Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/lc-jaEB6XBidOb1DLz0JEk3OTng.roa
File:                     lc-jaEB6XBidOb1DLz0JEk3OTng.roa (raw, json)
Hash identifier:          ExRserzPVwnQ5hGh7M9MfQ6KnZQi0j9vRuaemxhaql4=
Subject key identifier:   95:CF:A3:68:40:7A:5C:18:9D:39:BD:43:2F:3D:09:12:4D:CE:4E:78
Certificate issuer:       /CN=a8539f9355d3eb778b1bb8ee2723326011a1229b
Certificate serial:       019256A927EBB85B1E2F2282A1A0114BC306
Authority key identifier: A8:53:9F:93:55:D3:EB:77:8B:1B:B8:EE:27:23:32:60:11:A1:22:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qFOfk1XT63eLG7juJyMyYBGhIps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/lc-jaEB6XBidOb1DLz0JEk3OTng.roa
Signing time:             Fri 04 Oct 2024 08:32:59 +0000
ROA not before:           Fri 04 Oct 2024 08:32:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        148.187.0.0/16 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/qFOfk1XT63eLG7juJyMyYBGhIps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/qFOfk1XT63eLG7juJyMyYBGhIps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qFOfk1XT63eLG7juJyMyYBGhIps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:56:a9:27:eb:b8:5b:1e:2f:22:82:a1:a0:11:4b:c3:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8539f9355d3eb778b1bb8ee2723326011a1229b
        Validity
            Not Before: Oct  4 08:32:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95cfa368407a5c189d39bd432f3d09124dce4e78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:9f:38:1a:fe:60:85:45:9a:96:02:c6:98:42:
                    1c:d0:a2:dd:86:2e:8f:59:cc:11:42:2e:85:50:df:
                    4f:3b:a0:91:ea:84:e5:e3:6d:6b:4e:e8:23:c4:34:
                    ad:04:e0:ca:07:5e:8c:58:95:25:01:81:1f:ec:6e:
                    96:d1:39:b8:e2:49:f2:9b:fa:c8:e9:bf:4b:12:20:
                    e2:a1:15:06:e7:a6:4a:70:84:c8:b2:be:2b:ca:2c:
                    43:a0:ee:4d:36:e4:64:7e:08:72:a4:c9:b0:9f:9d:
                    29:8a:82:62:fb:82:d1:42:00:06:34:a2:de:b2:2e:
                    30:4a:8a:02:49:e5:87:36:9a:2b:95:f2:0c:c0:81:
                    6b:ee:49:9a:52:b2:3a:d9:aa:14:6c:3a:d4:3f:43:
                    1e:f2:a8:5e:9d:a2:85:61:fe:70:6c:1e:5b:cd:56:
                    ae:a9:6b:7c:f8:df:aa:70:12:30:33:c5:8e:79:1f:
                    09:37:b9:fe:57:40:c4:62:4d:b1:c2:f1:da:57:7b:
                    42:d9:38:89:67:9f:32:a3:04:11:87:c5:7f:c7:d8:
                    d3:6a:73:8e:75:d9:61:ac:9a:2c:01:36:ac:31:69:
                    1c:d8:7c:82:f1:a4:ac:ee:b5:44:ec:e1:91:1b:a1:
                    26:dd:d1:ba:ee:05:b9:81:f4:0a:0a:be:cf:86:80:
                    7e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:CF:A3:68:40:7A:5C:18:9D:39:BD:43:2F:3D:09:12:4D:CE:4E:78
            X509v3 Authority Key Identifier:
                keyid:A8:53:9F:93:55:D3:EB:77:8B:1B:B8:EE:27:23:32:60:11:A1:22:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qFOfk1XT63eLG7juJyMyYBGhIps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/lc-jaEB6XBidOb1DLz0JEk3OTng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/4f8e76-59e5-40d1-a13e-71f4c47f506e/1/qFOfk1XT63eLG7juJyMyYBGhIps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.187.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1f:6b:da:ec:98:e0:6e:60:ee:d2:36:90:db:b4:d6:b0:d0:1f:
         0f:d0:30:5f:d8:f8:f6:73:6e:53:c5:36:91:a7:7b:48:01:32:
         5a:97:4a:8e:6c:6b:85:16:d4:ad:be:a7:d6:7e:09:fd:db:d0:
         8e:e1:9f:55:ec:76:fd:eb:03:d5:77:6a:d6:34:dd:44:ce:c9:
         f6:42:0d:7d:60:3d:c4:89:62:6e:49:28:d4:28:95:d0:eb:23:
         dc:2d:5a:db:eb:c7:f9:12:84:de:39:2b:43:1e:2a:89:e4:4a:
         9c:5a:cf:a1:e0:8e:54:2c:2b:d2:6b:d6:76:6b:dd:79:7e:e6:
         77:f0:e1:a1:de:5b:f8:85:e3:6b:2f:d0:01:4a:9d:0f:5f:e5:
         43:41:3a:e7:96:75:e4:b3:fa:34:0a:26:a6:08:1f:16:bf:f3:
         cb:61:e4:f2:72:4d:e8:82:99:33:f1:31:be:1a:42:0d:e5:d4:
         21:1c:f4:0a:7b:1c:a4:88:d3:49:cd:9e:75:f9:5d:8a:a6:e9:
         41:99:e5:b7:60:61:07:22:ee:e1:cd:64:c5:15:83:6b:4b:a0:
         3e:63:ca:00:33:14:a7:d3:43:86:12:ce:10:af:71:8d:32:b4:
         82:d8:4b:f6:6c:d3:c4:aa:70:41:f0:30:d5:0c:22:b3:be:67:
         dc:ae:c0:c4
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZJWqSfruFseLyKCoaARS8MGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NTM5ZjkzNTVkM2ViNzc4YjFiYjhlZTI3MjMzMjYwMTFh
MTIyOWIwHhcNMjQxMDA0MDgzMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWNmYTM2ODQwN2E1YzE4OWQzOWJkNDMyZjNkMDkxMjRkY2U0ZTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZ84Gv5ghUWalgLGmEIc0KLdhi6P
WcwRQi6FUN9PO6CR6oTl421rTugjxDStBODKB16MWJUlAYEf7G6W0Tm44knym/rI
6b9LEiDioRUG56ZKcITIsr4ryixDoO5NNuRkfghypMmwn50pioJi+4LRQgAGNKLe
si4wSooCSeWHNporlfIMwIFr7kmaUrI62aoUbDrUP0Me8qhenaKFYf5wbB5bzVau
qWt8+N+qcBIwM8WOeR8JN7n+V0DEYk2xwvHaV3tC2TiJZ58yowQRh8V/x9jTanOO
ddlhrJosATasMWkc2HyC8aSs7rVE7OGRG6Em3dG67gW5gfQKCr7PhoB+mwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJXPo2hAelwYnTm9Qy89CRJNzk54MB8GA1UdIwQY
MBaAFKhTn5NV0+t3ixu47icjMmARoSKbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUZPZmsxWFQ2M2VMRzdqdUp5TXlZQkdoSXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80ZjhlNzYtNTllNS00MGQxLWExM2Ut
NzFmNGM0N2Y1MDZlLzEvbGMtamFFQjZYQmlkT2IxREx6MEpFazNPVG5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80ZjhlNzYtNTllNS00MGQxLWExM2UtNzFmNGM0N2Y1MDZl
LzEvcUZPZmsxWFQ2M2VMRzdqdUp5TXlZQkdoSXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlLswDQYJ
KoZIhvcNAQELBQADggEBAB9r2uyY4G5g7tI2kNu01rDQHw/QMF/Y+PZzblPFNpGn
e0gBMlqXSo5sa4UW1K2+p9Z+Cf3b0I7hn1Xsdv3rA9V3atY03UTOyfZCDX1gPcSJ
Ym5JKNQoldDrI9wtWtvrx/kShN45K0MeKonkSpxaz6HgjlQsK9Jr1nZr3Xl+5nfw
4aHeW/iF42sv0AFKnQ9f5UNBOueWdeSz+jQKJqYIHxa/88th5PJyTeiCmTPxMb4a
Qg3l1CEc9Ap7HKSI00nNnnX5XYqm6UGZ5bdgYQci7uHNZMUVg2tLoD5jygAzFKfT
Q4YSzhCvcY0ytILYS/Zs08SqcEHwMNUMIrO+Z9yuwMQ=
-----END CERTIFICATE-----