Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/LJGytq9N5LZAfsPYy6Q-7xTDnFQ.roa
File:                     LJGytq9N5LZAfsPYy6Q-7xTDnFQ.roa (raw, json)
Hash identifier:          L8DANG0AVQkhh+LlhVF97AUo2a9H2Thg2+BhZTsZc9s=
Subject key identifier:   2C:91:B2:B6:AF:4D:E4:B6:40:7E:C3:D8:CB:A4:3E:EF:14:C3:9C:54
Certificate issuer:       /CN=6f3030a4b67f95c2fed902d56657faa2494b5129
Certificate serial:       019420684BD9C7E1994D5FA29757521510A3
Authority key identifier: 6F:30:30:A4:B6:7F:95:C2:FE:D9:02:D5:66:57:FA:A2:49:4B:51:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/LJGytq9N5LZAfsPYy6Q-7xTDnFQ.roa
Signing time:             Wed 01 Jan 2025 05:48:13 +0000
ROA not before:           Wed 01 Jan 2025 05:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58
IP address blocks:        93.88.72.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4b:d9:c7:e1:99:4d:5f:a2:97:57:52:15:10:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f3030a4b67f95c2fed902d56657faa2494b5129
        Validity
            Not Before: Jan  1 05:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c91b2b6af4de4b6407ec3d8cba43eef14c39c54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:21:c9:01:b6:4c:6f:7b:3c:6e:07:40:9a:88:
                    0c:38:80:0f:1d:57:53:37:2e:b7:99:71:e6:86:69:
                    b5:9e:94:e8:85:8e:59:f7:b6:5a:db:65:0b:de:de:
                    77:c4:2e:ef:ec:29:84:72:4f:f6:7a:f9:cd:93:9e:
                    05:53:1f:87:0c:7c:a6:95:c0:70:46:f8:c9:ca:6a:
                    44:96:3a:cb:5f:83:4b:13:40:09:6f:26:91:8e:4a:
                    ce:e8:5b:6b:8d:6f:60:cd:90:25:40:51:de:a1:a7:
                    74:95:98:95:73:23:e3:35:b8:b2:5c:3f:fe:2d:60:
                    40:fe:29:cb:87:3e:1d:ad:c5:99:e3:4a:6d:24:06:
                    c6:89:b2:26:28:12:46:da:c6:dd:51:e9:bc:3d:04:
                    70:e5:c2:b3:af:f2:2a:49:ea:75:56:b2:8d:f6:44:
                    52:21:04:87:d5:d4:95:3f:ce:b2:ae:53:dd:6d:5b:
                    1b:59:65:b8:51:97:fd:6a:39:67:01:82:69:a6:d4:
                    60:32:de:c6:30:60:60:15:b8:a4:14:89:94:db:55:
                    7c:23:08:61:5e:6a:ec:15:c6:49:a9:db:46:96:e5:
                    d3:0c:20:88:ec:a0:1b:3b:e7:76:e7:5f:51:42:ed:
                    fb:a1:14:f2:68:65:d3:d5:ef:d5:cc:63:0d:8f:90:
                    05:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:91:B2:B6:AF:4D:E4:B6:40:7E:C3:D8:CB:A4:3E:EF:14:C3:9C:54
            X509v3 Authority Key Identifier:
                keyid:6F:30:30:A4:B6:7F:95:C2:FE:D9:02:D5:66:57:FA:A2:49:4B:51:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/LJGytq9N5LZAfsPYy6Q-7xTDnFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.88.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:c9:4c:92:82:41:a9:c9:40:2b:21:4b:21:65:3f:ee:d2:a2:
         a7:f6:9f:ea:df:e3:fb:38:4a:d7:d5:a7:a7:de:d6:7b:6d:6b:
         06:f1:3a:51:84:49:3e:54:eb:a8:b6:69:99:8b:19:f4:3b:f2:
         0c:b5:61:3b:a8:26:d5:51:c5:99:d1:20:e1:8e:b3:cc:b4:43:
         65:02:78:46:a0:9e:1d:33:90:f0:3e:cf:fa:ad:67:dc:38:71:
         d2:c1:88:cb:8f:71:8d:f5:26:b1:e5:f3:c8:bb:36:0e:3d:e4:
         13:4e:cb:e7:52:86:1c:d8:8a:0d:81:67:56:c6:2d:7d:97:9b:
         5e:c9:fa:38:21:30:70:73:ae:bf:d3:59:e1:25:81:a2:db:bd:
         43:59:f2:7d:60:ac:03:44:b3:d2:22:c9:cc:13:37:50:32:02:
         0e:fc:60:85:df:76:38:5c:19:70:2c:de:c8:98:dd:46:a7:dd:
         1e:9d:0c:99:d0:8f:f2:20:6a:e9:00:1b:f5:13:46:88:dc:bd:
         29:df:14:72:c6:63:0c:7b:6b:37:9e:1f:2c:90:ca:22:ed:9a:
         eb:e7:d7:fa:fb:4e:fd:f0:af:f2:2b:a5:1c:1f:17:f4:0c:81:
         ea:5c:91:a1:3c:b2:b0:da:6e:e2:46:db:00:3d:10:ff:3f:00:
         fa:45:40:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaEvZx+GZTV+il1dSFRCjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMzAzMGE0YjY3Zjk1YzJmZWQ5MDJkNTY2NTdmYWEyNDk0
YjUxMjkwHhcNMjUwMTAxMDU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzkxYjJiNmFmNGRlNGI2NDA3ZWMzZDhjYmE0M2VlZjE0YzM5YzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyHJAbZMb3s8bgdAmogMOIAPHVdT
Ny63mXHmhmm1npTohY5Z97Za22UL3t53xC7v7CmEck/2evnNk54FUx+HDHymlcBw
RvjJympEljrLX4NLE0AJbyaRjkrO6FtrjW9gzZAlQFHeoad0lZiVcyPjNbiyXD/+
LWBA/inLhz4drcWZ40ptJAbGibImKBJG2sbdUem8PQRw5cKzr/IqSep1VrKN9kRS
IQSH1dSVP86yrlPdbVsbWWW4UZf9ajlnAYJpptRgMt7GMGBgFbikFImU21V8Iwhh
XmrsFcZJqdtGluXTDCCI7KAbO+d2519RQu37oRTyaGXT1e/VzGMNj5AFPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCyRsravTeS2QH7D2MukPu8Uw5xUMB8GA1UdIwQY
MBaAFG8wMKS2f5XC/tkC1WZX+qJJS1EpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnpBd3BMWl9sY0wtMlFMVlpsZjZva2xMVVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yYjk5YTMtZGQ1Zi00ZmZlLTgyZWYt
YmYzYjIxYTI3MGYyLzEvTEpHeXRxOU41TFpBZnNQWXk2US03eFREbkZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yYjk5YTMtZGQ1Zi00ZmZlLTgyZWYtYmYzYjIxYTI3MGYy
LzEvYnpBd3BMWl9sY0wtMlFMVlpsZjZva2xMVVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXVhIMA0G
CSqGSIb3DQEBCwUAA4IBAQBWyUySgkGpyUArIUshZT/u0qKn9p/q3+P7OErX1aen
3tZ7bWsG8TpRhEk+VOuotmmZixn0O/IMtWE7qCbVUcWZ0SDhjrPMtENlAnhGoJ4d
M5DwPs/6rWfcOHHSwYjLj3GN9Sax5fPIuzYOPeQTTsvnUoYc2IoNgWdWxi19l5te
yfo4ITBwc66/01nhJYGi271DWfJ9YKwDRLPSIsnMEzdQMgIO/GCF33Y4XBlwLN7I
mN1Gp90enQyZ0I/yIGrpABv1E0aI3L0p3xRyxmMMe2s3nh8skMoi7Zrr59f6+079
8K/yK6UcHxf0DIHqXJGhPLKw2m7iRtsAPRD/PwD6RUAl
-----END CERTIFICATE-----