Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/1e334d-98b5-47b9-b4fd-29f71ee1791d/1/lhXZyPclsyMC7CcxEzqUUZ1vQWc.roa
File:                     lhXZyPclsyMC7CcxEzqUUZ1vQWc.roa (raw, json)
Hash identifier:          HACd1ZTtNfTUF8ANvWpz4vJco8lFkk1PagQjCyxfuno=
Subject key identifier:   96:15:D9:C8:F7:25:B3:23:02:EC:27:31:13:3A:94:51:9D:6F:41:67
Certificate issuer:       /CN=76f2f341cf98b9e8b46edd389a48064c7bae6f9a
Certificate serial:       018CC7272D935423CC7E3A2A1AD4CE053D54
Authority key identifier: 76:F2:F3:41:CF:98:B9:E8:B4:6E:DD:38:9A:48:06:4C:7B:AE:6F:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dvLzQc-Yuei0bt04mkgGTHuub5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/1e334d-98b5-47b9-b4fd-29f71ee1791d/1/lhXZyPclsyMC7CcxEzqUUZ1vQWc.roa
Signing time:             Mon 01 Jan 2024 22:31:22 +0000
ROA not before:           Mon 01 Jan 2024 22:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199242
IP address blocks:        193.9.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/1e334d-98b5-47b9-b4fd-29f71ee1791d/1/dvLzQc-Yuei0bt04mkgGTHuub5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/1e334d-98b5-47b9-b4fd-29f71ee1791d/1/dvLzQc-Yuei0bt04mkgGTHuub5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dvLzQc-Yuei0bt04mkgGTHuub5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2d:93:54:23:cc:7e:3a:2a:1a:d4:ce:05:3d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76f2f341cf98b9e8b46edd389a48064c7bae6f9a
        Validity
            Not Before: Jan  1 22:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9615d9c8f725b32302ec2731133a94519d6f4167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d6:cf:c3:35:6f:c7:bf:fd:7d:08:1b:17:56:
                    d1:1e:c3:4c:bf:57:41:92:09:12:74:f3:52:5b:a4:
                    12:74:33:a0:c7:a1:48:b3:ca:60:f9:b7:9a:19:db:
                    46:87:f3:db:ec:e3:32:f5:87:41:00:0b:56:90:30:
                    3e:2e:90:74:d4:f9:9f:89:8a:86:c5:f8:f4:bb:4e:
                    06:79:6a:a6:61:14:8b:eb:63:9e:47:05:e7:39:b5:
                    ba:c9:ef:e1:fe:39:b1:dd:d0:85:1a:25:a2:a6:fb:
                    2f:e0:48:d2:40:30:98:9c:94:f2:ae:69:84:b7:40:
                    9b:4e:bd:34:bb:b1:2a:f2:fb:7d:94:16:fa:35:83:
                    7a:f1:d4:e5:87:1a:b0:4a:46:41:1d:70:c3:70:c5:
                    ed:62:5e:af:27:9b:e9:6c:cd:77:12:7f:74:44:e1:
                    85:e4:02:f2:f2:51:80:65:7d:9c:cb:81:d8:24:0c:
                    4f:b8:dc:16:62:5c:47:6c:ae:1d:b4:8c:d4:0b:5f:
                    6b:21:e7:23:6e:0b:34:3d:b8:a4:02:88:31:68:40:
                    af:a6:5b:16:e0:86:63:85:39:ad:8c:45:b1:f6:a5:
                    ce:b0:d2:a2:9b:9e:f6:ad:a0:7a:b7:5b:82:69:80:
                    52:fe:5a:1f:1a:da:19:86:e0:99:7c:bb:45:73:4e:
                    88:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:15:D9:C8:F7:25:B3:23:02:EC:27:31:13:3A:94:51:9D:6F:41:67
            X509v3 Authority Key Identifier:
                keyid:76:F2:F3:41:CF:98:B9:E8:B4:6E:DD:38:9A:48:06:4C:7B:AE:6F:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dvLzQc-Yuei0bt04mkgGTHuub5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/1e334d-98b5-47b9-b4fd-29f71ee1791d/1/lhXZyPclsyMC7CcxEzqUUZ1vQWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/1e334d-98b5-47b9-b4fd-29f71ee1791d/1/dvLzQc-Yuei0bt04mkgGTHuub5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:bf:a1:90:d6:ff:69:26:44:62:54:4c:02:0f:87:9f:6a:aa:
         60:b8:4b:1b:bd:9f:b9:b2:0a:1c:7b:5e:c3:bb:fd:d1:6d:44:
         81:08:1a:b5:9f:39:5f:4c:97:89:73:94:37:fe:03:8b:96:ca:
         fa:6f:5c:fb:72:4c:6e:66:d9:53:e9:ad:87:9b:3e:9e:b3:78:
         d1:3d:b1:51:69:85:f9:9b:e9:ad:a9:61:7c:e3:8b:69:a0:b4:
         c9:29:51:fc:0f:d1:3e:39:e3:1b:e9:fe:b1:86:c2:75:f0:e0:
         21:b5:9c:9a:8a:09:c4:18:17:da:ee:ea:04:04:74:c0:96:e4:
         d3:c4:53:8b:ce:30:23:6d:1f:85:dd:2d:52:e7:51:33:6f:bc:
         61:08:4c:64:a4:8f:7f:4c:1a:9e:e7:4e:6a:4f:54:a8:32:6d:
         37:2d:14:34:d0:f5:40:1c:2b:b7:3d:af:63:8d:0c:9b:44:76:
         60:8f:ce:92:c7:34:de:97:a9:60:5b:f9:07:99:ec:a1:d0:af:
         55:75:ae:86:bd:96:ec:13:bd:7f:65:aa:6b:ad:79:7e:0e:56:
         b2:00:78:63:a2:a4:ed:b7:f7:04:40:4b:d6:78:9f:32:9a:0f:
         ea:7b:fb:e5:83:d6:40:ba:33:5a:94:94:c3:7d:e3:57:60:8e:
         ec:5d:6f:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJy2TVCPMfjoqGtTOBT1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZjJmMzQxY2Y5OGI5ZThiNDZlZGQzODlhNDgwNjRjN2Jh
ZTZmOWEwHhcNMjQwMTAxMjIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjE1ZDljOGY3MjViMzIzMDJlYzI3MzExMzNhOTQ1MTlkNmY0MTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9bPwzVvx7/9fQgbF1bRHsNMv1dB
kgkSdPNSW6QSdDOgx6FIs8pg+beaGdtGh/Pb7OMy9YdBAAtWkDA+LpB01PmfiYqG
xfj0u04GeWqmYRSL62OeRwXnObW6ye/h/jmx3dCFGiWipvsv4EjSQDCYnJTyrmmE
t0CbTr00u7Eq8vt9lBb6NYN68dTlhxqwSkZBHXDDcMXtYl6vJ5vpbM13En90ROGF
5ALy8lGAZX2cy4HYJAxPuNwWYlxHbK4dtIzUC19rIecjbgs0PbikAogxaECvplsW
4IZjhTmtjEWx9qXOsNKim572raB6t1uCaYBS/lofGtoZhuCZfLtFc06IjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYV2cj3JbMjAuwnMRM6lFGdb0FnMB8GA1UdIwQY
MBaAFHby80HPmLnotG7dOJpIBkx7rm+aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHZMelFjLVl1ZWkwYnQwNG1rZ0dUSHV1YjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8xZTMzNGQtOThiNS00N2I5LWI0ZmQt
MjlmNzFlZTE3OTFkLzEvbGhYWnlQY2xzeU1DN0NjeEV6cVVVWjF2UVdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8xZTMzNGQtOThiNS00N2I5LWI0ZmQtMjlmNzFlZTE3OTFk
LzEvZHZMelFjLVl1ZWkwYnQwNG1rZ0dUSHV1YjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQkwMA0G
CSqGSIb3DQEBCwUAA4IBAQA1v6GQ1v9pJkRiVEwCD4efaqpguEsbvZ+5sgoce17D
u/3RbUSBCBq1nzlfTJeJc5Q3/gOLlsr6b1z7ckxuZtlT6a2Hmz6es3jRPbFRaYX5
m+mtqWF844tpoLTJKVH8D9E+OeMb6f6xhsJ18OAhtZyaignEGBfa7uoEBHTAluTT
xFOLzjAjbR+F3S1S51Ezb7xhCExkpI9/TBqe505qT1SoMm03LRQ00PVAHCu3Pa9j
jQybRHZgj86SxzTel6lgW/kHmeyh0K9Vda6GvZbsE71/ZaprrXl+DlayAHhjoqTt
t/cEQEvWeJ8ymg/qe/vlg9ZAujNalJTDfeNXYI7sXW88
-----END CERTIFICATE-----