Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/lxj1Xq9BlihStbnzUX7qsHMEUPA.roa
File:                     lxj1Xq9BlihStbnzUX7qsHMEUPA.roa (raw, json)
Hash identifier:          lFUnZGz1FIcHlyaiwgWG+4txCxDFP4Dd4PFHoTNn1S0=
Subject key identifier:   97:18:F5:5E:AF:41:96:28:52:B5:B9:F3:51:7E:EA:B0:73:04:50:F0
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       018CE9A961006DB68032AA2ED136AAA68314
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/lxj1Xq9BlihStbnzUX7qsHMEUPA.roa
Signing time:             Mon 08 Jan 2024 15:20:40 +0000
ROA not before:           Mon 08 Jan 2024 15:20:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44029
IP address blocks:        87.229.9.0/24 maxlen: 24
                          87.229.8.0/24 maxlen: 24
                          87.229.10.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 05:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:a9:61:00:6d:b6:80:32:aa:2e:d1:36:aa:a6:83:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jan  8 15:20:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9718f55eaf41962852b5b9f3517eeab0730450f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d7:73:3d:ca:94:ba:06:1f:0e:5f:1a:02:24:
                    c1:15:60:48:b6:d6:0d:41:30:78:b5:fe:de:35:45:
                    36:42:12:29:2d:f7:5a:1f:e6:d5:18:3e:1f:2b:7c:
                    f8:3e:e7:1d:3d:30:db:10:c8:ce:75:12:8b:01:cc:
                    71:e2:4f:21:17:b0:2d:29:c6:e9:b0:58:28:f1:11:
                    e2:68:3d:d8:3a:90:9e:50:c4:31:bf:2a:aa:42:d4:
                    9d:04:ae:aa:98:c7:4b:e3:84:1f:b7:26:f5:3f:84:
                    2e:1d:ca:06:b8:dc:94:3d:8e:9f:e8:db:17:09:3b:
                    28:71:68:c9:3d:31:67:a6:87:7e:02:3f:c4:7f:7e:
                    49:a7:d2:ba:5f:97:c2:d0:e4:c2:f4:c1:c4:45:4d:
                    2e:ac:e9:b3:a9:14:d5:98:e9:3f:46:43:a1:20:40:
                    5a:17:55:b5:72:ca:14:15:63:c9:85:10:aa:b0:c8:
                    93:0e:74:f1:5c:5e:82:c3:c2:9a:c8:c4:65:6e:24:
                    6a:1e:52:9d:57:43:95:50:2a:ac:ba:83:5b:11:e0:
                    08:87:12:03:a4:ef:45:2b:d3:7b:98:f1:ed:10:87:
                    58:91:b1:15:86:f7:57:d0:74:4e:30:0d:c5:49:c7:
                    47:3d:da:4d:ae:d6:7f:39:48:d6:f6:38:4f:95:8d:
                    4f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:18:F5:5E:AF:41:96:28:52:B5:B9:F3:51:7E:EA:B0:73:04:50:F0
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/lxj1Xq9BlihStbnzUX7qsHMEUPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:b6:a5:3d:af:32:6d:d9:93:3e:b2:c6:d9:33:2b:d9:6c:a2:
         08:e7:e7:81:ca:fb:27:9d:78:7f:16:e4:79:05:ea:b5:c9:3b:
         e0:f8:ea:c5:af:74:b0:ce:80:41:38:27:05:1d:24:b4:a5:8c:
         30:d0:5d:61:ff:8e:8b:16:da:b9:a3:a7:61:20:80:c6:71:e8:
         18:03:14:cc:32:1f:7d:31:61:d0:ab:e7:ae:97:2e:19:3a:da:
         c3:2a:a7:59:08:ae:53:bc:24:bc:1b:e3:fd:0a:7f:d9:13:c3:
         bf:6c:96:37:a7:bc:4f:b0:96:ef:13:d1:1c:ec:11:a0:9b:07:
         49:65:8f:77:67:11:79:cd:22:83:c5:78:1e:cc:51:7f:a3:9f:
         34:8e:ad:78:b3:ec:8b:dc:a6:c1:a4:6e:a1:ef:12:3f:bc:9a:
         bf:31:17:82:53:f7:65:af:e4:3f:42:71:e9:51:31:b4:23:fe:
         be:c6:05:01:8c:4d:81:97:df:69:c9:5e:33:c4:ff:61:8a:e9:
         da:cd:31:0d:c8:62:74:d0:71:79:1b:53:4d:67:06:41:15:98:
         c7:32:ed:11:8c:12:70:82:48:51:d5:ba:95:55:ca:bd:ae:8f:
         6d:b1:ce:d0:cf:f9:19:58:b6:b9:dd:42:c5:bd:4e:a3:93:6a:
         37:6b:2f:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzpqWEAbbaAMqou0TaqpoMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjQwMTA4MTUyMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzE4ZjU1ZWFmNDE5NjI4NTJiNWI5ZjM1MTdlZWFiMDczMDQ1MGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtddzPcqUugYfDl8aAiTBFWBIttYN
QTB4tf7eNUU2QhIpLfdaH+bVGD4fK3z4PucdPTDbEMjOdRKLAcxx4k8hF7AtKcbp
sFgo8RHiaD3YOpCeUMQxvyqqQtSdBK6qmMdL44Qftyb1P4QuHcoGuNyUPY6f6NsX
CTsocWjJPTFnpod+Aj/Ef35Jp9K6X5fC0OTC9MHERU0urOmzqRTVmOk/RkOhIEBa
F1W1csoUFWPJhRCqsMiTDnTxXF6Cw8KayMRlbiRqHlKdV0OVUCqsuoNbEeAIhxID
pO9FK9N7mPHtEIdYkbEVhvdX0HROMA3FScdHPdpNrtZ/OUjW9jhPlY1PkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcY9V6vQZYoUrW581F+6rBzBFDwMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvbHhqMVhxOUJsaWhTdGJuelVYN3FzSE1FVVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCV+UIMA0G
CSqGSIb3DQEBCwUAA4IBAQB5tqU9rzJt2ZM+ssbZMyvZbKII5+eByvsnnXh/FuR5
Beq1yTvg+OrFr3SwzoBBOCcFHSS0pYww0F1h/46LFtq5o6dhIIDGcegYAxTMMh99
MWHQq+euly4ZOtrDKqdZCK5TvCS8G+P9Cn/ZE8O/bJY3p7xPsJbvE9Ec7BGgmwdJ
ZY93ZxF5zSKDxXgezFF/o580jq14s+yL3KbBpG6h7xI/vJq/MReCU/dlr+Q/QnHp
UTG0I/6+xgUBjE2Bl99pyV4zxP9hiunazTENyGJ00HF5G1NNZwZBFZjHMu0RjBJw
gkhR1bqVVcq9ro9tsc7Qz/kZWLa53ULFvU6jk2o3ay9u
-----END CERTIFICATE-----