Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LfnsVByDpX7mJLn_kAvrltpfL5c.roa
File:                     LfnsVByDpX7mJLn_kAvrltpfL5c.roa (raw, json)
Hash identifier:          1zUy+23lH8IVy5PphwumSqOQWVitizw1LYka1pDVDwY=
Subject key identifier:   2D:F9:EC:54:1C:83:A5:7E:E6:24:B9:FF:90:0B:EB:96:DA:5F:2F:97
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0196C3D92871034E4764FE8F50A2AFB72F69
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LfnsVByDpX7mJLn_kAvrltpfL5c.roa
Signing time:             Mon 12 May 2025 09:35:10 +0000
ROA not before:           Mon 12 May 2025 09:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57975
IP address blocks:        146.158.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:d9:28:71:03:4e:47:64:fe:8f:50:a2:af:b7:2f:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: May 12 09:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2df9ec541c83a57ee624b9ff900beb96da5f2f97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:85:7c:21:25:e0:8e:0d:11:08:03:b0:39:26:
                    f1:52:f4:95:dc:1f:1c:dd:1f:a3:6b:d6:9b:a9:2a:
                    a1:15:38:7a:a9:7a:b4:1c:1d:c6:43:34:7d:1b:3b:
                    bb:40:6b:91:72:98:24:0e:b7:7a:44:97:7c:5e:2a:
                    8d:81:72:08:ed:50:d9:9e:46:ee:5e:dc:de:87:9b:
                    53:2d:b1:51:77:51:2e:33:4b:ba:2b:f0:f8:36:d7:
                    80:25:a3:e5:35:29:ff:11:d8:2e:70:78:b3:90:0f:
                    b2:46:b8:5c:74:b9:a7:0c:0b:37:0e:43:cc:82:03:
                    cf:6d:39:34:c5:5b:ee:a6:ef:9e:44:55:76:74:06:
                    4a:ff:c3:6f:7e:ea:15:06:2b:6a:42:1b:cb:d0:a0:
                    da:df:c1:1d:aa:ca:b3:f0:69:fe:3f:3b:89:80:a1:
                    74:cb:98:83:75:dd:d5:40:b3:46:4b:0b:76:a4:be:
                    f5:bb:a8:cf:bd:6f:30:48:06:7d:a4:8e:38:96:18:
                    f6:a6:7d:d3:df:a7:50:38:68:05:df:d1:1e:ae:bf:
                    cc:c1:47:79:5e:ea:e8:23:88:56:d6:09:ee:fc:2f:
                    2e:21:38:63:73:0f:2d:0c:6c:ee:a8:3b:53:b2:87:
                    af:d4:b7:ad:da:ab:03:19:3d:43:5e:22:d3:0e:e7:
                    89:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:F9:EC:54:1C:83:A5:7E:E6:24:B9:FF:90:0B:EB:96:DA:5F:2F:97
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LfnsVByDpX7mJLn_kAvrltpfL5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.158.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:6c:c1:3a:0e:76:d5:da:25:82:a2:ef:95:d9:24:be:54:24:
         b5:39:04:d1:8b:74:a5:f5:37:a4:b0:74:28:ec:0c:a1:e0:6f:
         9b:a3:3c:c1:d6:84:13:f6:bd:0e:f7:13:f8:39:81:0e:57:e4:
         f8:01:59:1a:1c:6a:bb:e9:4e:48:b0:93:cc:d5:80:a9:11:63:
         d3:44:f0:ee:06:24:f2:2e:40:aa:94:e3:2f:4b:f4:74:81:40:
         a0:8d:a0:47:96:35:fc:89:40:e4:f1:be:55:cb:60:59:c5:9d:
         a5:c3:45:03:26:ba:36:37:4c:ef:bf:95:ef:ab:93:ad:e5:4d:
         ef:95:f4:62:b5:98:16:12:cb:2b:5b:58:bf:bc:b1:38:78:d8:
         66:a4:35:2a:76:f4:f1:2b:2a:ca:9a:ef:e5:fc:8b:94:9c:81:
         f2:1c:4a:3c:64:e4:a9:6e:50:b7:75:ca:1a:01:47:81:4a:fa:
         13:de:30:35:0f:8e:ba:20:53:f3:da:d4:aa:9c:d3:a6:e7:a2:
         b5:95:96:74:4e:53:26:d7:ac:59:2e:bf:95:23:c2:37:cb:af:
         e9:d8:8e:04:92:26:ae:66:76:76:64:eb:9e:99:45:93:5e:af:
         37:75:23:a1:ff:5c:ef:5c:7f:a9:47:5e:57:e7:5b:0a:76:be:
         5f:95:15:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbD2ShxA05HZP6PUKKvty9pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwNTEyMDkzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGY5ZWM1NDFjODNhNTdlZTYyNGI5ZmY5MDBiZWI5NmRhNWYyZjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04V8ISXgjg0RCAOwOSbxUvSV3B8c
3R+ja9abqSqhFTh6qXq0HB3GQzR9Gzu7QGuRcpgkDrd6RJd8XiqNgXII7VDZnkbu
Xtzeh5tTLbFRd1EuM0u6K/D4NteAJaPlNSn/EdgucHizkA+yRrhcdLmnDAs3DkPM
ggPPbTk0xVvupu+eRFV2dAZK/8NvfuoVBitqQhvL0KDa38Edqsqz8Gn+PzuJgKF0
y5iDdd3VQLNGSwt2pL71u6jPvW8wSAZ9pI44lhj2pn3T36dQOGgF39Eerr/MwUd5
XuroI4hW1gnu/C8uIThjcw8tDGzuqDtTsoev1Let2qsDGT1DXiLTDueJtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC357FQcg6V+5iS5/5AL65baXy+XMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTGZuc1ZCeURwWDdtSkxuX2tBdnJsdHBmTDVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkp4PMA0G
CSqGSIb3DQEBCwUAA4IBAQBtbME6DnbV2iWCou+V2SS+VCS1OQTRi3Sl9TeksHQo
7Ayh4G+bozzB1oQT9r0O9xP4OYEOV+T4AVkaHGq76U5IsJPM1YCpEWPTRPDuBiTy
LkCqlOMvS/R0gUCgjaBHljX8iUDk8b5Vy2BZxZ2lw0UDJro2N0zvv5Xvq5Ot5U3v
lfRitZgWEssrW1i/vLE4eNhmpDUqdvTxKyrKmu/l/IuUnIHyHEo8ZOSpblC3dcoa
AUeBSvoT3jA1D466IFPz2tSqnNOm56K1lZZ0TlMm16xZLr+VI8I3y6/p2I4Ekiau
ZnZ2ZOuemUWTXq83dSOh/1zvXH+pR15X51sKdr5flRUT
-----END CERTIFICATE-----