Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/f3fef4-45da-4b43-98c2-4df8840efb17/1/LUrdHzgS_l7_WngQRohJ8cfyZLU.roa
File:                     LUrdHzgS_l7_WngQRohJ8cfyZLU.roa (raw, json)
Hash identifier:          YtI+3yX+mtgRv4ToNHxHVZ2z3gKS8ImseWRP9Kb2J/w=
Subject key identifier:   2D:4A:DD:1F:38:12:FE:5E:FF:5A:78:10:46:88:49:F1:C7:F2:64:B5
Certificate issuer:       /CN=2985cc43d806a21b63330219eb638bb1ba49ae80
Certificate serial:       0191A24E8D46E4819152DFAC1D8FBB42AC82
Authority key identifier: 29:85:CC:43:D8:06:A2:1B:63:33:02:19:EB:63:8B:B1:BA:49:AE:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYXMQ9gGohtjMwIZ62OLsbpJroA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/f3fef4-45da-4b43-98c2-4df8840efb17/1/LUrdHzgS_l7_WngQRohJ8cfyZLU.roa
Signing time:             Fri 30 Aug 2024 08:02:22 +0000
ROA not before:           Fri 30 Aug 2024 08:02:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49063
IP address blocks:        87.242.76.0/22 maxlen: 22
                          87.242.76.0/24 maxlen: 24
                          87.242.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/f3fef4-45da-4b43-98c2-4df8840efb17/1/KYXMQ9gGohtjMwIZ62OLsbpJroA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/f3fef4-45da-4b43-98c2-4df8840efb17/1/KYXMQ9gGohtjMwIZ62OLsbpJroA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYXMQ9gGohtjMwIZ62OLsbpJroA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a2:4e:8d:46:e4:81:91:52:df:ac:1d:8f:bb:42:ac:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2985cc43d806a21b63330219eb638bb1ba49ae80
        Validity
            Not Before: Aug 30 08:02:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d4add1f3812fe5eff5a7810468849f1c7f264b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:15:b2:09:00:6b:f9:a9:58:c0:3b:3a:aa:31:
                    2d:e4:ae:ef:19:64:a0:fd:fd:44:ba:68:01:30:b1:
                    ff:0b:84:f7:01:d5:ff:0e:cf:23:f3:15:56:6a:1c:
                    0b:01:52:08:05:ff:93:f1:15:83:36:cf:70:00:b7:
                    8b:aa:60:ae:25:39:e5:96:b8:d9:9b:ad:cb:77:ba:
                    cf:d7:98:2d:63:84:47:66:d7:59:fb:7f:1b:71:a0:
                    ee:6f:da:7a:bb:92:cf:c8:88:fc:ba:bf:d8:11:11:
                    0f:4e:26:f7:4e:46:a8:c7:77:de:1a:64:76:ae:b9:
                    60:ec:a6:78:c7:8a:d4:36:75:43:81:c5:8b:99:18:
                    64:b9:9f:bf:12:69:7c:b4:5e:16:e3:4b:ea:98:66:
                    ae:77:d1:02:8c:60:9b:4c:c5:54:31:a9:f3:3d:1c:
                    b0:a6:10:41:f9:b2:28:8a:e1:ed:68:f7:4e:93:2f:
                    fb:2e:00:cb:07:e4:2a:a3:1c:f5:a7:e5:67:38:db:
                    44:9c:59:26:32:2f:63:68:51:0d:dd:d5:43:77:b9:
                    07:83:b7:cc:93:26:3a:c3:6d:39:d8:e7:dd:6b:b3:
                    aa:b5:95:2e:6a:78:09:e2:9a:6f:81:19:c1:8b:0f:
                    af:d0:0f:54:e9:db:b8:e4:79:54:f2:8a:74:66:2b:
                    58:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:4A:DD:1F:38:12:FE:5E:FF:5A:78:10:46:88:49:F1:C7:F2:64:B5
            X509v3 Authority Key Identifier:
                keyid:29:85:CC:43:D8:06:A2:1B:63:33:02:19:EB:63:8B:B1:BA:49:AE:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYXMQ9gGohtjMwIZ62OLsbpJroA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/f3fef4-45da-4b43-98c2-4df8840efb17/1/LUrdHzgS_l7_WngQRohJ8cfyZLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/f3fef4-45da-4b43-98c2-4df8840efb17/1/KYXMQ9gGohtjMwIZ62OLsbpJroA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.242.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:58:2f:b2:4a:84:d6:1e:75:ed:d8:f1:82:4a:5f:d8:d8:90:
         44:94:02:f3:d8:f9:f9:52:f0:1c:45:c1:4a:ba:e9:2d:d8:e4:
         86:80:23:fc:ef:70:61:9b:63:c8:9e:5a:a6:67:61:88:ed:d8:
         16:6f:22:ac:98:52:4c:15:ec:53:f4:73:a4:09:d1:80:d9:17:
         32:c2:56:5c:8d:4f:8f:5c:f6:eb:da:e2:e6:5c:70:f8:01:54:
         6b:ca:87:27:d4:88:1d:49:36:7c:28:6c:9c:b7:95:69:35:42:
         35:ca:0d:9f:2e:4a:8f:f6:ad:68:44:8f:3c:9c:56:a4:52:99:
         96:95:27:88:e6:04:8b:e3:74:b7:61:46:f3:23:19:ff:5f:03:
         bb:53:d5:6f:78:ae:dd:fe:91:09:69:7b:c1:66:87:bd:dc:f2:
         eb:7f:2b:d1:df:79:a8:8b:38:0b:1f:bf:c0:e9:4d:e9:37:56:
         d4:a6:c5:f4:a5:fc:4c:e0:55:d7:4b:2b:7b:be:21:f2:6e:09:
         be:97:61:56:ff:32:39:46:41:26:05:e0:74:d3:2b:2c:e7:e9:
         3e:07:d2:1e:69:7d:f9:f3:a6:71:29:5e:87:aa:4d:2d:3e:11:
         e9:ef:6d:01:0b:10:57:ab:50:aa:02:b0:1e:15:c6:d5:0e:17:
         d0:4c:a8:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGiTo1G5IGRUt+sHY+7QqyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODVjYzQzZDgwNmEyMWI2MzMzMDIxOWViNjM4YmIxYmE0
OWFlODAwHhcNMjQwODMwMDgwMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDRhZGQxZjM4MTJmZTVlZmY1YTc4MTA0Njg4NDlmMWM3ZjI2NGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBWyCQBr+alYwDs6qjEt5K7vGWSg
/f1EumgBMLH/C4T3AdX/Ds8j8xVWahwLAVIIBf+T8RWDNs9wALeLqmCuJTnllrjZ
m63Ld7rP15gtY4RHZtdZ+38bcaDub9p6u5LPyIj8ur/YEREPTib3Tkaox3feGmR2
rrlg7KZ4x4rUNnVDgcWLmRhkuZ+/Eml8tF4W40vqmGaud9ECjGCbTMVUManzPRyw
phBB+bIoiuHtaPdOky/7LgDLB+Qqoxz1p+VnONtEnFkmMi9jaFEN3dVDd7kHg7fM
kyY6w2052Ofda7OqtZUuangJ4ppvgRnBiw+v0A9U6du45HlU8op0ZitYqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1K3R84Ev5e/1p4EEaISfHH8mS1MB8GA1UdIwQY
MBaAFCmFzEPYBqIbYzMCGetji7G6Sa6AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1lYTVE5Z0dvaHRqTXdJWjYyT0xzYnBKcm9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9mM2ZlZjQtNDVkYS00YjQzLTk4YzIt
NGRmODg0MGVmYjE3LzEvTFVyZEh6Z1NfbDdfV25nUVJvaEo4Y2Z5WkxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9mM2ZlZjQtNDVkYS00YjQzLTk4YzItNGRmODg0MGVmYjE3
LzEvS1lYTVE5Z0dvaHRqTXdJWjYyT0xzYnBKcm9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCV/JMMA0G
CSqGSIb3DQEBCwUAA4IBAQBGWC+ySoTWHnXt2PGCSl/Y2JBElALz2Pn5UvAcRcFK
uukt2OSGgCP873Bhm2PInlqmZ2GI7dgWbyKsmFJMFexT9HOkCdGA2RcywlZcjU+P
XPbr2uLmXHD4AVRryocn1IgdSTZ8KGyct5VpNUI1yg2fLkqP9q1oRI88nFakUpmW
lSeI5gSL43S3YUbzIxn/XwO7U9VveK7d/pEJaXvBZoe93PLrfyvR33moizgLH7/A
6U3pN1bUpsX0pfxM4FXXSyt7viHybgm+l2FW/zI5RkEmBeB00yss5+k+B9IeaX35
86ZxKV6Hqk0tPhHp720BCxBXq1CqArAeFcbVDhfQTKgP
-----END CERTIFICATE-----