Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/LhJmSUXYZvXMzK7D66E4_Ripd-M.roa
File:                     LhJmSUXYZvXMzK7D66E4_Ripd-M.roa (raw, json)
Hash identifier:          zClTXYp+lofcarkc6niqOoFRzIxHMmYTtQbbuNqW33k=
Subject key identifier:   2E:12:66:49:45:D8:66:F5:CC:CC:AE:C3:EB:A1:38:FD:18:A9:77:E3
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018CCA29D1D3D6E0911291C55BCA60B5C2B0
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/LhJmSUXYZvXMzK7D66E4_Ripd-M.roa
Signing time:             Tue 02 Jan 2024 12:33:07 +0000
ROA not before:           Tue 02 Jan 2024 12:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41745
IP address blocks:        92.118.169.0/24 maxlen: 24
                          92.118.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d1:d3:d6:e0:91:12:91:c5:5b:ca:60:b5:c2:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 12:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e12664945d866f5ccccaec3eba138fd18a977e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:86:e7:3f:29:15:79:ca:3e:82:34:ae:e2:81:
                    b0:37:d3:e4:b1:07:b8:71:15:83:44:b8:5e:da:10:
                    52:9c:5e:8e:39:3d:79:b2:9f:46:bc:65:13:98:8c:
                    8c:a0:af:2f:25:56:05:1c:ac:fe:ac:a6:42:31:74:
                    82:79:21:62:60:d2:0f:84:2a:23:a7:20:94:61:ea:
                    a8:64:a3:41:42:9f:24:e2:d6:2d:3c:a0:73:34:f5:
                    32:91:9d:45:9c:bd:ab:92:99:90:68:96:62:2c:85:
                    4a:27:76:45:d9:d7:ff:a1:cc:0b:af:a2:10:55:a2:
                    ed:a7:69:ee:a0:7b:11:83:be:9e:3a:c4:31:1c:29:
                    b7:b7:f9:61:8c:cb:64:1e:77:c6:13:3d:a0:a8:a5:
                    7d:35:47:f7:19:b7:bd:7e:19:c5:03:41:ac:37:84:
                    87:fd:27:5f:aa:1a:7b:4b:ba:55:75:67:b9:20:68:
                    5c:3c:15:81:c4:0b:3a:98:94:4d:34:19:04:a6:ce:
                    78:3d:60:09:2e:33:9f:27:2f:ea:94:d6:ce:b6:7f:
                    36:78:db:63:3b:36:83:90:62:6b:b6:32:0c:6c:d8:
                    c6:d6:08:e7:d0:33:03:98:da:73:4c:67:90:73:25:
                    80:8d:3a:ca:b5:48:dd:88:fb:14:31:07:b3:95:c4:
                    82:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:12:66:49:45:D8:66:F5:CC:CC:AE:C3:EB:A1:38:FD:18:A9:77:E3
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/LhJmSUXYZvXMzK7D66E4_Ripd-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.169.0-92.118.170.255

    Signature Algorithm: sha256WithRSAEncryption
         7a:c2:89:11:5e:be:0c:62:b3:92:b5:cc:73:f2:0b:92:2b:b6:
         e7:3d:3b:ae:a5:c5:bd:82:f0:a8:8d:4a:83:97:92:a8:c3:70:
         b6:fe:84:f5:26:68:fc:c9:0f:78:cb:8a:56:ea:05:c8:2e:5b:
         bc:6a:fc:d7:d2:89:2d:56:cb:37:7c:c9:27:b1:37:85:fa:ca:
         06:ba:4c:09:76:c2:f1:2b:76:f2:6f:4a:4a:7f:e9:a9:e4:8f:
         cc:29:bc:e2:8b:28:3f:1e:96:22:8e:39:3d:7d:02:74:0f:ab:
         1f:fb:56:64:55:b0:f8:e1:ef:3a:a5:2a:66:08:0a:aa:7a:d4:
         d4:e0:82:28:2b:02:71:b9:87:3f:f0:c5:57:d0:a6:c1:ce:22:
         8f:6f:44:af:fc:51:19:b0:b8:2b:14:97:73:6d:00:a1:89:6e:
         bd:6a:7c:11:3c:d1:92:23:aa:7e:eb:7e:ad:22:72:74:44:6b:
         13:0e:b4:cd:92:be:3f:1f:ea:41:65:7c:28:eb:56:cf:e4:c3:
         d5:2c:33:73:e6:ed:02:3e:8d:ab:27:ec:7a:5b:ab:45:51:82:
         1f:74:68:8f:ad:ae:ad:59:f7:21:0e:8c:55:bb:66:c1:d9:6e:
         ae:e6:8e:dd:d4:bf:f4:bf:68:c5:cd:23:fd:bc:4d:5b:40:8b:
         0c:5f:b1:73
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKKdHT1uCREpHFW8pgtcKwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjQwMTAyMTIzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTEyNjY0OTQ1ZDg2NmY1Y2NjY2FlYzNlYmExMzhmZDE4YTk3N2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgobnPykVeco+gjSu4oGwN9PksQe4
cRWDRLhe2hBSnF6OOT15sp9GvGUTmIyMoK8vJVYFHKz+rKZCMXSCeSFiYNIPhCoj
pyCUYeqoZKNBQp8k4tYtPKBzNPUykZ1FnL2rkpmQaJZiLIVKJ3ZF2df/ocwLr6IQ
VaLtp2nuoHsRg76eOsQxHCm3t/lhjMtkHnfGEz2gqKV9NUf3Gbe9fhnFA0GsN4SH
/Sdfqhp7S7pVdWe5IGhcPBWBxAs6mJRNNBkEps54PWAJLjOfJy/qlNbOtn82eNtj
OzaDkGJrtjIMbNjG1gjn0DMDmNpzTGeQcyWAjTrKtUjdiPsUMQezlcSCcQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC4SZklF2Gb1zMyuw+uhOP0YqXfjMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvTGhKbVNVWFladlhNeks3RDY2RTRfUmlwZC1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABcdqkD
BABcdqowDQYJKoZIhvcNAQELBQADggEBAHrCiRFevgxis5K1zHPyC5Irtuc9O66l
xb2C8KiNSoOXkqjDcLb+hPUmaPzJD3jLilbqBcguW7xq/NfSiS1Wyzd8ySexN4X6
yga6TAl2wvErdvJvSkp/6ankj8wpvOKLKD8eliKOOT19AnQPqx/7VmRVsPjh7zql
KmYICqp61NTggigrAnG5hz/wxVfQpsHOIo9vRK/8URmwuCsUl3NtAKGJbr1qfBE8
0ZIjqn7rfq0icnREaxMOtM2Svj8f6kFlfCjrVs/kw9UsM3Pm7QI+jasn7Hpbq0VR
gh90aI+trq1Z9yEOjFW7ZsHZbq7mjt3Uv/S/aMXNI/28TVtAiwxfsXM=
-----END CERTIFICATE-----