Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LrSfmd566QVvOwlLMC7zxomrY2U.roa
File:                     LrSfmd566QVvOwlLMC7zxomrY2U.roa (raw, json)
Hash identifier:          D8GvLGRRDlZDMo5CMCIaQSfZFiIRPV//N8nuX77Gdio=
Subject key identifier:   2E:B4:9F:99:DE:7A:E9:05:6F:3B:09:4B:30:2E:F3:C6:89:AB:63:65
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       018CC56EB51014480F167ED9532FE186A145
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LrSfmd566QVvOwlLMC7zxomrY2U.roa
Signing time:             Mon 01 Jan 2024 14:30:16 +0000
ROA not before:           Mon 01 Jan 2024 14:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48430
IP address blocks:        195.95.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b5:10:14:48:0f:16:7e:d9:53:2f:e1:86:a1:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 14:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2eb49f99de7ae9056f3b094b302ef3c689ab6365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:36:ac:bf:83:b3:e0:59:95:4b:ed:ff:25:e9:
                    2e:75:ef:1b:72:05:b0:a6:04:f5:46:c3:71:15:3c:
                    a6:13:58:84:c9:63:2f:b1:95:53:05:ba:1f:0e:2a:
                    7f:11:59:8e:41:98:99:e6:35:a1:62:19:1a:17:90:
                    f8:86:07:8c:6f:7c:eb:19:8a:f4:e6:f7:ac:6b:f4:
                    eb:cb:27:75:82:58:98:9a:b6:12:68:5f:98:11:49:
                    f5:9e:a5:e6:d4:4c:21:59:91:d8:af:9d:07:f9:d1:
                    d1:99:0c:43:7e:12:3c:07:13:80:1a:d4:e5:3a:c8:
                    90:56:02:4e:fe:12:2e:85:dd:55:04:90:4b:60:8b:
                    ea:89:73:39:fb:fb:92:db:84:92:1e:cc:48:60:65:
                    64:31:d3:dd:2b:4c:0f:b2:87:8a:53:93:1d:50:e2:
                    bd:14:35:25:95:b4:7b:a7:26:21:97:33:b0:e0:10:
                    bd:5b:09:7b:14:92:88:50:e7:20:92:8c:2f:9d:8a:
                    96:26:7b:cc:4d:3b:b3:ae:5f:f2:4d:71:23:fb:e3:
                    64:83:a7:cc:5c:bc:4c:ec:3b:4f:1e:91:31:8e:d6:
                    1c:06:9d:7c:e3:38:ce:99:61:ae:c5:76:26:1e:83:
                    cc:43:9d:33:69:02:c3:48:2c:7b:c7:2b:68:b8:a9:
                    5f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B4:9F:99:DE:7A:E9:05:6F:3B:09:4B:30:2E:F3:C6:89:AB:63:65
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LrSfmd566QVvOwlLMC7zxomrY2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:51:f2:dd:e9:c9:d4:31:fa:6a:9f:ea:41:07:10:2e:70:a6:
         79:91:91:35:82:e2:d3:d0:ec:da:a6:47:d3:6e:c6:f6:66:d3:
         bf:e9:51:b4:9f:81:11:8c:e2:b0:69:40:26:f9:61:ca:5b:42:
         04:81:69:de:c5:b3:12:a3:5c:3d:70:b3:1f:8c:12:6f:1d:2b:
         49:4a:a7:9b:94:8e:16:a1:c4:85:7d:bf:47:3d:83:08:75:b7:
         ef:a9:5d:58:6a:9c:81:08:12:d6:07:b8:1d:ab:8b:3d:5a:5c:
         12:a5:72:b0:bc:98:ca:9a:61:fb:7a:bb:cb:04:3c:08:aa:61:
         f4:dd:80:29:2d:5d:a6:ae:ca:f7:03:95:29:8f:a6:4d:7e:2e:
         8c:c2:a3:a0:93:f7:f7:3e:8e:6e:97:51:e9:2a:8f:ac:98:56:
         2b:dc:f6:a8:73:cc:ed:67:e3:bb:ec:b3:2c:44:c6:57:42:4a:
         ae:fa:09:c3:42:02:b1:01:25:fd:6b:c9:8b:1b:df:78:5c:10:
         b0:d8:bd:d1:29:db:e8:3f:50:64:9d:b7:ff:f2:4f:71:0d:1e:
         ed:76:08:c9:01:84:6f:e6:e0:14:f6:69:9b:10:7a:dd:48:d6:
         92:1b:22:1e:49:83:6a:e7:da:26:bb:f1:87:c5:3c:22:f5:e3:
         b7:3f:6d:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrUQFEgPFn7ZUy/hhqFFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjQwMTAxMTQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWI0OWY5OWRlN2FlOTA1NmYzYjA5NGIzMDJlZjNjNjg5YWI2MzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTasv4Oz4FmVS+3/Jekude8bcgWw
pgT1RsNxFTymE1iEyWMvsZVTBbofDip/EVmOQZiZ5jWhYhkaF5D4hgeMb3zrGYr0
5vesa/Tryyd1gliYmrYSaF+YEUn1nqXm1EwhWZHYr50H+dHRmQxDfhI8BxOAGtTl
OsiQVgJO/hIuhd1VBJBLYIvqiXM5+/uS24SSHsxIYGVkMdPdK0wPsoeKU5MdUOK9
FDUllbR7pyYhlzOw4BC9Wwl7FJKIUOcgkowvnYqWJnvMTTuzrl/yTXEj++Nkg6fM
XLxM7DtPHpExjtYcBp184zjOmWGuxXYmHoPMQ50zaQLDSCx7xytouKlfNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC60n5neeukFbzsJSzAu88aJq2NlMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvTHJTZm1kNTY2UVZ2T3dsTE1DN3p4b21yWTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1/MMA0G
CSqGSIb3DQEBCwUAA4IBAQA/UfLd6cnUMfpqn+pBBxAucKZ5kZE1guLT0OzapkfT
bsb2ZtO/6VG0n4ERjOKwaUAm+WHKW0IEgWnexbMSo1w9cLMfjBJvHStJSqeblI4W
ocSFfb9HPYMIdbfvqV1YapyBCBLWB7gdq4s9WlwSpXKwvJjKmmH7ervLBDwIqmH0
3YApLV2mrsr3A5Upj6ZNfi6MwqOgk/f3Po5ul1HpKo+smFYr3Paoc8ztZ+O77LMs
RMZXQkqu+gnDQgKxASX9a8mLG994XBCw2L3RKdvoP1Bknbf/8k9xDR7tdgjJAYRv
5uAU9mmbEHrdSNaSGyIeSYNq59omu/GHxTwi9eO3P232
-----END CERTIFICATE-----