Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/LxdR0ay93voHyK2dZ2o2Vy88n6k.roa
File:                     LxdR0ay93voHyK2dZ2o2Vy88n6k.roa (raw, json)
Hash identifier:          jUu99hJQUNWDAXXDed98Rz0lamLhQPiTmkilBxr436U=
Subject key identifier:   2F:17:51:D1:AC:BD:DE:FA:07:C8:AD:9D:67:6A:36:57:2F:3C:9F:A9
Certificate issuer:       /CN=1c6fd297f95531feb82c964fd67f6c94320938f6
Certificate serial:       018CC56E51C24D52E0E95F2B7550B849038D
Authority key identifier: 1C:6F:D2:97:F9:55:31:FE:B8:2C:96:4F:D6:7F:6C:94:32:09:38:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HG_Sl_lVMf64LJZP1n9slDIJOPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/LxdR0ay93voHyK2dZ2o2Vy88n6k.roa
Signing time:             Mon 01 Jan 2024 14:29:50 +0000
ROA not before:           Mon 01 Jan 2024 14:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206123
IP address blocks:        91.213.19.0/24 maxlen: 24
                          91.235.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/HG_Sl_lVMf64LJZP1n9slDIJOPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/HG_Sl_lVMf64LJZP1n9slDIJOPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HG_Sl_lVMf64LJZP1n9slDIJOPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:51:c2:4d:52:e0:e9:5f:2b:75:50:b8:49:03:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c6fd297f95531feb82c964fd67f6c94320938f6
        Validity
            Not Before: Jan  1 14:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f1751d1acbddefa07c8ad9d676a36572f3c9fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:13:64:64:a8:e7:e0:8e:43:38:d8:86:38:82:
                    ff:48:12:be:d6:62:51:ae:40:ea:a4:bd:b9:25:b0:
                    ca:98:0e:74:ab:2b:d8:05:9e:29:91:60:0c:cb:17:
                    17:15:7d:5e:22:4c:13:fe:2b:d7:2e:cc:10:3b:c1:
                    44:b1:2c:61:23:27:47:18:df:00:14:6d:35:fc:64:
                    80:8b:80:d3:5c:1e:b5:07:59:df:3b:23:0a:34:17:
                    e1:f5:3c:ea:9f:a2:6a:88:79:91:ee:16:ef:09:5b:
                    c8:91:f0:65:ad:71:2d:23:7c:8d:2d:15:4f:1e:2c:
                    97:22:f8:24:9a:47:4d:9a:3d:26:6f:72:c2:f9:7c:
                    21:e8:4e:7e:f6:4f:52:ed:d6:e1:15:b7:3d:f6:dc:
                    ac:1b:5a:d4:13:d3:6c:e6:1b:57:06:22:08:73:5a:
                    08:55:19:77:3b:1d:a8:a7:dd:de:73:79:c7:8e:b8:
                    3b:34:cc:8e:3f:a0:26:d2:a5:d1:ed:68:9f:0d:2b:
                    a9:55:66:54:49:78:96:fd:a8:27:d1:19:58:34:1b:
                    78:ad:ed:8a:ae:cf:44:3b:32:ee:74:dc:b6:f0:80:
                    92:55:ce:62:78:d8:06:58:f6:03:38:86:32:36:68:
                    8a:05:b5:17:b8:4b:06:c4:c7:37:bb:9f:3c:32:af:
                    e1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:17:51:D1:AC:BD:DE:FA:07:C8:AD:9D:67:6A:36:57:2F:3C:9F:A9
            X509v3 Authority Key Identifier:
                keyid:1C:6F:D2:97:F9:55:31:FE:B8:2C:96:4F:D6:7F:6C:94:32:09:38:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HG_Sl_lVMf64LJZP1n9slDIJOPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/LxdR0ay93voHyK2dZ2o2Vy88n6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/HG_Sl_lVMf64LJZP1n9slDIJOPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.19.0/24
                  91.235.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:71:ec:e5:e6:80:8c:fd:9f:7c:b2:3b:39:d1:81:04:57:dd:
         40:f1:9e:0e:74:1d:23:ff:c8:bf:6c:65:ed:05:c3:f0:14:d8:
         aa:1d:08:0d:4a:64:0e:a7:41:c0:37:ff:33:41:1c:f5:e3:c4:
         bb:fe:c4:35:cf:bf:65:35:e3:59:ab:50:4d:7e:24:35:92:b1:
         88:ff:26:d2:1f:ec:c7:04:17:4e:77:fc:dd:fc:80:57:52:8b:
         47:a3:18:28:d8:3d:60:b3:10:bc:5a:29:0e:45:81:81:96:bc:
         35:50:86:61:e1:28:4e:3e:0f:89:8d:d2:c0:eb:d9:40:7c:51:
         07:f7:f1:4a:d8:e1:f5:02:c8:03:73:4c:4f:0d:57:9e:fe:f1:
         b2:16:a7:b9:58:75:42:30:c3:e5:9e:e3:e4:81:93:c7:3c:75:
         af:7f:2b:6a:00:ef:d0:b9:28:5d:a9:17:8d:12:c1:e3:d1:92:
         9f:55:43:55:05:a9:ca:3d:91:4b:a8:f8:c2:c9:b4:02:ee:ce:
         74:4c:87:8b:d6:88:fe:62:5e:57:b3:9b:9f:4e:fb:d6:0c:f5:
         54:1e:01:66:56:fa:3c:a2:e4:c5:75:a6:e8:ac:33:b5:aa:5a:
         ae:77:d7:8d:eb:41:6c:1d:6b:21:99:ff:f2:1b:56:f1:bf:5b:
         36:4a:83:e9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFblHCTVLg6V8rdVC4SQONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNmZkMjk3Zjk1NTMxZmViODJjOTY0ZmQ2N2Y2Yzk0MzIw
OTM4ZjYwHhcNMjQwMTAxMTQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjE3NTFkMWFjYmRkZWZhMDdjOGFkOWQ2NzZhMzY1NzJmM2M5ZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBNkZKjn4I5DONiGOIL/SBK+1mJR
rkDqpL25JbDKmA50qyvYBZ4pkWAMyxcXFX1eIkwT/ivXLswQO8FEsSxhIydHGN8A
FG01/GSAi4DTXB61B1nfOyMKNBfh9Tzqn6JqiHmR7hbvCVvIkfBlrXEtI3yNLRVP
HiyXIvgkmkdNmj0mb3LC+Xwh6E5+9k9S7dbhFbc99tysG1rUE9Ns5htXBiIIc1oI
VRl3Ox2op93ec3nHjrg7NMyOP6Am0qXR7WifDSupVWZUSXiW/agn0RlYNBt4re2K
rs9EOzLudNy28ICSVc5ieNgGWPYDOIYyNmiKBbUXuEsGxMc3u588Mq/hDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC8XUdGsvd76B8itnWdqNlcvPJ+pMB8GA1UdIwQY
MBaAFBxv0pf5VTH+uCyWT9Z/bJQyCTj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEdfU2xfbFZNZjY0TEpaUDFuOXNsRElKT1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi81YmQyNmMtYmJjZS00MGMwLTg5ZDct
ZWY3OGE4YTc2MDZjLzEvTHhkUjBheTkzdm9IeUsyZFoybzJWeTg4bjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi81YmQyNmMtYmJjZS00MGMwLTg5ZDctZWY3OGE4YTc2MDZj
LzEvSEdfU2xfbFZNZjY0TEpaUDFuOXNsRElKT1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9UTAwQA
W+vUMA0GCSqGSIb3DQEBCwUAA4IBAQBzcezl5oCM/Z98sjs50YEEV91A8Z4OdB0j
/8i/bGXtBcPwFNiqHQgNSmQOp0HAN/8zQRz148S7/sQ1z79lNeNZq1BNfiQ1krGI
/ybSH+zHBBdOd/zd/IBXUotHoxgo2D1gsxC8WikORYGBlrw1UIZh4ShOPg+JjdLA
69lAfFEH9/FK2OH1AsgDc0xPDVee/vGyFqe5WHVCMMPlnuPkgZPHPHWvfytqAO/Q
uShdqReNEsHj0ZKfVUNVBanKPZFLqPjCybQC7s50TIeL1oj+Yl5Xs5ufTvvWDPVU
HgFmVvo8ouTFdaborDO1qlqud9eN60FsHWshmf/yG1bxv1s2SoPp
-----END CERTIFICATE-----