Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/LTkee1jAp-qqLanRkX07Wsi7_Bk.roa
File:                     LTkee1jAp-qqLanRkX07Wsi7_Bk.roa (raw, json)
Hash identifier:          2OIgzQlRZJ4nbq5oO3VzBFzWKNf13jTOIKHsQs+mD2A=
Subject key identifier:   2D:39:1E:7B:58:C0:A7:EA:AA:2D:A9:D1:91:7D:3B:5A:C8:BB:FC:19
Certificate issuer:       /CN=07d44a52778aa65f736e72436003f6654f268318
Certificate serial:       018CC3B67BD32191EDA0568CA2921FD21E6E
Authority key identifier: 07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/LTkee1jAp-qqLanRkX07Wsi7_Bk.roa
Signing time:             Mon 01 Jan 2024 06:29:25 +0000
ROA not before:           Mon 01 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3219
IP address blocks:        193.6.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7b:d3:21:91:ed:a0:56:8c:a2:92:1f:d2:1e:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d44a52778aa65f736e72436003f6654f268318
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d391e7b58c0a7eaaa2da9d1917d3b5ac8bbfc19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e2:82:5d:2e:ee:ab:9d:15:d8:9a:c9:37:f2:
                    44:81:28:a5:11:4e:74:5e:c0:4d:6c:d5:e5:a8:dc:
                    18:a7:7b:3a:aa:7b:2d:71:87:0e:23:56:6d:9d:54:
                    d1:6e:9e:4a:0a:57:aa:ce:53:83:4d:e0:00:c9:73:
                    9d:3b:dc:b8:57:3e:c4:fe:f3:60:c0:2e:5c:d3:d3:
                    e1:d0:e2:fb:bb:7e:17:ea:1d:99:50:dc:29:72:a5:
                    97:89:9f:97:15:4e:66:4d:db:40:99:dc:3c:c2:89:
                    56:ea:9f:70:d5:94:25:1a:76:8a:a3:be:37:ca:c2:
                    d0:10:93:06:6e:52:ac:b3:91:f4:c1:d1:7b:32:6e:
                    0d:76:f5:7a:b0:4f:ef:c3:09:10:4d:b7:8f:33:67:
                    c3:ca:82:bd:73:25:93:c7:72:24:a1:22:33:58:eb:
                    38:32:b7:5c:99:35:ed:b2:0d:5a:c5:00:42:e7:a0:
                    39:b1:3b:77:08:19:cb:97:8f:bf:b3:15:09:13:a5:
                    c4:09:ba:1b:2c:eb:91:3f:31:cd:f3:aa:21:a5:43:
                    4c:1d:02:a0:0e:5d:e7:94:70:8f:18:6e:67:73:d2:
                    61:f5:44:b0:55:ce:1d:ff:c7:f0:7d:f9:bb:61:27:
                    ec:e1:af:20:1b:5f:06:26:dc:ae:c7:19:80:7a:06:
                    d4:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:39:1E:7B:58:C0:A7:EA:AA:2D:A9:D1:91:7D:3B:5A:C8:BB:FC:19
            X509v3 Authority Key Identifier:
                keyid:07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/LTkee1jAp-qqLanRkX07Wsi7_Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.6.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:93:bd:72:54:39:96:1f:fb:7c:61:c9:08:de:9b:ab:a7:ac:
         d2:4f:00:18:1b:e0:87:61:28:ba:fd:7c:51:d5:84:2e:fc:41:
         a0:a5:ae:cc:42:c8:ad:9d:9a:49:07:6f:92:64:82:96:c5:3d:
         38:d1:1b:b2:12:8a:38:f8:ef:fe:fe:01:36:f6:0c:a4:d9:59:
         93:25:67:81:f2:ec:b5:76:7b:67:c6:29:a4:bf:8b:9f:6c:c1:
         a6:4c:67:a7:3b:ff:f1:86:0e:88:51:e7:b7:df:dd:05:0d:38:
         bb:6c:14:8e:86:03:ea:e9:e4:e0:b0:c4:e1:3f:a3:e6:37:fb:
         57:8b:67:fc:b5:2c:42:78:01:82:94:45:b5:20:ee:b3:4c:8a:
         8e:e7:6e:56:d6:40:31:14:e5:25:0b:c1:bb:2c:6d:33:34:3b:
         99:2b:ca:e6:7e:cd:91:8c:e9:90:44:b6:f0:bf:c2:59:5e:0e:
         ef:ab:d5:14:19:fa:a5:d8:e2:94:56:53:7d:ef:f7:79:06:76:
         22:ce:a1:46:27:ab:dd:c9:fc:84:4c:fc:64:a6:d7:be:7f:b3:
         f3:75:3d:d1:c0:49:99:1c:b0:cd:c2:27:5e:3c:c1:4c:29:87:
         28:4d:3c:2d:0b:30:1e:99:54:e7:26:27:b3:13:14:2c:7b:bc:
         9c:49:cc:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnvTIZHtoFaMopIf0h5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZDQ0YTUyNzc4YWE2NWY3MzZlNzI0MzYwMDNmNjY1NGYy
NjgzMTgwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDM5MWU3YjU4YzBhN2VhYWEyZGE5ZDE5MTdkM2I1YWM4YmJmYzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+KCXS7uq50V2JrJN/JEgSilEU50
XsBNbNXlqNwYp3s6qnstcYcOI1ZtnVTRbp5KCleqzlODTeAAyXOdO9y4Vz7E/vNg
wC5c09Ph0OL7u34X6h2ZUNwpcqWXiZ+XFU5mTdtAmdw8wolW6p9w1ZQlGnaKo743
ysLQEJMGblKss5H0wdF7Mm4NdvV6sE/vwwkQTbePM2fDyoK9cyWTx3IkoSIzWOs4
MrdcmTXtsg1axQBC56A5sTt3CBnLl4+/sxUJE6XECbobLOuRPzHN86ohpUNMHQKg
Dl3nlHCPGG5nc9Jh9USwVc4d/8fwffm7YSfs4a8gG18GJtyuxxmAegbU+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC05HntYwKfqqi2p0ZF9O1rIu/wZMB8GA1UdIwQY
MBaAFAfUSlJ3iqZfc25yQ2AD9mVPJoMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGIt
MWQyOGE2MGUwZTMwLzEvTFRrZWUxakFwLXFxTGFuUmtYMDdXc2k3X0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGItMWQyOGE2MGUwZTMw
LzEvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQbuMA0G
CSqGSIb3DQEBCwUAA4IBAQBEk71yVDmWH/t8YckI3purp6zSTwAYG+CHYSi6/XxR
1YQu/EGgpa7MQsitnZpJB2+SZIKWxT040RuyEoo4+O/+/gE29gyk2VmTJWeB8uy1
dntnximkv4ufbMGmTGenO//xhg6IUee3390FDTi7bBSOhgPq6eTgsMThP6PmN/tX
i2f8tSxCeAGClEW1IO6zTIqO525W1kAxFOUlC8G7LG0zNDuZK8rmfs2RjOmQRLbw
v8JZXg7vq9UUGfql2OKUVlN97/d5BnYizqFGJ6vdyfyETPxkpte+f7PzdT3RwEmZ
HLDNwidePMFMKYcoTTwtCzAemVTnJiezExQse7ycScwv
-----END CERTIFICATE-----