Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/LppV1uEpt9qKPCYdbkQ2JGSBGtU.roa
File:                     LppV1uEpt9qKPCYdbkQ2JGSBGtU.roa (raw, json)
Hash identifier:          YF1oZ7JfZLvBbINQRpaauU6CKWrG5mMhy7Y29PmgRcY=
Subject key identifier:   2E:9A:55:D6:E1:29:B7:DA:8A:3C:26:1D:6E:44:36:24:64:81:1A:D5
Certificate issuer:       /CN=a9ac1f8595bad558240d74068000a1cf708ba1a5
Certificate serial:       018CC50007710E27325634DCF28C18839C6C
Authority key identifier: A9:AC:1F:85:95:BA:D5:58:24:0D:74:06:80:00:A1:CF:70:8B:A1:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qawfhZW61VgkDXQGgAChz3CLoaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/LppV1uEpt9qKPCYdbkQ2JGSBGtU.roa
Signing time:             Mon 01 Jan 2024 12:29:22 +0000
ROA not before:           Mon 01 Jan 2024 12:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8823
IP address blocks:        193.47.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/qawfhZW61VgkDXQGgAChz3CLoaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/qawfhZW61VgkDXQGgAChz3CLoaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qawfhZW61VgkDXQGgAChz3CLoaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:07:71:0e:27:32:56:34:dc:f2:8c:18:83:9c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9ac1f8595bad558240d74068000a1cf708ba1a5
        Validity
            Not Before: Jan  1 12:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e9a55d6e129b7da8a3c261d6e44362464811ad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a2:35:82:98:ef:94:5c:6c:c0:57:47:23:af:
                    9c:3b:8e:17:d4:5b:c7:2f:0a:d5:5a:03:9b:04:73:
                    0f:d2:15:f5:68:71:7b:b3:20:7d:aa:76:f5:1a:58:
                    d7:37:e4:31:78:e7:c2:84:ad:34:fc:28:c4:9d:4b:
                    24:d4:92:b4:66:d5:3e:ac:03:3c:b8:db:d7:c5:77:
                    a9:f5:d9:14:dc:a3:71:d1:00:e4:e7:45:85:8e:be:
                    74:d3:1b:31:99:13:bc:6e:4e:97:54:43:91:54:fd:
                    74:77:6b:3c:ea:0c:60:fc:24:86:9a:af:5a:0a:d3:
                    3d:d9:83:e2:67:8d:52:3a:21:99:35:06:09:a5:14:
                    53:03:90:f1:fa:af:39:80:8d:40:e3:a4:f4:9d:e9:
                    5d:19:d7:b3:e2:2a:4f:17:4b:f7:0e:08:2f:65:bd:
                    55:79:50:cc:6c:4c:f3:f0:db:d6:6a:97:8a:db:f9:
                    ec:55:5d:d9:f6:65:c4:d8:22:7c:ea:ce:53:45:fe:
                    60:ac:64:1f:ab:ec:d2:a6:76:2b:ac:d2:ce:4d:1c:
                    62:a4:d0:c4:3c:fc:f5:b6:a2:db:11:19:f6:8d:00:
                    4f:20:9f:c4:ce:0a:81:61:45:c7:9e:bc:85:eb:ee:
                    62:ab:ec:b9:1b:69:5f:0e:f0:9d:4c:1a:a1:2c:ae:
                    16:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:9A:55:D6:E1:29:B7:DA:8A:3C:26:1D:6E:44:36:24:64:81:1A:D5
            X509v3 Authority Key Identifier:
                keyid:A9:AC:1F:85:95:BA:D5:58:24:0D:74:06:80:00:A1:CF:70:8B:A1:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qawfhZW61VgkDXQGgAChz3CLoaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/LppV1uEpt9qKPCYdbkQ2JGSBGtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/qawfhZW61VgkDXQGgAChz3CLoaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:f3:05:1b:e7:fe:a5:90:90:0e:fe:76:40:69:15:ef:d2:90:
         4b:3c:48:ab:87:48:e7:2f:02:2f:cb:07:eb:86:ee:10:71:db:
         d4:ba:87:ad:39:9e:cb:9d:0a:3e:6b:d7:94:51:ae:51:55:f4:
         43:7e:1d:08:66:df:f9:d0:45:be:3f:50:02:ea:d9:f2:bd:f1:
         69:0f:d4:79:f8:56:be:fa:43:ad:01:2c:2c:a8:e1:23:e3:4f:
         64:3c:4d:3a:b7:b4:ea:97:13:77:6a:b3:63:58:d6:04:8b:1b:
         42:1d:d4:3a:90:ca:b1:2b:58:d2:48:61:fc:2a:33:a2:ad:e2:
         b3:6f:a4:bd:de:69:e3:cd:da:79:a6:ea:c9:17:8b:a2:02:b8:
         30:b0:dc:b9:85:73:07:f5:63:85:34:2e:c6:63:cc:01:fb:a0:
         cc:bb:3f:17:29:bf:ae:57:a1:63:a9:24:0e:54:26:a3:87:80:
         c7:9b:cf:e5:cc:4a:0c:06:72:d7:22:ac:7b:39:c5:6f:01:18:
         52:57:22:b2:72:92:ed:f8:cc:c6:e9:8e:d6:16:89:a3:3c:ec:
         ae:2b:5d:5a:94:5f:df:9d:2e:1c:7d:a3:b4:20:0e:bb:51:78:
         1c:d1:f8:74:33:52:76:af:73:45:4c:1e:a4:d8:c8:f5:c2:89:
         bc:de:89:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAAdxDicyVjTc8owYg5xsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YWMxZjg1OTViYWQ1NTgyNDBkNzQwNjgwMDBhMWNmNzA4
YmExYTUwHhcNMjQwMTAxMTIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTlhNTVkNmUxMjliN2RhOGEzYzI2MWQ2ZTQ0MzYyNDY0ODExYWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraI1gpjvlFxswFdHI6+cO44X1FvH
LwrVWgObBHMP0hX1aHF7syB9qnb1GljXN+QxeOfChK00/CjEnUsk1JK0ZtU+rAM8
uNvXxXep9dkU3KNx0QDk50WFjr500xsxmRO8bk6XVEORVP10d2s86gxg/CSGmq9a
CtM92YPiZ41SOiGZNQYJpRRTA5Dx+q85gI1A46T0neldGdez4ipPF0v3DggvZb1V
eVDMbEzz8NvWapeK2/nsVV3Z9mXE2CJ86s5TRf5grGQfq+zSpnYrrNLOTRxipNDE
PPz1tqLbERn2jQBPIJ/EzgqBYUXHnryF6+5iq+y5G2lfDvCdTBqhLK4WRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6aVdbhKbfaijwmHW5ENiRkgRrVMB8GA1UdIwQY
MBaAFKmsH4WVutVYJA10BoAAoc9wi6GlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWF3ZmhaVzYxVmdrRFhRR2dBQ2h6M0NMb2FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni80ZWRjMzYtNGQ1My00N2NmLWE2ZmMt
YjUxMTU0NjI4ZmIzLzEvTHBwVjF1RXB0OXFLUENZZGJrUTJKR1NCR3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni80ZWRjMzYtNGQ1My00N2NmLWE2ZmMtYjUxMTU0NjI4ZmIz
LzEvcWF3ZmhaVzYxVmdrRFhRR2dBQ2h6M0NMb2FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS+VMA0G
CSqGSIb3DQEBCwUAA4IBAQCc8wUb5/6lkJAO/nZAaRXv0pBLPEirh0jnLwIvywfr
hu4QcdvUuoetOZ7LnQo+a9eUUa5RVfRDfh0IZt/50EW+P1AC6tnyvfFpD9R5+Fa+
+kOtASwsqOEj409kPE06t7TqlxN3arNjWNYEixtCHdQ6kMqxK1jSSGH8KjOireKz
b6S93mnjzdp5purJF4uiArgwsNy5hXMH9WOFNC7GY8wB+6DMuz8XKb+uV6FjqSQO
VCajh4DHm8/lzEoMBnLXIqx7OcVvARhSVyKycpLt+MzG6Y7WFomjPOyuK11alF/f
nS4cfaO0IA67UXgc0fh0M1J2r3NFTB6k2Mj1wom83onr
-----END CERTIFICATE-----