Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ef7787-404b-4a1e-ba8b-68e7fb17a44b/1/ZCkfeAjOszD2HMrcmMdAOtTYMx4.roa
File:                     ZCkfeAjOszD2HMrcmMdAOtTYMx4.roa (raw, json)
Hash identifier:          kksZ2iGnNB0fk6ZZYrsJVGgFQGCuEzHoiIRBf8lZ3ns=
Subject key identifier:   64:29:1F:78:08:CE:B3:30:F6:1C:CA:DC:98:C7:40:3A:D4:D8:33:1E
Certificate issuer:       /CN=2e94ff0301be79d81260ac66ac7362efad968a41
Certificate serial:       018CC49385CB2DD6DD219E0A6830FCB8C533
Authority key identifier: 2E:94:FF:03:01:BE:79:D8:12:60:AC:66:AC:73:62:EF:AD:96:8A:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LpT_AwG-edgSYKxmrHNi762WikE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ef7787-404b-4a1e-ba8b-68e7fb17a44b/1/ZCkfeAjOszD2HMrcmMdAOtTYMx4.roa
Signing time:             Mon 01 Jan 2024 10:30:51 +0000
ROA not before:           Mon 01 Jan 2024 10:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42134
IP address blocks:        194.0.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ef7787-404b-4a1e-ba8b-68e7fb17a44b/1/LpT_AwG-edgSYKxmrHNi762WikE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ef7787-404b-4a1e-ba8b-68e7fb17a44b/1/LpT_AwG-edgSYKxmrHNi762WikE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LpT_AwG-edgSYKxmrHNi762WikE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:85:cb:2d:d6:dd:21:9e:0a:68:30:fc:b8:c5:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e94ff0301be79d81260ac66ac7362efad968a41
        Validity
            Not Before: Jan  1 10:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64291f7808ceb330f61ccadc98c7403ad4d8331e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a7:81:4b:8f:cd:2b:64:d5:09:22:3b:78:66:
                    d1:8b:37:b1:5d:c4:cc:a6:7d:ba:cb:a0:9e:11:6e:
                    a6:b7:56:f6:9e:ab:5f:57:18:26:ad:e8:45:ad:2b:
                    7f:ce:17:0a:88:73:2b:94:22:2f:79:79:09:d3:5c:
                    79:88:64:a7:58:1f:9c:02:d4:49:cf:ab:14:6a:5e:
                    81:28:84:1e:f1:a0:00:aa:a9:92:9d:b1:28:eb:b1:
                    de:ef:ef:13:c2:cd:eb:83:af:e3:69:01:fe:4d:d4:
                    91:70:89:62:ab:2b:e3:66:7f:10:8f:0c:bf:01:bd:
                    b6:3b:e2:6b:09:9a:fa:ac:88:df:56:78:5e:61:3b:
                    34:0f:9e:2f:7b:83:14:f3:7e:eb:68:e9:4e:35:50:
                    8e:67:a2:a3:f1:87:68:33:33:52:7c:54:47:d0:94:
                    4a:88:4f:38:d1:59:65:4e:e4:b7:fc:ad:51:24:1c:
                    74:66:ff:8c:85:b9:f7:95:f1:a6:b5:f8:ad:f5:54:
                    bf:ea:83:1f:60:10:a4:58:03:54:1a:cc:80:87:ee:
                    c1:62:f3:fe:c0:ed:61:09:e6:f7:f9:aa:40:de:ec:
                    1b:3a:62:51:ed:2b:f6:91:09:31:65:6d:f0:55:9e:
                    09:d8:32:76:c5:50:85:0f:d3:b0:ba:9e:ca:f2:51:
                    1c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:29:1F:78:08:CE:B3:30:F6:1C:CA:DC:98:C7:40:3A:D4:D8:33:1E
            X509v3 Authority Key Identifier:
                keyid:2E:94:FF:03:01:BE:79:D8:12:60:AC:66:AC:73:62:EF:AD:96:8A:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LpT_AwG-edgSYKxmrHNi762WikE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ef7787-404b-4a1e-ba8b-68e7fb17a44b/1/ZCkfeAjOszD2HMrcmMdAOtTYMx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ef7787-404b-4a1e-ba8b-68e7fb17a44b/1/LpT_AwG-edgSYKxmrHNi762WikE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:df:5b:81:8c:8f:3e:c0:0f:ff:f3:49:49:8a:57:60:f4:3c:
         a0:e6:ef:4c:1d:cf:e7:eb:bc:fb:d4:33:3d:9f:a5:8f:9d:9a:
         4d:95:2d:99:46:1f:72:0d:0f:ee:cc:fb:eb:9a:25:eb:07:43:
         8e:47:b0:a3:3b:2e:a7:c7:1f:7c:37:08:9e:ad:63:d4:f3:91:
         9e:fb:27:f9:ed:02:1c:c8:d1:19:82:3c:41:42:97:b7:5a:ab:
         18:77:7e:c1:12:26:71:a6:b0:fc:39:ec:62:30:36:75:ea:e1:
         a1:46:aa:5c:58:c3:28:c8:47:fe:40:10:de:89:55:9f:db:cf:
         30:4f:2f:ac:6b:ab:f9:37:48:01:67:a3:be:f3:8b:86:ae:38:
         80:b3:0e:a2:3c:9d:a9:91:40:3a:12:b9:e3:81:2c:89:c4:de:
         e2:0d:56:a3:dd:c5:ba:e8:c5:61:18:5e:36:ac:be:69:c1:86:
         79:3a:95:68:61:ab:49:2e:ea:b0:f0:04:e9:69:52:22:34:b1:
         a7:f4:5a:14:85:4b:c4:13:e5:6a:56:f0:5a:ec:f6:e9:e3:e6:
         84:b9:e8:28:53:7e:b0:84:b1:d7:81:7d:61:64:76:be:b3:9e:
         c0:0e:2a:b9:2c:81:ce:4f:8e:d8:46:40:74:0e:97:e7:7e:2e:
         bf:40:83:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4XLLdbdIZ4KaDD8uMUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlOTRmZjAzMDFiZTc5ZDgxMjYwYWM2NmFjNzM2MmVmYWQ5
NjhhNDEwHhcNMjQwMTAxMTAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDI5MWY3ODA4Y2ViMzMwZjYxY2NhZGM5OGM3NDAzYWQ0ZDgzMzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KeBS4/NK2TVCSI7eGbRizexXcTM
pn26y6CeEW6mt1b2nqtfVxgmrehFrSt/zhcKiHMrlCIveXkJ01x5iGSnWB+cAtRJ
z6sUal6BKIQe8aAAqqmSnbEo67He7+8Tws3rg6/jaQH+TdSRcIliqyvjZn8Qjwy/
Ab22O+JrCZr6rIjfVnheYTs0D54ve4MU837raOlONVCOZ6Kj8YdoMzNSfFRH0JRK
iE840VllTuS3/K1RJBx0Zv+Mhbn3lfGmtfit9VS/6oMfYBCkWANUGsyAh+7BYvP+
wO1hCeb3+apA3uwbOmJR7Sv2kQkxZW3wVZ4J2DJ2xVCFD9Owup7K8lEcTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQpH3gIzrMw9hzK3JjHQDrU2DMeMB8GA1UdIwQY
MBaAFC6U/wMBvnnYEmCsZqxzYu+tlopBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHBUX0F3Ry1lZGdTWUt4bXJITmk3NjJXaWtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9lZjc3ODctNDA0Yi00YTFlLWJhOGIt
NjhlN2ZiMTdhNDRiLzEvWkNrZmVBak9zekQySE1yY21NZEFPdFRZTXg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9lZjc3ODctNDA0Yi00YTFlLWJhOGItNjhlN2ZiMTdhNDRi
LzEvTHBUX0F3Ry1lZGdTWUt4bXJITmk3NjJXaWtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCKMA0G
CSqGSIb3DQEBCwUAA4IBAQAd31uBjI8+wA//80lJildg9Dyg5u9MHc/n67z71DM9
n6WPnZpNlS2ZRh9yDQ/uzPvrmiXrB0OOR7CjOy6nxx98NwierWPU85Ge+yf57QIc
yNEZgjxBQpe3WqsYd37BEiZxprD8OexiMDZ16uGhRqpcWMMoyEf+QBDeiVWf288w
Ty+sa6v5N0gBZ6O+84uGrjiAsw6iPJ2pkUA6ErnjgSyJxN7iDVaj3cW66MVhGF42
rL5pwYZ5OpVoYatJLuqw8ATpaVIiNLGn9FoUhUvEE+VqVvBa7Pbp4+aEuegoU36w
hLHXgX1hZHa+s57ADiq5LIHOT47YRkB0Dpfnfi6/QIOm
-----END CERTIFICATE-----