Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/lu2OaQVvPSDCyG9itcuGvEA0nxw.roa
File:                     lu2OaQVvPSDCyG9itcuGvEA0nxw.roa (raw, json)
Hash identifier:          Ax67rxzy8qZIqe7wG7WOGuvwOu1vZ/6NasRo3Lb6k04=
Subject key identifier:   96:ED:8E:69:05:6F:3D:20:C2:C8:6F:62:B5:CB:86:BC:40:34:9F:1C
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       0194F0838D3DDBECA17707AE96934EF0878B
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/lu2OaQVvPSDCyG9itcuGvEA0nxw.roa
Signing time:             Mon 10 Feb 2025 15:39:00 +0000
ROA not before:           Mon 10 Feb 2025 15:39:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62425
IP address blocks:        31.210.43.0/24 maxlen: 24
                          78.135.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f0:83:8d:3d:db:ec:a1:77:07:ae:96:93:4e:f0:87:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Feb 10 15:39:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96ed8e69056f3d20c2c86f62b5cb86bc40349f1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:02:f4:69:a8:b3:ea:d4:3e:fc:87:7b:e3:06:
                    33:e0:6c:7c:86:b7:84:85:c2:c2:be:ed:7d:d8:f1:
                    c9:11:fa:c8:ae:18:11:75:8b:7d:0e:e4:60:64:4f:
                    98:9d:82:5d:36:44:d1:43:68:35:e7:52:b8:de:0e:
                    5e:45:e6:61:dc:72:07:d9:94:33:c4:c1:63:1b:28:
                    c0:f5:a1:1c:ae:d7:62:62:2a:1c:cf:17:e1:fe:ab:
                    df:a4:00:4c:87:2e:99:1b:a1:f2:9c:54:ca:b0:4f:
                    a5:5d:4b:68:0d:e9:e2:a3:71:a2:2e:49:31:cc:75:
                    ec:c0:9b:86:ad:2d:74:a0:20:ad:86:6e:b0:46:02:
                    2a:c0:cb:8d:d4:8f:91:d5:7c:c9:6a:e3:af:c6:37:
                    71:7f:45:7c:bb:72:80:da:02:3f:16:a2:2c:f3:b9:
                    13:5b:cd:ff:8c:ef:0e:69:00:19:a2:da:db:28:39:
                    ec:f6:ba:d1:ab:73:18:45:33:2a:0b:d0:28:f6:57:
                    8a:68:0f:13:34:ad:1b:5d:b7:48:17:b1:3e:f7:a3:
                    6a:42:5d:7a:51:f0:f9:c8:50:64:a5:ab:51:cc:58:
                    32:59:63:01:35:39:6e:e5:e2:1e:35:1b:f9:94:31:
                    77:ac:ba:89:9d:07:25:ef:f6:63:4c:0e:30:48:51:
                    c5:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:ED:8E:69:05:6F:3D:20:C2:C8:6F:62:B5:CB:86:BC:40:34:9F:1C
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/lu2OaQVvPSDCyG9itcuGvEA0nxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.43.0/24
                  78.135.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ff:a1:06:e1:b9:88:81:24:6a:d1:2a:d7:c0:1d:b3:c7:ed:
         ec:6c:98:67:a6:20:2b:04:77:6a:9e:76:30:30:44:64:06:1b:
         ba:64:1a:43:62:3f:7b:9e:81:b9:8d:19:ef:61:cb:7f:c5:b1:
         3f:cd:d2:67:40:63:9e:9c:1a:83:cb:d6:1d:ed:48:c5:5d:b3:
         d3:39:50:c4:0a:c6:b3:5a:6a:db:ab:25:b2:63:80:e8:da:2e:
         ba:40:cf:2c:e5:af:15:45:54:ac:69:f4:5a:65:d7:e7:f0:20:
         ee:89:c1:87:da:18:1a:b4:6a:8f:f1:f1:90:a7:30:5c:39:bc:
         ed:7f:5a:bf:a8:c2:5c:63:8d:2b:81:02:bd:a5:23:b1:f6:02:
         4f:b0:ec:97:92:02:3f:60:12:61:73:af:68:47:58:b7:f9:bc:
         4d:c6:6b:8e:e5:ea:c7:d4:0c:58:c5:ba:6e:62:d9:12:3f:88:
         81:a5:f5:48:26:f0:35:9e:af:dd:89:c5:46:d1:11:ee:33:6f:
         e5:f3:7d:46:dd:80:cf:14:3e:63:ea:da:43:b7:98:da:7a:72:
         39:4a:fe:b5:13:9b:e9:55:73:a8:69:93:1c:a1:ef:4f:9e:94:
         98:c5:1a:8d:4c:c0:47:93:a9:e7:11:07:89:68:7a:6e:e6:85:
         27:5e:d4:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZTwg4092+yhdweulpNO8IeLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMjEwMTUzOTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmVkOGU2OTA1NmYzZDIwYzJjODZmNjJiNWNiODZiYzQwMzQ5ZjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwL0aaiz6tQ+/Id74wYz4Gx8hreE
hcLCvu192PHJEfrIrhgRdYt9DuRgZE+YnYJdNkTRQ2g151K43g5eReZh3HIH2ZQz
xMFjGyjA9aEcrtdiYioczxfh/qvfpABMhy6ZG6HynFTKsE+lXUtoDenio3GiLkkx
zHXswJuGrS10oCCthm6wRgIqwMuN1I+R1XzJauOvxjdxf0V8u3KA2gI/FqIs87kT
W83/jO8OaQAZotrbKDns9rrRq3MYRTMqC9Ao9leKaA8TNK0bXbdIF7E+96NqQl16
UfD5yFBkpatRzFgyWWMBNTlu5eIeNRv5lDF3rLqJnQcl7/ZjTA4wSFHFbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJbtjmkFbz0gwshvYrXLhrxANJ8cMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvbHUyT2FRVnZQU0RDeUc5aXRjdUd2RUEwbnh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH9IrAwQA
TodnMA0GCSqGSIb3DQEBCwUAA4IBAQBb/6EG4bmIgSRq0SrXwB2zx+3sbJhnpiAr
BHdqnnYwMERkBhu6ZBpDYj97noG5jRnvYct/xbE/zdJnQGOenBqDy9Yd7UjFXbPT
OVDECsazWmrbqyWyY4Do2i66QM8s5a8VRVSsafRaZdfn8CDuicGH2hgatGqP8fGQ
pzBcObztf1q/qMJcY40rgQK9pSOx9gJPsOyXkgI/YBJhc69oR1i3+bxNxmuO5erH
1AxYxbpuYtkSP4iBpfVIJvA1nq/dicVG0RHuM2/l831G3YDPFD5j6tpDt5jaenI5
Sv61E5vpVXOoaZMcoe9PnpSYxRqNTMBHk6nnEQeJaHpu5oUnXtRF
-----END CERTIFICATE-----