Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/238002-7dcc-44ac-8645-63177fb19abe/1/LIXLEvF_0n1irAVDtovpIRDGCFE.roa
File:                     LIXLEvF_0n1irAVDtovpIRDGCFE.roa (raw, json)
Hash identifier:          /eyS/79inTQmZR1HgLbn/58tLe9HbD4S0IuUUZmErNI=
Subject key identifier:   2C:85:CB:12:F1:7F:D2:7D:62:AC:05:43:B6:8B:E9:21:10:C6:08:51
Certificate issuer:       /CN=dc4f90a93dc9427855644903cb70c1f74b931786
Certificate serial:       01908A636BA8A994CE63E6CE320B9BBE8D3E
Authority key identifier: DC:4F:90:A9:3D:C9:42:78:55:64:49:03:CB:70:C1:F7:4B:93:17:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3E-QqT3JQnhVZEkDy3DB90uTF4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/238002-7dcc-44ac-8645-63177fb19abe/1/LIXLEvF_0n1irAVDtovpIRDGCFE.roa
Signing time:             Sat 06 Jul 2024 23:31:29 +0000
ROA not before:           Sat 06 Jul 2024 23:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        193.24.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/238002-7dcc-44ac-8645-63177fb19abe/1/3E-QqT3JQnhVZEkDy3DB90uTF4Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/238002-7dcc-44ac-8645-63177fb19abe/1/3E-QqT3JQnhVZEkDy3DB90uTF4Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3E-QqT3JQnhVZEkDy3DB90uTF4Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:8a:63:6b:a8:a9:94:ce:63:e6:ce:32:0b:9b:be:8d:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc4f90a93dc9427855644903cb70c1f74b931786
        Validity
            Not Before: Jul  6 23:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c85cb12f17fd27d62ac0543b68be92110c60851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b8:7c:84:28:9e:2c:d3:c2:d6:f7:a0:aa:68:
                    99:81:cb:62:eb:d0:37:93:02:4c:7e:ca:1a:df:2b:
                    5f:4d:75:83:70:ce:3c:48:a5:27:3a:c1:ea:1e:cb:
                    c8:20:38:7e:e0:05:41:b8:bd:6a:c3:40:c8:2b:da:
                    24:76:54:cc:38:4a:44:8f:a2:2b:a1:b3:39:c7:ec:
                    ad:7d:0f:cf:fb:88:03:1b:18:44:3c:ae:74:fb:86:
                    eb:13:57:3c:b4:7c:6e:73:cb:f7:7f:01:97:fa:2f:
                    0b:76:5f:8a:7a:6e:e2:22:ed:ca:3a:aa:ae:19:2c:
                    8a:5a:08:c8:9b:ee:50:71:93:cd:a7:77:af:c7:ea:
                    a7:31:b8:89:2d:2a:1d:77:69:79:c7:4c:09:1d:83:
                    20:ba:5f:d1:cb:d5:ef:ba:4b:38:43:78:22:a0:a1:
                    77:65:b7:ee:a5:d4:f3:b6:0f:ed:59:aa:98:05:26:
                    90:ce:20:ae:2c:0f:cb:e8:65:df:a6:01:51:51:e6:
                    a1:43:52:dd:8b:0a:e6:5e:7f:cc:c5:ea:24:6f:de:
                    ea:4b:6e:d2:9a:17:f0:92:9c:41:bf:53:25:d6:de:
                    65:de:5f:2b:ea:15:b2:a3:3e:06:4f:0c:f7:ae:87:
                    ad:91:91:ec:60:80:25:f2:97:62:57:73:46:6b:cc:
                    cb:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:85:CB:12:F1:7F:D2:7D:62:AC:05:43:B6:8B:E9:21:10:C6:08:51
            X509v3 Authority Key Identifier:
                keyid:DC:4F:90:A9:3D:C9:42:78:55:64:49:03:CB:70:C1:F7:4B:93:17:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3E-QqT3JQnhVZEkDy3DB90uTF4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/238002-7dcc-44ac-8645-63177fb19abe/1/LIXLEvF_0n1irAVDtovpIRDGCFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/238002-7dcc-44ac-8645-63177fb19abe/1/3E-QqT3JQnhVZEkDy3DB90uTF4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:d7:c1:7e:d1:88:53:56:5b:93:09:37:48:b3:9a:ca:ca:a4:
         42:8f:7e:fc:49:ea:fb:ec:94:c9:93:95:f6:52:e9:62:bf:2a:
         3c:64:96:30:b8:c3:b4:83:e2:b9:bb:98:b8:1c:1e:f5:5d:01:
         34:c0:30:f6:81:8e:ed:7c:3a:1e:dd:a8:8a:0f:34:53:ab:97:
         53:af:ef:1e:ee:a2:65:b8:d5:c2:7f:7a:c1:b8:b5:ec:d2:b8:
         6a:d8:a0:ed:70:5f:80:e9:8e:51:26:ff:18:be:f9:16:51:9f:
         4a:da:6c:10:fc:06:be:6b:8a:cc:2a:f4:76:f2:df:42:a0:58:
         7d:60:85:53:46:9f:37:ca:4c:df:76:c6:a6:63:21:9d:8b:24:
         49:36:17:dc:5a:37:7b:03:d5:65:9b:b2:7d:88:95:80:47:24:
         1d:7d:db:b1:80:79:8d:01:51:38:e3:ea:db:2c:03:a2:18:10:
         5e:85:79:dd:d3:71:41:bd:d3:9d:4f:f6:58:f0:64:c8:f5:64:
         cf:40:64:c9:14:68:eb:3a:27:ad:14:42:dd:bb:35:36:5b:14:
         06:5a:f2:2b:e2:4c:e6:d6:9e:32:0e:a3:0f:6b:a9:b1:b0:6a:
         de:9c:12:de:f7:a9:a4:9a:47:c4:00:03:9f:47:d2:34:7d:d7:
         9f:5e:d9:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCKY2uoqZTOY+bOMgubvo0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGY5MGE5M2RjOTQyNzg1NTY0NDkwM2NiNzBjMWY3NGI5
MzE3ODYwHhcNMjQwNzA2MjMzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzg1Y2IxMmYxN2ZkMjdkNjJhYzA1NDNiNjhiZTkyMTEwYzYwODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrh8hCieLNPC1vegqmiZgcti69A3
kwJMfsoa3ytfTXWDcM48SKUnOsHqHsvIIDh+4AVBuL1qw0DIK9okdlTMOEpEj6Ir
obM5x+ytfQ/P+4gDGxhEPK50+4brE1c8tHxuc8v3fwGX+i8Ldl+Kem7iIu3KOqqu
GSyKWgjIm+5QcZPNp3evx+qnMbiJLSodd2l5x0wJHYMgul/Ry9Xvuks4Q3gioKF3
ZbfupdTztg/tWaqYBSaQziCuLA/L6GXfpgFRUeahQ1LdiwrmXn/Mxeokb97qS27S
mhfwkpxBv1Ml1t5l3l8r6hWyoz4GTwz3roetkZHsYIAl8pdiV3NGa8zLbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCyFyxLxf9J9YqwFQ7aL6SEQxghRMB8GA1UdIwQY
MBaAFNxPkKk9yUJ4VWRJA8twwfdLkxeGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0UtUXFUM0pRbmhWWkVrRHkzREI5MHVURjRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yMzgwMDItN2RjYy00NGFjLTg2NDUt
NjMxNzdmYjE5YWJlLzEvTElYTEV2Rl8wbjFpckFWRHRvdnBJUkRHQ0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yMzgwMDItN2RjYy00NGFjLTg2NDUtNjMxNzdmYjE5YWJl
LzEvM0UtUXFUM0pRbmhWWkVrRHkzREI5MHVURjRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRh4MA0G
CSqGSIb3DQEBCwUAA4IBAQBF18F+0YhTVluTCTdIs5rKyqRCj378Ser77JTJk5X2
Uulivyo8ZJYwuMO0g+K5u5i4HB71XQE0wDD2gY7tfDoe3aiKDzRTq5dTr+8e7qJl
uNXCf3rBuLXs0rhq2KDtcF+A6Y5RJv8YvvkWUZ9K2mwQ/Aa+a4rMKvR28t9CoFh9
YIVTRp83ykzfdsamYyGdiyRJNhfcWjd7A9Vlm7J9iJWARyQdfduxgHmNAVE44+rb
LAOiGBBehXnd03FBvdOdT/ZY8GTI9WTPQGTJFGjrOietFELduzU2WxQGWvIr4kzm
1p4yDqMPa6mxsGrenBLe96mkmkfEAAOfR9I0fdefXtm9
-----END CERTIFICATE-----