Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/26bc06-393e-441d-8bc0-b292cf4ae080/1/lj_FWCbhz-lTj3sHWxRj1tQ97Y4.roa
File:                     lj_FWCbhz-lTj3sHWxRj1tQ97Y4.roa (raw, json)
Hash identifier:          JcM7kJSJCPL45xzQ2EQjwoMsHVWRoDqpwIOYptr4r14=
Subject key identifier:   96:3F:C5:58:26:E1:CF:E9:53:8F:7B:07:5B:14:63:D6:D4:3D:ED:8E
Certificate issuer:       /CN=5792df61399569f74fb77b6311b7d921ba949825
Certificate serial:       018CC500A6786C72915C2BA60C36DD8A879D
Authority key identifier: 57:92:DF:61:39:95:69:F7:4F:B7:7B:63:11:B7:D9:21:BA:94:98:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5LfYTmVafdPt3tjEbfZIbqUmCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/26bc06-393e-441d-8bc0-b292cf4ae080/1/lj_FWCbhz-lTj3sHWxRj1tQ97Y4.roa
Signing time:             Mon 01 Jan 2024 12:30:03 +0000
ROA not before:           Mon 01 Jan 2024 12:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204931
IP address blocks:        2001:678:cb0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/26bc06-393e-441d-8bc0-b292cf4ae080/1/V5LfYTmVafdPt3tjEbfZIbqUmCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/26bc06-393e-441d-8bc0-b292cf4ae080/1/V5LfYTmVafdPt3tjEbfZIbqUmCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5LfYTmVafdPt3tjEbfZIbqUmCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:a6:78:6c:72:91:5c:2b:a6:0c:36:dd:8a:87:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5792df61399569f74fb77b6311b7d921ba949825
        Validity
            Not Before: Jan  1 12:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=963fc55826e1cfe9538f7b075b1463d6d43ded8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:5a:04:71:cf:1e:34:b5:cc:39:b1:de:e8:5d:
                    c6:a9:a9:52:f7:c0:bc:a9:4d:99:2c:93:dc:0f:16:
                    ee:dc:98:46:da:b1:64:5c:5d:76:27:bf:1a:d1:06:
                    d9:69:f7:59:57:1e:77:85:da:63:fa:ff:0f:22:5a:
                    33:79:ab:ba:df:da:87:6b:43:c2:a4:23:af:91:b9:
                    e0:33:57:e2:bc:53:aa:fd:a7:70:c2:e3:72:f6:29:
                    87:af:cd:7c:91:ab:19:d8:ea:d3:2b:18:dd:30:e0:
                    10:34:a5:38:53:26:ba:cd:1b:ba:3a:58:60:cf:1f:
                    85:58:aa:f0:18:6f:ea:02:d0:4d:64:91:4f:1c:ea:
                    56:e4:d1:61:3a:51:5a:c1:91:34:d5:28:6c:7f:76:
                    63:9e:63:d6:6e:5d:46:8d:bc:b6:f0:92:7d:a1:c1:
                    6c:20:69:6c:65:b8:0e:f3:b1:26:82:74:d4:22:46:
                    ca:33:ef:66:4a:e2:d8:c8:35:d7:e7:5f:03:44:d3:
                    04:14:c7:40:ab:13:b5:ca:d8:c8:09:43:bc:a5:e3:
                    83:2f:a5:51:7f:b3:9b:d9:98:6c:e3:34:4f:e2:74:
                    93:e8:fa:ac:be:cb:c5:c2:af:07:f1:42:ad:63:ef:
                    33:a0:62:8d:e6:ee:ad:3a:64:3f:c1:30:f9:a5:c2:
                    c3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:3F:C5:58:26:E1:CF:E9:53:8F:7B:07:5B:14:63:D6:D4:3D:ED:8E
            X509v3 Authority Key Identifier:
                keyid:57:92:DF:61:39:95:69:F7:4F:B7:7B:63:11:B7:D9:21:BA:94:98:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5LfYTmVafdPt3tjEbfZIbqUmCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/26bc06-393e-441d-8bc0-b292cf4ae080/1/lj_FWCbhz-lTj3sHWxRj1tQ97Y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/26bc06-393e-441d-8bc0-b292cf4ae080/1/V5LfYTmVafdPt3tjEbfZIbqUmCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:cb0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:9e:b7:4b:69:73:a5:be:8f:65:53:70:4a:28:64:67:5d:49:
         7c:ec:b0:a9:3f:17:96:c3:2c:17:d1:44:15:5d:bd:c4:1b:37:
         91:5c:55:f0:94:a5:99:8f:5f:69:81:e4:7c:b9:73:9b:d3:04:
         56:60:c8:c9:94:e0:89:13:9b:aa:e7:63:14:3e:54:d0:77:b7:
         0e:81:30:46:e2:e9:d5:40:db:b0:6e:b3:4c:1c:b8:62:1b:ac:
         20:85:42:00:30:f4:25:1a:1b:c9:88:c6:28:44:0d:ce:b1:8a:
         18:51:b3:11:80:19:ec:2b:c6:93:a6:b6:15:b6:ad:d4:c7:e8:
         6d:0a:39:5d:89:40:f2:c2:6a:12:c3:49:d5:29:06:62:b2:bc:
         d7:93:f3:18:66:88:03:b2:ad:10:fe:fc:eb:46:4e:65:b3:d0:
         93:52:cf:51:bb:39:c6:65:29:95:14:41:7e:4c:bf:ef:05:96:
         c4:bd:5a:3f:ce:bb:81:5b:95:e3:1e:bd:85:60:02:5b:8c:06:
         d9:5b:03:50:c6:97:f6:d5:e1:d3:e1:2b:4f:05:b0:bf:05:02:
         d0:57:07:a4:05:45:32:b2:b6:dd:f7:c6:d2:fb:c8:65:be:5f:
         12:6d:54:cb:1a:99:d5:eb:43:e8:5f:bb:b9:55:a0:e7:16:fb:
         61:ab:c0:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAKZ4bHKRXCumDDbdioedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTJkZjYxMzk5NTY5Zjc0ZmI3N2I2MzExYjdkOTIxYmE5
NDk4MjUwHhcNMjQwMTAxMTIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjNmYzU1ODI2ZTFjZmU5NTM4ZjdiMDc1YjE0NjNkNmQ0M2RlZDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FoEcc8eNLXMObHe6F3GqalS98C8
qU2ZLJPcDxbu3JhG2rFkXF12J78a0QbZafdZVx53hdpj+v8PIlozeau639qHa0PC
pCOvkbngM1fivFOq/adwwuNy9imHr818kasZ2OrTKxjdMOAQNKU4Uya6zRu6Olhg
zx+FWKrwGG/qAtBNZJFPHOpW5NFhOlFawZE01Shsf3ZjnmPWbl1Gjby28JJ9ocFs
IGlsZbgO87EmgnTUIkbKM+9mSuLYyDXX518DRNMEFMdAqxO1ytjICUO8peODL6VR
f7Ob2Zhs4zRP4nST6PqsvsvFwq8H8UKtY+8zoGKN5u6tOmQ/wTD5pcLD4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJY/xVgm4c/pU497B1sUY9bUPe2OMB8GA1UdIwQY
MBaAFFeS32E5lWn3T7d7YxG32SG6lJglMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVMZllUbVZhZmRQdDN0akViZlpJYnFVbUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yNmJjMDYtMzkzZS00NDFkLThiYzAt
YjI5MmNmNGFlMDgwLzEvbGpfRldDYmh6LWxUajNzSFd4UmoxdFE5N1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yNmJjMDYtMzkzZS00NDFkLThiYzAtYjI5MmNmNGFlMDgw
LzEvVjVMZllUbVZhZmRQdDN0akViZlpJYnFVbUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAyw
MA0GCSqGSIb3DQEBCwUAA4IBAQCinrdLaXOlvo9lU3BKKGRnXUl87LCpPxeWwywX
0UQVXb3EGzeRXFXwlKWZj19pgeR8uXOb0wRWYMjJlOCJE5uq52MUPlTQd7cOgTBG
4unVQNuwbrNMHLhiG6wghUIAMPQlGhvJiMYoRA3OsYoYUbMRgBnsK8aTprYVtq3U
x+htCjldiUDywmoSw0nVKQZisrzXk/MYZogDsq0Q/vzrRk5ls9CTUs9RuznGZSmV
FEF+TL/vBZbEvVo/zruBW5XjHr2FYAJbjAbZWwNQxpf21eHT4StPBbC/BQLQVwek
BUUysrbd98bS+8hlvl8SbVTLGpnV60PoX7u5VaDnFvthq8Av
-----END CERTIFICATE-----