Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/17a3bd-754a-4593-b51e-9fb415b09b5e/1/Lh0KUJ3V35wYz2i99gYTrV6dktc.roa
File:                     Lh0KUJ3V35wYz2i99gYTrV6dktc.roa (raw, json)
Hash identifier:          Svr4T1ZPQxakxnAH0s4zkcIB6ko9R8TkXB+xdSHMUeE=
Subject key identifier:   2E:1D:0A:50:9D:D5:DF:9C:18:CF:68:BD:F6:06:13:AD:5E:9D:92:D7
Certificate issuer:       /CN=55610a59ddffbd24ee4b299e9b24b1bf036f8e43
Certificate serial:       01942444B64F08708339D25B04E679947DA6
Authority key identifier: 55:61:0A:59:DD:FF:BD:24:EE:4B:29:9E:9B:24:B1:BF:03:6F:8E:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VWEKWd3_vSTuSymemySxvwNvjkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/17a3bd-754a-4593-b51e-9fb415b09b5e/1/Lh0KUJ3V35wYz2i99gYTrV6dktc.roa
Signing time:             Wed 01 Jan 2025 23:47:50 +0000
ROA not before:           Wed 01 Jan 2025 23:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56911
IP address blocks:        195.234.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/17a3bd-754a-4593-b51e-9fb415b09b5e/1/VWEKWd3_vSTuSymemySxvwNvjkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/17a3bd-754a-4593-b51e-9fb415b09b5e/1/VWEKWd3_vSTuSymemySxvwNvjkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VWEKWd3_vSTuSymemySxvwNvjkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:b6:4f:08:70:83:39:d2:5b:04:e6:79:94:7d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55610a59ddffbd24ee4b299e9b24b1bf036f8e43
        Validity
            Not Before: Jan  1 23:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e1d0a509dd5df9c18cf68bdf60613ad5e9d92d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:08:46:47:f9:30:28:f9:8f:81:1f:7b:f8:78:
                    55:b7:cf:35:45:9c:97:1a:92:18:64:af:73:ce:cb:
                    66:2c:6e:b4:b7:57:d9:04:c5:37:c4:e1:c8:ae:6a:
                    ef:66:9d:64:77:1a:37:6d:13:7d:5a:ed:ce:38:ae:
                    99:53:3f:ea:69:1c:1b:4b:c2:67:1e:db:a5:fd:56:
                    e9:0a:ca:7d:de:65:62:ba:84:17:72:93:10:f5:ac:
                    04:15:c4:4d:91:92:0b:53:db:d1:ea:86:17:94:95:
                    a2:0c:2b:d4:98:d2:6b:9d:ea:46:68:1a:90:56:20:
                    ae:a5:f0:66:10:d1:9f:3d:e2:b7:f7:97:50:44:5e:
                    43:0f:a9:5d:57:59:16:1a:df:82:cb:27:4c:b4:65:
                    49:bb:de:f2:b7:18:f8:b5:9e:13:83:f7:bc:b7:fc:
                    14:9a:eb:6a:67:7c:bd:00:90:91:46:ae:d2:76:35:
                    c8:7d:8b:21:84:6c:96:d4:60:79:a5:10:4d:02:79:
                    d8:7b:0d:eb:4e:00:45:6c:c5:16:eb:be:7c:b2:2b:
                    4b:95:5c:d8:32:f0:00:fc:69:a8:b2:33:aa:13:75:
                    ba:e0:c2:9a:77:a3:3c:c1:9e:cd:fc:84:64:10:f7:
                    fa:9f:86:30:70:c3:76:52:a0:30:f5:39:5e:5d:68:
                    3a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:1D:0A:50:9D:D5:DF:9C:18:CF:68:BD:F6:06:13:AD:5E:9D:92:D7
            X509v3 Authority Key Identifier:
                keyid:55:61:0A:59:DD:FF:BD:24:EE:4B:29:9E:9B:24:B1:BF:03:6F:8E:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VWEKWd3_vSTuSymemySxvwNvjkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/17a3bd-754a-4593-b51e-9fb415b09b5e/1/Lh0KUJ3V35wYz2i99gYTrV6dktc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/17a3bd-754a-4593-b51e-9fb415b09b5e/1/VWEKWd3_vSTuSymemySxvwNvjkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:f4:ff:03:c7:76:de:f4:cd:8d:73:25:20:96:aa:2d:d6:f0:
         ee:8a:e5:ae:3f:83:d3:39:8b:49:c3:15:9e:94:97:55:2a:96:
         35:63:9f:1a:53:d1:31:1e:9c:4c:2a:d5:76:c3:ae:53:31:92:
         f7:b0:e7:63:5e:8f:d6:be:c3:7f:89:30:27:21:c3:1f:40:10:
         93:51:fb:a2:d5:74:81:97:01:de:2b:d6:e4:36:ce:e4:a2:06:
         73:c8:a5:6e:8b:c9:1f:f2:0b:49:0d:ca:8e:ba:7a:cb:75:38:
         fc:de:ac:3d:4a:7b:48:b7:e3:12:39:68:43:1f:2e:9e:52:e6:
         67:b0:2d:bf:a0:4b:d9:94:59:31:52:36:bb:79:83:f2:65:60:
         35:36:eb:9c:50:fb:f7:5a:5e:05:c4:75:c1:81:c3:15:d7:b2:
         37:6a:0f:6c:8a:df:92:5e:13:99:19:ef:90:ff:1f:67:ff:82:
         67:ea:59:01:a6:44:6b:e2:16:d1:16:7f:dd:60:be:5d:f0:c6:
         9c:ed:57:e9:ce:10:05:43:21:95:1f:7b:ab:7f:bb:52:88:fa:
         0f:78:28:eb:17:11:a6:88:a0:83:9d:57:74:f3:27:3c:26:d5:
         46:2c:ad:24:32:05:02:84:d0:fd:9e:ab:c0:e1:a2:29:53:f6:
         fa:13:26:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRLZPCHCDOdJbBOZ5lH2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NjEwYTU5ZGRmZmJkMjRlZTRiMjk5ZTliMjRiMWJmMDM2
ZjhlNDMwHhcNMjUwMTAxMjM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTFkMGE1MDlkZDVkZjljMThjZjY4YmRmNjA2MTNhZDVlOWQ5MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQhGR/kwKPmPgR97+HhVt881RZyX
GpIYZK9zzstmLG60t1fZBMU3xOHIrmrvZp1kdxo3bRN9Wu3OOK6ZUz/qaRwbS8Jn
Htul/VbpCsp93mViuoQXcpMQ9awEFcRNkZILU9vR6oYXlJWiDCvUmNJrnepGaBqQ
ViCupfBmENGfPeK395dQRF5DD6ldV1kWGt+CyydMtGVJu97ytxj4tZ4Tg/e8t/wU
mutqZ3y9AJCRRq7SdjXIfYshhGyW1GB5pRBNAnnYew3rTgBFbMUW6758sitLlVzY
MvAA/GmosjOqE3W64MKad6M8wZ7N/IRkEPf6n4YwcMN2UqAw9TleXWg63wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4dClCd1d+cGM9ovfYGE61enZLXMB8GA1UdIwQY
MBaAFFVhClnd/70k7kspnpsksb8Db45DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVldFS1dkM192U1R1U3ltZW15U3h2d052amtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8xN2EzYmQtNzU0YS00NTkzLWI1MWUt
OWZiNDE1YjA5YjVlLzEvTGgwS1VKM1YzNXdZejJpOTlnWVRyVjZka3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8xN2EzYmQtNzU0YS00NTkzLWI1MWUtOWZiNDE1YjA5YjVl
LzEvVldFS1dkM192U1R1U3ltZW15U3h2d052amtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+pdMA0G
CSqGSIb3DQEBCwUAA4IBAQBT9P8Dx3be9M2NcyUglqot1vDuiuWuP4PTOYtJwxWe
lJdVKpY1Y58aU9ExHpxMKtV2w65TMZL3sOdjXo/WvsN/iTAnIcMfQBCTUfui1XSB
lwHeK9bkNs7kogZzyKVui8kf8gtJDcqOunrLdTj83qw9SntIt+MSOWhDHy6eUuZn
sC2/oEvZlFkxUja7eYPyZWA1NuucUPv3Wl4FxHXBgcMV17I3ag9sit+SXhOZGe+Q
/x9n/4Jn6lkBpkRr4hbRFn/dYL5d8Mac7VfpzhAFQyGVH3urf7tSiPoPeCjrFxGm
iKCDnVd08yc8JtVGLK0kMgUChND9nqvA4aIpU/b6EyaL
-----END CERTIFICATE-----