Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/6a4e57-fbe3-4bc2-b8a5-dc8fcc6bdaaa/1/LZJEHbKL_SqRndT4DSHOsWJ5K70.roa
File:                     LZJEHbKL_SqRndT4DSHOsWJ5K70.roa (raw, json)
Hash identifier:          Lvu9fV08eqS0IELcm3umw5xzHsRXh4moV0oB8qvWeDA=
Subject key identifier:   2D:92:44:1D:B2:8B:FD:2A:91:9D:D4:F8:0D:21:CE:B1:62:79:2B:BD
Certificate issuer:       /CN=a40c1ad547b93ebf655c580438dfa5ae427c6511
Certificate serial:       018CC64B114A2FB2270832DB58737E8576E0
Authority key identifier: A4:0C:1A:D5:47:B9:3E:BF:65:5C:58:04:38:DF:A5:AE:42:7C:65:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pAwa1Ue5Pr9lXFgEON-lrkJ8ZRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/6a4e57-fbe3-4bc2-b8a5-dc8fcc6bdaaa/1/LZJEHbKL_SqRndT4DSHOsWJ5K70.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43178
IP address blocks:        91.194.126.0/23 maxlen: 23
                          91.194.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/6a4e57-fbe3-4bc2-b8a5-dc8fcc6bdaaa/1/pAwa1Ue5Pr9lXFgEON-lrkJ8ZRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/6a4e57-fbe3-4bc2-b8a5-dc8fcc6bdaaa/1/pAwa1Ue5Pr9lXFgEON-lrkJ8ZRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pAwa1Ue5Pr9lXFgEON-lrkJ8ZRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 13:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:11:4a:2f:b2:27:08:32:db:58:73:7e:85:76:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a40c1ad547b93ebf655c580438dfa5ae427c6511
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d92441db28bfd2a919dd4f80d21ceb162792bbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:22:be:e9:ed:3d:f6:e5:51:e8:74:33:dd:60:
                    2f:ef:56:09:98:c3:d5:b6:e7:20:17:f9:56:8d:33:
                    53:7c:66:c9:ab:d0:35:df:f3:ba:d0:75:01:26:b2:
                    91:e0:e1:a6:a2:9d:a8:a8:5c:bc:0c:cd:05:92:80:
                    5f:6a:9d:26:62:bc:c6:5a:dd:a8:1c:5d:85:10:dd:
                    ec:e0:ac:fe:83:b4:d4:bb:9a:2d:16:7e:e0:61:e7:
                    05:b9:a4:19:29:79:67:d2:33:01:1c:e2:d5:48:47:
                    d6:dd:16:6b:a9:ea:32:6b:40:cb:48:3c:76:16:93:
                    5a:81:ae:20:94:43:50:13:d4:b5:7c:ad:6c:56:eb:
                    9a:8f:ec:b3:cb:6f:3a:09:85:7b:e2:00:ff:49:1f:
                    f8:02:d0:e2:45:3d:c6:01:59:91:1d:c3:c8:76:28:
                    00:19:e8:f7:fb:58:da:85:d0:23:1b:c5:3f:4b:99:
                    0e:9b:28:ec:49:60:63:1e:e6:7a:dc:f8:3d:48:f7:
                    9a:aa:b7:a7:bd:a0:b3:01:79:3a:2c:31:3c:e4:d0:
                    61:8e:25:d6:01:fe:85:22:ad:cd:f6:52:41:ef:52:
                    b3:7d:5d:09:e3:de:76:72:b1:77:9b:1b:8d:a6:42:
                    4d:b5:5f:01:33:09:5a:00:41:3b:bc:ec:cd:66:34:
                    f4:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:92:44:1D:B2:8B:FD:2A:91:9D:D4:F8:0D:21:CE:B1:62:79:2B:BD
            X509v3 Authority Key Identifier:
                keyid:A4:0C:1A:D5:47:B9:3E:BF:65:5C:58:04:38:DF:A5:AE:42:7C:65:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pAwa1Ue5Pr9lXFgEON-lrkJ8ZRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/6a4e57-fbe3-4bc2-b8a5-dc8fcc6bdaaa/1/LZJEHbKL_SqRndT4DSHOsWJ5K70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/6a4e57-fbe3-4bc2-b8a5-dc8fcc6bdaaa/1/pAwa1Ue5Pr9lXFgEON-lrkJ8ZRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:0c:6e:5b:09:5e:da:fb:b3:dd:10:43:62:29:13:bf:72:d3:
         b3:09:4d:bc:fc:ce:70:b6:e3:d1:85:e1:57:16:48:de:dd:71:
         76:77:e6:f9:77:62:ad:80:e1:b2:d8:75:05:67:42:fb:54:ac:
         5e:36:30:f7:bb:52:78:c0:3d:7b:fe:bd:21:11:a7:25:4c:00:
         39:84:45:f0:de:a6:bb:e3:4b:0b:41:b7:3c:2e:ec:a5:f6:c2:
         43:68:81:1a:63:94:52:bb:e6:98:23:8d:c3:54:ee:6a:e1:da:
         4e:3b:fc:c7:49:4c:12:e1:af:38:a9:b5:34:bd:a9:64:f6:11:
         af:37:83:33:84:69:84:3a:d0:08:bd:7f:35:a8:98:bf:fb:0d:
         71:71:70:ef:6c:2c:93:9b:d7:f0:ac:7d:dc:dc:23:2e:12:fc:
         86:0f:7a:af:f2:41:ec:13:2c:54:12:a8:13:49:67:f2:72:03:
         08:b8:a5:9e:b7:b3:ad:47:32:28:af:cd:8a:9a:1f:06:ce:04:
         5e:89:02:66:f9:8a:57:63:2a:08:a7:6c:ab:d0:ea:66:10:71:
         c5:f4:ea:29:ea:8d:42:55:c4:8c:e7:60:8e:83:86:04:88:e7:
         4b:72:c5:a5:de:3f:6c:3a:78:72:e7:2d:98:ab:ab:29:5c:93:
         b9:5d:e8:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxFKL7InCDLbWHN+hXbgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MGMxYWQ1NDdiOTNlYmY2NTVjNTgwNDM4ZGZhNWFlNDI3
YzY1MTEwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDkyNDQxZGIyOGJmZDJhOTE5ZGQ0ZjgwZDIxY2ViMTYyNzkyYmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniK+6e099uVR6HQz3WAv71YJmMPV
tucgF/lWjTNTfGbJq9A13/O60HUBJrKR4OGmop2oqFy8DM0FkoBfap0mYrzGWt2o
HF2FEN3s4Kz+g7TUu5otFn7gYecFuaQZKXln0jMBHOLVSEfW3RZrqeoya0DLSDx2
FpNaga4glENQE9S1fK1sVuuaj+yzy286CYV74gD/SR/4AtDiRT3GAVmRHcPIdigA
Gej3+1jahdAjG8U/S5kOmyjsSWBjHuZ63Pg9SPeaqrenvaCzAXk6LDE85NBhjiXW
Af6FIq3N9lJB71KzfV0J4952crF3mxuNpkJNtV8BMwlaAEE7vOzNZjT04QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2SRB2yi/0qkZ3U+A0hzrFieSu9MB8GA1UdIwQY
MBaAFKQMGtVHuT6/ZVxYBDjfpa5CfGURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEF3YTFVZTVQcjlsWEZnRU9OLWxya0o4WlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy82YTRlNTctZmJlMy00YmMyLWI4YTUt
ZGM4ZmNjNmJkYWFhLzEvTFpKRUhiS0xfU3FSbmRUNERTSE9zV0o1SzcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy82YTRlNTctZmJlMy00YmMyLWI4YTUtZGM4ZmNjNmJkYWFh
LzEvcEF3YTFVZTVQcjlsWEZnRU9OLWxya0o4WlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8J+MA0G
CSqGSIb3DQEBCwUAA4IBAQBrDG5bCV7a+7PdEENiKRO/ctOzCU28/M5wtuPRheFX
Fkje3XF2d+b5d2KtgOGy2HUFZ0L7VKxeNjD3u1J4wD17/r0hEaclTAA5hEXw3qa7
40sLQbc8Luyl9sJDaIEaY5RSu+aYI43DVO5q4dpOO/zHSUwS4a84qbU0valk9hGv
N4MzhGmEOtAIvX81qJi/+w1xcXDvbCyTm9fwrH3c3CMuEvyGD3qv8kHsEyxUEqgT
SWfycgMIuKWet7OtRzIor82Kmh8GzgReiQJm+YpXYyoIp2yr0OpmEHHF9Oop6o1C
VcSM52COg4YEiOdLcsWl3j9sOnhy5y2Yq6spXJO5XegG
-----END CERTIFICATE-----