Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/lCpE9-_9vA0HzQAwKrWQ7gX2Gi8.roa
File:                     lCpE9-_9vA0HzQAwKrWQ7gX2Gi8.roa (raw, json)
Hash identifier:          YkwTTveNH0IQGCLC0ZIMEDB0zjPdx3yFhcYm5gkoPpw=
Subject key identifier:   94:2A:44:F7:EF:FD:BC:0D:07:CD:00:30:2A:B5:90:EE:05:F6:1A:2F
Certificate issuer:       /CN=4ab7dc03789f58621b25e8dd0d925dc91b4a5aa2
Certificate serial:       019425FDAA6A22D3F66F58045C84EE84DC36
Authority key identifier: 4A:B7:DC:03:78:9F:58:62:1B:25:E8:DD:0D:92:5D:C9:1B:4A:5A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SrfcA3ifWGIbJejdDZJdyRtKWqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/lCpE9-_9vA0HzQAwKrWQ7gX2Gi8.roa
Signing time:             Thu 02 Jan 2025 07:49:28 +0000
ROA not before:           Thu 02 Jan 2025 07:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49409
IP address blocks:        95.141.80.0/20 maxlen: 24
                          185.134.124.0/22 maxlen: 24
                          2a02:f58::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/SrfcA3ifWGIbJejdDZJdyRtKWqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/SrfcA3ifWGIbJejdDZJdyRtKWqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SrfcA3ifWGIbJejdDZJdyRtKWqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:aa:6a:22:d3:f6:6f:58:04:5c:84:ee:84:dc:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ab7dc03789f58621b25e8dd0d925dc91b4a5aa2
        Validity
            Not Before: Jan  2 07:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=942a44f7effdbc0d07cd00302ab590ee05f61a2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:5f:39:60:a2:81:f1:6d:aa:0d:10:68:5e:ba:
                    ea:a7:15:b3:99:81:da:cd:e3:f3:33:88:8d:07:a4:
                    9d:e8:f6:c2:68:a7:f6:2b:7c:08:1c:0c:eb:ec:61:
                    31:14:b7:e6:b3:1f:d2:1f:03:12:e8:6f:c4:18:bd:
                    92:f1:9b:4f:21:8d:79:9f:3d:9e:43:dd:4c:78:1a:
                    9a:00:a9:3b:39:88:f3:d8:87:af:47:c9:7e:48:28:
                    89:93:6f:fd:de:84:a2:20:97:73:86:60:4c:d4:3d:
                    83:dc:00:e8:78:55:c1:84:d3:aa:f2:a5:e2:56:bf:
                    4e:9a:5a:7c:49:1f:fd:c0:75:28:e7:c0:3d:3c:a1:
                    7c:9c:0a:17:a9:55:17:63:97:97:28:46:01:1d:16:
                    52:c7:fa:d9:59:a4:49:74:68:b6:01:28:17:8b:f8:
                    7e:d4:f7:e4:c5:bc:c0:70:f7:f4:f0:58:90:e4:7f:
                    d5:45:b0:f9:fd:8c:74:5a:75:e7:f0:f1:b1:fc:83:
                    fa:ce:32:6f:78:2d:56:a2:bb:e0:46:47:0a:ce:b9:
                    82:a8:20:94:44:27:90:f4:dd:d1:1d:08:8a:a6:dd:
                    e6:b4:30:f9:5c:54:94:a5:74:c3:a9:cc:fb:24:9f:
                    66:31:de:3e:04:6c:16:e1:1d:24:e5:0f:18:b5:a5:
                    b2:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:2A:44:F7:EF:FD:BC:0D:07:CD:00:30:2A:B5:90:EE:05:F6:1A:2F
            X509v3 Authority Key Identifier:
                keyid:4A:B7:DC:03:78:9F:58:62:1B:25:E8:DD:0D:92:5D:C9:1B:4A:5A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SrfcA3ifWGIbJejdDZJdyRtKWqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/lCpE9-_9vA0HzQAwKrWQ7gX2Gi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/SrfcA3ifWGIbJejdDZJdyRtKWqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.141.80.0/20
                  185.134.124.0/22
                IPv6:
                  2a02:f58::/29

    Signature Algorithm: sha256WithRSAEncryption
         c8:43:b7:fd:bf:ab:c3:e9:74:4a:21:63:19:f2:7a:db:08:1b:
         25:95:18:c8:39:d2:6e:fb:8c:32:37:99:4d:55:7c:b9:25:32:
         89:87:fe:f2:7b:a8:c0:69:93:8d:7e:98:ae:84:5c:a9:e8:bd:
         db:29:a0:99:e3:a2:ff:67:0b:c6:f2:5c:ad:2f:6a:2e:ec:44:
         dd:a7:97:a8:a4:f1:22:b9:88:c0:74:a3:7b:4b:16:33:98:e4:
         d1:20:13:d8:2c:75:c1:0c:dc:84:d5:48:08:95:42:08:ec:bf:
         30:f5:77:4e:23:1b:71:a1:7b:07:ca:77:06:86:72:cb:8c:7a:
         a6:b3:95:82:8a:c9:20:89:9c:9b:41:07:8b:ac:e9:60:61:84:
         c2:a0:a6:c4:50:6c:84:ee:ca:33:66:bd:ae:50:c1:65:16:27:
         fa:f9:b5:de:9d:46:e1:59:1f:80:da:d9:58:e9:34:05:d4:fd:
         a2:03:72:8d:84:f4:64:7a:ab:50:1d:05:db:03:a3:02:ce:0c:
         c2:59:b0:06:01:d6:0c:b3:42:81:1c:19:22:50:bf:ec:13:b2:
         65:20:57:cd:eb:26:cc:81:3e:0a:7d:32:2b:ad:f5:8c:45:60:
         56:8d:15:56:45:08:9e:08:17:3c:4c:03:c5:fd:ab:80:57:71:
         0b:ad:9e:b4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQl/apqItP2b1gEXITuhNw2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYjdkYzAzNzg5ZjU4NjIxYjI1ZThkZDBkOTI1ZGM5MWI0
YTVhYTIwHhcNMjUwMTAyMDc0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDJhNDRmN2VmZmRiYzBkMDdjZDAwMzAyYWI1OTBlZTA1ZjYxYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn185YKKB8W2qDRBoXrrqpxWzmYHa
zePzM4iNB6Sd6PbCaKf2K3wIHAzr7GExFLfmsx/SHwMS6G/EGL2S8ZtPIY15nz2e
Q91MeBqaAKk7OYjz2IevR8l+SCiJk2/93oSiIJdzhmBM1D2D3ADoeFXBhNOq8qXi
Vr9Omlp8SR/9wHUo58A9PKF8nAoXqVUXY5eXKEYBHRZSx/rZWaRJdGi2ASgXi/h+
1PfkxbzAcPf08FiQ5H/VRbD5/Yx0WnXn8PGx/IP6zjJveC1WorvgRkcKzrmCqCCU
RCeQ9N3RHQiKpt3mtDD5XFSUpXTDqcz7JJ9mMd4+BGwW4R0k5Q8YtaWyHwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJQqRPfv/bwNB80AMCq1kO4F9hovMB8GA1UdIwQY
MBaAFEq33AN4n1hiGyXo3Q2SXckbSlqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3JmY0EzaWZXR0liSmVqZERaSmR5UnRLV3FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC84YTU5ZGItNWFkOC00ZjNmLTk3YzIt
ZjM4YmNiZDkzMzkwLzEvbENwRTktXzl2QTBIelFBd0tyV1E3Z1gyR2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC84YTU5ZGItNWFkOC00ZjNmLTk3YzItZjM4YmNiZDkzMzkw
LzEvU3JmY0EzaWZXR0liSmVqZERaSmR5UnRLV3FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEX41QAwQC
uYZ8MA0EAgACMAcDBQMqAg9YMA0GCSqGSIb3DQEBCwUAA4IBAQDIQ7f9v6vD6XRK
IWMZ8nrbCBsllRjIOdJu+4wyN5lNVXy5JTKJh/7ye6jAaZONfpiuhFyp6L3bKaCZ
46L/ZwvG8lytL2ou7ETdp5eopPEiuYjAdKN7SxYzmOTRIBPYLHXBDNyE1UgIlUII
7L8w9XdOIxtxoXsHyncGhnLLjHqms5WCiskgiZybQQeLrOlgYYTCoKbEUGyE7soz
Zr2uUMFlFif6+bXenUbhWR+A2tlY6TQF1P2iA3KNhPRkeqtQHQXbA6MCzgzCWbAG
AdYMs0KBHBkiUL/sE7JlIFfN6ybMgT4KfTIrrfWMRWBWjRVWRQieCBc8TAPF/auA
V3ELrZ60
-----END CERTIFICATE-----