Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/lx_0h9VEp824IgchbfXwwU993HY.roa
File:                     lx_0h9VEp824IgchbfXwwU993HY.roa (raw, json)
Hash identifier:          tH/EbeD4SJPM0+FLHl3UA5Ub7/tz10ipgZ+yNHKhhT4=
Subject key identifier:   97:1F:F4:87:D5:44:A7:CD:B8:22:07:21:6D:F5:F0:C1:4F:7D:DC:76
Certificate issuer:       /CN=5b95a94adad3a2896c72074d667c1b62075958cb
Certificate serial:       018CC8DEC832301C35202CA8721970C38087
Authority key identifier: 5B:95:A9:4A:DA:D3:A2:89:6C:72:07:4D:66:7C:1B:62:07:59:58:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W5WpStrToolscgdNZnwbYgdZWMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/lx_0h9VEp824IgchbfXwwU993HY.roa
Signing time:             Tue 02 Jan 2024 06:31:32 +0000
ROA not before:           Tue 02 Jan 2024 06:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34933
IP address blocks:        193.238.226.0/24 maxlen: 24
                          193.238.225.0/24 maxlen: 24
                          193.238.224.0/24 maxlen: 24
                          193.238.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/W5WpStrToolscgdNZnwbYgdZWMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/W5WpStrToolscgdNZnwbYgdZWMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W5WpStrToolscgdNZnwbYgdZWMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:c8:32:30:1c:35:20:2c:a8:72:19:70:c3:80:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b95a94adad3a2896c72074d667c1b62075958cb
        Validity
            Not Before: Jan  2 06:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=971ff487d544a7cdb82207216df5f0c14f7ddc76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9f:ff:2a:28:ea:d0:1d:97:57:57:22:eb:54:
                    48:a5:7b:9c:b0:d8:54:84:02:b1:a0:14:d6:19:20:
                    c0:ca:f3:3b:ac:b4:63:89:50:f0:e0:d4:d7:dc:aa:
                    a6:04:99:38:3d:0e:6e:a7:b2:5e:ac:c5:2b:28:d4:
                    de:8a:e5:7c:21:c6:43:f9:9b:a6:93:bd:c2:79:1a:
                    3a:da:e6:2a:57:d6:08:43:06:5a:aa:72:63:fe:bb:
                    ee:d1:19:b4:92:43:97:f3:46:37:33:cb:0c:61:41:
                    11:d1:19:62:7c:a5:bc:a4:ed:61:91:54:b3:28:fa:
                    b8:93:3a:a9:cd:3a:b1:cf:c2:7b:8b:98:ca:3a:b2:
                    3b:b5:52:96:fa:69:48:9f:6a:a5:d5:0e:2e:c6:57:
                    a7:db:a9:0b:5a:82:85:2c:bf:99:e1:8f:0c:46:7c:
                    7a:0e:35:b0:44:0a:7f:05:19:8c:d6:12:28:85:ff:
                    78:3b:db:f2:c7:86:8e:47:f5:30:21:ed:7d:ae:ac:
                    51:87:83:d3:51:67:13:a9:2b:94:5d:93:bf:91:0c:
                    40:07:6b:fe:86:18:b0:be:c9:eb:45:5e:bc:e6:39:
                    68:a4:ca:3e:c1:45:de:5a:38:68:62:6d:d0:d7:ca:
                    50:c5:1d:a7:84:0e:09:ba:6f:72:61:5c:96:36:62:
                    58:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:1F:F4:87:D5:44:A7:CD:B8:22:07:21:6D:F5:F0:C1:4F:7D:DC:76
            X509v3 Authority Key Identifier:
                keyid:5B:95:A9:4A:DA:D3:A2:89:6C:72:07:4D:66:7C:1B:62:07:59:58:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W5WpStrToolscgdNZnwbYgdZWMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/lx_0h9VEp824IgchbfXwwU993HY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/W5WpStrToolscgdNZnwbYgdZWMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:61:53:8c:a5:9a:0f:d5:39:bc:27:f0:bd:87:26:90:25:06:
         34:df:3f:4f:fa:2a:0a:df:84:a7:c1:65:42:b6:6f:b9:29:a0:
         15:e2:fb:cd:18:34:e1:35:08:ed:bb:df:81:ab:63:0b:5d:0c:
         5d:b9:cf:10:85:75:d0:52:86:4f:a8:09:3a:86:a6:01:d0:09:
         4f:39:3b:61:43:26:17:aa:93:cb:16:77:aa:ab:da:6e:84:96:
         31:26:58:4f:53:15:42:5b:b4:33:f5:ae:b4:e9:c4:1a:06:d8:
         d3:03:58:c9:38:93:bf:ca:b8:4a:ee:ba:19:1d:86:3b:56:88:
         f4:5b:33:6d:70:0a:40:39:c4:0c:d9:33:53:5b:0e:a5:10:a9:
         80:4a:1b:4d:7e:db:ea:84:d9:c0:0a:5d:67:8a:3a:45:61:b1:
         70:41:8c:4d:a0:3e:64:c6:b2:98:dc:b0:64:21:37:cc:f7:45:
         7a:37:5a:85:2b:88:58:00:83:fd:a1:91:9e:7f:f7:63:69:42:
         6c:a5:74:4d:34:74:8d:cf:27:ed:8d:7c:88:9d:e6:d2:55:56:
         c9:b3:79:0e:64:9e:5f:a6:a6:d0:0f:41:be:ae:d1:40:c6:85:
         6f:f0:9c:fa:4b:e8:38:17:54:2d:83:90:8a:ad:3c:33:53:7d:
         94:c6:59:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3sgyMBw1ICyochlww4CHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViOTVhOTRhZGFkM2EyODk2YzcyMDc0ZDY2N2MxYjYyMDc1
OTU4Y2IwHhcNMjQwMTAyMDYzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzFmZjQ4N2Q1NDRhN2NkYjgyMjA3MjE2ZGY1ZjBjMTRmN2RkYzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ//Kijq0B2XV1ci61RIpXucsNhU
hAKxoBTWGSDAyvM7rLRjiVDw4NTX3KqmBJk4PQ5up7JerMUrKNTeiuV8IcZD+Zum
k73CeRo62uYqV9YIQwZaqnJj/rvu0Rm0kkOX80Y3M8sMYUER0RlifKW8pO1hkVSz
KPq4kzqpzTqxz8J7i5jKOrI7tVKW+mlIn2ql1Q4uxlen26kLWoKFLL+Z4Y8MRnx6
DjWwRAp/BRmM1hIohf94O9vyx4aOR/UwIe19rqxRh4PTUWcTqSuUXZO/kQxAB2v+
hhiwvsnrRV685jlopMo+wUXeWjhoYm3Q18pQxR2nhA4Jum9yYVyWNmJY8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcf9IfVRKfNuCIHIW318MFPfdx2MB8GA1UdIwQY
MBaAFFuVqUra06KJbHIHTWZ8G2IHWVjLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzVXcFN0clRvb2xzY2dkTlpud2JZZ2RaV01zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS84Mzk5MjUtMTU1NS00ZmY2LWJjNDYt
N2ZlYWI0OGVlZTYxLzEvbHhfMGg5VkVwODI0SWdjaGJmWHd3VTk5M0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS84Mzk5MjUtMTU1NS00ZmY2LWJjNDYtN2ZlYWI0OGVlZTYx
LzEvVzVXcFN0clRvb2xzY2dkTlpud2JZZ2RaV01zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwe7gMA0G
CSqGSIb3DQEBCwUAA4IBAQBKYVOMpZoP1Tm8J/C9hyaQJQY03z9P+ioK34SnwWVC
tm+5KaAV4vvNGDThNQjtu9+Bq2MLXQxduc8QhXXQUoZPqAk6hqYB0AlPOTthQyYX
qpPLFneqq9puhJYxJlhPUxVCW7Qz9a606cQaBtjTA1jJOJO/yrhK7roZHYY7Voj0
WzNtcApAOcQM2TNTWw6lEKmAShtNftvqhNnACl1nijpFYbFwQYxNoD5kxrKY3LBk
ITfM90V6N1qFK4hYAIP9oZGef/djaUJspXRNNHSNzyftjXyInebSVVbJs3kOZJ5f
pqbQD0G+rtFAxoVv8Jz6S+g4F1Qtg5CKrTwzU32Uxllj
-----END CERTIFICATE-----