Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/LhmmiYMBrB0ZFl6AyR1olZcF6pc.roa
File:                     LhmmiYMBrB0ZFl6AyR1olZcF6pc.roa (raw, json)
Hash identifier:          VXdwOuS9DZS5ZEqHmwjAjwR5491NY7BO9J/oP3bbh64=
Subject key identifier:   2E:19:A6:89:83:01:AC:1D:19:16:5E:80:C9:1D:68:95:97:05:EA:97
Certificate issuer:       /CN=449e4252bcb22ea2c6cfb3924c8f84bdde7a7471
Certificate serial:       018CC6B9376674E2BE363EFA4C73BA0356C8
Authority key identifier: 44:9E:42:52:BC:B2:2E:A2:C6:CF:B3:92:4C:8F:84:BD:DE:7A:74:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RJ5CUryyLqLGz7OSTI-Evd56dHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/LhmmiYMBrB0ZFl6AyR1olZcF6pc.roa
Signing time:             Mon 01 Jan 2024 20:31:16 +0000
ROA not before:           Mon 01 Jan 2024 20:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59407
IP address blocks:        91.192.202.0/23 maxlen: 23
                          5.134.16.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/RJ5CUryyLqLGz7OSTI-Evd56dHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/RJ5CUryyLqLGz7OSTI-Evd56dHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RJ5CUryyLqLGz7OSTI-Evd56dHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:37:66:74:e2:be:36:3e:fa:4c:73:ba:03:56:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=449e4252bcb22ea2c6cfb3924c8f84bdde7a7471
        Validity
            Not Before: Jan  1 20:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e19a6898301ac1d19165e80c91d68959705ea97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5b:a3:4d:5c:70:b4:93:c3:b4:33:db:5e:3e:
                    72:02:d0:38:dc:01:dc:dc:9a:8d:65:0e:17:5b:72:
                    d3:b5:81:52:a4:4f:ea:ff:f3:4b:18:ca:ea:7f:ff:
                    c6:49:29:99:26:ea:d9:87:75:d6:2a:19:f1:5e:11:
                    c2:52:4a:37:0e:0b:55:f5:01:79:b7:8a:21:21:34:
                    db:37:f6:69:ab:64:51:01:07:e5:f8:6f:0f:8a:6c:
                    b6:81:39:a9:9d:75:5a:72:83:f9:47:c2:fc:ee:ca:
                    ab:39:8f:eb:a5:9c:6f:31:1f:b3:1f:96:51:16:cb:
                    b2:4f:4a:d2:4a:60:96:cb:7a:f1:15:6f:68:02:f3:
                    d3:20:71:2e:53:99:96:93:9c:82:9c:dc:ba:08:9f:
                    77:0e:8d:ee:1e:33:65:be:e9:69:34:f1:71:b9:a5:
                    d4:0f:e7:18:7b:fe:f3:51:4b:ad:3d:6c:69:12:4e:
                    d0:6e:bf:bd:7d:86:61:2e:ca:e3:98:b7:08:a9:72:
                    11:31:34:b1:fe:3d:a9:1b:07:e1:a1:39:24:d7:a7:
                    ad:39:ae:71:e4:54:61:43:c1:5d:62:57:34:d3:88:
                    9d:2b:be:4f:43:9d:61:14:05:b0:78:9b:cd:a6:f4:
                    54:fa:08:48:45:53:4c:fc:62:50:17:a6:e0:d0:82:
                    17:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:19:A6:89:83:01:AC:1D:19:16:5E:80:C9:1D:68:95:97:05:EA:97
            X509v3 Authority Key Identifier:
                keyid:44:9E:42:52:BC:B2:2E:A2:C6:CF:B3:92:4C:8F:84:BD:DE:7A:74:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RJ5CUryyLqLGz7OSTI-Evd56dHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/LhmmiYMBrB0ZFl6AyR1olZcF6pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9e9559-8f3c-45d0-851c-68f2174c79ee/1/RJ5CUryyLqLGz7OSTI-Evd56dHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.134.16.0/21
                  91.192.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:a1:e3:97:56:a5:00:85:45:9a:76:8f:63:2e:7d:68:35:e6:
         25:a6:e4:5c:87:ef:8f:60:99:02:10:0b:8a:44:53:13:63:a5:
         ad:a8:c2:cd:13:e8:9a:a5:f2:4d:da:62:37:c7:af:bc:65:e3:
         58:57:3d:6e:32:e2:24:a1:de:16:0e:68:5c:98:24:c1:9f:b5:
         dc:02:bc:db:01:0d:2d:45:2f:30:33:4c:3c:25:73:0b:04:62:
         3c:39:2d:b8:91:f3:15:4f:e0:f9:fd:f4:3e:a2:b2:4a:09:7a:
         2a:9b:a8:71:66:65:54:6a:49:a2:e1:34:3f:5b:80:1e:65:ec:
         38:ef:40:e7:fa:8c:76:35:10:4e:3e:fd:57:69:e5:0f:32:40:
         82:94:1e:6c:71:7e:56:15:fd:75:1f:ce:32:21:3b:fd:80:bd:
         ea:0b:88:87:e6:27:80:46:d3:ed:58:56:ec:48:ba:73:63:6f:
         70:65:a0:a4:43:02:d5:62:ab:3e:a2:91:e8:16:42:58:3d:5b:
         a2:c4:fc:40:9a:57:e2:e7:8e:a4:bf:7a:4b:d7:7b:a3:49:7e:
         0a:10:94:b6:a8:9a:52:8b:42:69:cf:f3:de:1d:06:fe:5b:2f:
         34:75:b7:9b:64:a2:83:b2:2d:34:fd:85:43:98:a9:d6:12:69:
         ab:6a:07:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuTdmdOK+Nj76THO6A1bIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0OWU0MjUyYmNiMjJlYTJjNmNmYjM5MjRjOGY4NGJkZGU3
YTc0NzEwHhcNMjQwMTAxMjAzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTE5YTY4OTgzMDFhYzFkMTkxNjVlODBjOTFkNjg5NTk3MDVlYTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1ujTVxwtJPDtDPbXj5yAtA43AHc
3JqNZQ4XW3LTtYFSpE/q//NLGMrqf//GSSmZJurZh3XWKhnxXhHCUko3DgtV9QF5
t4ohITTbN/Zpq2RRAQfl+G8Pimy2gTmpnXVacoP5R8L87sqrOY/rpZxvMR+zH5ZR
FsuyT0rSSmCWy3rxFW9oAvPTIHEuU5mWk5yCnNy6CJ93Do3uHjNlvulpNPFxuaXU
D+cYe/7zUUutPWxpEk7Qbr+9fYZhLsrjmLcIqXIRMTSx/j2pGwfhoTkk16etOa5x
5FRhQ8FdYlc004idK75PQ51hFAWweJvNpvRU+ghIRVNM/GJQF6bg0IIXbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC4ZpomDAawdGRZegMkdaJWXBeqXMB8GA1UdIwQY
MBaAFESeQlK8si6ixs+zkkyPhL3eenRxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUko1Q1VyeXlMcUxHejdPU1RJLUV2ZDU2ZEhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZTk1NTktOGYzYy00NWQwLTg1MWMt
NjhmMjE3NGM3OWVlLzEvTGhtbWlZTUJyQjBaRmw2QXlSMW9sWmNGNnBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZTk1NTktOGYzYy00NWQwLTg1MWMtNjhmMjE3NGM3OWVl
LzEvUko1Q1VyeXlMcUxHejdPU1RJLUV2ZDU2ZEhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBYYQAwQB
W8DKMA0GCSqGSIb3DQEBCwUAA4IBAQCeoeOXVqUAhUWado9jLn1oNeYlpuRch++P
YJkCEAuKRFMTY6WtqMLNE+iapfJN2mI3x6+8ZeNYVz1uMuIkod4WDmhcmCTBn7Xc
ArzbAQ0tRS8wM0w8JXMLBGI8OS24kfMVT+D5/fQ+orJKCXoqm6hxZmVUakmi4TQ/
W4AeZew470Dn+ox2NRBOPv1XaeUPMkCClB5scX5WFf11H84yITv9gL3qC4iH5ieA
RtPtWFbsSLpzY29wZaCkQwLVYqs+opHoFkJYPVuixPxAmlfi546kv3pL13ujSX4K
EJS2qJpSi0Jpz/PeHQb+Wy80dbebZKKDsi00/YVDmKnWEmmragf1
-----END CERTIFICATE-----