Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/LpNiGN2Dque5U_HBHS7KJ_KHCMQ.roa
File:                     LpNiGN2Dque5U_HBHS7KJ_KHCMQ.roa (raw, json)
Hash identifier:          Ss8ukx+WVm1zQawYhsUQmJi8XiSBIrQviecE3AievV4=
Subject key identifier:   2E:93:62:18:DD:83:AA:E7:B9:53:F1:C1:1D:2E:CA:27:F2:87:08:C4
Certificate issuer:       /CN=7d3045fc491d39f52e7145b1000b3b86c37ded45
Certificate serial:       018CC34938A76AF55D400B1708B800B7F2DB
Authority key identifier: 7D:30:45:FC:49:1D:39:F5:2E:71:45:B1:00:0B:3B:86:C3:7D:ED:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fTBF_EkdOfUucUWxAAs7hsN97UU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/LpNiGN2Dque5U_HBHS7KJ_KHCMQ.roa
Signing time:             Mon 01 Jan 2024 04:30:04 +0000
ROA not before:           Mon 01 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.236.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/fTBF_EkdOfUucUWxAAs7hsN97UU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/fTBF_EkdOfUucUWxAAs7hsN97UU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fTBF_EkdOfUucUWxAAs7hsN97UU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:38:a7:6a:f5:5d:40:0b:17:08:b8:00:b7:f2:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d3045fc491d39f52e7145b1000b3b86c37ded45
        Validity
            Not Before: Jan  1 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e936218dd83aae7b953f1c11d2eca27f28708c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:19:fd:ff:4e:14:19:5b:50:21:25:01:ee:fd:
                    0e:92:d7:f1:c2:19:38:1c:28:7b:a3:4d:7e:08:df:
                    e8:4d:6a:67:bd:72:a8:c9:d5:8a:f9:e5:4e:68:15:
                    16:a1:59:6e:ae:7a:98:9f:14:39:88:42:7b:74:d3:
                    d6:0e:69:80:55:6a:fa:bf:f5:14:68:e1:b9:f1:9a:
                    34:70:dc:a0:60:9b:b7:88:79:2a:84:63:91:6e:a4:
                    e2:83:67:2e:23:24:c0:c0:e9:19:31:01:99:31:c7:
                    af:4c:b4:ab:bd:8d:e5:9c:0a:80:10:1b:ff:be:35:
                    0c:48:cb:87:fd:6a:30:07:ba:08:cb:37:06:35:4a:
                    0d:26:20:9a:e2:9f:12:e0:e3:b9:5f:a9:9f:9a:31:
                    d1:5b:0e:d5:6d:92:ae:ee:65:9d:69:79:3d:16:1e:
                    b3:5e:ee:55:bc:60:10:44:cd:19:81:01:9a:73:11:
                    c2:55:93:9c:3b:47:30:0f:f4:a2:ba:66:58:97:7e:
                    8b:d8:51:79:46:b7:44:73:47:c1:03:84:05:c7:47:
                    af:58:e7:89:24:74:ea:84:f3:fd:0c:b2:08:cc:fa:
                    9e:93:0a:74:06:36:2f:79:34:31:ed:98:85:f7:91:
                    7f:ff:25:6c:58:a7:8b:5d:ff:31:3e:f0:f4:f7:72:
                    e5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:93:62:18:DD:83:AA:E7:B9:53:F1:C1:1D:2E:CA:27:F2:87:08:C4
            X509v3 Authority Key Identifier:
                keyid:7D:30:45:FC:49:1D:39:F5:2E:71:45:B1:00:0B:3B:86:C3:7D:ED:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fTBF_EkdOfUucUWxAAs7hsN97UU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/LpNiGN2Dque5U_HBHS7KJ_KHCMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/fTBF_EkdOfUucUWxAAs7hsN97UU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:62:37:81:56:ee:02:39:19:60:4a:7d:1d:9c:03:f3:51:2d:
         c3:d9:4a:92:24:8d:aa:94:00:bb:f2:51:2f:24:74:84:9e:64:
         a1:d1:f6:8c:33:a1:cc:c7:ed:5e:b2:8a:59:16:98:99:ed:4c:
         4b:26:ad:54:a2:59:2f:13:93:9f:a1:4b:6b:36:f4:ed:0e:47:
         6a:2c:4b:49:09:7b:a7:36:36:c9:6f:d0:43:4a:a0:a7:cc:ac:
         6d:36:79:62:c5:5d:21:ff:47:ec:27:ab:1c:fb:0c:8d:da:48:
         5a:3c:5e:67:ec:a7:55:ac:b7:64:bf:37:f5:cc:8f:23:d2:63:
         60:56:62:98:9f:59:3a:d4:cd:a5:ba:cf:b4:bb:01:a1:ab:04:
         e4:d9:ca:f1:47:f9:7a:3c:ab:09:7b:32:8d:8c:81:ea:3a:cd:
         45:49:82:29:30:1b:a3:2c:35:f3:c9:d0:df:2b:8e:55:e8:a8:
         93:a4:2e:6d:8f:cd:fb:a5:bc:19:18:f1:65:4b:e7:e2:f4:a5:
         0a:9b:d6:c6:02:c6:20:f5:3f:ff:fa:5b:43:d2:d4:67:3d:99:
         66:69:a0:63:85:f9:af:20:96:3a:8d:bf:84:47:0f:de:c9:62:
         76:e4:11:92:fb:9d:92:33:a6:b2:19:82:4e:2f:35:43:fe:50:
         63:90:22:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSTinavVdQAsXCLgAt/LbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMzA0NWZjNDkxZDM5ZjUyZTcxNDViMTAwMGIzYjg2YzM3
ZGVkNDUwHhcNMjQwMTAxMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTkzNjIxOGRkODNhYWU3Yjk1M2YxYzExZDJlY2EyN2YyODcwOGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Bn9/04UGVtQISUB7v0Oktfxwhk4
HCh7o01+CN/oTWpnvXKoydWK+eVOaBUWoVlurnqYnxQ5iEJ7dNPWDmmAVWr6v/UU
aOG58Zo0cNygYJu3iHkqhGORbqTig2cuIyTAwOkZMQGZMcevTLSrvY3lnAqAEBv/
vjUMSMuH/WowB7oIyzcGNUoNJiCa4p8S4OO5X6mfmjHRWw7VbZKu7mWdaXk9Fh6z
Xu5VvGAQRM0ZgQGacxHCVZOcO0cwD/SiumZYl36L2FF5RrdEc0fBA4QFx0evWOeJ
JHTqhPP9DLIIzPqekwp0BjYveTQx7ZiF95F//yVsWKeLXf8xPvD093LlXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6TYhjdg6rnuVPxwR0uyifyhwjEMB8GA1UdIwQY
MBaAFH0wRfxJHTn1LnFFsQALO4bDfe1FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlRCRl9Fa2RPZlV1Y1VXeEFBczdoc045N1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xZjYzZGItYzk2My00NGJjLWEwMzkt
OGFhYTZhOTBmZjk1LzEvTHBOaUdOMkRxdWU1VV9IQkhTN0tKX0tIQ01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xZjYzZGItYzk2My00NGJjLWEwMzktOGFhYTZhOTBmZjk1
LzEvZlRCRl9Fa2RPZlV1Y1VXeEFBczdoc045N1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+wSMA0G
CSqGSIb3DQEBCwUAA4IBAQBgYjeBVu4CORlgSn0dnAPzUS3D2UqSJI2qlAC78lEv
JHSEnmSh0faMM6HMx+1esopZFpiZ7UxLJq1UolkvE5OfoUtrNvTtDkdqLEtJCXun
NjbJb9BDSqCnzKxtNnlixV0h/0fsJ6sc+wyN2khaPF5n7KdVrLdkvzf1zI8j0mNg
VmKYn1k61M2lus+0uwGhqwTk2crxR/l6PKsJezKNjIHqOs1FSYIpMBujLDXzydDf
K45V6KiTpC5tj837pbwZGPFlS+fi9KUKm9bGAsYg9T//+ltD0tRnPZlmaaBjhfmv
IJY6jb+ERw/eyWJ25BGS+52SM6ayGYJOLzVD/lBjkCK7
-----END CERTIFICATE-----