Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/LbrW0uU2svuMgCfEegCflkeiJNI.roa
File:                     LbrW0uU2svuMgCfEegCflkeiJNI.roa (raw, json)
Hash identifier:          xicAKV+b+Rrkk93cgla0jRgvKkmUQRZcuO0wo+Vll1I=
Subject key identifier:   2D:BA:D6:D2:E5:36:B2:FB:8C:80:27:C4:7A:00:9F:96:47:A2:24:D2
Certificate issuer:       /CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
Certificate serial:       019422FC3FC01B4A2CFA2210A985634178CA
Authority key identifier: E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/LbrW0uU2svuMgCfEegCflkeiJNI.roa
Signing time:             Wed 01 Jan 2025 17:49:04 +0000
ROA not before:           Wed 01 Jan 2025 17:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207444
IP address blocks:        94.188.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:3f:c0:1b:4a:2c:fa:22:10:a9:85:63:41:78:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
        Validity
            Not Before: Jan  1 17:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2dbad6d2e536b2fb8c8027c47a009f9647a224d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8f:e1:0f:0f:50:50:7b:9b:7c:15:aa:ee:94:
                    51:a2:d4:40:16:a2:ba:51:27:4e:45:4b:6f:66:84:
                    43:f5:97:c2:45:03:4c:e5:79:1f:f8:42:9a:2c:99:
                    7b:90:33:b2:5d:72:71:a5:a9:2f:7a:d9:89:2c:2c:
                    0c:69:5c:34:57:3b:66:3d:d3:dd:88:39:e5:9c:00:
                    b2:74:4b:af:5a:c6:99:ca:25:c0:11:b6:df:86:84:
                    47:f9:69:01:63:c1:2d:84:67:0c:12:09:93:40:3c:
                    a4:95:15:4a:07:18:3f:99:1d:a9:a6:2c:95:9a:f4:
                    31:6f:4f:dc:92:17:65:ab:08:96:af:ca:05:0b:03:
                    ab:7b:6a:46:29:52:78:18:f9:16:9f:0e:87:57:64:
                    80:65:ec:74:3d:36:03:7d:86:0b:74:5d:be:1e:61:
                    6d:9e:e0:7a:71:0c:f8:ad:4c:24:99:42:2e:af:68:
                    91:c5:7b:be:c6:77:e6:62:a3:fd:cf:94:45:62:2b:
                    f8:94:d9:4c:5a:e4:08:ff:38:4f:80:15:3f:d4:9e:
                    e8:c7:3f:5c:ea:0b:98:cb:74:d5:fa:f6:1a:69:cf:
                    47:bc:e6:e2:60:78:02:23:9e:75:e7:c2:9a:5d:96:
                    0b:c4:b4:cd:af:3b:e3:ab:19:f9:b8:6b:6d:b3:24:
                    f5:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:BA:D6:D2:E5:36:B2:FB:8C:80:27:C4:7A:00:9F:96:47:A2:24:D2
            X509v3 Authority Key Identifier:
                keyid:E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/LbrW0uU2svuMgCfEegCflkeiJNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.188.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:a1:c2:85:6c:27:25:97:07:8a:fb:d2:05:89:5a:f4:fa:83:
         0c:bd:fe:ed:cd:56:55:57:bc:ec:84:23:09:20:63:91:2a:8b:
         83:5d:08:30:6e:9e:c6:a8:0a:35:88:63:6b:1d:e1:d9:1d:af:
         ce:1b:f6:87:15:7e:0f:89:5e:60:bc:a7:45:dc:fc:9a:10:26:
         7c:f4:dd:fb:60:aa:97:36:24:eb:80:b4:1a:1a:c7:d0:ea:92:
         49:a0:c3:5b:a5:26:ef:f4:ba:39:94:1d:ae:b7:d1:f9:be:76:
         56:f6:c7:35:1b:46:2d:76:e5:2f:99:d5:e5:9c:0b:0f:61:98:
         1a:d8:86:aa:57:d5:10:ac:ae:a8:88:99:64:33:4c:9b:b8:cd:
         43:f0:7c:bf:25:46:67:e8:20:4e:f2:1f:cd:78:ae:b3:0f:3a:
         d8:b1:3a:03:bd:e4:d5:1f:e6:6d:87:9d:e0:37:dd:0e:41:71:
         7f:c1:da:40:b1:72:7e:45:a0:d8:d7:5e:81:a0:09:5d:59:f2:
         56:3c:05:1a:1b:38:52:a2:56:25:06:14:52:a9:4c:12:ed:83:
         c9:6c:28:ba:b4:c1:1e:56:73:5c:f3:78:7c:16:89:86:f8:6a:
         1e:00:22:4f:5f:ba:b3:e9:07:bd:58:f8:f5:e5:89:ae:6c:03:
         a3:70:95:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/D/AG0os+iIQqYVjQXjKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDViYjQwMTE4MGU1NWY1YzE2NWQ0NzkwOGRmZjRmZTI5
YTBkODYwHhcNMjUwMTAxMTc0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGJhZDZkMmU1MzZiMmZiOGM4MDI3YzQ3YTAwOWY5NjQ3YTIyNGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4/hDw9QUHubfBWq7pRRotRAFqK6
USdORUtvZoRD9ZfCRQNM5Xkf+EKaLJl7kDOyXXJxpakvetmJLCwMaVw0VztmPdPd
iDnlnACydEuvWsaZyiXAEbbfhoRH+WkBY8EthGcMEgmTQDyklRVKBxg/mR2ppiyV
mvQxb0/ckhdlqwiWr8oFCwOre2pGKVJ4GPkWnw6HV2SAZex0PTYDfYYLdF2+HmFt
nuB6cQz4rUwkmUIur2iRxXu+xnfmYqP9z5RFYiv4lNlMWuQI/zhPgBU/1J7oxz9c
6guYy3TV+vYaac9HvObiYHgCI55158KaXZYLxLTNrzvjqxn5uGttsyT1pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC261tLlNrL7jIAnxHoAn5ZHoiTSMB8GA1UdIwQY
MBaAFOLVu0ARgOVfXBZdR5CN/0/img2GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEt
NDIxZTZiYzdlMmU4LzEvTGJyVzB1VTJzdnVNZ0NmRWVnQ2Zsa2VpSk5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEtNDIxZTZiYzdlMmU4
LzEvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrzCMA0G
CSqGSIb3DQEBCwUAA4IBAQBaocKFbCcllweK+9IFiVr0+oMMvf7tzVZVV7zshCMJ
IGORKouDXQgwbp7GqAo1iGNrHeHZHa/OG/aHFX4PiV5gvKdF3PyaECZ89N37YKqX
NiTrgLQaGsfQ6pJJoMNbpSbv9Lo5lB2ut9H5vnZW9sc1G0YtduUvmdXlnAsPYZga
2IaqV9UQrK6oiJlkM0ybuM1D8Hy/JUZn6CBO8h/NeK6zDzrYsToDveTVH+Zth53g
N90OQXF/wdpAsXJ+RaDY116BoAldWfJWPAUaGzhSolYlBhRSqUwS7YPJbCi6tMEe
VnNc83h8FomG+GoeACJPX7qz6Qe9WPj15YmubAOjcJWk
-----END CERTIFICATE-----