Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/lvMeUxwjBWNwdWb6qADIHGHulGM.roa
File:                     lvMeUxwjBWNwdWb6qADIHGHulGM.roa (raw, json)
Hash identifier:          +bJT2RUUm/RKHucZk1Lk/oUQu6PlCQCIBC36z8qezgs=
Subject key identifier:   96:F3:1E:53:1C:23:05:63:70:75:66:FA:A8:00:C8:1C:61:EE:94:63
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       018CC8DECA75481D58F6BD9CE4C10E20EC6C
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/lvMeUxwjBWNwdWb6qADIHGHulGM.roa
Signing time:             Tue 02 Jan 2024 06:31:33 +0000
ROA not before:           Tue 02 Jan 2024 06:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9050
IP address blocks:        185.253.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ca:75:48:1d:58:f6:bd:9c:e4:c1:0e:20:ec:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Jan  2 06:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96f31e531c230563707566faa800c81c61ee9463
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d2:90:99:a4:84:fe:48:fc:48:62:8a:e3:6d:
                    22:13:21:8d:7a:b2:d4:bc:17:33:40:ee:a3:54:74:
                    3e:82:00:1c:41:1a:21:b8:a1:2d:3b:48:d4:9c:c4:
                    82:47:4a:58:f3:05:f0:e4:1c:f7:62:05:e4:6e:e4:
                    1d:95:0a:2d:7b:e3:d7:25:dc:45:bc:39:90:f6:52:
                    c4:e4:c8:7b:af:bb:d5:d8:a3:07:93:1b:4b:b3:2b:
                    b5:18:74:00:3a:86:9f:02:32:27:d8:93:5a:f2:3b:
                    87:d8:61:f0:94:d4:e0:04:5b:32:87:c9:b0:ab:cf:
                    48:44:6f:ba:b0:bf:c5:99:c1:cb:ed:0f:16:2d:43:
                    7c:56:67:5e:7a:ff:bd:df:e2:e7:c2:1b:7f:49:17:
                    b8:e9:fa:3e:1e:21:fd:69:98:89:96:c1:bc:5e:c2:
                    e9:0e:cc:e1:9d:3c:57:79:dc:79:68:19:87:c3:88:
                    83:2b:0c:1a:52:c6:76:a2:da:f2:d7:96:b5:d5:bc:
                    4b:0e:19:72:00:a2:be:68:fc:37:07:f9:df:30:c4:
                    de:f0:84:a2:ec:fe:05:ef:bc:8a:4f:a9:58:ea:f0:
                    28:0e:b5:7a:49:ec:d3:69:e4:62:b3:1e:2a:98:35:
                    aa:95:d0:17:20:4d:7d:bd:9f:eb:a8:c6:0b:fa:e3:
                    dd:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:F3:1E:53:1C:23:05:63:70:75:66:FA:A8:00:C8:1C:61:EE:94:63
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/lvMeUxwjBWNwdWb6qADIHGHulGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:d1:2b:eb:dc:af:ea:46:50:4f:a9:0a:07:8b:9a:b1:65:94:
         ce:95:20:54:60:f0:86:53:72:59:39:3c:c7:f9:a5:b3:07:a6:
         f0:0d:2b:d3:41:2a:86:57:b5:c7:7a:31:4d:ea:bd:1e:4c:11:
         76:1b:48:cd:0a:b7:68:d2:81:32:bb:d6:5a:f9:58:24:b2:1e:
         af:17:e9:89:7f:d9:06:c4:9c:da:6b:4e:1a:83:75:28:4b:1a:
         53:11:da:72:80:2d:51:21:4f:dd:84:c9:ad:63:39:45:04:61:
         d0:1e:cd:5c:cd:3c:bb:94:ec:ad:db:70:a0:22:b1:04:83:d2:
         e6:7f:a1:aa:bf:7b:f0:6a:10:0e:8d:72:7e:a1:a2:7c:d0:f9:
         1c:6c:fe:e5:c7:15:73:16:80:42:fc:b2:52:66:18:2c:f4:ad:
         2d:b6:f5:3a:4c:7b:a0:40:57:a5:1f:b0:cb:7d:13:4a:9e:cc:
         f7:5b:01:a9:ad:4a:dd:1e:0d:b6:07:1d:9d:dc:dc:49:65:7a:
         e1:89:96:29:7e:5a:e1:0d:c6:44:29:9c:f1:ee:93:f6:86:71:
         bd:30:0a:3d:76:e4:1f:ff:ee:79:1e:e3:9c:da:aa:f9:4a:34:
         d3:e7:4d:19:68:41:58:51:97:a9:07:44:4a:12:8a:28:78:2e:
         58:1a:66:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3sp1SB1Y9r2c5MEOIOxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjQwMTAyMDYzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmYzMWU1MzFjMjMwNTYzNzA3NTY2ZmFhODAwYzgxYzYxZWU5NDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9KQmaSE/kj8SGKK420iEyGNerLU
vBczQO6jVHQ+ggAcQRohuKEtO0jUnMSCR0pY8wXw5Bz3YgXkbuQdlQote+PXJdxF
vDmQ9lLE5Mh7r7vV2KMHkxtLsyu1GHQAOoafAjIn2JNa8juH2GHwlNTgBFsyh8mw
q89IRG+6sL/FmcHL7Q8WLUN8Vmdeev+93+Lnwht/SRe46fo+HiH9aZiJlsG8XsLp
DszhnTxXedx5aBmHw4iDKwwaUsZ2otry15a11bxLDhlyAKK+aPw3B/nfMMTe8ISi
7P4F77yKT6lY6vAoDrV6SezTaeRisx4qmDWqldAXIE19vZ/rqMYL+uPdlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbzHlMcIwVjcHVm+qgAyBxh7pRjMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvbHZNZVV4d2pCV053ZFdiNnFBRElIR0h1bEdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf0GMA0G
CSqGSIb3DQEBCwUAA4IBAQBS0Svr3K/qRlBPqQoHi5qxZZTOlSBUYPCGU3JZOTzH
+aWzB6bwDSvTQSqGV7XHejFN6r0eTBF2G0jNCrdo0oEyu9Za+Vgksh6vF+mJf9kG
xJzaa04ag3UoSxpTEdpygC1RIU/dhMmtYzlFBGHQHs1czTy7lOyt23CgIrEEg9Lm
f6Gqv3vwahAOjXJ+oaJ80PkcbP7lxxVzFoBC/LJSZhgs9K0ttvU6THugQFelH7DL
fRNKnsz3WwGprUrdHg22Bx2d3NxJZXrhiZYpflrhDcZEKZzx7pP2hnG9MAo9duQf
/+55HuOc2qr5SjTT500ZaEFYUZepB0RKEoooeC5YGmZ4
-----END CERTIFICATE-----