Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/lmbwAZhJDvn3ZO9Nd9ocA69o5Tk.roa
File:                     lmbwAZhJDvn3ZO9Nd9ocA69o5Tk.roa (raw, json)
Hash identifier:          XALuM5FnZ30/lTx91fKvaxUPWaZ9C/OPZUWSocftb+Y=
Subject key identifier:   96:66:F0:01:98:49:0E:F9:F7:64:EF:4D:77:DA:1C:03:AF:68:E5:39
Certificate issuer:       /CN=955dbebbc1070b99e4fb372117df2620038603e9
Certificate serial:       0194258EE07CC26A7FF7CE9F077D8334F7E2
Authority key identifier: 95:5D:BE:BB:C1:07:0B:99:E4:FB:37:21:17:DF:26:20:03:86:03:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lV2-u8EHC5nk-zchF98mIAOGA-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/lmbwAZhJDvn3ZO9Nd9ocA69o5Tk.roa
Signing time:             Thu 02 Jan 2025 05:48:28 +0000
ROA not before:           Thu 02 Jan 2025 05:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10753
IP address blocks:        217.14.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/lV2-u8EHC5nk-zchF98mIAOGA-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/lV2-u8EHC5nk-zchF98mIAOGA-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lV2-u8EHC5nk-zchF98mIAOGA-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 02:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:e0:7c:c2:6a:7f:f7:ce:9f:07:7d:83:34:f7:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=955dbebbc1070b99e4fb372117df2620038603e9
        Validity
            Not Before: Jan  2 05:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9666f00198490ef9f764ef4d77da1c03af68e539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5d:f0:b5:59:82:04:bc:d5:2d:a2:6a:40:a5:
                    d9:8c:91:1f:f4:29:e3:e6:80:fc:fa:68:72:3e:f0:
                    15:15:32:40:e3:d2:b7:1d:81:a8:12:e4:a0:df:b1:
                    25:af:66:e5:b3:0f:02:c2:c2:a6:96:97:ae:c1:f0:
                    d7:c1:85:04:71:b9:b1:bc:4a:01:1e:fb:58:ad:36:
                    36:04:99:c9:e2:c7:7f:9d:7a:dc:8f:40:ca:58:e8:
                    71:54:3f:d5:5e:90:90:fe:14:e2:01:c4:a0:97:8a:
                    36:45:9c:55:c0:0f:9c:fc:d1:4e:2a:12:54:35:76:
                    c9:d2:8d:1b:46:8d:5a:ae:2d:bf:83:7f:d9:06:60:
                    18:d7:d6:61:2d:14:72:9e:38:d2:c9:39:7e:a2:4a:
                    87:3d:ab:c9:98:8e:60:4f:16:3b:63:6b:92:56:33:
                    c1:ae:18:d0:ab:d6:6c:f5:76:58:87:71:d1:31:09:
                    d8:33:a0:e2:2b:80:5d:b0:48:82:c4:fa:cf:93:57:
                    6b:73:68:d3:6a:ec:91:57:e5:4b:5d:fe:fd:9e:17:
                    03:9c:83:c3:e8:52:8d:a2:47:2a:79:9b:57:ec:ee:
                    7e:11:9b:f7:98:d7:3e:db:1d:24:50:a3:ee:df:8d:
                    f7:d5:0e:55:c9:c8:a9:b4:75:5d:df:a7:14:61:c4:
                    71:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:66:F0:01:98:49:0E:F9:F7:64:EF:4D:77:DA:1C:03:AF:68:E5:39
            X509v3 Authority Key Identifier:
                keyid:95:5D:BE:BB:C1:07:0B:99:E4:FB:37:21:17:DF:26:20:03:86:03:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lV2-u8EHC5nk-zchF98mIAOGA-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/lmbwAZhJDvn3ZO9Nd9ocA69o5Tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/ddac11-2e63-4aae-940f-023203947d9d/1/lV2-u8EHC5nk-zchF98mIAOGA-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.14.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:91:60:1c:f9:bd:85:70:83:e7:45:ce:9f:6c:70:ef:72:06:
         2a:2a:e1:20:cb:a2:7d:a5:6c:62:62:51:28:5f:46:c7:86:98:
         68:1d:21:1d:71:6a:e6:c2:02:03:8d:d4:72:f7:bd:79:f9:1c:
         5f:63:3b:38:9f:47:2f:0e:bb:13:c7:bd:61:af:50:7b:55:d7:
         d1:d1:f9:f0:e2:97:0b:8e:3b:1b:40:a0:f0:d2:af:40:24:e7:
         fa:76:80:58:22:c6:8a:ef:3e:c1:06:06:38:a6:33:ee:67:45:
         25:2f:b1:75:45:6d:fb:77:fd:d3:10:21:61:29:4b:52:44:14:
         d0:95:78:ce:e0:e9:0f:31:0c:93:b3:a8:d4:f6:39:40:9a:f5:
         2b:49:ef:34:e9:a3:cc:8a:43:52:e7:d0:3f:19:a7:8b:78:e9:
         1d:cd:ce:0c:67:db:50:59:f7:ff:65:8b:25:69:43:f1:b1:e7:
         aa:29:a4:1f:73:56:a5:8b:be:cf:d1:cd:db:d6:40:27:c9:f6:
         46:7d:d8:c1:2e:ea:73:15:10:4f:56:73:d6:5c:fa:a3:d5:eb:
         fd:3a:b3:4b:08:1e:37:7a:ff:62:3a:a2:c7:68:81:3e:3a:c4:
         71:67:04:98:9b:91:27:2e:f4:df:bd:86:1a:63:d5:d5:b9:29:
         44:38:85:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljuB8wmp/986fB32DNPfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NWRiZWJiYzEwNzBiOTllNGZiMzcyMTE3ZGYyNjIwMDM4
NjAzZTkwHhcNMjUwMTAyMDU0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjY2ZjAwMTk4NDkwZWY5Zjc2NGVmNGQ3N2RhMWMwM2FmNjhlNTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvl3wtVmCBLzVLaJqQKXZjJEf9Cnj
5oD8+mhyPvAVFTJA49K3HYGoEuSg37Elr2blsw8CwsKmlpeuwfDXwYUEcbmxvEoB
HvtYrTY2BJnJ4sd/nXrcj0DKWOhxVD/VXpCQ/hTiAcSgl4o2RZxVwA+c/NFOKhJU
NXbJ0o0bRo1ari2/g3/ZBmAY19ZhLRRynjjSyTl+okqHPavJmI5gTxY7Y2uSVjPB
rhjQq9Zs9XZYh3HRMQnYM6DiK4BdsEiCxPrPk1drc2jTauyRV+VLXf79nhcDnIPD
6FKNokcqeZtX7O5+EZv3mNc+2x0kUKPu34331Q5VyciptHVd36cUYcRx3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZm8AGYSQ7592TvTXfaHAOvaOU5MB8GA1UdIwQY
MBaAFJVdvrvBBwuZ5Ps3IRffJiADhgPpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFYyLXU4RUhDNW5rLXpjaEY5OG1JQU9HQS1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kZGFjMTEtMmU2My00YWFlLTk0MGYt
MDIzMjAzOTQ3ZDlkLzEvbG1id0FaaEpEdm4zWk85TmQ5b2NBNjlvNVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kZGFjMTEtMmU2My00YWFlLTk0MGYtMDIzMjAzOTQ3ZDlk
LzEvbFYyLXU4RUhDNW5rLXpjaEY5OG1JQU9HQS1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2Q54MA0G
CSqGSIb3DQEBCwUAA4IBAQBgkWAc+b2FcIPnRc6fbHDvcgYqKuEgy6J9pWxiYlEo
X0bHhphoHSEdcWrmwgIDjdRy9715+RxfYzs4n0cvDrsTx71hr1B7VdfR0fnw4pcL
jjsbQKDw0q9AJOf6doBYIsaK7z7BBgY4pjPuZ0UlL7F1RW37d/3TECFhKUtSRBTQ
lXjO4OkPMQyTs6jU9jlAmvUrSe806aPMikNS59A/GaeLeOkdzc4MZ9tQWff/ZYsl
aUPxseeqKaQfc1ali77P0c3b1kAnyfZGfdjBLupzFRBPVnPWXPqj1ev9OrNLCB43
ev9iOqLHaIE+OsRxZwSYm5EnLvTfvYYaY9XVuSlEOIXi
-----END CERTIFICATE-----