Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/LESnwCSKTt_bugnWCp8Ez_ODk-k.roa
File:                     LESnwCSKTt_bugnWCp8Ez_ODk-k.roa (raw, json)
Hash identifier:          6iTlmU2YjGC9KPyZR5cS7dmq9lBC3bVlClkYjDxIqpE=
Subject key identifier:   2C:44:A7:C0:24:8A:4E:DF:DB:BA:09:D6:0A:9F:04:CF:F3:83:93:E9
Certificate issuer:       /CN=234b54b119a7b3eff153085b7315507cd8513a0f
Certificate serial:       0190C5A4DE0B907BAAB3BD317057CD094AB7
Authority key identifier: 23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/LESnwCSKTt_bugnWCp8Ez_ODk-k.roa
Signing time:             Thu 18 Jul 2024 11:40:34 +0000
ROA not before:           Thu 18 Jul 2024 11:40:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214561
IP address blocks:        2a04:5b81:21b0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 06:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c5:a4:de:0b:90:7b:aa:b3:bd:31:70:57:cd:09:4a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234b54b119a7b3eff153085b7315507cd8513a0f
        Validity
            Not Before: Jul 18 11:40:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c44a7c0248a4edfdbba09d60a9f04cff38393e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f3:97:9c:7f:09:e2:da:8c:cc:8f:4b:6d:27:
                    ed:96:68:e0:11:1a:13:cb:71:aa:b8:b8:14:a7:93:
                    2f:15:14:9f:83:fd:e4:41:28:41:13:48:f1:eb:03:
                    c6:61:ba:ca:2c:4a:f9:39:3f:21:3a:09:1c:8e:11:
                    98:9e:a7:f0:1e:de:59:28:c3:b8:fa:3b:6f:bc:c0:
                    a5:b3:ad:a4:f1:8e:b1:fa:1b:b7:15:bf:97:81:8c:
                    f6:15:69:72:a7:51:55:70:56:64:33:19:1b:9b:ea:
                    ae:bd:1d:f4:23:d9:a0:42:7e:df:99:1f:69:a1:2b:
                    ee:df:3b:5a:3a:20:7f:6d:07:71:29:29:9b:71:49:
                    95:0d:4b:cf:51:3e:93:1b:40:9e:1c:99:96:7c:66:
                    b0:3d:56:6a:58:65:fa:25:bb:6d:52:fe:f2:80:db:
                    59:59:8d:a3:53:b8:2a:99:27:c0:f9:ac:8f:05:fa:
                    3d:ee:7a:3f:7f:e1:16:f9:6c:93:19:6c:9d:16:d6:
                    bf:62:68:6b:8d:ef:ef:da:62:2f:5b:be:b3:06:a5:
                    04:55:d1:04:4c:09:54:40:a4:79:b0:20:4d:0e:83:
                    78:ed:7c:02:70:b6:31:3e:79:cb:22:3a:7a:e0:5d:
                    62:ec:c8:46:15:d7:17:85:fa:16:f7:3b:f7:68:50:
                    4d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:44:A7:C0:24:8A:4E:DF:DB:BA:09:D6:0A:9F:04:CF:F3:83:93:E9
            X509v3 Authority Key Identifier:
                keyid:23:4B:54:B1:19:A7:B3:EF:F1:53:08:5B:73:15:50:7C:D8:51:3A:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0tUsRmns-_xUwhbcxVQfNhROg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/LESnwCSKTt_bugnWCp8Ez_ODk-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc7078-1ee4-42f1-bc34-1d21d1bce3fe/1/I0tUsRmns-_xUwhbcxVQfNhROg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5b81:21b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         89:c2:d6:3b:be:9f:80:42:6b:71:70:18:ce:80:16:9b:13:59:
         3e:98:84:26:b5:d7:9f:11:58:6d:b3:04:c8:be:24:66:4b:40:
         6e:e2:8c:f7:33:ae:e0:b6:87:f4:9e:6a:57:a5:ee:c7:4c:08:
         c2:dc:db:ab:c9:5a:b4:4a:7b:da:bf:da:e7:c1:c2:e0:b1:16:
         a3:56:24:45:ac:52:77:d5:0d:1a:e9:b8:e6:a8:5f:fe:d6:d4:
         99:1b:44:b5:e5:5a:93:62:0f:ae:03:f3:cb:46:bb:a1:03:82:
         46:2e:32:b7:fe:c0:ac:a5:dc:98:55:b1:5b:96:8d:99:21:0d:
         4d:f7:ef:3f:fa:31:79:c6:0c:a8:09:cf:8c:ad:14:c6:04:c2:
         80:14:ce:b2:1f:1b:2e:d4:bd:31:da:1a:1c:af:8a:42:ec:df:
         43:93:b0:8b:1f:fd:9d:a1:e9:fe:2c:90:c1:09:95:65:90:5d:
         44:3a:7b:c0:34:f8:27:58:08:00:c8:ff:95:70:81:77:ac:a2:
         4b:03:3f:a3:27:e1:49:28:dd:36:93:94:a0:d8:a4:7e:67:23:
         8a:69:6f:54:e1:44:34:07:a5:02:78:c9:29:68:61:19:e2:87:
         79:8b:ba:16:63:3f:57:87:a6:b0:34:12:16:33:73:07:18:a4:
         05:7b:0f:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDFpN4LkHuqs70xcFfNCUq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGI1NGIxMTlhN2IzZWZmMTUzMDg1YjczMTU1MDdjZDg1
MTNhMGYwHhcNMjQwNzE4MTE0MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzQ0YTdjMDI0OGE0ZWRmZGJiYTA5ZDYwYTlmMDRjZmYzODM5M2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/OXnH8J4tqMzI9LbSftlmjgERoT
y3GquLgUp5MvFRSfg/3kQShBE0jx6wPGYbrKLEr5OT8hOgkcjhGYnqfwHt5ZKMO4
+jtvvMCls62k8Y6x+hu3Fb+XgYz2FWlyp1FVcFZkMxkbm+quvR30I9mgQn7fmR9p
oSvu3ztaOiB/bQdxKSmbcUmVDUvPUT6TG0CeHJmWfGawPVZqWGX6JbttUv7ygNtZ
WY2jU7gqmSfA+ayPBfo97no/f+EW+WyTGWydFta/Ymhrje/v2mIvW76zBqUEVdEE
TAlUQKR5sCBNDoN47XwCcLYxPnnLIjp64F1i7MhGFdcXhfoW9zv3aFBNtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCxEp8Akik7f27oJ1gqfBM/zg5PpMB8GA1UdIwQY
MBaAFCNLVLEZp7Pv8VMIW3MVUHzYUToPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQt
MWQyMWQxYmNlM2ZlLzEvTEVTbndDU0tUdF9idWduV0NwOEV6X09Eay1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iYzcwNzgtMWVlNC00MmYxLWJjMzQtMWQyMWQxYmNlM2Zl
LzEvSTB0VXNSbW5zLV94VXdoYmN4VlFmTmhST2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgRbgSGw
MA0GCSqGSIb3DQEBCwUAA4IBAQCJwtY7vp+AQmtxcBjOgBabE1k+mIQmtdefEVht
swTIviRmS0Bu4oz3M67gtof0nmpXpe7HTAjC3NuryVq0Snvav9rnwcLgsRajViRF
rFJ31Q0a6bjmqF/+1tSZG0S15VqTYg+uA/PLRruhA4JGLjK3/sCspdyYVbFblo2Z
IQ1N9+8/+jF5xgyoCc+MrRTGBMKAFM6yHxsu1L0x2hocr4pC7N9Dk7CLH/2doen+
LJDBCZVlkF1EOnvANPgnWAgAyP+VcIF3rKJLAz+jJ+FJKN02k5Sg2KR+ZyOKaW9U
4UQ0B6UCeMkpaGEZ4od5i7oWYz9Xh6awNBIWM3MHGKQFew88
-----END CERTIFICATE-----