Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/LSy4pwlxx6ifbllGQJDj8D7o8bU.roa
File:                     LSy4pwlxx6ifbllGQJDj8D7o8bU.roa (raw, json)
Hash identifier:          VlWSPvQ7mW3Gy9fHD3zUtzLx6zn5FCR5wnd8Mk9PMXI=
Subject key identifier:   2D:2C:B8:A7:09:71:C7:A8:9F:6E:59:46:40:90:E3:F0:3E:E8:F1:B5
Certificate issuer:       /CN=bc635876af1c7ef82411b404a70d88b7916509f6
Certificate serial:       01942521A7F8EEF4F088893DDCB3763A5E94
Authority key identifier: BC:63:58:76:AF:1C:7E:F8:24:11:B4:04:A7:0D:88:B7:91:65:09:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGNYdq8cfvgkEbQEpw2It5FlCfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/LSy4pwlxx6ifbllGQJDj8D7o8bU.roa
Signing time:             Thu 02 Jan 2025 03:49:10 +0000
ROA not before:           Thu 02 Jan 2025 03:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207388
IP address blocks:        91.237.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/vGNYdq8cfvgkEbQEpw2It5FlCfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/vGNYdq8cfvgkEbQEpw2It5FlCfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vGNYdq8cfvgkEbQEpw2It5FlCfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 00:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a7:f8:ee:f4:f0:88:89:3d:dc:b3:76:3a:5e:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc635876af1c7ef82411b404a70d88b7916509f6
        Validity
            Not Before: Jan  2 03:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d2cb8a70971c7a89f6e59464090e3f03ee8f1b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d4:ad:88:06:61:68:e8:ba:a8:bb:d0:a7:74:
                    0f:3a:0e:28:f6:3b:85:8d:48:86:19:0a:5b:97:9a:
                    24:41:19:e2:71:53:12:65:e3:6d:0f:bb:92:7b:4d:
                    de:7f:46:33:88:16:25:29:72:c5:dd:f0:c7:af:39:
                    9a:a7:37:7b:36:b9:ef:e0:69:53:d4:33:23:91:c9:
                    21:c7:1d:c2:fd:ba:35:e8:23:51:4a:74:8b:b8:60:
                    c8:86:e6:18:1e:65:6e:f5:db:c3:d9:78:94:ad:bb:
                    2d:eb:3b:f1:a1:38:73:14:90:e1:f0:e1:73:3a:3d:
                    4c:b1:14:7b:83:6b:3d:59:44:63:42:b2:ef:64:b7:
                    34:f0:6d:af:a2:f4:2d:a3:29:d1:57:52:8c:eb:da:
                    c1:75:d3:f9:18:5b:c3:5f:94:90:8b:c6:19:58:3d:
                    bf:d2:88:87:1b:35:9c:b6:3e:22:72:38:15:af:70:
                    c5:37:17:0c:d5:68:7f:f3:87:e0:29:97:be:e6:b9:
                    23:18:10:16:23:b4:bf:a3:2e:22:cd:c6:f7:63:e1:
                    e0:db:93:26:00:92:37:91:fa:14:00:da:6c:26:48:
                    b1:b4:fb:4d:1a:5a:d6:59:48:c8:22:a6:f3:eb:ce:
                    22:ed:2a:7d:5e:ca:f0:31:67:7d:e4:44:ad:78:9f:
                    57:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:2C:B8:A7:09:71:C7:A8:9F:6E:59:46:40:90:E3:F0:3E:E8:F1:B5
            X509v3 Authority Key Identifier:
                keyid:BC:63:58:76:AF:1C:7E:F8:24:11:B4:04:A7:0D:88:B7:91:65:09:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGNYdq8cfvgkEbQEpw2It5FlCfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/LSy4pwlxx6ifbllGQJDj8D7o8bU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/vGNYdq8cfvgkEbQEpw2It5FlCfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:bd:d9:46:c1:3c:8d:f4:ac:fe:0f:ac:8b:47:69:f9:88:7b:
         cd:36:d5:6d:ac:90:97:52:6e:46:3d:be:b8:02:c9:f3:76:a3:
         15:2c:45:0a:cd:82:11:f7:32:eb:07:b6:2d:16:1d:5d:75:2b:
         3c:0a:50:18:4a:ac:d5:67:fd:e8:44:73:6f:42:4b:c1:7a:da:
         69:e5:50:91:cd:6b:90:c1:24:0a:90:71:86:83:52:9a:22:96:
         df:5e:e3:72:3c:57:7a:bb:3e:3f:62:e6:69:e6:87:83:8f:d3:
         1f:ae:78:15:64:62:93:6c:8e:33:84:f9:12:13:30:3d:a3:1c:
         5f:07:39:a4:36:84:54:79:5b:e9:54:ce:92:2c:6d:b1:96:47:
         c4:3d:58:cd:f2:22:c0:9d:bc:da:d4:b0:06:55:d6:79:2b:49:
         e4:f8:51:10:93:32:81:6d:a3:ca:0e:8d:bb:db:66:00:21:00:
         02:21:5b:a7:68:4f:ae:fd:3a:e2:96:f4:11:da:d0:f0:6a:5f:
         97:36:b2:25:3e:46:61:2e:14:fc:0c:3f:64:0a:3b:0f:b7:99:
         e2:13:01:e1:33:62:dd:60:77:fc:cf:62:a0:2d:ee:ac:e5:94:
         43:6e:53:6f:84:8c:68:f8:ec:35:99:17:4d:c8:3b:98:5b:20:
         ff:c8:aa:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIaf47vTwiIk93LN2Ol6UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjM1ODc2YWYxYzdlZjgyNDExYjQwNGE3MGQ4OGI3OTE2
NTA5ZjYwHhcNMjUwMTAyMDM0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDJjYjhhNzA5NzFjN2E4OWY2ZTU5NDY0MDkwZTNmMDNlZThmMWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtStiAZhaOi6qLvQp3QPOg4o9juF
jUiGGQpbl5okQRnicVMSZeNtD7uSe03ef0YziBYlKXLF3fDHrzmapzd7Nrnv4GlT
1DMjkckhxx3C/bo16CNRSnSLuGDIhuYYHmVu9dvD2XiUrbst6zvxoThzFJDh8OFz
Oj1MsRR7g2s9WURjQrLvZLc08G2vovQtoynRV1KM69rBddP5GFvDX5SQi8YZWD2/
0oiHGzWctj4icjgVr3DFNxcM1Wh/84fgKZe+5rkjGBAWI7S/oy4izcb3Y+Hg25Mm
AJI3kfoUANpsJkixtPtNGlrWWUjIIqbz684i7Sp9XsrwMWd95ESteJ9XkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC0suKcJcceon25ZRkCQ4/A+6PG1MB8GA1UdIwQY
MBaAFLxjWHavHH74JBG0BKcNiLeRZQn2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdOWWRxOGNmdmdrRWJRRXB3Mkl0NUZsQ2ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8zYWQ0M2UtYTRkYi00NDY1LTgyYjUt
ZmZhZTIwNzAwZTkzLzEvTFN5NHB3bHh4NmlmYmxsR1FKRGo4RDdvOGJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8zYWQ0M2UtYTRkYi00NDY1LTgyYjUtZmZhZTIwNzAwZTkz
LzEvdkdOWWRxOGNmdmdrRWJRRXB3Mkl0NUZsQ2ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+2PMA0G
CSqGSIb3DQEBCwUAA4IBAQBzvdlGwTyN9Kz+D6yLR2n5iHvNNtVtrJCXUm5GPb64
AsnzdqMVLEUKzYIR9zLrB7YtFh1ddSs8ClAYSqzVZ/3oRHNvQkvBetpp5VCRzWuQ
wSQKkHGGg1KaIpbfXuNyPFd6uz4/YuZp5oeDj9MfrngVZGKTbI4zhPkSEzA9oxxf
BzmkNoRUeVvpVM6SLG2xlkfEPVjN8iLAnbza1LAGVdZ5K0nk+FEQkzKBbaPKDo27
22YAIQACIVunaE+u/TrilvQR2tDwal+XNrIlPkZhLhT8DD9kCjsPt5niEwHhM2Ld
YHf8z2KgLe6s5ZRDblNvhIxo+Ow1mRdNyDuYWyD/yKrH
-----END CERTIFICATE-----