Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Lk7RjXVLqulmYcgel2X77E-Vc4A.roa
File:                     Lk7RjXVLqulmYcgel2X77E-Vc4A.roa (raw, json)
Hash identifier:          dLEpgBCcz63UcRaZ03igJrw7j48rDIBC57wiiU3eH6M=
Subject key identifier:   2E:4E:D1:8D:75:4B:AA:E9:66:61:C8:1E:97:65:FB:EC:4F:95:73:80
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019425FC8062C12CFB0897F09609CF1714FF
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Lk7RjXVLqulmYcgel2X77E-Vc4A.roa
Signing time:             Thu 02 Jan 2025 07:48:12 +0000
ROA not before:           Thu 02 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200740
IP address blocks:        159.255.34.0/23 maxlen: 24
                          159.255.36.0/23 maxlen: 24
                          159.255.38.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:80:62:c1:2c:fb:08:97:f0:96:09:cf:17:14:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e4ed18d754baae96661c81e9765fbec4f957380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:06:3d:ea:8e:f8:a7:c4:d1:e1:81:b3:5a:8b:
                    61:54:cd:a8:36:ff:58:b7:9f:dc:34:c6:4e:da:7e:
                    8b:d7:af:27:31:d5:c6:e5:7d:ac:7e:d5:a0:a9:d9:
                    c6:34:5b:18:3a:37:9d:a1:e4:fd:8f:21:5e:de:04:
                    20:23:07:96:f9:1f:f8:60:ee:67:50:4f:3c:d4:3b:
                    65:31:db:5b:7d:b3:cd:79:d8:45:c1:89:77:90:1e:
                    27:40:47:6c:32:1b:81:20:27:f6:71:8e:2d:d4:72:
                    db:fb:a3:50:97:37:0d:fa:fe:38:4f:02:ca:78:c3:
                    52:8b:dc:70:66:95:01:73:60:3a:87:66:22:fa:ae:
                    3d:69:7e:cc:d9:aa:b1:9c:b4:ce:5f:cb:8c:42:97:
                    87:98:53:b5:ba:8f:49:b4:ae:77:7b:5a:e1:18:f6:
                    61:08:2b:12:ac:58:bd:87:68:d1:44:8a:98:71:34:
                    c2:d9:3c:57:23:af:4e:d5:1b:5e:d0:0d:60:e8:0c:
                    9e:39:56:fc:de:6b:29:13:5d:0c:dd:d4:22:e9:e9:
                    0b:77:a2:35:1d:2c:39:9d:f2:7f:62:e4:0d:cb:0e:
                    28:f7:dd:bf:a2:d6:c0:86:61:30:15:a5:07:96:af:
                    6b:63:dc:f3:ad:b2:4b:33:e2:f2:4f:cf:ee:5d:39:
                    b1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:4E:D1:8D:75:4B:AA:E9:66:61:C8:1E:97:65:FB:EC:4F:95:73:80
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Lk7RjXVLqulmYcgel2X77E-Vc4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.255.34.0-159.255.39.255

    Signature Algorithm: sha256WithRSAEncryption
         30:6e:fc:93:85:27:28:88:a6:b1:0f:31:b0:20:18:28:72:a8:
         b8:23:f9:77:56:d5:e0:fa:65:b3:db:6a:6a:dc:59:90:9b:ce:
         34:12:21:7f:6f:95:12:db:c7:49:46:4e:c0:ff:5f:79:4c:a2:
         3f:83:f2:61:38:65:d5:d6:33:2f:bb:87:8a:7e:5a:47:e7:01:
         af:65:6a:00:87:60:bb:21:c8:d0:bb:9b:df:50:33:68:c2:17:
         7f:a8:fc:8c:45:41:5f:3a:94:e3:e9:4e:ad:d4:b8:e4:51:fe:
         2d:64:fd:8d:86:6c:e0:6e:b3:5d:43:08:36:90:0b:f3:b2:12:
         ab:3e:2c:8d:32:50:17:70:6d:00:5e:b6:c3:c1:d2:88:d4:02:
         6e:d2:da:1d:94:c2:5c:5e:81:eb:67:10:c5:ba:5d:0d:1c:7d:
         08:28:ea:dc:87:ba:71:1d:e2:ed:10:8f:80:18:d3:0d:33:1d:
         b8:83:13:da:c3:82:43:f1:ea:f3:02:6f:ef:af:05:a1:06:9e:
         ac:17:cb:b3:6e:68:38:79:86:8c:ea:b0:5b:b8:13:51:e0:00:
         de:4e:59:d9:06:e3:f8:23:af:e1:00:83:dc:f4:40:a2:ee:e8:
         3a:d5:80:32:63:45:57:0d:7f:74:0e:9e:a2:64:b6:31:92:ad:
         a0:df:00:10
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQl/IBiwSz7CJfwlgnPFxT/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTRlZDE4ZDc1NGJhYWU5NjY2MWM4MWU5NzY1ZmJlYzRmOTU3MzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgY96o74p8TR4YGzWothVM2oNv9Y
t5/cNMZO2n6L168nMdXG5X2sftWgqdnGNFsYOjedoeT9jyFe3gQgIweW+R/4YO5n
UE881DtlMdtbfbPNedhFwYl3kB4nQEdsMhuBICf2cY4t1HLb+6NQlzcN+v44TwLK
eMNSi9xwZpUBc2A6h2Yi+q49aX7M2aqxnLTOX8uMQpeHmFO1uo9JtK53e1rhGPZh
CCsSrFi9h2jRRIqYcTTC2TxXI69O1Rte0A1g6AyeOVb83mspE10M3dQi6ekLd6I1
HSw5nfJ/YuQNyw4o992/otbAhmEwFaUHlq9rY9zzrbJLM+LyT8/uXTmxCQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC5O0Y11S6rpZmHIHpdl++xPlXOAMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvTGs3UmpYVkxxdWxtWWNnZWwyWDc3RS1WYzRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAGf/yID
BAOf/yAwDQYJKoZIhvcNAQELBQADggEBADBu/JOFJyiIprEPMbAgGChyqLgj+XdW
1eD6ZbPbamrcWZCbzjQSIX9vlRLbx0lGTsD/X3lMoj+D8mE4ZdXWMy+7h4p+Wkfn
Aa9lagCHYLshyNC7m99QM2jCF3+o/IxFQV86lOPpTq3UuORR/i1k/Y2GbOBus11D
CDaQC/OyEqs+LI0yUBdwbQBetsPB0ojUAm7S2h2UwlxegetnEMW6XQ0cfQgo6tyH
unEd4u0Qj4AY0w0zHbiDE9rDgkPx6vMCb++vBaEGnqwXy7NuaDh5hozqsFu4E1Hg
AN5OWdkG4/gjr+EAg9z0QKLu6DrVgDJjRVcNf3QOnqJktjGSraDfABA=
-----END CERTIFICATE-----