Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/LgJzXa3xS73sERAxBxtag5k1Tjs.roa
File:                     LgJzXa3xS73sERAxBxtag5k1Tjs.roa (raw, json)
Hash identifier:          iu95ONtduTtI/FrTz2W4Tg8MIyeml9oGI6nwimOAwbM=
Subject key identifier:   2E:02:73:5D:AD:F1:4B:BD:EC:11:10:31:07:1B:5A:83:99:35:4E:3B
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       018D9BCA7EA2A802959A2B3E46D1B084553F
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/LgJzXa3xS73sERAxBxtag5k1Tjs.roa
Signing time:             Mon 12 Feb 2024 05:29:15 +0000
ROA not before:           Mon 12 Feb 2024 05:29:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212093
IP address blocks:        45.151.138.0/24 maxlen: 24
                          194.113.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9b:ca:7e:a2:a8:02:95:9a:2b:3e:46:d1:b0:84:55:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Feb 12 05:29:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e02735dadf14bbdec111031071b5a8399354e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:44:df:08:75:cf:59:86:40:cb:c5:66:7b:c8:
                    f0:e1:b6:74:b8:fa:5c:d9:3a:ce:64:32:de:9a:8f:
                    04:c3:ba:06:25:32:7b:3c:99:fa:43:65:7b:c0:b7:
                    49:dc:53:bb:d4:44:0b:36:99:9c:9a:b4:5d:73:2d:
                    8a:eb:fd:03:5e:d2:0b:17:cd:11:01:f6:1a:70:77:
                    ef:7f:80:e8:0b:11:ce:a2:16:49:64:f3:8c:5e:c6:
                    95:3f:65:40:02:ef:48:f1:ca:30:af:98:f1:2e:77:
                    17:8d:80:1c:88:92:3a:67:55:49:91:51:bc:19:5f:
                    3c:12:47:4a:50:60:1e:d1:aa:f4:a5:f8:82:18:ce:
                    4e:5d:5a:61:58:f8:32:f6:94:3f:48:5c:6b:30:c3:
                    66:da:8e:50:31:da:37:67:d1:e1:64:3b:bd:a8:79:
                    b8:e5:bb:59:24:f7:7e:db:d9:db:e7:f5:55:9a:9a:
                    30:a3:53:f6:a2:08:e0:de:a5:9d:92:13:84:b8:d7:
                    f4:6c:38:8a:94:bf:49:33:eb:76:b0:26:17:70:75:
                    44:8f:40:9f:03:db:ed:26:9b:cd:6d:27:d6:a7:3e:
                    79:5a:f5:37:c9:55:7d:5c:ce:b4:0d:0f:f3:8c:51:
                    fb:b0:2c:a4:6e:7d:ef:8c:a3:88:6f:79:bd:2c:bf:
                    cd:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:02:73:5D:AD:F1:4B:BD:EC:11:10:31:07:1B:5A:83:99:35:4E:3B
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/LgJzXa3xS73sERAxBxtag5k1Tjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.138.0/24
                  194.113.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:10:25:f6:2a:74:49:1a:e6:85:7b:b4:2d:12:89:e3:0d:a9:
         2b:f8:31:db:94:67:91:9b:8f:15:25:c7:ab:65:d4:c1:09:a2:
         7c:60:fa:d0:07:06:12:30:e1:eb:2b:06:2c:3f:1b:d3:b0:bd:
         b2:20:76:7c:37:f4:73:9d:fb:00:b9:3a:ac:ca:12:a1:ec:80:
         d7:ec:33:86:a9:7c:eb:6f:c4:0b:5f:d2:81:28:e1:42:c3:14:
         b1:2e:99:a8:70:21:93:18:7e:df:90:10:ca:5d:79:a9:b2:88:
         eb:5a:86:bc:88:42:a5:d0:b0:a6:ba:b6:df:6c:19:71:f5:aa:
         be:dd:57:73:ca:ce:93:61:16:dd:b2:a2:da:73:c8:74:87:16:
         81:52:d9:6f:d9:f9:c5:98:ed:ac:22:18:e5:ab:c2:8c:3f:3f:
         a2:af:7f:f1:f4:d0:19:a7:dc:b5:24:d0:2f:c2:0a:13:8d:f2:
         08:47:c9:32:dd:16:e5:bb:fc:ad:30:92:fc:d8:e3:19:eb:e1:
         da:68:f6:e2:32:f6:9f:1d:dd:29:80:d8:55:46:1c:ae:9a:b4:
         66:4e:d0:6e:84:0b:61:aa:00:ca:eb:31:06:bf:7a:1f:17:2b:
         c4:ef:df:fe:6b:d2:22:43:51:d6:67:4e:09:43:b5:62:60:6b:
         ae:3c:5f:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2byn6iqAKVmis+RtGwhFU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQwMjEyMDUyOTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTAyNzM1ZGFkZjE0YmJkZWMxMTEwMzEwNzFiNWE4Mzk5MzU0ZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlETfCHXPWYZAy8Vme8jw4bZ0uPpc
2TrOZDLemo8Ew7oGJTJ7PJn6Q2V7wLdJ3FO71EQLNpmcmrRdcy2K6/0DXtILF80R
AfYacHfvf4DoCxHOohZJZPOMXsaVP2VAAu9I8cowr5jxLncXjYAciJI6Z1VJkVG8
GV88EkdKUGAe0ar0pfiCGM5OXVphWPgy9pQ/SFxrMMNm2o5QMdo3Z9HhZDu9qHm4
5btZJPd+29nb5/VVmpowo1P2ogjg3qWdkhOEuNf0bDiKlL9JM+t2sCYXcHVEj0Cf
A9vtJpvNbSfWpz55WvU3yVV9XM60DQ/zjFH7sCykbn3vjKOIb3m9LL/NxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC4Cc12t8Uu97BEQMQcbWoOZNU47MB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvTGdKelhhM3hTNzNzRVJBeEJ4dGFnNWsxVGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZeKAwQA
wnFpMA0GCSqGSIb3DQEBCwUAA4IBAQCZECX2KnRJGuaFe7QtEonjDakr+DHblGeR
m48VJcerZdTBCaJ8YPrQBwYSMOHrKwYsPxvTsL2yIHZ8N/RznfsAuTqsyhKh7IDX
7DOGqXzrb8QLX9KBKOFCwxSxLpmocCGTGH7fkBDKXXmpsojrWoa8iEKl0LCmurbf
bBlx9aq+3Vdzys6TYRbdsqLac8h0hxaBUtlv2fnFmO2sIhjlq8KMPz+ir3/x9NAZ
p9y1JNAvwgoTjfIIR8ky3Rblu/ytMJL82OMZ6+HaaPbiMvafHd0pgNhVRhyumrRm
TtBuhAthqgDK6zEGv3ofFyvE79/+a9IiQ1HWZ04JQ7ViYGuuPF8D
-----END CERTIFICATE-----