Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/LuLOUOJIGHxq7ykgB21inUS-57w.roa
File:                     LuLOUOJIGHxq7ykgB21inUS-57w.roa (raw, json)
Hash identifier:          ab5+eNLQ6Vj2WxgXbW4Ku3+IuOco/UzZZHvYaaD6UKw=
Subject key identifier:   2E:E2:CE:50:E2:48:18:7C:6A:EF:29:20:07:6D:62:9D:44:BE:E7:BC
Certificate issuer:       /CN=611b9fb45639e7492f2b3631f640f6ab9afb6290
Certificate serial:       019715EE188BC4159E0A11F59980DDC58934
Authority key identifier: 61:1B:9F:B4:56:39:E7:49:2F:2B:36:31:F6:40:F6:AB:9A:FB:62:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YRuftFY550kvKzYx9kD2q5r7YpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/LuLOUOJIGHxq7ykgB21inUS-57w.roa
Signing time:             Wed 28 May 2025 08:06:54 +0000
ROA not before:           Wed 28 May 2025 08:06:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213701
IP address blocks:        193.227.126.0/24 maxlen: 24
                          2001:678:454::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/YRuftFY550kvKzYx9kD2q5r7YpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/YRuftFY550kvKzYx9kD2q5r7YpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YRuftFY550kvKzYx9kD2q5r7YpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:ee:18:8b:c4:15:9e:0a:11:f5:99:80:dd:c5:89:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=611b9fb45639e7492f2b3631f640f6ab9afb6290
        Validity
            Not Before: May 28 08:06:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ee2ce50e248187c6aef2920076d629d44bee7bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:70:bc:f1:b4:4f:fd:4f:5c:83:cc:e5:56:de:
                    5a:5e:ed:c0:01:b2:2b:ff:4f:c3:5e:e0:72:ff:4a:
                    11:18:2e:df:1e:d9:fa:1d:59:cb:37:e1:24:74:55:
                    76:74:98:04:8e:25:eb:ba:4e:0e:d4:95:97:ef:2f:
                    77:37:be:a3:74:ad:f7:68:d1:87:e7:e0:b8:36:e2:
                    ab:ee:ee:98:2e:4d:51:21:e9:05:0c:3e:8d:1b:fc:
                    bb:0d:e0:d8:c7:c9:9b:82:3e:a1:20:4a:42:df:83:
                    2f:df:39:aa:e9:8c:6e:8b:48:d5:ff:b1:9a:50:46:
                    07:d3:f2:35:2b:bd:4f:ad:24:c2:44:21:5d:f4:0d:
                    a9:94:d5:7e:e5:77:76:9f:1d:e6:80:16:d5:fa:bf:
                    50:f5:a1:e3:28:84:12:ca:0a:a0:6e:b5:78:38:2e:
                    9c:df:a5:b3:c7:fe:8b:a7:b5:ea:4d:19:3e:93:f8:
                    ac:4c:4e:28:6d:f7:d7:d1:6c:aa:59:5f:cc:b1:13:
                    a3:1b:97:d8:14:d6:93:11:61:a1:e4:7d:db:12:d0:
                    fe:ba:b6:88:38:a7:c1:68:ab:8c:fd:fd:45:d0:cf:
                    9b:f4:0b:9b:28:d1:2f:cf:45:c1:5f:df:55:47:c3:
                    75:c4:71:77:16:85:90:63:c4:f7:33:98:ab:51:bb:
                    46:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:E2:CE:50:E2:48:18:7C:6A:EF:29:20:07:6D:62:9D:44:BE:E7:BC
            X509v3 Authority Key Identifier:
                keyid:61:1B:9F:B4:56:39:E7:49:2F:2B:36:31:F6:40:F6:AB:9A:FB:62:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YRuftFY550kvKzYx9kD2q5r7YpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/LuLOUOJIGHxq7ykgB21inUS-57w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/8482d2-7233-4177-992f-7d75e2b1a7b9/1/YRuftFY550kvKzYx9kD2q5r7YpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.126.0/24
                IPv6:
                  2001:678:454::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:97:7d:45:27:4c:97:2a:2e:c2:28:5a:4e:d3:34:ce:4c:58:
         a2:cd:d6:d2:92:ba:11:8e:07:df:f4:7c:f5:2d:f8:1b:0a:8f:
         7d:b4:46:11:42:c3:4c:0a:c9:06:cb:d4:5d:5d:37:6b:ef:ae:
         55:cd:19:5c:71:cc:3b:0a:a0:c0:30:bc:22:b0:7d:3a:3d:c7:
         da:3c:bb:2d:4b:5a:a3:e1:ab:9c:0d:22:bc:00:16:b9:e0:c6:
         d6:93:4e:24:84:fb:31:9d:79:aa:50:cc:f2:0f:8b:78:ed:c5:
         ec:ad:a1:d7:1a:20:23:80:53:90:00:7b:84:8a:d1:8b:51:ad:
         21:66:fd:f6:76:3f:63:8e:42:81:3e:f6:4f:c7:6b:41:06:89:
         1f:46:fb:bc:2f:a3:a8:18:25:fd:29:47:d3:ba:59:c6:da:b6:
         1c:cb:9a:f4:33:56:8e:97:b7:0e:00:49:79:57:c7:a6:5b:5a:
         99:b8:dd:28:7b:51:96:ff:c4:e5:c0:c7:07:38:60:a8:d0:ea:
         31:19:24:5a:06:b1:93:12:1e:a5:45:fc:bb:6e:12:dd:bb:09:
         df:c5:2f:e2:6b:5d:94:43:74:1b:f9:01:b8:ea:85:f9:e9:5c:
         e6:2e:f2:c0:5d:c5:0a:a6:61:3f:7c:29:4a:c4:a6:a5:ba:88:
         02:cd:78:40
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZcV7hiLxBWeChH1mYDdxYk0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMWI5ZmI0NTYzOWU3NDkyZjJiMzYzMWY2NDBmNmFiOWFm
YjYyOTAwHhcNMjUwNTI4MDgwNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWUyY2U1MGUyNDgxODdjNmFlZjI5MjAwNzZkNjI5ZDQ0YmVlN2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXC88bRP/U9cg8zlVt5aXu3AAbIr
/0/DXuBy/0oRGC7fHtn6HVnLN+EkdFV2dJgEjiXruk4O1JWX7y93N76jdK33aNGH
5+C4NuKr7u6YLk1RIekFDD6NG/y7DeDYx8mbgj6hIEpC34Mv3zmq6Yxui0jV/7Ga
UEYH0/I1K71PrSTCRCFd9A2plNV+5Xd2nx3mgBbV+r9Q9aHjKIQSygqgbrV4OC6c
36Wzx/6Lp7XqTRk+k/isTE4obffX0WyqWV/MsROjG5fYFNaTEWGh5H3bEtD+uraI
OKfBaKuM/f1F0M+b9AubKNEvz0XBX99VR8N1xHF3FoWQY8T3M5irUbtGzwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC7izlDiSBh8au8pIAdtYp1Evue8MB8GA1UdIwQY
MBaAFGEbn7RWOedJLys2MfZA9qua+2KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVJ1ZnRGWTU1MGt2S3pZeDlrRDJxNXI3WXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi84NDgyZDItNzIzMy00MTc3LTk5MmYt
N2Q3NWUyYjFhN2I5LzEvTHVMT1VPSklHSHhxN3lrZ0IyMWluVVMtNTd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi84NDgyZDItNzIzMy00MTc3LTk5MmYtN2Q3NWUyYjFhN2I5
LzEvWVJ1ZnRGWTU1MGt2S3pZeDlrRDJxNXI3WXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAweN+MA8E
AgACMAkDBwAgAQZ4BFQwDQYJKoZIhvcNAQELBQADggEBAK6XfUUnTJcqLsIoWk7T
NM5MWKLN1tKSuhGOB9/0fPUt+BsKj320RhFCw0wKyQbL1F1dN2vvrlXNGVxxzDsK
oMAwvCKwfTo9x9o8uy1LWqPhq5wNIrwAFrngxtaTTiSE+zGdeapQzPIPi3jtxeyt
odcaICOAU5AAe4SK0YtRrSFm/fZ2P2OOQoE+9k/Ha0EGiR9G+7wvo6gYJf0pR9O6
WcbathzLmvQzVo6Xtw4ASXlXx6ZbWpm43Sh7UZb/xOXAxwc4YKjQ6jEZJFoGsZMS
HqVF/LtuEt27Cd/FL+JrXZRDdBv5AbjqhfnpXOYu8sBdxQqmYT98KUrEpqW6iALN
eEA=
-----END CERTIFICATE-----