Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/lLuQ-fbIXaiz-e0FQsJBf0lEkiA.roa
File:                     lLuQ-fbIXaiz-e0FQsJBf0lEkiA.roa (raw, json)
Hash identifier:          CK0fPQbMWj8YQUxBb4UPbdvSf4VnUy2eleBLHJGlfKs=
Subject key identifier:   94:BB:90:F9:F6:C8:5D:A8:B3:F9:ED:05:42:C2:41:7F:49:44:92:20
Certificate issuer:       /CN=c9d6b59a93e324083fbca4237e47e9f5ebf371ab
Certificate serial:       018CC8016B4A5E2E11A391FB634D3E58482D
Authority key identifier: C9:D6:B5:9A:93:E3:24:08:3F:BC:A4:23:7E:47:E9:F5:EB:F3:71:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/lLuQ-fbIXaiz-e0FQsJBf0lEkiA.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211432
IP address blocks:        185.193.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6b:4a:5e:2e:11:a3:91:fb:63:4d:3e:58:48:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d6b59a93e324083fbca4237e47e9f5ebf371ab
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94bb90f9f6c85da8b3f9ed0542c2417f49449220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a3:94:e1:a9:68:9d:5f:d6:05:d9:0b:5b:f3:
                    0a:f9:35:b1:90:20:68:21:91:c8:a7:cd:90:00:f9:
                    4a:8a:05:52:9a:4d:c6:3d:75:82:d5:a8:f5:5e:25:
                    a3:ea:2c:48:1e:29:5e:14:7d:49:77:7a:82:b0:90:
                    e4:d0:a6:c1:5d:b1:00:f9:b3:45:bb:62:17:01:8d:
                    9b:a7:7e:1d:85:4c:62:93:2a:f9:e9:75:70:41:2c:
                    6a:1e:50:dc:bc:b9:e4:61:93:96:aa:d0:de:98:05:
                    4e:91:15:ed:30:d2:97:1f:44:9b:79:ee:36:5b:36:
                    24:75:0d:94:20:d4:9b:b0:5c:21:33:22:50:21:ee:
                    8d:7a:e9:1f:27:76:eb:d0:60:d1:c4:d6:99:54:a6:
                    a5:a9:86:f6:28:4c:71:7d:a4:84:c9:1c:2c:cb:5d:
                    11:25:3e:6b:d1:57:05:27:e4:99:e7:bb:ea:26:ee:
                    80:bb:2c:69:ef:3b:3a:d8:f7:45:38:3c:b0:25:80:
                    fa:54:16:97:30:1e:7c:bd:70:b1:99:73:b6:16:22:
                    b3:17:0c:5d:5c:75:59:0e:02:e9:74:0d:46:0f:0d:
                    23:15:19:c4:5b:50:20:9f:14:33:33:a5:4d:7a:06:
                    ec:b0:aa:a5:19:6c:90:54:5b:64:50:3c:20:e4:ed:
                    fd:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:BB:90:F9:F6:C8:5D:A8:B3:F9:ED:05:42:C2:41:7F:49:44:92:20
            X509v3 Authority Key Identifier:
                keyid:C9:D6:B5:9A:93:E3:24:08:3F:BC:A4:23:7E:47:E9:F5:EB:F3:71:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/lLuQ-fbIXaiz-e0FQsJBf0lEkiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:1b:d8:7a:9f:12:22:32:53:24:fc:58:43:65:bc:f0:81:7a:
         1a:d3:e6:e7:86:b5:ef:6d:a1:38:df:ac:a5:98:81:a0:0e:62:
         5d:81:fc:df:80:4e:ff:bb:d7:5e:a1:13:fa:cb:cf:d9:d8:08:
         e7:be:e4:c2:9f:cf:22:a5:72:e4:ac:ed:b9:47:8a:9e:88:2d:
         b4:46:9b:c0:8e:1c:58:95:35:5a:e0:4c:d1:16:96:16:d6:1b:
         ea:10:30:d6:3e:d1:df:4b:74:69:5c:0b:11:b4:09:13:51:34:
         e4:5e:dd:6e:c9:2e:e8:88:3d:0f:ac:92:69:e6:c3:43:b7:ba:
         9b:d1:3a:d6:6f:c6:bf:9a:2f:bc:12:90:0c:36:b8:f2:01:b3:
         81:08:ef:19:6f:6a:28:2c:f7:ab:80:d7:6a:ad:43:9d:52:74:
         d5:a7:94:f6:b6:7a:39:7c:48:c0:3f:d5:da:44:9b:18:3a:f7:
         5a:56:47:c5:2d:1a:c7:c2:69:5d:a3:75:e9:f1:be:a0:a3:5c:
         20:a3:68:a0:4e:e5:e0:66:cb:8f:27:7e:04:8a:35:41:e6:4f:
         9f:31:33:eb:c8:da:c1:78:92:5b:51:7c:c6:e6:45:33:9c:de:
         c0:8c:9b:6e:67:77:5a:e9:07:07:a7:8d:3e:c5:5c:6f:64:c7:
         a9:1d:6a:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWtKXi4Ro5H7Y00+WEgtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDZiNTlhOTNlMzI0MDgzZmJjYTQyMzdlNDdlOWY1ZWJm
MzcxYWIwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGJiOTBmOWY2Yzg1ZGE4YjNmOWVkMDU0MmMyNDE3ZjQ5NDQ5MjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6OU4alonV/WBdkLW/MK+TWxkCBo
IZHIp82QAPlKigVSmk3GPXWC1aj1XiWj6ixIHileFH1Jd3qCsJDk0KbBXbEA+bNF
u2IXAY2bp34dhUxikyr56XVwQSxqHlDcvLnkYZOWqtDemAVOkRXtMNKXH0Sbee42
WzYkdQ2UINSbsFwhMyJQIe6NeukfJ3br0GDRxNaZVKalqYb2KExxfaSEyRwsy10R
JT5r0VcFJ+SZ57vqJu6Auyxp7zs62PdFODywJYD6VBaXMB58vXCxmXO2FiKzFwxd
XHVZDgLpdA1GDw0jFRnEW1AgnxQzM6VNegbssKqlGWyQVFtkUDwg5O396wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJS7kPn2yF2os/ntBULCQX9JRJIgMB8GA1UdIwQY
MBaAFMnWtZqT4yQIP7ykI35H6fXr83GrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRhMW1wUGpKQWdfdktRamZrZnA5ZXZ6Y2FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny82ODJiMDctNzczZi00NmZkLTgyZTIt
YjkyMTFlMWZjMWFjLzEvbEx1US1mYklYYWl6LWUwRlFzSkJmMGxFa2lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny82ODJiMDctNzczZi00NmZkLTgyZTItYjkyMTFlMWZjMWFj
LzEveWRhMW1wUGpKQWdfdktRamZrZnA5ZXZ6Y2FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucGkMA0G
CSqGSIb3DQEBCwUAA4IBAQCeG9h6nxIiMlMk/FhDZbzwgXoa0+bnhrXvbaE436yl
mIGgDmJdgfzfgE7/u9deoRP6y8/Z2AjnvuTCn88ipXLkrO25R4qeiC20RpvAjhxY
lTVa4EzRFpYW1hvqEDDWPtHfS3RpXAsRtAkTUTTkXt1uyS7oiD0PrJJp5sNDt7qb
0TrWb8a/mi+8EpAMNrjyAbOBCO8Zb2ooLPergNdqrUOdUnTVp5T2tno5fEjAP9Xa
RJsYOvdaVkfFLRrHwmldo3Xp8b6go1wgo2igTuXgZsuPJ34EijVB5k+fMTPryNrB
eJJbUXzG5kUznN7AjJtuZ3da6QcHp40+xVxvZMepHWrP
-----END CERTIFICATE-----