Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/LZNDq-2SOXvqcoBdWjULuiOs8zI.roa
File:                     LZNDq-2SOXvqcoBdWjULuiOs8zI.roa (raw, json)
Hash identifier:          JOIloMcllUdwg1LynA2pV+jXAxFMM1XN69Q0ezfexas=
Subject key identifier:   2D:93:43:AB:ED:92:39:7B:EA:72:80:5D:5A:35:0B:BA:23:AC:F3:32
Certificate issuer:       /CN=eba8db3b54d081c30bf51bdc7b19e4f6480b7f53
Certificate serial:       018CE958D0B500914B52970AAAE63AB144C4
Authority key identifier: EB:A8:DB:3B:54:D0:81:C3:0B:F5:1B:DC:7B:19:E4:F6:48:0B:7F:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/LZNDq-2SOXvqcoBdWjULuiOs8zI.roa
Signing time:             Mon 08 Jan 2024 13:52:41 +0000
ROA not before:           Mon 08 Jan 2024 13:52:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10753
IP address blocks:        185.192.36.0/23 maxlen: 23
                          185.192.36.0/22 maxlen: 22
                          185.192.38.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 07:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:58:d0:b5:00:91:4b:52:97:0a:aa:e6:3a:b1:44:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eba8db3b54d081c30bf51bdc7b19e4f6480b7f53
        Validity
            Not Before: Jan  8 13:52:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d9343abed92397bea72805d5a350bba23acf332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:06:41:8c:bb:ef:97:af:37:0a:df:fe:cb:31:
                    d8:06:8d:6d:48:26:31:7e:cf:e4:31:ee:90:c9:cd:
                    28:11:f2:40:df:cd:05:4d:4f:e4:fb:7f:69:41:5a:
                    1b:d9:c7:0c:13:81:9c:10:3f:dd:7a:2e:d4:d6:08:
                    73:85:43:fd:c1:91:05:81:ab:f5:a1:98:a3:16:ad:
                    d3:d0:31:e9:fc:d4:d8:a7:e1:25:cc:27:27:52:7e:
                    14:ef:13:5a:be:c2:8e:f0:16:78:6c:cd:bb:21:db:
                    44:3d:cd:5d:bf:17:8b:e8:16:fe:06:10:0a:35:2a:
                    7e:97:3d:f7:2d:cc:b3:ea:ed:74:af:01:ff:af:41:
                    20:81:cb:e6:89:cf:38:6a:24:cc:a8:75:dd:bd:79:
                    10:04:06:11:40:2c:55:34:5e:cd:39:a9:dd:36:34:
                    da:80:7e:c0:33:b5:0a:b7:d2:f8:b6:f2:c5:b3:57:
                    ad:ec:e4:1a:04:f1:d1:e9:2b:31:0d:bd:1b:e9:00:
                    dc:67:a4:11:39:17:c6:3d:90:37:a5:eb:05:2d:37:
                    b1:13:c9:18:ff:c1:44:ef:86:d4:4a:e7:58:c0:33:
                    ef:ea:db:23:5d:60:14:0d:03:f6:42:60:f9:54:ef:
                    94:3a:6d:9a:6b:af:30:71:c6:69:09:04:d8:e0:00:
                    05:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:93:43:AB:ED:92:39:7B:EA:72:80:5D:5A:35:0B:BA:23:AC:F3:32
            X509v3 Authority Key Identifier:
                keyid:EB:A8:DB:3B:54:D0:81:C3:0B:F5:1B:DC:7B:19:E4:F6:48:0B:7F:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/LZNDq-2SOXvqcoBdWjULuiOs8zI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:50:46:a2:58:7c:f7:5e:6e:d7:a6:74:eb:90:bc:dc:57:60:
         ae:bd:c4:3d:28:f2:58:81:05:97:b9:3a:bc:8f:52:d9:37:fd:
         66:e7:a3:be:6e:48:ff:e0:b4:85:3f:da:32:05:4f:35:26:e0:
         40:20:05:ca:a8:fa:16:52:03:2f:a7:e8:67:26:d9:ba:33:a3:
         a7:50:c9:d1:02:56:b5:32:8d:78:d2:5a:e6:b7:3b:cf:33:37:
         4a:b5:63:69:f0:d8:77:cf:43:92:f2:c3:64:cb:7d:f5:59:4a:
         ee:cf:49:c1:22:93:15:34:49:c4:10:50:20:71:32:47:7e:65:
         5c:89:53:3c:0d:32:e5:3f:b2:9b:b5:23:8a:b0:d2:ac:62:4d:
         49:2b:05:4e:15:0d:f4:8d:b7:37:a0:f3:50:0a:57:b7:77:ab:
         a0:e6:83:cb:a3:9e:79:0f:87:e3:0e:2b:95:62:13:75:be:0e:
         4b:39:8e:35:7f:46:c8:8d:f5:3a:38:60:b9:12:28:65:1a:26:
         48:4a:77:04:4d:23:08:18:b3:86:7b:f4:ad:ef:b1:a3:61:c4:
         be:b2:56:87:01:1b:c8:f0:b8:9d:4b:cd:54:5c:cd:f6:d1:5b:
         16:96:79:eb:f0:fd:bf:56:c3:c5:e0:56:ba:09:ab:b1:6a:e8:
         80:44:d2:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzpWNC1AJFLUpcKquY6sUTEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYThkYjNiNTRkMDgxYzMwYmY1MWJkYzdiMTllNGY2NDgw
YjdmNTMwHhcNMjQwMTA4MTM1MjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDkzNDNhYmVkOTIzOTdiZWE3MjgwNWQ1YTM1MGJiYTIzYWNmMzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6gZBjLvvl683Ct/+yzHYBo1tSCYx
fs/kMe6Qyc0oEfJA380FTU/k+39pQVob2ccME4GcED/dei7U1ghzhUP9wZEFgav1
oZijFq3T0DHp/NTYp+ElzCcnUn4U7xNavsKO8BZ4bM27IdtEPc1dvxeL6Bb+BhAK
NSp+lz33Lcyz6u10rwH/r0Eggcvmic84aiTMqHXdvXkQBAYRQCxVNF7NOandNjTa
gH7AM7UKt9L4tvLFs1et7OQaBPHR6SsxDb0b6QDcZ6QRORfGPZA3pesFLTexE8kY
/8FE74bUSudYwDPv6tsjXWAUDQP2QmD5VO+UOm2aa68wccZpCQTY4AAFTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2TQ6vtkjl76nKAXVo1C7ojrPMyMB8GA1UdIwQY
MBaAFOuo2ztU0IHDC/Ub3HsZ5PZIC39TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjZqYk8xVFFnY01MOVJ2Y2V4bms5a2dMZjFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi82Y2NmMDMtMDkwZC00MTZlLTg2Y2Yt
ZTlkYzNmMWNmODI0LzEvTFpORHEtMlNPWHZxY29CZFdqVUx1aU9zOHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi82Y2NmMDMtMDkwZC00MTZlLTg2Y2YtZTlkYzNmMWNmODI0
LzEvNjZqYk8xVFFnY01MOVJ2Y2V4bms5a2dMZjFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucAkMA0G
CSqGSIb3DQEBCwUAA4IBAQCtUEaiWHz3Xm7XpnTrkLzcV2CuvcQ9KPJYgQWXuTq8
j1LZN/1m56O+bkj/4LSFP9oyBU81JuBAIAXKqPoWUgMvp+hnJtm6M6OnUMnRAla1
Mo140lrmtzvPMzdKtWNp8Nh3z0OS8sNky331WUruz0nBIpMVNEnEEFAgcTJHfmVc
iVM8DTLlP7KbtSOKsNKsYk1JKwVOFQ30jbc3oPNQCle3d6ug5oPLo555D4fjDiuV
YhN1vg5LOY41f0bIjfU6OGC5EihlGiZISncETSMIGLOGe/St77GjYcS+slaHARvI
8LidS81UXM320VsWlnnr8P2/VsPF4Fa6CauxauiARNI/
-----END CERTIFICATE-----