Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/LkZMbp2aUa0yXxOxLWaqN5AS52o.roa
File:                     LkZMbp2aUa0yXxOxLWaqN5AS52o.roa (raw, json)
Hash identifier:          o8vH7FtM5V/qTZoiT6aAxSseM4Yg902eHtLadTVcAzY=
Subject key identifier:   2E:46:4C:6E:9D:9A:51:AD:32:5F:13:B1:2D:66:AA:37:90:12:E7:6A
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       0194266BF2BE6EBB6886B1F754934CB259BA
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/LkZMbp2aUa0yXxOxLWaqN5AS52o.roa
Signing time:             Thu 02 Jan 2025 09:49:56 +0000
ROA not before:           Thu 02 Jan 2025 09:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39007
IP address blocks:        82.135.160.0/21 maxlen: 21
                          212.59.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 20:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f2:be:6e:bb:68:86:b1:f7:54:93:4c:b2:59:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 09:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e464c6e9d9a51ad325f13b12d66aa379012e76a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b2:c6:2c:c4:f1:53:30:c0:b7:96:dc:97:be:
                    e9:90:23:ca:34:f3:eb:1d:fe:34:f7:99:85:6e:dd:
                    0c:7f:1f:ed:2f:a0:c4:47:58:31:b4:ee:0b:4c:93:
                    50:2e:e4:05:45:98:f7:c9:25:9c:8a:06:76:ce:89:
                    c7:14:c2:5a:98:7b:07:a1:9d:42:ff:a7:09:5a:ba:
                    c8:2a:f2:1d:da:31:f2:f9:8d:70:8b:fd:44:d5:91:
                    17:f2:cf:d3:a0:83:2b:b8:24:1e:e0:24:8f:7a:c5:
                    fd:e5:c8:f4:3d:2f:4b:c0:29:ee:0f:7e:80:7e:40:
                    48:56:ec:83:c8:de:a2:87:a7:c8:49:4e:cb:69:d6:
                    2a:1e:70:2f:99:ef:cf:b9:f6:ee:ff:85:d7:91:02:
                    20:19:30:eb:bd:6c:46:49:5c:df:a9:1e:f5:e1:de:
                    3b:3f:8a:2a:7a:fc:e3:e9:d5:62:57:04:2e:c2:42:
                    4b:fd:fb:25:a1:5a:26:d4:0a:19:07:7c:0f:3b:ad:
                    92:24:78:34:81:3a:d0:de:ff:54:4e:15:ec:66:94:
                    6c:c9:8f:dc:4d:b8:6a:91:e3:77:23:3b:51:62:64:
                    2e:c4:25:6c:76:62:45:55:0a:05:a0:09:d2:92:1a:
                    f5:f0:0a:86:85:33:85:56:05:ed:d7:c9:c1:33:1f:
                    f2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:46:4C:6E:9D:9A:51:AD:32:5F:13:B1:2D:66:AA:37:90:12:E7:6A
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/LkZMbp2aUa0yXxOxLWaqN5AS52o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.135.160.0/21
                  212.59.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:66:54:cd:a1:5d:84:78:cf:57:90:63:4a:11:53:10:d3:59:
         43:c9:9a:09:52:09:98:6e:d6:b2:53:35:9d:c8:52:bf:93:57:
         aa:2b:7d:20:ab:c8:47:1d:a2:62:ee:e0:d9:6c:5c:3c:fd:4f:
         8f:93:9a:84:d7:0e:2e:6c:31:2c:11:2b:59:6f:62:bc:d3:c6:
         06:8d:7c:50:3a:cd:f3:9e:8b:5b:aa:47:d5:bf:9b:38:6a:53:
         a1:31:d4:f2:47:9b:d5:5f:c9:ad:77:02:5e:6f:4f:a2:d4:a2:
         7f:5f:bf:3c:43:1a:2e:a3:e9:22:59:cf:ba:5b:8a:03:51:80:
         c6:c5:c7:a1:79:ae:49:bf:12:6e:fb:f7:2d:b8:d3:f4:00:c1:
         a0:8d:6c:f8:c4:0d:8c:e7:04:84:f2:5c:f7:6a:39:f0:db:36:
         c7:28:68:f4:30:0b:13:58:47:5a:21:01:48:df:83:2e:1c:f1:
         ce:c3:63:d2:3a:30:23:32:0c:ff:c7:a5:dd:aa:04:50:58:16:
         23:92:ab:70:0e:90:e3:41:a4:a7:de:97:f1:b2:bf:50:4c:20:
         56:6d:40:b8:1f:ad:ec:61:51:97:a9:2f:60:cd:fe:0f:fb:cb:
         86:99:4d:4e:8a:9c:07:47:4c:42:ac:cd:b0:c8:08:d4:50:fb:
         68:d4:42:33
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQma/K+brtohrH3VJNMslm6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjUwMTAyMDk0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTQ2NGM2ZTlkOWE1MWFkMzI1ZjEzYjEyZDY2YWEzNzkwMTJlNzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbLGLMTxUzDAt5bcl77pkCPKNPPr
Hf4095mFbt0Mfx/tL6DER1gxtO4LTJNQLuQFRZj3ySWcigZ2zonHFMJamHsHoZ1C
/6cJWrrIKvId2jHy+Y1wi/1E1ZEX8s/ToIMruCQe4CSPesX95cj0PS9LwCnuD36A
fkBIVuyDyN6ih6fISU7LadYqHnAvme/Pufbu/4XXkQIgGTDrvWxGSVzfqR714d47
P4oqevzj6dViVwQuwkJL/fsloVom1AoZB3wPO62SJHg0gTrQ3v9UThXsZpRsyY/c
TbhqkeN3IztRYmQuxCVsdmJFVQoFoAnSkhr18AqGhTOFVgXt18nBMx/yXwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC5GTG6dmlGtMl8TsS1mqjeQEudqMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL0xrWk1icDJhVWEweVh4T3hMV2FxTjVBUzUyby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBANSh6AD
BADUOxIwDQYJKoZIhvcNAQELBQADggEBAIJmVM2hXYR4z1eQY0oRUxDTWUPJmglS
CZhu1rJTNZ3IUr+TV6orfSCryEcdomLu4NlsXDz9T4+TmoTXDi5sMSwRK1lvYrzT
xgaNfFA6zfOei1uqR9W/mzhqU6Ex1PJHm9Vfya13Al5vT6LUon9fvzxDGi6j6SJZ
z7pbigNRgMbFx6F5rkm/Em779y240/QAwaCNbPjEDYznBITyXPdqOfDbNscoaPQw
CxNYR1ohAUjfgy4c8c7DY9I6MCMyDP/Hpd2qBFBYFiOSq3AOkONBpKfel/Gyv1BM
IFZtQLgfrexhUZepL2DN/g/7y4aZTU6KnAdHTEKszbDICNRQ+2jUQjM=
-----END CERTIFICATE-----