Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/lqhk6biJphpkGni3g1hKEC0QD-U.roa
File:                     lqhk6biJphpkGni3g1hKEC0QD-U.roa (raw, json)
Hash identifier:          pdIj1ppEFRKV7mT0SvQQiypO7wLFPnX+6vRqTUfmDlo=
Subject key identifier:   96:A8:64:E9:B8:89:A6:1A:64:1A:78:B7:83:58:4A:10:2D:10:0F:E5
Certificate issuer:       /CN=5f99fde0d63b11b5c2dd816c0f93c2ea58350336
Certificate serial:       018CC3491BB01B669271526C481606867DD3
Authority key identifier: 5F:99:FD:E0:D6:3B:11:B5:C2:DD:81:6C:0F:93:C2:EA:58:35:03:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/lqhk6biJphpkGni3g1hKEC0QD-U.roa
Signing time:             Mon 01 Jan 2024 04:29:57 +0000
ROA not before:           Mon 01 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49409
IP address blocks:        185.81.14.0/23 maxlen: 23
                          178.22.96.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1b:b0:1b:66:92:71:52:6c:48:16:06:86:7d:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f99fde0d63b11b5c2dd816c0f93c2ea58350336
        Validity
            Not Before: Jan  1 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96a864e9b889a61a641a78b783584a102d100fe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ac:cb:ff:cf:6b:d0:77:d4:f9:31:ee:2b:17:
                    bf:4a:56:0e:2c:fd:98:c7:58:09:b0:12:dc:33:e2:
                    a0:8d:58:8f:1c:f8:e1:4c:9a:12:a6:33:3b:54:59:
                    3d:99:cf:93:53:a1:63:be:47:27:23:4a:da:7b:bd:
                    47:f6:36:c3:19:b1:b1:ee:7d:d0:5a:f7:fc:53:a9:
                    78:68:32:b0:bf:50:3f:91:bc:80:43:c2:1d:0e:77:
                    cc:3a:32:7a:ea:e9:79:f9:44:90:03:d5:b5:70:f0:
                    e1:cc:ea:8d:73:e0:0b:fd:40:74:bf:8c:b2:bc:35:
                    a7:bc:26:de:67:0f:d0:75:a3:9c:5c:82:96:36:2c:
                    13:35:70:be:6b:47:51:56:f2:2e:b2:d6:00:d2:88:
                    b8:21:ed:11:a3:ea:44:52:9f:be:2d:eb:b0:04:fd:
                    e6:c1:67:d6:40:02:6c:2a:35:de:07:b6:fb:54:4a:
                    74:38:13:f2:0a:99:fe:67:4b:d1:f4:09:74:bc:5a:
                    09:d1:f5:30:11:a3:06:e8:f4:54:01:0d:53:6f:bf:
                    9f:3b:36:df:25:1a:ba:e8:55:6a:32:f2:02:b9:ff:
                    45:61:dd:b2:2d:27:1e:ca:77:36:38:60:3e:85:c1:
                    0f:f5:30:58:0c:74:2b:89:7a:19:06:d5:8c:43:a7:
                    6c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:A8:64:E9:B8:89:A6:1A:64:1A:78:B7:83:58:4A:10:2D:10:0F:E5
            X509v3 Authority Key Identifier:
                keyid:5F:99:FD:E0:D6:3B:11:B5:C2:DD:81:6C:0F:93:C2:EA:58:35:03:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/lqhk6biJphpkGni3g1hKEC0QD-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.22.96.0/21
                  185.81.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:ce:a9:d5:4c:da:42:dd:ee:7b:bb:e5:54:f0:46:e5:5c:44:
         aa:59:17:64:7d:cb:f5:9b:31:17:4f:e3:45:7c:f7:2f:3e:50:
         ce:9a:1a:8a:15:f1:9f:22:17:ca:74:20:a8:ff:f9:c5:4b:1a:
         fc:97:93:c7:82:6e:a0:d1:d8:c3:b9:11:34:1d:92:84:e3:ac:
         63:19:20:24:37:8d:c9:ff:54:01:c5:c0:7d:ad:18:d6:81:17:
         1c:26:76:80:77:42:56:9f:df:5e:59:88:22:5f:d3:86:a5:ff:
         b3:ed:3d:77:a0:9b:e6:dc:48:93:4d:9f:60:e8:89:e9:27:0e:
         65:d3:aa:da:eb:16:95:0d:1c:21:84:50:66:76:d2:cd:3f:d9:
         13:26:85:ed:17:5e:1c:29:26:ed:68:f6:b0:e7:62:7e:aa:68:
         51:c2:31:33:96:dc:9b:03:5e:49:2a:8d:d7:24:25:8c:8b:44:
         27:75:93:b4:50:66:d0:29:25:cc:6a:77:1b:9c:33:0e:3f:5e:
         16:f7:94:6d:07:f9:a3:40:b9:27:bc:aa:b4:e0:8f:4f:fd:22:
         07:ad:60:fd:cb:85:7f:df:8b:d3:c9:2c:9e:3b:90:4c:0d:b9:
         a0:5e:4a:87:d2:98:0f:f6:44:f1:90:c0:4f:f7:03:b3:19:a5:
         5d:20:53:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSRuwG2aScVJsSBYGhn3TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTlmZGUwZDYzYjExYjVjMmRkODE2YzBmOTNjMmVhNTgz
NTAzMzYwHhcNMjQwMTAxMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmE4NjRlOWI4ODlhNjFhNjQxYTc4Yjc4MzU4NGExMDJkMTAwZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqzL/89r0HfU+THuKxe/SlYOLP2Y
x1gJsBLcM+KgjViPHPjhTJoSpjM7VFk9mc+TU6FjvkcnI0rae71H9jbDGbGx7n3Q
Wvf8U6l4aDKwv1A/kbyAQ8IdDnfMOjJ66ul5+USQA9W1cPDhzOqNc+AL/UB0v4yy
vDWnvCbeZw/QdaOcXIKWNiwTNXC+a0dRVvIustYA0oi4Ie0Ro+pEUp++LeuwBP3m
wWfWQAJsKjXeB7b7VEp0OBPyCpn+Z0vR9Al0vFoJ0fUwEaMG6PRUAQ1Tb7+fOzbf
JRq66FVqMvICuf9FYd2yLSceync2OGA+hcEP9TBYDHQriXoZBtWMQ6dspQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJaoZOm4iaYaZBp4t4NYShAtEA/lMB8GA1UdIwQY
MBaAFF+Z/eDWOxG1wt2BbA+TwupYNQM2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVuOTROWTdFYlhDM1lGc0Q1UEM2bGcxQXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9mMTE2ZDctODUxOS00OTI0LThkMWQt
NGM3N2Q2MDVhZmVjLzEvbHFoazZiaUpwaHBrR25pM2cxaEtFQzBRRC1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9mMTE2ZDctODUxOS00OTI0LThkMWQtNGM3N2Q2MDVhZmVj
LzEvWDVuOTROWTdFYlhDM1lGc0Q1UEM2bGcxQXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDshZgAwQB
uVEOMA0GCSqGSIb3DQEBCwUAA4IBAQAVzqnVTNpC3e57u+VU8EblXESqWRdkfcv1
mzEXT+NFfPcvPlDOmhqKFfGfIhfKdCCo//nFSxr8l5PHgm6g0djDuRE0HZKE46xj
GSAkN43J/1QBxcB9rRjWgRccJnaAd0JWn99eWYgiX9OGpf+z7T13oJvm3EiTTZ9g
6InpJw5l06ra6xaVDRwhhFBmdtLNP9kTJoXtF14cKSbtaPaw52J+qmhRwjEzltyb
A15JKo3XJCWMi0QndZO0UGbQKSXMancbnDMOP14W95RtB/mjQLknvKq04I9P/SIH
rWD9y4V/34vTySyeO5BMDbmgXkqH0pgP9kTxkMBP9wOzGaVdIFOt
-----END CERTIFICATE-----