Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/lrzLgb0RoAdnvBiV4BjVuyfJosc.roa
File:                     lrzLgb0RoAdnvBiV4BjVuyfJosc.roa (raw, json)
Hash identifier:          dSGKCXtKFQ3gNnPv9wTgMDWyzF+qIKrilFUK/IEojXI=
Subject key identifier:   96:BC:CB:81:BD:11:A0:07:67:BC:18:95:E0:18:D5:BB:27:C9:A2:C7
Certificate issuer:       /CN=23446da7a70bce773ec2bc1655aae30c3c18412c
Certificate serial:       019256BC39829FF2A93A8EDA3ED8D02F4254
Authority key identifier: 23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/lrzLgb0RoAdnvBiV4BjVuyfJosc.roa
Signing time:             Fri 04 Oct 2024 08:53:48 +0000
ROA not before:           Fri 04 Oct 2024 08:53:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395954
IP address blocks:        171.22.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:56:bc:39:82:9f:f2:a9:3a:8e:da:3e:d8:d0:2f:42:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23446da7a70bce773ec2bc1655aae30c3c18412c
        Validity
            Not Before: Oct  4 08:53:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96bccb81bd11a00767bc1895e018d5bb27c9a2c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:60:d4:f5:68:77:7b:9b:0b:97:d6:a8:c6:79:
                    b2:16:4a:63:68:18:e3:0f:63:f9:a4:9b:f4:00:c9:
                    36:0d:74:d4:c9:7d:f0:46:2f:f9:40:31:4e:97:ad:
                    a9:c2:ed:57:3e:8e:66:78:e3:83:b6:67:1a:95:e8:
                    0e:31:2f:a4:60:a1:85:16:b4:d7:a3:00:d7:38:1e:
                    8a:14:e7:a7:81:07:73:05:ad:18:f0:c2:32:cc:53:
                    7a:c3:e1:19:0a:9e:67:1c:64:d4:96:ef:59:24:79:
                    4b:6f:d2:93:0d:de:44:c9:3b:ec:37:b5:e5:b9:64:
                    d6:0c:ab:8d:15:7a:b4:90:07:bb:db:4d:a2:92:81:
                    4e:1b:d4:b0:af:5d:77:23:55:0b:80:66:ba:99:29:
                    77:58:d6:c8:57:70:74:61:68:98:6f:92:17:ef:d4:
                    de:ed:7d:b0:8b:d0:1d:60:64:19:27:ab:29:fa:07:
                    f5:b2:b7:b1:87:e9:b7:9c:23:4f:db:99:d1:51:b8:
                    de:f3:d0:8c:27:db:8b:83:cc:81:b3:ee:92:7c:a6:
                    76:88:bb:39:e5:0a:35:ed:75:32:b8:52:a1:36:5e:
                    47:fa:6d:92:07:23:fc:57:97:11:b2:0c:5c:73:6d:
                    55:cb:10:21:d4:12:0d:67:80:f1:36:ff:16:6f:b7:
                    2c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:BC:CB:81:BD:11:A0:07:67:BC:18:95:E0:18:D5:BB:27:C9:A2:C7
            X509v3 Authority Key Identifier:
                keyid:23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/lrzLgb0RoAdnvBiV4BjVuyfJosc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:b5:c8:ce:a1:75:5f:cd:ac:f0:7e:e1:bd:91:bf:55:29:6c:
         92:30:be:34:bb:0d:45:8e:5b:84:68:5c:63:70:07:96:48:1a:
         2c:13:1f:65:51:b0:21:84:6b:6e:49:52:52:2f:aa:3c:09:ff:
         be:10:12:c4:f0:a8:54:fa:ad:89:18:26:ef:0b:b6:66:a2:c8:
         0e:78:e2:fd:f6:ad:8c:be:d3:d2:3f:64:74:bf:a0:b1:09:ad:
         e6:f4:a4:e2:f0:70:a9:01:61:82:0a:b6:f6:74:71:70:e2:12:
         33:46:ce:a3:4e:47:76:26:a1:9a:b5:2c:b2:3e:70:e6:4e:30:
         91:f5:e5:1f:f1:a9:13:6c:23:1c:9f:ee:53:78:69:09:1e:cc:
         33:78:39:88:f7:72:82:91:8f:3b:ac:9b:72:cc:77:d6:93:63:
         45:f5:33:47:8d:04:9d:95:fc:9d:70:2e:38:a5:a5:38:9c:0a:
         7b:52:80:dd:32:95:8a:be:63:05:2e:75:3b:1f:82:7d:7c:f7:
         7a:d8:d4:8a:bf:13:7a:6b:e4:14:8c:47:4b:40:b7:1d:bd:94:
         97:f7:33:e0:42:f9:bd:5b:d7:cb:e5:94:27:7e:27:d9:0a:8f:
         a8:c0:f9:ce:b9:4e:73:58:33:35:ee:86:ea:63:b9:8e:48:52:
         9b:4b:19:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJWvDmCn/KpOo7aPtjQL0JUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNDQ2ZGE3YTcwYmNlNzczZWMyYmMxNjU1YWFlMzBjM2Mx
ODQxMmMwHhcNMjQxMDA0MDg1MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmJjY2I4MWJkMTFhMDA3NjdiYzE4OTVlMDE4ZDViYjI3YzlhMmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGDU9Wh3e5sLl9aoxnmyFkpjaBjj
D2P5pJv0AMk2DXTUyX3wRi/5QDFOl62pwu1XPo5meOODtmcalegOMS+kYKGFFrTX
owDXOB6KFOengQdzBa0Y8MIyzFN6w+EZCp5nHGTUlu9ZJHlLb9KTDd5EyTvsN7Xl
uWTWDKuNFXq0kAe7202ikoFOG9Swr113I1ULgGa6mSl3WNbIV3B0YWiYb5IX79Te
7X2wi9AdYGQZJ6sp+gf1srexh+m3nCNP25nRUbje89CMJ9uLg8yBs+6SfKZ2iLs5
5Qo17XUyuFKhNl5H+m2SByP8V5cRsgxcc21VyxAh1BINZ4DxNv8Wb7cs5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJa8y4G9EaAHZ7wYleAY1bsnyaLHMB8GA1UdIwQY
MBaAFCNEbaenC853PsK8FlWq4ww8GEEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQt
MjVjYzlkNmNmYmI5LzEvbHJ6TGdiMFJvQWRudkJpVjRCalZ1eWZKb3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQtMjVjYzlkNmNmYmI5
LzEvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxa/MA0G
CSqGSIb3DQEBCwUAA4IBAQB/tcjOoXVfzazwfuG9kb9VKWySML40uw1FjluEaFxj
cAeWSBosEx9lUbAhhGtuSVJSL6o8Cf++EBLE8KhU+q2JGCbvC7ZmosgOeOL99q2M
vtPSP2R0v6CxCa3m9KTi8HCpAWGCCrb2dHFw4hIzRs6jTkd2JqGatSyyPnDmTjCR
9eUf8akTbCMcn+5TeGkJHswzeDmI93KCkY87rJtyzHfWk2NF9TNHjQSdlfydcC44
paU4nAp7UoDdMpWKvmMFLnU7H4J9fPd62NSKvxN6a+QUjEdLQLcdvZSX9zPgQvm9
W9fL5ZQnfifZCo+owPnOuU5zWDM17obqY7mOSFKbSxnp
-----END CERTIFICATE-----