Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/lzjyDvxJWPh_JYKI6EOUap46kT0.roa
File:                     lzjyDvxJWPh_JYKI6EOUap46kT0.roa (raw, json)
Hash identifier:          j21RqUJMVtHeds0cRoKhiGAFLNJZJMQV1MpSVZLKs+M=
Subject key identifier:   97:38:F2:0E:FC:49:58:F8:7F:25:82:88:E8:43:94:6A:9E:3A:91:3D
Certificate issuer:       /CN=beba48c7e2c9e05eda546d899146b89f799df85d
Certificate serial:       018CC6B89549574E15836DEA6DF6A2BCB81B
Authority key identifier: BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/lzjyDvxJWPh_JYKI6EOUap46kT0.roa
Signing time:             Mon 01 Jan 2024 20:30:34 +0000
ROA not before:           Mon 01 Jan 2024 20:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212452
IP address blocks:        188.93.241.176/28 maxlen: 28

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:95:49:57:4e:15:83:6d:ea:6d:f6:a2:bc:b8:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beba48c7e2c9e05eda546d899146b89f799df85d
        Validity
            Not Before: Jan  1 20:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9738f20efc4958f87f258288e843946a9e3a913d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4f:fc:ca:94:9f:aa:3b:4a:4c:92:72:7e:a0:
                    50:db:eb:fc:c2:41:96:4d:6f:dd:53:bc:78:cf:1a:
                    41:2b:19:4b:59:08:50:7e:f4:f3:1a:7c:a9:68:bd:
                    bc:b8:59:02:1b:d1:3e:46:91:6b:c8:da:78:08:7f:
                    57:cb:f0:aa:02:14:30:78:25:20:08:a8:49:17:70:
                    3b:13:64:d9:42:27:50:c4:c3:4c:44:f5:92:5e:c3:
                    bb:c8:b6:90:79:4c:d5:72:c8:1f:95:ab:4a:81:60:
                    44:e9:c8:6c:69:12:47:2c:e8:0f:a9:6f:e7:67:2e:
                    47:c2:36:73:fd:f1:38:c0:51:d3:a0:03:35:92:ee:
                    93:74:65:1a:17:ac:d2:b2:19:21:8c:be:3b:33:a4:
                    b9:0c:9d:36:16:1a:32:31:dc:7d:c0:47:f2:f6:8e:
                    45:9b:13:8f:fc:54:0d:1e:a6:27:32:c9:c5:1c:3b:
                    16:b0:bd:81:8f:1b:83:d1:d7:ed:3d:3b:7e:5a:7d:
                    2b:36:76:f7:5d:92:45:7b:b3:05:26:97:cc:54:8b:
                    ba:c2:44:84:6c:64:65:53:5f:f9:eb:77:52:a1:5e:
                    15:f1:a4:68:69:ef:f7:9b:a1:27:84:c1:32:6f:d3:
                    cb:1c:45:2e:61:3f:22:10:7d:33:98:15:0e:fc:df:
                    8f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:38:F2:0E:FC:49:58:F8:7F:25:82:88:E8:43:94:6A:9E:3A:91:3D
            X509v3 Authority Key Identifier:
                keyid:BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/lzjyDvxJWPh_JYKI6EOUap46kT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.241.176/28

    Signature Algorithm: sha256WithRSAEncryption
         5b:15:84:44:70:b4:26:86:bb:a3:56:2d:08:ab:12:0d:e8:bb:
         49:e8:c2:0d:25:a3:5a:55:30:6f:40:a5:2a:0f:8c:c0:93:2f:
         90:01:23:d3:7a:c6:28:de:54:83:56:4f:b6:f2:4b:e7:4a:ac:
         ac:94:7e:a5:89:67:0c:ea:2a:75:bd:ab:c7:44:72:5a:84:42:
         59:47:f3:7b:33:bb:95:39:47:5f:08:48:25:d2:f2:b2:7d:ad:
         c4:5e:88:aa:86:8a:b8:6b:58:21:3e:52:02:51:5f:f4:a0:4a:
         da:5b:9d:9c:eb:ee:26:d7:74:26:2c:d5:32:98:e1:1d:33:39:
         dc:4a:d8:49:31:4c:d1:dd:28:d0:0f:7e:66:19:dc:a6:b4:83:
         b7:46:d7:c5:6c:b7:6c:49:ae:2d:0e:0d:98:79:8a:f2:20:18:
         5f:b1:56:dc:23:a3:89:52:f2:d8:70:78:0a:97:a8:5b:c1:29:
         83:e9:a2:69:22:93:cf:52:a6:05:1d:6d:4e:fd:ac:35:9f:ad:
         ac:44:8b:44:2d:30:a9:92:84:a1:2e:c8:c1:e7:88:fe:91:98:
         20:d1:40:cd:b1:6c:14:f3:98:a0:4e:5b:9a:25:23:f3:bb:ca:
         5a:7d:6f:74:f5:47:5f:62:6b:e7:de:37:a0:5d:02:19:72:01:
         76:d6:5f:0e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuJVJV04Vg23qbfaivLgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmE0OGM3ZTJjOWUwNWVkYTU0NmQ4OTkxNDZiODlmNzk5
ZGY4NWQwHhcNMjQwMTAxMjAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzM4ZjIwZWZjNDk1OGY4N2YyNTgyODhlODQzOTQ2YTllM2E5MTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE/8ypSfqjtKTJJyfqBQ2+v8wkGW
TW/dU7x4zxpBKxlLWQhQfvTzGnypaL28uFkCG9E+RpFryNp4CH9Xy/CqAhQweCUg
CKhJF3A7E2TZQidQxMNMRPWSXsO7yLaQeUzVcsgflatKgWBE6chsaRJHLOgPqW/n
Zy5HwjZz/fE4wFHToAM1ku6TdGUaF6zSshkhjL47M6S5DJ02FhoyMdx9wEfy9o5F
mxOP/FQNHqYnMsnFHDsWsL2BjxuD0dftPTt+Wn0rNnb3XZJFe7MFJpfMVIu6wkSE
bGRlU1/563dSoV4V8aRoae/3m6EnhMEyb9PLHEUuYT8iEH0zmBUO/N+PjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJc48g78SVj4fyWCiOhDlGqeOpE9MB8GA1UdIwQY
MBaAFL66SMfiyeBe2lRtiZFGuJ95nfhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYt
M2Q1MjIxODFhMmM0LzEvbHpqeUR2eEpXUGhfSllLSTZFT1VhcDQ2a1QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYtM2Q1MjIxODFhMmM0
LzEvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUEvF3xsDAN
BgkqhkiG9w0BAQsFAAOCAQEAWxWERHC0Joa7o1YtCKsSDei7SejCDSWjWlUwb0Cl
Kg+MwJMvkAEj03rGKN5Ug1ZPtvJL50qsrJR+pYlnDOoqdb2rx0RyWoRCWUfzezO7
lTlHXwhIJdLysn2txF6IqoaKuGtYIT5SAlFf9KBK2ludnOvuJtd0JizVMpjhHTM5
3ErYSTFM0d0o0A9+ZhncprSDt0bXxWy3bEmuLQ4NmHmK8iAYX7FW3COjiVLy2HB4
CpeoW8Epg+miaSKTz1KmBR1tTv2sNZ+trESLRC0wqZKEoS7IweeI/pGYINFAzbFs
FPOYoE5bmiUj87vKWn1vdPVHX2Jr5943oF0CGXIBdtZfDg==
-----END CERTIFICATE-----