Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/LkN4qMLmZa3r3JoBZM5u1Gja6r0.roa
File:                     LkN4qMLmZa3r3JoBZM5u1Gja6r0.roa (raw, json)
Hash identifier:          Orn0OZqn+7ofawOcNzVnOAVEFVwk3t+vplZ7mfvJ4xI=
Subject key identifier:   2E:43:78:A8:C2:E6:65:AD:EB:DC:9A:01:64:CE:6E:D4:68:DA:EA:BD
Certificate issuer:       /CN=d67618d34179c3ea52330264a1964187b23cdd24
Certificate serial:       018CC64A4BF475DF2EE6057F2AD695A5603E
Authority key identifier: D6:76:18:D3:41:79:C3:EA:52:33:02:64:A1:96:41:87:B2:3C:DD:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nYY00F5w-pSMwJkoZZBh7I83SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/LkN4qMLmZa3r3JoBZM5u1Gja6r0.roa
Signing time:             Mon 01 Jan 2024 18:30:07 +0000
ROA not before:           Mon 01 Jan 2024 18:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62313
IP address blocks:        185.168.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/1nYY00F5w-pSMwJkoZZBh7I83SQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/1nYY00F5w-pSMwJkoZZBh7I83SQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nYY00F5w-pSMwJkoZZBh7I83SQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:4b:f4:75:df:2e:e6:05:7f:2a:d6:95:a5:60:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d67618d34179c3ea52330264a1964187b23cdd24
        Validity
            Not Before: Jan  1 18:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e4378a8c2e665adebdc9a0164ce6ed468daeabd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:18:42:a6:7f:94:33:d9:7c:55:80:6a:68:7a:
                    9a:68:e5:fd:a5:54:97:f6:45:c2:e5:29:36:67:b0:
                    05:5a:ab:f7:8f:8c:6c:7e:e4:37:83:c9:20:86:06:
                    b7:4a:81:42:f4:6b:09:70:cc:e1:76:a6:b8:1c:79:
                    56:f7:14:bc:ac:4d:32:8e:da:3a:80:11:88:19:2f:
                    de:eb:c8:24:26:9c:00:ac:a7:62:21:60:c0:52:51:
                    80:85:44:d6:d2:d3:53:30:34:d3:5f:bc:ce:5b:73:
                    46:d1:50:a6:30:c2:f0:71:93:de:c4:6f:6f:81:ad:
                    de:ed:90:17:a2:71:ca:f8:8b:fb:a3:e9:7f:b7:a6:
                    12:48:9d:08:df:89:76:77:a9:f0:9d:3d:0b:f5:85:
                    90:a4:43:b1:e1:3f:87:0a:63:07:3c:2d:57:5e:72:
                    67:b5:a7:9d:28:b2:ae:51:fa:35:41:96:01:4d:0f:
                    6e:09:fb:a1:f4:a3:f8:4c:4b:d0:ed:c3:cf:57:45:
                    2e:0e:09:66:02:91:63:6a:90:a8:85:2a:d1:ce:de:
                    6b:b0:db:3a:21:7a:cb:84:f9:e2:f2:b7:83:82:31:
                    d2:9c:eb:ac:0c:e4:83:96:1e:b1:fc:a3:d9:70:be:
                    ca:87:1c:58:47:84:ed:4a:ab:eb:70:5c:66:37:3d:
                    21:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:43:78:A8:C2:E6:65:AD:EB:DC:9A:01:64:CE:6E:D4:68:DA:EA:BD
            X509v3 Authority Key Identifier:
                keyid:D6:76:18:D3:41:79:C3:EA:52:33:02:64:A1:96:41:87:B2:3C:DD:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nYY00F5w-pSMwJkoZZBh7I83SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/LkN4qMLmZa3r3JoBZM5u1Gja6r0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/1nYY00F5w-pSMwJkoZZBh7I83SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:93:dd:a3:71:be:19:3c:93:e8:17:da:46:1f:74:58:9d:bc:
         cf:be:50:4f:dd:86:a5:fd:3e:65:f0:ff:83:f7:cf:4f:3c:d7:
         4f:25:bb:63:5d:4c:91:ca:96:af:85:97:83:34:dd:e3:36:37:
         25:c5:f4:fa:d3:3e:81:98:32:29:2d:52:4d:8c:7f:4c:6f:36:
         ab:0c:df:cc:8d:ba:7e:2b:ad:3f:6b:96:a0:3c:41:32:ca:3d:
         ef:01:f6:ba:ff:74:68:7d:c0:9b:5b:61:e2:e6:5b:83:5a:c7:
         a5:92:67:20:31:e7:95:f4:21:48:6b:a6:f7:d4:6f:2a:09:7a:
         53:01:1e:a6:d8:06:9d:a3:b5:b3:f5:13:64:24:fe:ae:17:f4:
         0f:4d:e3:44:d2:fc:21:d0:4a:70:3f:7c:30:6c:41:23:b3:e4:
         7d:64:0c:e4:5c:73:dd:d3:24:65:b6:b4:84:13:14:f7:e8:32:
         34:95:45:c1:32:e9:14:95:a4:59:11:ba:c9:14:bb:14:28:5c:
         27:04:e0:16:e7:14:6f:63:97:9f:d8:48:26:b3:38:a4:50:eb:
         91:4f:78:80:08:71:dc:e5:36:6e:29:0d:06:c7:73:97:9b:3e:
         2e:6c:e8:f1:06:c8:22:80:45:8f:54:5f:d6:94:7c:ea:b1:4b:
         36:f6:9a:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSkv0dd8u5gV/KtaVpWA+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzYxOGQzNDE3OWMzZWE1MjMzMDI2NGExOTY0MTg3YjIz
Y2RkMjQwHhcNMjQwMTAxMTgzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTQzNzhhOGMyZTY2NWFkZWJkYzlhMDE2NGNlNmVkNDY4ZGFlYWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBhCpn+UM9l8VYBqaHqaaOX9pVSX
9kXC5Sk2Z7AFWqv3j4xsfuQ3g8kghga3SoFC9GsJcMzhdqa4HHlW9xS8rE0yjto6
gBGIGS/e68gkJpwArKdiIWDAUlGAhUTW0tNTMDTTX7zOW3NG0VCmMMLwcZPexG9v
ga3e7ZAXonHK+Iv7o+l/t6YSSJ0I34l2d6nwnT0L9YWQpEOx4T+HCmMHPC1XXnJn
taedKLKuUfo1QZYBTQ9uCfuh9KP4TEvQ7cPPV0UuDglmApFjapCohSrRzt5rsNs6
IXrLhPni8reDgjHSnOusDOSDlh6x/KPZcL7KhxxYR4TtSqvrcFxmNz0hfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5DeKjC5mWt69yaAWTObtRo2uq9MB8GA1UdIwQY
MBaAFNZ2GNNBecPqUjMCZKGWQYeyPN0kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5ZWTAwRjV3LXBTTXdKa29aWkJoN0k4M1NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My80N2Y1MTMtNzZkYi00YTYxLWIxYmUt
NzRkYzgzODZkYzZhLzEvTGtONHFNTG1aYTNyM0pvQlpNNXUxR2phNnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My80N2Y1MTMtNzZkYi00YTYxLWIxYmUtNzRkYzgzODZkYzZh
LzEvMW5ZWTAwRjV3LXBTTXdKa29aWkJoN0k4M1NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuagAMA0G
CSqGSIb3DQEBCwUAA4IBAQCSk92jcb4ZPJPoF9pGH3RYnbzPvlBP3Yal/T5l8P+D
989PPNdPJbtjXUyRypavhZeDNN3jNjclxfT60z6BmDIpLVJNjH9MbzarDN/Mjbp+
K60/a5agPEEyyj3vAfa6/3RofcCbW2Hi5luDWselkmcgMeeV9CFIa6b31G8qCXpT
AR6m2Aado7Wz9RNkJP6uF/QPTeNE0vwh0EpwP3wwbEEjs+R9ZAzkXHPd0yRltrSE
ExT36DI0lUXBMukUlaRZEbrJFLsUKFwnBOAW5xRvY5ef2EgmszikUOuRT3iACHHc
5TZuKQ0Gx3OXmz4ubOjxBsgigEWPVF/WlHzqsUs29prM
-----END CERTIFICATE-----