Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/122641-71af-459c-b9c1-8b156db4ff35/1/lymCVnOqCzwn0Vf2R_kY-EKim6E.roa
File:                     lymCVnOqCzwn0Vf2R_kY-EKim6E.roa (raw, json)
Hash identifier:          eUCpGWSQ+rSHHm7/iBWCXbjewTL3I0wWr118GvY0Yvc=
Subject key identifier:   97:29:82:56:73:AA:0B:3C:27:D1:57:F6:47:F9:18:F8:42:A2:9B:A1
Certificate issuer:       /CN=7654b0cc2c3f6b757ff52cba165d9ffa88ced30f
Certificate serial:       018CC348B44624958E953DDE9AE68C5310AB
Authority key identifier: 76:54:B0:CC:2C:3F:6B:75:7F:F5:2C:BA:16:5D:9F:FA:88:CE:D3:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dlSwzCw_a3V_9Sy6Fl2f-ojO0w8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/122641-71af-459c-b9c1-8b156db4ff35/1/lymCVnOqCzwn0Vf2R_kY-EKim6E.roa
Signing time:             Mon 01 Jan 2024 04:29:30 +0000
ROA not before:           Mon 01 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        194.24.242.0/24 maxlen: 24
                          194.24.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/122641-71af-459c-b9c1-8b156db4ff35/1/dlSwzCw_a3V_9Sy6Fl2f-ojO0w8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/122641-71af-459c-b9c1-8b156db4ff35/1/dlSwzCw_a3V_9Sy6Fl2f-ojO0w8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dlSwzCw_a3V_9Sy6Fl2f-ojO0w8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b4:46:24:95:8e:95:3d:de:9a:e6:8c:53:10:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7654b0cc2c3f6b757ff52cba165d9ffa88ced30f
        Validity
            Not Before: Jan  1 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9729825673aa0b3c27d157f647f918f842a29ba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:6a:d4:a3:b3:45:54:01:42:c8:07:9f:5a:df:
                    82:1b:c6:65:5f:36:fd:39:bc:a0:55:99:14:13:ed:
                    bd:3a:c7:59:c3:48:28:07:1a:f0:58:27:7a:70:db:
                    a8:14:67:9d:80:0d:68:bf:44:6e:4c:62:f3:24:8e:
                    43:94:92:1a:d9:65:fc:a3:f3:58:67:a2:1f:80:2e:
                    c9:4e:9a:ab:0b:06:94:4b:b5:45:26:63:43:c7:9e:
                    40:63:18:6a:4c:81:89:70:dd:b9:23:a6:af:81:4d:
                    7d:f0:d0:69:7f:22:98:89:a7:b9:75:79:ef:ff:d6:
                    81:2b:dc:16:09:49:75:45:f6:96:a5:71:83:10:b5:
                    09:d1:1d:b1:19:99:08:9f:2c:3b:4a:63:f6:0d:77:
                    d6:ff:e1:e3:4a:71:fd:25:14:a1:68:43:7c:06:18:
                    34:1d:50:72:eb:92:79:c8:3f:9b:b3:1d:04:ce:1e:
                    91:e2:49:56:5d:a5:19:c9:e8:bd:e8:e9:5a:6d:72:
                    aa:ea:3a:63:7b:0c:c6:fe:41:06:5b:f8:fc:64:42:
                    39:cc:a6:6c:17:7c:c9:72:20:7e:09:e6:52:19:77:
                    14:23:00:84:0e:ff:75:00:70:40:b3:d4:5b:d6:1d:
                    da:ae:55:7c:4f:31:40:ef:28:2d:c4:68:12:b5:6b:
                    5c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:29:82:56:73:AA:0B:3C:27:D1:57:F6:47:F9:18:F8:42:A2:9B:A1
            X509v3 Authority Key Identifier:
                keyid:76:54:B0:CC:2C:3F:6B:75:7F:F5:2C:BA:16:5D:9F:FA:88:CE:D3:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dlSwzCw_a3V_9Sy6Fl2f-ojO0w8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/122641-71af-459c-b9c1-8b156db4ff35/1/lymCVnOqCzwn0Vf2R_kY-EKim6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/122641-71af-459c-b9c1-8b156db4ff35/1/dlSwzCw_a3V_9Sy6Fl2f-ojO0w8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.24.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:8c:b0:d0:40:81:68:6b:36:89:f2:67:d4:8b:88:80:d8:f8:
         30:ef:7c:da:a6:71:84:e5:5f:7f:8f:5b:22:ac:9a:e7:9c:04:
         d4:61:af:aa:b0:a6:2d:88:c4:9b:1a:b9:34:1d:6c:34:05:28:
         66:ea:68:47:f7:12:96:37:17:47:9f:bc:8e:c2:1f:23:9f:af:
         7b:65:9a:55:15:e2:ea:26:e8:ba:6e:84:1b:4b:22:c4:fa:e8:
         bb:25:00:32:ed:67:3f:dc:a9:81:3c:14:e7:3a:84:f3:d4:22:
         08:be:8d:3f:d0:21:19:2c:e9:7f:0f:1c:99:4e:1f:91:3e:b5:
         14:dc:bd:89:18:1e:25:98:0c:72:6a:ba:43:99:17:db:5a:12:
         0f:e6:6b:a0:20:36:c7:3a:3a:02:a5:5a:4c:7f:67:16:86:c3:
         09:b2:cf:c5:ac:48:87:85:b6:8f:90:b2:34:a8:8c:78:1d:f9:
         bc:5c:e1:4c:0d:e6:a4:fd:b5:a6:42:78:b9:ee:0a:67:dc:f5:
         d7:7d:68:fc:ff:46:4e:e0:4d:52:c8:95:7c:55:1c:0c:60:df:
         de:88:9e:0d:e9:88:55:c6:4b:4d:b5:74:5f:88:b5:38:70:11:
         56:9d:b4:9c:33:bc:2b:3d:80:45:a5:f2:d6:c0:37:e4:2c:71:
         39:84:1f:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLRGJJWOlT3emuaMUxCrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NTRiMGNjMmMzZjZiNzU3ZmY1MmNiYTE2NWQ5ZmZhODhj
ZWQzMGYwHhcNMjQwMTAxMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzI5ODI1NjczYWEwYjNjMjdkMTU3ZjY0N2Y5MThmODQyYTI5YmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmrUo7NFVAFCyAefWt+CG8ZlXzb9
ObygVZkUE+29OsdZw0goBxrwWCd6cNuoFGedgA1ov0RuTGLzJI5DlJIa2WX8o/NY
Z6IfgC7JTpqrCwaUS7VFJmNDx55AYxhqTIGJcN25I6avgU198NBpfyKYiae5dXnv
/9aBK9wWCUl1RfaWpXGDELUJ0R2xGZkInyw7SmP2DXfW/+HjSnH9JRShaEN8Bhg0
HVBy65J5yD+bsx0Ezh6R4klWXaUZyei96OlabXKq6jpjewzG/kEGW/j8ZEI5zKZs
F3zJciB+CeZSGXcUIwCEDv91AHBAs9Rb1h3arlV8TzFA7ygtxGgStWtcFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcpglZzqgs8J9FX9kf5GPhCopuhMB8GA1UdIwQY
MBaAFHZUsMwsP2t1f/UsuhZdn/qIztMPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGxTd3pDd19hM1ZfOVN5NkZsMmYtb2pPMHc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xMjI2NDEtNzFhZi00NTljLWI5YzEt
OGIxNTZkYjRmZjM1LzEvbHltQ1ZuT3FDenduMFZmMlJfa1ktRUtpbTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xMjI2NDEtNzFhZi00NTljLWI5YzEtOGIxNTZkYjRmZjM1
LzEvZGxTd3pDd19hM1ZfOVN5NkZsMmYtb2pPMHc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwhjyMA0G
CSqGSIb3DQEBCwUAA4IBAQCPjLDQQIFoazaJ8mfUi4iA2Pgw73zapnGE5V9/j1si
rJrnnATUYa+qsKYtiMSbGrk0HWw0BShm6mhH9xKWNxdHn7yOwh8jn697ZZpVFeLq
Jui6boQbSyLE+ui7JQAy7Wc/3KmBPBTnOoTz1CIIvo0/0CEZLOl/DxyZTh+RPrUU
3L2JGB4lmAxyarpDmRfbWhIP5mugIDbHOjoCpVpMf2cWhsMJss/FrEiHhbaPkLI0
qIx4Hfm8XOFMDeak/bWmQni57gpn3PXXfWj8/0ZO4E1SyJV8VRwMYN/eiJ4N6YhV
xktNtXRfiLU4cBFWnbScM7wrPYBFpfLWwDfkLHE5hB9/
-----END CERTIFICATE-----