Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/LZUEXPt1PY1P5yNWiMft3PC95Eg.roa
File:                     LZUEXPt1PY1P5yNWiMft3PC95Eg.roa (raw, json)
Hash identifier:          ywz8QTuGNC/Q0PN4bDybxJWv+wwOc1l8SaZ4ztJ1MOU=
Subject key identifier:   2D:95:04:5C:FB:75:3D:8D:4F:E7:23:56:88:C7:ED:DC:F0:BD:E4:48
Certificate issuer:       /CN=8e0c54b3aae251915ffc98bd34a550181ffab49a
Certificate serial:       018CC64B3E48F390B172CF51B634051C5F76
Authority key identifier: 8E:0C:54:B3:AA:E2:51:91:5F:FC:98:BD:34:A5:50:18:1F:FA:B4:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jgxUs6riUZFf_Ji9NKVQGB_6tJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/LZUEXPt1PY1P5yNWiMft3PC95Eg.roa
Signing time:             Mon 01 Jan 2024 18:31:09 +0000
ROA not before:           Mon 01 Jan 2024 18:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8272
IP address blocks:        193.221.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/jgxUs6riUZFf_Ji9NKVQGB_6tJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/jgxUs6riUZFf_Ji9NKVQGB_6tJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jgxUs6riUZFf_Ji9NKVQGB_6tJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3e:48:f3:90:b1:72:cf:51:b6:34:05:1c:5f:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e0c54b3aae251915ffc98bd34a550181ffab49a
        Validity
            Not Before: Jan  1 18:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d95045cfb753d8d4fe7235688c7eddcf0bde448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a6:7b:73:d2:8b:86:c5:e7:1d:b3:ed:20:8d:
                    d2:d4:cd:23:17:5f:b7:13:9f:4e:33:4f:bb:e3:9b:
                    a8:c3:d8:ed:f1:dc:85:0a:d3:e7:db:8f:86:e1:c1:
                    ec:01:8e:a9:bb:ae:da:68:0d:fe:cc:f3:8f:47:3b:
                    39:d5:c3:49:0f:b0:3c:f2:d7:cf:8f:54:45:b8:86:
                    83:f4:07:a4:c3:57:c1:31:bb:bf:3a:6c:33:c0:4c:
                    d9:62:73:1f:01:b2:2a:1e:da:b4:24:fc:44:06:bd:
                    d5:bf:90:03:d6:c3:e0:97:9a:83:cd:f6:06:f2:25:
                    56:70:b7:52:39:07:2d:5b:a0:13:64:5b:27:f2:39:
                    73:72:df:87:4d:f4:7a:9b:f9:c7:bc:24:9a:4f:e9:
                    ac:56:b6:76:55:b1:62:81:33:d2:db:d6:9e:84:33:
                    49:8c:62:09:8e:c7:86:0c:9f:17:b2:22:aa:94:99:
                    c4:49:ac:51:17:6a:18:e6:84:59:74:4c:83:7c:fe:
                    ab:0e:ae:e2:48:09:dc:9a:ac:b8:b6:0a:a8:4f:19:
                    05:ba:ad:87:5f:c5:73:c4:d2:e9:2e:5c:34:e2:28:
                    8a:8c:4c:e1:ba:d5:37:96:84:af:2b:48:6d:d6:1a:
                    34:61:24:d9:83:07:3b:8e:12:e4:e1:7f:ce:c0:47:
                    84:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:95:04:5C:FB:75:3D:8D:4F:E7:23:56:88:C7:ED:DC:F0:BD:E4:48
            X509v3 Authority Key Identifier:
                keyid:8E:0C:54:B3:AA:E2:51:91:5F:FC:98:BD:34:A5:50:18:1F:FA:B4:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jgxUs6riUZFf_Ji9NKVQGB_6tJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/LZUEXPt1PY1P5yNWiMft3PC95Eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b6250c-e062-4037-b8f3-bf1e1de2ea63/1/jgxUs6riUZFf_Ji9NKVQGB_6tJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:eb:2b:18:e8:17:56:47:58:bc:8f:e1:3f:0a:cf:31:b3:b2:
         5a:d9:cb:a6:a9:c8:11:40:0d:47:2b:78:1a:29:d5:bb:3d:e2:
         79:29:8f:5e:a5:46:e1:98:f8:5e:2c:66:19:b6:84:55:12:8a:
         25:cf:d3:9d:0f:cf:39:e0:82:8b:ba:5c:99:00:09:54:6e:03:
         b6:78:bb:76:e4:64:25:52:09:e5:fb:a9:ac:63:35:a3:2b:ff:
         af:dd:fc:06:55:74:98:78:5e:ff:17:d6:d5:2f:17:ba:65:54:
         39:56:26:1d:53:56:17:f5:3f:38:f1:d3:ff:07:b9:5a:b4:ad:
         a5:8c:c5:b6:ee:08:ab:71:49:92:e7:45:cc:3e:6a:16:be:35:
         32:3d:d4:1c:d9:7b:f0:d4:cd:b1:60:da:1e:a9:19:66:f8:8d:
         b4:dd:6a:11:be:95:00:e7:52:dc:16:7d:77:84:ec:60:d9:44:
         d6:94:a7:e3:fc:e2:d2:b4:b0:8b:20:fc:53:a3:79:69:0d:f2:
         5a:c3:90:41:f6:05:69:57:4a:bf:23:e1:8e:77:cd:1d:82:79:
         a5:09:a0:bc:7c:fd:3d:66:f4:74:e1:2b:2c:aa:47:de:6c:bd:
         76:ab:8f:ba:57:44:53:25:c5:71:26:07:86:e7:86:01:eb:72:
         8e:83:30:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSz5I85Cxcs9RtjQFHF92MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMGM1NGIzYWFlMjUxOTE1ZmZjOThiZDM0YTU1MDE4MWZm
YWI0OWEwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDk1MDQ1Y2ZiNzUzZDhkNGZlNzIzNTY4OGM3ZWRkY2YwYmRlNDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqZ7c9KLhsXnHbPtII3S1M0jF1+3
E59OM0+745uow9jt8dyFCtPn24+G4cHsAY6pu67aaA3+zPOPRzs51cNJD7A88tfP
j1RFuIaD9Aekw1fBMbu/OmwzwEzZYnMfAbIqHtq0JPxEBr3Vv5AD1sPgl5qDzfYG
8iVWcLdSOQctW6ATZFsn8jlzct+HTfR6m/nHvCSaT+msVrZ2VbFigTPS29aehDNJ
jGIJjseGDJ8XsiKqlJnESaxRF2oY5oRZdEyDfP6rDq7iSAncmqy4tgqoTxkFuq2H
X8VzxNLpLlw04iiKjEzhutU3loSvK0ht1ho0YSTZgwc7jhLk4X/OwEeEPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2VBFz7dT2NT+cjVojH7dzwveRIMB8GA1UdIwQY
MBaAFI4MVLOq4lGRX/yYvTSlUBgf+rSaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamd4VXM2cmlVWkZmX0ppOU5LVlFHQl82dEpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9iNjI1MGMtZTA2Mi00MDM3LWI4ZjMt
YmYxZTFkZTJlYTYzLzEvTFpVRVhQdDFQWTFQNXlOV2lNZnQzUEM5NUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9iNjI1MGMtZTA2Mi00MDM3LWI4ZjMtYmYxZTFkZTJlYTYz
LzEvamd4VXM2cmlVWkZmX0ppOU5LVlFHQl82dEpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd12MA0G
CSqGSIb3DQEBCwUAA4IBAQBE6ysY6BdWR1i8j+E/Cs8xs7Ja2cumqcgRQA1HK3ga
KdW7PeJ5KY9epUbhmPheLGYZtoRVEoolz9OdD8854IKLulyZAAlUbgO2eLt25GQl
Ugnl+6msYzWjK/+v3fwGVXSYeF7/F9bVLxe6ZVQ5ViYdU1YX9T848dP/B7latK2l
jMW27gircUmS50XMPmoWvjUyPdQc2Xvw1M2xYNoeqRlm+I203WoRvpUA51LcFn13
hOxg2UTWlKfj/OLStLCLIPxTo3lpDfJaw5BB9gVpV0q/I+GOd80dgnmlCaC8fP09
ZvR04SssqkfebL12q4+6V0RTJcVxJgeG54YB63KOgzDc
-----END CERTIFICATE-----