzMxY2U4MTlhYzdhZWE0MDY1NTBhYjA0YWRlOTkzNGE2MjkzMmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms3gh3Iy/DvYLyqSwrF7qlihrEfZ
Nnj7sJi+mmPG1iPJVMpm/FmlvUcqLM5nAl2fbXXY9EDtuYCCFf6kScavRbjtmHKA
VYyVRnSKqiXEFQqk+EBUXr6iTZCwBfwmeA01vTOOMFCBGUOm7gUlWYbprAfcCvw2
WufLHlvuB4nK5W76c2594GMRDTwjNXmDVKwuzWAH3zfvXfZb0fuHK75YOsXu1umM
v6Ip9i4jligwPfTdByUo7Qm2/cKwkc/w1DNyX1CUZlawhEpT2Xnj8uu/QV0+1yws
kf7FaOo5Ezq93gh4e1VzJYNNmJh9y2p0qfl/1E1jiApbWYr5c4+L2tB15wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcxzoGax66kBlUKsEremTSmKTLtMB8GA1UdIwQY
MBaAFAMk0Wl37uL1i+sbt6ovSy+hq/xIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXlUUmFYZnU0dldMNnh1M3FpOUxMNkdyX0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS80NTc4YTYtMWExYy00OTQ0LWE3NzMt
YzI1ZDdmY2EwMDM3LzEvbHpIT2dackhycVFHVlFxd1N0NlpOS1lwTXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS80NTc4YTYtMWExYy00OTQ0LWE3NzMtYzI1ZDdmY2EwMDM3
LzEvQXlUUmFYZnU0dldMNnh1M3FpOUxMNkdyX0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDThjoMA0G
CSqGSIb3DQEBCwUAA4IBAQBuSivnrt+LHbCh0kCGya4VNUK8ysc8/sxaiqhvZcbi
6WgWYr86bNVcygmYLanoT8d2sWQeuLBlVvBQQXWqaw2clX57JZ7VS3wwlTGyx1F3
Qfa6idAfp756wlwh/DheJP7tW4zWS0lhQ4Vzac3oJplJvRHwj96EaV7uljtxtNgG
DeoUczSkp4T0DuS05fNjIf0kXCcXEn+Em7VnoDuz1TJvN5iisn+sMmQkisd7wEcH
5Z3jBGkpOpsdWc4HwXawu5giA5Rr2j3JMIWbjzTh7X7MPqcBetnsgW+WyI3k7xb9
p76+i7qBOv2K+FRn4WqgHSlCEB+e6URmLUk9Hk6QRMTR
-----END CERTIFICATE-----