Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/lixJMjo5-_bNmfYtadlmrrGpsCg.roa
File:                     lixJMjo5-_bNmfYtadlmrrGpsCg.roa (raw, json)
Hash identifier:          OW5E61Tvo1LN0X4Q2KSxHXhfLjcuHjhFHfnXTwr/DjA=
Subject key identifier:   96:2C:49:32:3A:39:FB:F6:CD:99:F6:2D:69:D9:66:AE:B1:A9:B0:28
Certificate issuer:       /CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
Certificate serial:       0194266BBB43F8BD99478645606A76CB13C2
Authority key identifier: A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/lixJMjo5-_bNmfYtadlmrrGpsCg.roa
Signing time:             Thu 02 Jan 2025 09:49:41 +0000
ROA not before:           Thu 02 Jan 2025 09:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210911
IP address blocks:        81.95.192.0/24 maxlen: 24
                          81.95.193.0/24 maxlen: 24
                          81.95.194.0/24 maxlen: 24
                          81.95.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:bb:43:f8:bd:99:47:86:45:60:6a:76:cb:13:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
        Validity
            Not Before: Jan  2 09:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=962c49323a39fbf6cd99f62d69d966aeb1a9b028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:02:cf:d8:c1:ef:88:46:95:e8:5b:d1:b7:30:
                    c9:b1:42:4c:e9:54:14:e2:ce:ce:93:8b:e8:2c:ff:
                    c6:93:f4:ed:d3:12:85:c8:c8:f4:f2:a9:18:08:45:
                    25:40:ce:34:63:8c:66:25:ba:38:32:b5:74:49:76:
                    e7:a4:db:91:cb:99:41:3c:8d:ef:6b:a3:be:cd:9c:
                    fd:a9:75:ce:c7:2f:39:94:37:79:95:7a:61:40:da:
                    ad:fd:f1:37:5b:12:72:8a:4d:99:7e:6a:9b:1c:df:
                    a6:75:a3:20:f2:c6:e8:e3:3b:57:ae:95:18:6c:aa:
                    c4:d0:9e:3f:66:74:e5:c6:f3:df:05:15:db:87:80:
                    76:84:4c:2f:5c:0b:ab:94:a5:26:93:92:19:44:68:
                    43:ef:6f:24:95:5a:40:1a:b7:21:28:17:98:01:c0:
                    80:a8:da:ff:07:1f:6a:16:c5:bb:15:0a:5a:78:fd:
                    8b:fb:2f:4f:40:fe:46:f6:19:8a:ce:13:dc:03:54:
                    0a:90:36:8e:76:73:6f:50:95:da:f1:76:8c:9a:18:
                    63:5b:05:4b:35:15:9f:e7:43:df:80:a0:62:ff:e7:
                    95:8c:21:78:63:1f:c3:c6:05:0e:fe:64:00:ca:2f:
                    ec:7e:96:49:b5:56:f8:70:ad:68:3b:20:1e:70:18:
                    88:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:2C:49:32:3A:39:FB:F6:CD:99:F6:2D:69:D9:66:AE:B1:A9:B0:28
            X509v3 Authority Key Identifier:
                keyid:A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/lixJMjo5-_bNmfYtadlmrrGpsCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.95.192.0-81.95.194.255
                  81.95.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:ce:12:1e:b7:db:3b:ed:7e:b1:c2:93:7c:a3:ed:e2:c9:d2:
         13:4c:b3:84:8a:d3:a9:4e:05:06:5b:f4:1f:79:45:18:f6:d5:
         3c:dc:dc:b3:f2:f9:53:7b:bc:db:2e:b0:3b:0c:dc:ad:bd:3a:
         01:22:2d:35:52:60:1f:48:52:83:bf:e6:97:88:20:eb:31:38:
         fd:98:b6:9b:97:6f:4f:25:e3:b1:66:cc:d0:55:c3:c2:66:2c:
         e3:ed:f0:ab:a4:83:59:41:0c:8a:da:3a:e7:d5:2d:5c:9a:63:
         ab:d4:d9:46:ae:06:43:5d:b8:b1:d0:8a:03:23:31:b0:dd:80:
         9a:55:09:b9:3a:ef:84:50:69:5f:58:b5:c9:52:cf:39:fb:b3:
         c0:a4:bb:aa:e9:eb:be:c2:94:24:6d:ee:08:ad:92:eb:73:c3:
         aa:ee:a2:22:27:64:97:61:8e:b9:71:79:28:8b:94:d8:a7:9f:
         db:a1:50:9a:e9:7d:29:ec:20:89:3a:eb:8a:d2:d3:89:16:cb:
         ed:45:0d:b9:eb:5f:75:b2:a1:2e:f9:54:bb:7d:a7:88:e4:80:
         66:a3:1a:a4:eb:ca:9b:a7:43:fb:c4:f7:65:46:4e:ff:8c:6b:
         26:6b:1d:8c:a4:fa:66:dd:db:3c:79:32:23:80:18:3e:0f:2d:
         c3:d2:57:8f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQma7tD+L2ZR4ZFYGp2yxPCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ODI0MzA4YmM4M2I0ZWU1NmYxYzBjMWI5ZmJmYzMxMWIw
Y2Q0NGEwHhcNMjUwMTAyMDk0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjJjNDkzMjNhMzlmYmY2Y2Q5OWY2MmQ2OWQ5NjZhZWIxYTliMDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgLP2MHviEaV6FvRtzDJsUJM6VQU
4s7Ok4voLP/Gk/Tt0xKFyMj08qkYCEUlQM40Y4xmJbo4MrV0SXbnpNuRy5lBPI3v
a6O+zZz9qXXOxy85lDd5lXphQNqt/fE3WxJyik2ZfmqbHN+mdaMg8sbo4ztXrpUY
bKrE0J4/ZnTlxvPfBRXbh4B2hEwvXAurlKUmk5IZRGhD728klVpAGrchKBeYAcCA
qNr/Bx9qFsW7FQpaeP2L+y9PQP5G9hmKzhPcA1QKkDaOdnNvUJXa8XaMmhhjWwVL
NRWf50PfgKBi/+eVjCF4Yx/DxgUO/mQAyi/sfpZJtVb4cK1oOyAecBiIwwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJYsSTI6Ofv2zZn2LWnZZq6xqbAoMB8GA1UdIwQY
MBaAFKSCQwi8g7TuVvHAwbn7/DEbDNRKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1Yzkt
MTk2ZTZmMzc1ZmQ2LzEvbGl4Sk1qbzUtX2JObWZZdGFkbG1yckdwc0NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1YzktMTk2ZTZmMzc1ZmQ2
LzEvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAZRX8AD
BABRX8IDBABRX8QwDQYJKoZIhvcNAQELBQADggEBAGrOEh632zvtfrHCk3yj7eLJ
0hNMs4SK06lOBQZb9B95RRj21Tzc3LPy+VN7vNsusDsM3K29OgEiLTVSYB9IUoO/
5peIIOsxOP2YtpuXb08l47FmzNBVw8JmLOPt8Kukg1lBDIraOufVLVyaY6vU2Uau
BkNduLHQigMjMbDdgJpVCbk674RQaV9YtclSzzn7s8Cku6rp677ClCRt7gitkutz
w6ruoiInZJdhjrlxeSiLlNinn9uhUJrpfSnsIIk664rS04kWy+1FDbnrX3WyoS75
VLt9p4jkgGajGqTrypunQ/vE92VGTv+MayZrHYyk+mbd2zx5MiOAGD4PLcPSV48=
-----END CERTIFICATE-----