Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/lzGs-5lz-bXW1iJEm4UC1h-luUo.roa
File:                     lzGs-5lz-bXW1iJEm4UC1h-luUo.roa (raw, json)
Hash identifier:          qnpbf7DPLdTOVKt4AT0bqFf9wEketZRlq8BbfM/QQGU=
Subject key identifier:   97:31:AC:FB:99:73:F9:B5:D6:D6:22:44:9B:85:02:D6:1F:A5:B9:4A
Certificate issuer:       /CN=4a7f7876d4c5554b772a57e7f1c4ced37fb5e19e
Certificate serial:       018CC26D7D2C900CB34E6870E7B7AE85CD7E
Authority key identifier: 4A:7F:78:76:D4:C5:55:4B:77:2A:57:E7:F1:C4:CE:D3:7F:B5:E1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sn94dtTFVUt3Klfn8cTO03-14Z4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/lzGs-5lz-bXW1iJEm4UC1h-luUo.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200346
IP address blocks:        193.22.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/Sn94dtTFVUt3Klfn8cTO03-14Z4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/Sn94dtTFVUt3Klfn8cTO03-14Z4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sn94dtTFVUt3Klfn8cTO03-14Z4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:03:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7d:2c:90:0c:b3:4e:68:70:e7:b7:ae:85:cd:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a7f7876d4c5554b772a57e7f1c4ced37fb5e19e
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9731acfb9973f9b5d6d622449b8502d61fa5b94a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f9:73:ab:0e:d7:c2:08:16:57:1b:7c:20:e7:
                    7c:cc:47:2a:dd:6f:2b:d5:02:ab:4e:b8:48:97:5f:
                    21:12:b1:0b:d0:e3:d3:5c:45:ff:fb:fb:82:3f:5a:
                    ff:ce:8e:b9:5a:86:b4:20:a3:40:71:7f:8a:eb:fa:
                    cb:1e:bd:b3:e0:15:47:fd:3f:47:dc:23:66:00:df:
                    53:1a:58:a5:c3:90:6a:50:c2:09:04:3e:89:1e:66:
                    02:1b:eb:bd:4d:81:20:0d:f5:b3:53:c0:ff:7c:39:
                    fd:a4:cd:47:d8:a4:86:da:b4:75:94:61:b1:50:26:
                    55:5b:56:1f:4b:a1:c6:3f:66:60:11:9e:2a:07:8d:
                    2b:5c:fb:1d:5a:5b:44:8d:1f:e9:c6:aa:3a:fd:8a:
                    7d:43:34:0e:85:76:88:b0:57:95:67:d4:6b:3a:73:
                    dc:30:b8:9a:30:7e:e2:6f:30:f1:4b:1b:fa:60:64:
                    bc:78:32:ab:63:17:92:4f:f0:78:da:25:19:a2:57:
                    fe:da:ec:19:6b:67:bf:a4:5b:cc:bc:66:9f:6a:6c:
                    d7:9a:07:bd:36:07:c8:f1:0a:f3:c4:0e:10:53:f6:
                    6e:2b:e8:bc:32:52:fc:55:ad:7d:07:a4:d1:88:97:
                    09:5d:50:c9:b3:53:c5:a2:34:c5:88:a9:30:dc:3d:
                    76:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:31:AC:FB:99:73:F9:B5:D6:D6:22:44:9B:85:02:D6:1F:A5:B9:4A
            X509v3 Authority Key Identifier:
                keyid:4A:7F:78:76:D4:C5:55:4B:77:2A:57:E7:F1:C4:CE:D3:7F:B5:E1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sn94dtTFVUt3Klfn8cTO03-14Z4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/lzGs-5lz-bXW1iJEm4UC1h-luUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6c7dab-3c1b-4d50-9ffd-ab1ea4353b7f/1/Sn94dtTFVUt3Klfn8cTO03-14Z4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:ec:be:74:bb:49:a9:c2:2a:53:8e:53:9b:f4:e8:1e:a8:62:
         de:a7:f7:47:b5:64:bc:0e:36:4b:68:7e:16:88:a8:51:c8:df:
         18:86:94:e6:cb:14:69:79:98:b1:ba:f3:73:d2:9f:5b:11:aa:
         db:9a:8f:26:b8:26:ac:1a:37:d2:21:72:7a:4a:5a:68:a5:b2:
         a1:34:ca:70:4e:87:4f:c3:4b:45:17:cd:29:14:5d:b1:2f:ad:
         7f:7c:ba:c3:1a:d7:5f:9a:60:e0:5a:37:29:37:3f:a0:b1:5a:
         0d:f3:3b:25:37:31:d6:41:4d:c4:f0:ff:ba:89:ce:fa:57:39:
         2d:6c:3b:24:01:f3:09:f6:b7:7e:7e:4c:fc:13:1c:89:1a:2d:
         c5:79:4c:45:b4:46:ae:38:f7:9c:04:68:97:2e:d6:67:45:2e:
         35:4a:f0:54:3a:21:b7:1e:8c:c5:ee:de:ce:6c:28:33:26:16:
         54:ff:c5:bd:31:c8:10:14:a2:3b:20:86:95:e1:c6:da:08:00:
         5f:7e:f5:fb:2e:fb:f8:65:f5:47:9a:10:07:74:02:cc:08:db:
         e1:50:ce:e6:88:9d:9f:2a:46:2e:de:8b:fe:e4:cb:57:6f:85:
         20:d1:73:ea:6d:26:44:a1:8b:7d:bc:fd:12:4b:95:ff:a3:88:
         35:64:1e:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbX0skAyzTmhw57euhc1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhN2Y3ODc2ZDRjNTU1NGI3NzJhNTdlN2YxYzRjZWQzN2Zi
NWUxOWUwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzMxYWNmYjk5NzNmOWI1ZDZkNjIyNDQ5Yjg1MDJkNjFmYTViOTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmflzqw7XwggWVxt8IOd8zEcq3W8r
1QKrTrhIl18hErEL0OPTXEX/+/uCP1r/zo65Woa0IKNAcX+K6/rLHr2z4BVH/T9H
3CNmAN9TGlilw5BqUMIJBD6JHmYCG+u9TYEgDfWzU8D/fDn9pM1H2KSG2rR1lGGx
UCZVW1YfS6HGP2ZgEZ4qB40rXPsdWltEjR/pxqo6/Yp9QzQOhXaIsFeVZ9RrOnPc
MLiaMH7ibzDxSxv6YGS8eDKrYxeST/B42iUZolf+2uwZa2e/pFvMvGafamzXmge9
NgfI8QrzxA4QU/ZuK+i8MlL8Va19B6TRiJcJXVDJs1PFojTFiKkw3D12LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcxrPuZc/m11tYiRJuFAtYfpblKMB8GA1UdIwQY
MBaAFEp/eHbUxVVLdypX5/HEztN/teGeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU245NGR0VEZWVXQzS2xmbjhjVE8wMy0xNFo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC82YzdkYWItM2MxYi00ZDUwLTlmZmQt
YWIxZWE0MzUzYjdmLzEvbHpHcy01bHotYlhXMWlKRW00VUMxaC1sdVVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC82YzdkYWItM2MxYi00ZDUwLTlmZmQtYWIxZWE0MzUzYjdm
LzEvU245NGR0VEZWVXQzS2xmbjhjVE8wMy0xNFo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRb+MA0G
CSqGSIb3DQEBCwUAA4IBAQDE7L50u0mpwipTjlOb9OgeqGLep/dHtWS8DjZLaH4W
iKhRyN8YhpTmyxRpeZixuvNz0p9bEarbmo8muCasGjfSIXJ6SlpopbKhNMpwTodP
w0tFF80pFF2xL61/fLrDGtdfmmDgWjcpNz+gsVoN8zslNzHWQU3E8P+6ic76Vzkt
bDskAfMJ9rd+fkz8ExyJGi3FeUxFtEauOPecBGiXLtZnRS41SvBUOiG3HozF7t7O
bCgzJhZU/8W9McgQFKI7IIaV4cbaCABffvX7Lvv4ZfVHmhAHdALMCNvhUM7miJ2f
KkYu3ov+5MtXb4Ug0XPqbSZEoYt9vP0SS5X/o4g1ZB6K
-----END CERTIFICATE-----