Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/lIAO40W3sJ3kejXkTtbKAwhaY8A.roa
File:                     lIAO40W3sJ3kejXkTtbKAwhaY8A.roa (raw, json)
Hash identifier:          XyZOio62nTMBsslVjVDtlUNQHnU7Z8tiHMImHbzlr84=
Subject key identifier:   94:80:0E:E3:45:B7:B0:9D:E4:7A:35:E4:4E:D6:CA:03:08:5A:63:C0
Certificate issuer:       /CN=e618eff923e35bf83792353c4633ca2300f75b6c
Certificate serial:       018CC3B72640D34E3853B3586BD7889E2FDA
Authority key identifier: E6:18:EF:F9:23:E3:5B:F8:37:92:35:3C:46:33:CA:23:00:F7:5B:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hjv-SPjW_g3kjU8RjPKIwD3W2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/lIAO40W3sJ3kejXkTtbKAwhaY8A.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400039
IP address blocks:        146.19.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/5hjv-SPjW_g3kjU8RjPKIwD3W2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/5hjv-SPjW_g3kjU8RjPKIwD3W2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hjv-SPjW_g3kjU8RjPKIwD3W2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:26:40:d3:4e:38:53:b3:58:6b:d7:88:9e:2f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e618eff923e35bf83792353c4633ca2300f75b6c
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94800ee345b7b09de47a35e44ed6ca03085a63c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e3:09:a1:92:8b:2d:a8:90:fd:9d:22:65:0f:
                    95:25:0a:44:1b:91:ab:2d:0c:b1:f3:22:f7:22:3b:
                    d9:c3:0e:98:f0:be:9a:2a:d7:23:ca:0d:44:e5:d2:
                    e9:07:d9:b0:5a:fe:a9:c9:2b:21:45:ce:52:30:75:
                    41:6b:6b:b3:dd:4e:0c:63:7a:17:95:4d:43:e0:da:
                    db:f5:f8:81:a4:18:c8:e9:07:04:5e:93:a3:a4:02:
                    1f:c7:79:4b:5d:82:9a:24:0c:35:73:a8:93:95:ed:
                    7f:44:8c:e1:3f:24:28:61:ef:05:27:22:4a:f3:69:
                    df:ef:2e:7e:6c:0e:5f:07:f0:5a:95:c1:71:67:22:
                    ce:67:7f:80:c5:18:96:c4:71:f9:8a:f7:fe:70:f9:
                    95:45:cf:d8:6a:de:2f:9d:12:3f:f7:0d:a1:da:32:
                    5b:c4:44:09:11:7b:da:a4:e8:ac:34:e2:e8:83:dc:
                    11:91:48:9f:98:7b:50:7a:f1:b3:87:f7:96:a4:9e:
                    03:d4:59:92:5d:44:fa:79:0f:c1:5f:56:73:69:bf:
                    42:ec:01:43:42:c3:d5:3b:85:e9:b5:2d:c9:5b:fc:
                    8d:66:b9:ca:b3:5d:cb:63:40:31:f0:dd:b0:cb:d5:
                    fe:11:e5:73:0d:7d:00:4d:3e:b9:85:b9:41:bb:2d:
                    82:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:80:0E:E3:45:B7:B0:9D:E4:7A:35:E4:4E:D6:CA:03:08:5A:63:C0
            X509v3 Authority Key Identifier:
                keyid:E6:18:EF:F9:23:E3:5B:F8:37:92:35:3C:46:33:CA:23:00:F7:5B:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hjv-SPjW_g3kjU8RjPKIwD3W2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/lIAO40W3sJ3kejXkTtbKAwhaY8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d50912-0b8d-43cc-8bee-dedc5a6964fc/1/5hjv-SPjW_g3kjU8RjPKIwD3W2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:22:79:bc:2e:eb:47:7c:6e:ec:85:31:1e:a6:38:94:86:55:
         0a:f7:e1:eb:0d:5c:b2:a7:4c:28:92:27:d4:79:5f:bd:34:ac:
         53:d6:c3:7d:e4:d7:94:d9:28:92:c8:3e:84:ad:d6:d0:86:9c:
         11:00:08:3d:d7:7b:5b:74:43:05:3f:dd:f1:5a:ac:dc:27:8b:
         88:24:0a:53:6d:98:be:a5:91:4c:4c:6a:d0:83:d8:9c:66:ca:
         e9:cf:8b:41:aa:0e:30:26:d2:71:04:f9:83:f5:a5:aa:db:02:
         8c:3c:0f:d0:62:b2:eb:e8:af:b1:e5:8e:6d:76:ad:c4:82:74:
         6d:cc:66:07:95:ac:5a:a3:8d:9c:85:19:f0:32:d2:ca:1b:b3:
         f5:21:d1:b4:bc:6a:e7:42:e3:0a:d4:9f:eb:0a:04:6a:f5:b2:
         b6:91:68:e9:41:7b:9a:31:76:df:4f:96:47:ae:b6:62:69:57:
         dc:30:67:69:e8:d6:fa:12:32:48:42:48:f8:46:81:ba:2d:8d:
         cc:8f:84:14:f6:fd:b9:04:88:76:20:43:9d:c3:fc:c1:75:08:
         12:21:ff:df:ce:dc:78:54:e0:07:4f:b0:82:4e:30:25:fb:55:
         d3:a0:20:b1:ca:06:7a:2e:c8:d4:1b:dc:c7:e7:41:f5:40:3d:
         ec:d4:c3:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyZA0044U7NYa9eIni/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MThlZmY5MjNlMzViZjgzNzkyMzUzYzQ2MzNjYTIzMDBm
NzViNmMwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDgwMGVlMzQ1YjdiMDlkZTQ3YTM1ZTQ0ZWQ2Y2EwMzA4NWE2M2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuMJoZKLLaiQ/Z0iZQ+VJQpEG5Gr
LQyx8yL3IjvZww6Y8L6aKtcjyg1E5dLpB9mwWv6pySshRc5SMHVBa2uz3U4MY3oX
lU1D4Nrb9fiBpBjI6QcEXpOjpAIfx3lLXYKaJAw1c6iTle1/RIzhPyQoYe8FJyJK
82nf7y5+bA5fB/BalcFxZyLOZ3+AxRiWxHH5ivf+cPmVRc/Yat4vnRI/9w2h2jJb
xEQJEXvapOisNOLog9wRkUifmHtQevGzh/eWpJ4D1FmSXUT6eQ/BX1Zzab9C7AFD
QsPVO4XptS3JW/yNZrnKs13LY0Ax8N2wy9X+EeVzDX0ATT65hblBuy2C+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSADuNFt7Cd5Ho15E7WygMIWmPAMB8GA1UdIwQY
MBaAFOYY7/kj41v4N5I1PEYzyiMA91tsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWhqdi1TUGpXX2cza2pVOFJqUEtJd0QzVzJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kNTA5MTItMGI4ZC00M2NjLThiZWUt
ZGVkYzVhNjk2NGZjLzEvbElBTzQwVzNzSjNrZWpYa1R0YktBd2hhWThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kNTA5MTItMGI4ZC00M2NjLThiZWUtZGVkYzVhNjk2NGZj
LzEvNWhqdi1TUGpXX2cza2pVOFJqUEtJd0QzVzJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNcMA0G
CSqGSIb3DQEBCwUAA4IBAQAyInm8LutHfG7shTEepjiUhlUK9+HrDVyyp0wokifU
eV+9NKxT1sN95NeU2SiSyD6ErdbQhpwRAAg913tbdEMFP93xWqzcJ4uIJApTbZi+
pZFMTGrQg9icZsrpz4tBqg4wJtJxBPmD9aWq2wKMPA/QYrLr6K+x5Y5tdq3EgnRt
zGYHlaxao42chRnwMtLKG7P1IdG0vGrnQuMK1J/rCgRq9bK2kWjpQXuaMXbfT5ZH
rrZiaVfcMGdp6Nb6EjJIQkj4RoG6LY3Mj4QU9v25BIh2IEOdw/zBdQgSIf/fztx4
VOAHT7CCTjAl+1XToCCxygZ6LsjUG9zH50H1QD3s1MNl
-----END CERTIFICATE-----