Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/LAadCzCXSmxGBLyHFXGlsMUBllM.roa
File:                     LAadCzCXSmxGBLyHFXGlsMUBllM.roa (raw, json)
Hash identifier:          RHDggl9DR/TGEbVzBsCtbqYC4E3yIR/ilKZ0EW+A5vo=
Subject key identifier:   2C:06:9D:0B:30:97:4A:6C:46:04:BC:87:15:71:A5:B0:C5:01:96:53
Certificate issuer:       /CN=a5abc43afced72fb92778728bee571c678f53853
Certificate serial:       018E79AED75D6294F45CB3930DFA920501FA
Authority key identifier: A5:AB:C4:3A:FC:ED:72:FB:92:77:87:28:BE:E5:71:C6:78:F5:38:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/LAadCzCXSmxGBLyHFXGlsMUBllM.roa
Signing time:             Tue 26 Mar 2024 07:34:45 +0000
ROA not before:           Tue 26 Mar 2024 07:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        83.97.56.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:79:ae:d7:5d:62:94:f4:5c:b3:93:0d:fa:92:05:01:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5abc43afced72fb92778728bee571c678f53853
        Validity
            Not Before: Mar 26 07:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c069d0b30974a6c4604bc871571a5b0c5019653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:72:83:9d:c4:01:7b:bd:98:24:48:c2:84:c1:
                    5d:d7:f5:63:30:54:55:63:a5:f5:20:8d:fe:dc:0a:
                    89:f6:4d:ee:7c:03:e1:48:da:e8:87:ee:fb:33:7d:
                    aa:f0:21:ef:77:f6:42:47:26:06:65:b9:27:49:e8:
                    68:0b:95:81:e8:89:56:01:ef:2f:ff:00:63:f5:2b:
                    a8:ff:60:9a:6a:b3:c7:03:0c:f9:65:67:ef:1b:29:
                    a6:55:f4:99:1e:a0:42:82:2a:71:0a:49:37:43:e0:
                    d6:f5:c1:fb:91:e1:48:46:e4:ab:03:1d:e4:98:f3:
                    81:90:a6:84:33:32:eb:e3:53:54:93:38:6f:50:98:
                    2e:f1:0d:7e:d0:9a:1d:58:28:6a:da:a1:1a:e1:7c:
                    d6:7e:17:30:3c:bb:eb:6c:aa:3e:6c:b2:1b:7a:ab:
                    12:02:9b:52:b1:91:ff:a9:01:3e:bc:fa:7a:8c:fe:
                    d0:33:9e:8a:fe:4b:c7:e2:95:58:51:72:ac:de:76:
                    c2:eb:9e:be:61:69:18:9a:aa:15:5f:b8:ce:39:23:
                    9a:e8:c6:bf:03:2b:fb:e3:89:c8:0f:54:c0:92:89:
                    7e:a5:00:74:fb:c1:5f:8f:9d:54:a6:f9:d8:cd:cc:
                    2a:1a:23:72:55:2c:7d:1a:2d:01:42:64:ce:b1:7d:
                    f2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:06:9D:0B:30:97:4A:6C:46:04:BC:87:15:71:A5:B0:C5:01:96:53
            X509v3 Authority Key Identifier:
                keyid:A5:AB:C4:3A:FC:ED:72:FB:92:77:87:28:BE:E5:71:C6:78:F5:38:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pavEOvztcvuSd4covuVxxnj1OFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/LAadCzCXSmxGBLyHFXGlsMUBllM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e9b76a-10b3-47c0-a517-b5e91fc65051/1/pavEOvztcvuSd4covuVxxnj1OFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         15:95:94:b1:a7:fb:bf:ad:54:c0:da:cb:57:b7:52:83:0e:14:
         5b:56:84:b5:86:54:2f:d1:74:f5:5c:a1:f0:5a:a7:da:7d:e1:
         fb:9f:17:53:1e:89:14:3a:b7:7b:bb:c7:be:49:f0:1f:a9:fc:
         99:ed:78:cb:73:1b:96:3a:b7:d6:75:50:07:10:4b:3c:ce:fb:
         cd:47:15:9d:d7:71:68:aa:de:59:8c:87:13:99:2f:57:8e:51:
         4b:fc:e2:f6:c8:7e:9b:19:95:7d:2a:9b:03:1c:fe:2d:07:f6:
         25:7d:f6:0f:64:e6:6e:3c:f2:ce:66:48:7f:e0:a2:20:f2:48:
         2b:62:5f:f2:32:de:57:78:fc:70:70:4b:61:f7:af:b5:d1:71:
         8f:82:b3:80:4f:79:57:08:35:7a:44:b1:ff:29:31:63:1f:ce:
         87:97:74:1a:74:90:47:5d:39:a5:05:b2:36:62:98:11:1b:83:
         ea:6b:9f:00:19:d3:e7:14:00:66:8f:80:16:ac:f1:f2:4e:b6:
         68:b3:b9:d2:ed:b8:ef:ce:28:f6:4c:fa:2d:76:b4:c7:f0:14:
         f0:db:bd:42:b0:93:52:b7:6f:0b:d1:7e:5e:e2:3c:37:aa:87:
         6b:68:a8:0f:12:4f:79:a4:96:51:1e:4b:b7:ac:70:40:d8:7c:
         7a:f0:bd:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY55rtddYpT0XLOTDfqSBQH6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWJjNDNhZmNlZDcyZmI5Mjc3ODcyOGJlZTU3MWM2Nzhm
NTM4NTMwHhcNMjQwMzI2MDczNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzA2OWQwYjMwOTc0YTZjNDYwNGJjODcxNTcxYTViMGM1MDE5NjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnKDncQBe72YJEjChMFd1/VjMFRV
Y6X1II3+3AqJ9k3ufAPhSNroh+77M32q8CHvd/ZCRyYGZbknSehoC5WB6IlWAe8v
/wBj9Suo/2CaarPHAwz5ZWfvGymmVfSZHqBCgipxCkk3Q+DW9cH7keFIRuSrAx3k
mPOBkKaEMzLr41NUkzhvUJgu8Q1+0JodWChq2qEa4XzWfhcwPLvrbKo+bLIbeqsS
AptSsZH/qQE+vPp6jP7QM56K/kvH4pVYUXKs3nbC656+YWkYmqoVX7jOOSOa6Ma/
Ayv744nID1TAkol+pQB0+8Ffj51UpvnYzcwqGiNyVSx9Gi0BQmTOsX3y+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwGnQswl0psRgS8hxVxpbDFAZZTMB8GA1UdIwQY
MBaAFKWrxDr87XL7kneHKL7lccZ49ThTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGF2RU92enRjdnVTZDRjb3Z1Vnh4bmoxT0ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9lOWI3NmEtMTBiMy00N2MwLWE1MTct
YjVlOTFmYzY1MDUxLzEvTEFhZEN6Q1hTbXhHQkx5SEZYR2xzTVVCbGxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9lOWI3NmEtMTBiMy00N2MwLWE1MTctYjVlOTFmYzY1MDUx
LzEvcGF2RU92enRjdnVTZDRjb3Z1Vnh4bmoxT0ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDU2E4MA0G
CSqGSIb3DQEBCwUAA4IBAQAVlZSxp/u/rVTA2stXt1KDDhRbVoS1hlQv0XT1XKHw
WqfafeH7nxdTHokUOrd7u8e+SfAfqfyZ7XjLcxuWOrfWdVAHEEs8zvvNRxWd13Fo
qt5ZjIcTmS9XjlFL/OL2yH6bGZV9KpsDHP4tB/YlffYPZOZuPPLOZkh/4KIg8kgr
Yl/yMt5XePxwcEth96+10XGPgrOAT3lXCDV6RLH/KTFjH86Hl3QadJBHXTmlBbI2
YpgRG4Pqa58AGdPnFABmj4AWrPHyTrZos7nS7bjvzij2TPotdrTH8BTw271CsJNS
t28L0X5e4jw3qodraKgPEk95pJZRHku3rHBA2Hx68L0K
-----END CERTIFICATE-----