Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/lVveqg52XXsQdLEOzgO3MiUu4-0.roa
File:                     lVveqg52XXsQdLEOzgO3MiUu4-0.roa (raw, json)
Hash identifier:          wz17knblgENPIwrHtkXQ82HS2sqaXWLgfZE+RjyNqHI=
Subject key identifier:   95:5B:DE:AA:0E:76:5D:7B:10:74:B1:0E:CE:03:B7:32:25:2E:E3:ED
Certificate issuer:       /CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Certificate serial:       019209C9BC0B19D4C3B26D13372919DB7621
Authority key identifier: AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/lVveqg52XXsQdLEOzgO3MiUu4-0.roa
Signing time:             Thu 19 Sep 2024 10:17:48 +0000
ROA not before:           Thu 19 Sep 2024 10:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25484
IP address blocks:        84.200.19.0/24 maxlen: 24
                          2a01:7e0:4fc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:09:c9:bc:0b:19:d4:c3:b2:6d:13:37:29:19:db:76:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
        Validity
            Not Before: Sep 19 10:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=955bdeaa0e765d7b1074b10ece03b732252ee3ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:91:fd:14:72:c1:f2:a0:3c:e9:46:6f:3b:80:
                    3a:05:c1:c9:0c:a3:ac:e9:79:48:49:7c:3c:74:d4:
                    55:44:46:32:0f:79:28:87:3e:c3:9f:3d:a9:fd:79:
                    ac:49:43:22:a0:0a:e0:92:26:b0:92:28:a6:fb:0c:
                    e1:9b:f1:eb:e1:64:8d:52:a6:11:1c:db:95:df:b3:
                    9a:71:6f:3a:a3:bf:86:5e:16:71:86:c3:01:c0:83:
                    fb:0a:49:81:4e:eb:c7:20:46:eb:50:07:6d:29:d1:
                    91:8a:ac:3a:18:b1:c3:c9:10:94:ad:c1:86:7b:b8:
                    c5:fa:c5:65:71:18:d8:dd:50:e1:4e:a1:a1:2a:3c:
                    fa:8b:29:62:e3:9c:bd:72:1b:03:bf:c7:46:44:6c:
                    97:6d:2a:87:e5:82:1b:1d:90:ab:c1:d7:09:19:fb:
                    27:78:90:e3:51:ee:78:88:35:0a:8a:ba:fc:72:78:
                    8f:8a:3c:3a:b9:ec:82:c8:1e:70:1c:ba:3d:20:b9:
                    e8:5e:98:1f:de:02:b7:5a:74:ce:da:82:f3:8a:34:
                    61:0d:17:41:91:ae:d8:a4:63:8d:51:a9:e6:79:34:
                    02:e8:56:e8:75:09:cb:76:9d:ee:0e:f4:d6:f1:e0:
                    58:df:fd:0c:46:7d:75:6a:fb:f6:7f:77:2f:f2:36:
                    70:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:5B:DE:AA:0E:76:5D:7B:10:74:B1:0E:CE:03:B7:32:25:2E:E3:ED
            X509v3 Authority Key Identifier:
                keyid:AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/lVveqg52XXsQdLEOzgO3MiUu4-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.200.19.0/24
                IPv6:
                  2a01:7e0:4fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:d7:31:0e:52:94:4f:38:e8:4e:e1:5a:33:12:08:b0:a7:4a:
         ab:f4:1f:15:a0:64:e5:26:72:db:d1:49:1d:e2:38:84:0f:bb:
         8f:ea:75:2c:7c:07:86:2f:f5:4f:79:b0:51:56:32:69:05:c8:
         12:ad:2e:19:58:34:e1:76:2f:ba:5b:de:76:45:8e:cc:48:a0:
         21:14:68:a3:6a:e5:f2:41:2e:db:b6:b1:79:08:17:64:26:8f:
         e2:80:55:ac:28:fd:e7:ae:1a:c9:83:28:28:51:5c:0f:45:3d:
         76:6b:ed:d0:ec:9e:9b:fb:24:88:9e:9f:5d:0f:56:1b:25:92:
         79:49:b0:0d:9c:f6:d7:ef:30:11:12:df:cc:cc:42:d9:39:e2:
         f9:70:68:e4:4c:7b:24:9b:fc:4e:b2:32:36:f4:dd:d1:5d:22:
         04:50:fe:6a:94:59:e0:6f:8a:4f:9c:e6:c4:d3:d8:56:f1:9f:
         e8:d4:e3:d6:2f:8f:59:56:5e:ad:cb:37:7c:4e:fa:16:c3:43:
         d7:00:d1:6f:37:c6:75:fc:59:d8:2f:d6:89:70:ec:8a:4a:3c:
         e5:7c:c7:c4:ea:ae:02:1b:f6:41:47:10:ad:1e:e5:c6:cf:be:
         53:03:d1:cd:a0:0e:46:7e:d8:45:22:ef:03:16:9c:77:a5:ca:
         8a:c2:10:b2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZIJybwLGdTDsm0TNykZ23YhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWRjNTBhNGI1MjZkZjE4ZThiMGE2NTY1ZDdiOWQ1OGE3
NWQzMTUwHhcNMjQwOTE5MTAxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTViZGVhYTBlNzY1ZDdiMTA3NGIxMGVjZTAzYjczMjI1MmVlM2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZH9FHLB8qA86UZvO4A6BcHJDKOs
6XlISXw8dNRVREYyD3kohz7Dnz2p/XmsSUMioArgkiawkiim+wzhm/Hr4WSNUqYR
HNuV37OacW86o7+GXhZxhsMBwIP7CkmBTuvHIEbrUAdtKdGRiqw6GLHDyRCUrcGG
e7jF+sVlcRjY3VDhTqGhKjz6iyli45y9chsDv8dGRGyXbSqH5YIbHZCrwdcJGfsn
eJDjUe54iDUKirr8cniPijw6ueyCyB5wHLo9ILnoXpgf3gK3WnTO2oLzijRhDRdB
ka7YpGONUanmeTQC6FbodQnLdp3uDvTW8eBY3/0MRn11avv2f3cv8jZwJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJVb3qoOdl17EHSxDs4DtzIlLuPtMB8GA1UdIwQY
MBaAFKodxQpLUm3xjosKZWXXudWKddMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMt
MzNkNzI4NDMzYzExLzEvbFZ2ZXFnNTJYWHNRZExFT3pnTzNNaVV1NC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMtMzNkNzI4NDMzYzEx
LzEvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAVMgTMA8E
AgACMAkDBwAqAQfgBPwwDQYJKoZIhvcNAQELBQADggEBAKfXMQ5SlE846E7hWjMS
CLCnSqv0HxWgZOUmctvRSR3iOIQPu4/qdSx8B4Yv9U95sFFWMmkFyBKtLhlYNOF2
L7pb3nZFjsxIoCEUaKNq5fJBLtu2sXkIF2Qmj+KAVawo/eeuGsmDKChRXA9FPXZr
7dDsnpv7JIien10PVhslknlJsA2c9tfvMBES38zMQtk54vlwaORMeySb/E6yMjb0
3dFdIgRQ/mqUWeBvik+c5sTT2Fbxn+jU49Yvj1lWXq3LN3xO+hbDQ9cA0W83xnX8
Wdgv1olw7IpKPOV8x8TqrgIb9kFHEK0e5cbPvlMD0c2gDkZ+2EUi7wMWnHelyorC
ELI=
-----END CERTIFICATE-----