Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/4193ea-c83f-4beb-a21e-a1c78a0a6bfd/1/lhV68OSkur6ZsAA_2dy8-L_4IL0.roa
File:                     lhV68OSkur6ZsAA_2dy8-L_4IL0.roa (raw, json)
Hash identifier:          BvvVh8/fqP1HPi1uOxwh0N4UEkoJk2nM455CRrFSNec=
Subject key identifier:   96:15:7A:F0:E4:A4:BA:BE:99:B0:00:3F:D9:DC:BC:F8:BF:F8:20:BD
Certificate issuer:       /CN=3ae505bfc7fd917686b1c8b3a218f5508f5a370a
Certificate serial:       0194258EC48741C2EB83F3199031DDBA0E35
Authority key identifier: 3A:E5:05:BF:C7:FD:91:76:86:B1:C8:B3:A2:18:F5:50:8F:5A:37:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OuUFv8f9kXaGscizohj1UI9aNwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/4193ea-c83f-4beb-a21e-a1c78a0a6bfd/1/lhV68OSkur6ZsAA_2dy8-L_4IL0.roa
Signing time:             Thu 02 Jan 2025 05:48:20 +0000
ROA not before:           Thu 02 Jan 2025 05:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8368
IP address blocks:        185.43.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/4193ea-c83f-4beb-a21e-a1c78a0a6bfd/1/OuUFv8f9kXaGscizohj1UI9aNwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/4193ea-c83f-4beb-a21e-a1c78a0a6bfd/1/OuUFv8f9kXaGscizohj1UI9aNwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OuUFv8f9kXaGscizohj1UI9aNwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:c4:87:41:c2:eb:83:f3:19:90:31:dd:ba:0e:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ae505bfc7fd917686b1c8b3a218f5508f5a370a
        Validity
            Not Before: Jan  2 05:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96157af0e4a4babe99b0003fd9dcbcf8bff820bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d5:6f:ef:9c:84:5f:e5:7c:dc:0d:4c:0a:5c:
                    d5:35:82:2b:ec:7d:a4:07:d9:00:0f:ef:78:d9:82:
                    d7:53:fd:a1:15:5e:30:ed:a4:0e:5a:40:a7:16:c0:
                    75:7a:cc:f7:66:9c:1a:02:b7:aa:63:00:a0:60:f7:
                    61:c6:9c:3e:87:7d:e0:8b:5d:9c:7f:d2:fb:89:7b:
                    d1:40:8c:60:dd:24:b0:d1:dd:c2:7a:42:58:b1:98:
                    d8:60:59:2d:03:12:22:ef:6a:33:57:9e:6f:3c:53:
                    97:e4:93:33:2e:a0:c5:b4:13:8b:51:5a:a9:5b:3d:
                    cd:40:29:87:97:03:a8:1c:e4:fa:c0:6d:57:3b:ce:
                    09:19:41:50:50:f4:df:80:61:12:a6:02:7b:60:ad:
                    c7:8a:75:c2:05:3e:27:ab:67:1b:97:f6:55:48:bf:
                    1b:ab:70:6d:c3:31:94:b4:12:ae:51:74:ad:89:34:
                    6a:71:8c:54:7d:79:11:3d:98:33:00:ba:2f:7a:a1:
                    a3:13:47:b1:e4:8c:90:c2:b6:a6:b0:4b:3f:af:53:
                    16:0f:59:02:fb:c2:7a:32:9f:9d:47:ff:f1:c9:99:
                    77:7d:17:62:b8:3b:fd:09:96:1a:9a:58:e1:74:a7:
                    a2:d6:89:c3:c9:71:07:8d:1c:1f:29:b8:d4:4b:de:
                    c7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:15:7A:F0:E4:A4:BA:BE:99:B0:00:3F:D9:DC:BC:F8:BF:F8:20:BD
            X509v3 Authority Key Identifier:
                keyid:3A:E5:05:BF:C7:FD:91:76:86:B1:C8:B3:A2:18:F5:50:8F:5A:37:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OuUFv8f9kXaGscizohj1UI9aNwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/4193ea-c83f-4beb-a21e-a1c78a0a6bfd/1/lhV68OSkur6ZsAA_2dy8-L_4IL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/4193ea-c83f-4beb-a21e-a1c78a0a6bfd/1/OuUFv8f9kXaGscizohj1UI9aNwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:f9:39:36:6c:2d:7e:52:51:d5:b9:27:d5:29:7a:75:3f:ac:
         6a:e4:6d:aa:7a:92:f1:3d:72:2e:bb:f9:6c:c7:f0:5e:4e:b7:
         23:28:00:53:11:ab:6c:1a:6b:42:2b:1c:fa:19:8f:b3:de:36:
         f3:53:cc:1d:51:23:a4:5b:75:9c:b8:b3:d3:6c:f8:d7:7a:77:
         86:a8:05:9c:74:b6:c8:6b:e0:86:61:a3:5c:ce:93:fd:21:2c:
         57:2b:70:95:b4:cf:4f:60:22:a4:f1:38:a2:c4:f9:c4:e2:0e:
         c8:2c:ee:c8:e1:f2:26:7c:42:cb:b4:03:40:3b:de:dc:c5:bb:
         1e:cd:4b:fa:7b:61:c6:ae:ba:24:44:a2:af:10:44:2f:61:52:
         46:f3:85:e8:0d:bf:39:17:8f:4c:55:73:6c:5a:e3:18:bf:e8:
         a1:71:19:4c:d7:cf:79:01:da:48:2c:1a:40:84:58:1d:01:01:
         f5:c4:a3:bb:d7:43:e9:69:b8:df:6a:08:9e:c6:99:16:73:07:
         22:4c:13:da:d0:14:c5:03:e7:aa:fb:85:56:c2:2a:1a:ea:54:
         c4:a2:bd:93:58:d2:af:4e:a7:9e:84:e1:d6:a0:20:da:0e:6b:
         13:61:25:59:ee:b6:b4:76:a6:5b:6d:da:3c:2d:43:7e:98:b0:
         f1:03:55:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljsSHQcLrg/MZkDHdug41MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZTUwNWJmYzdmZDkxNzY4NmIxYzhiM2EyMThmNTUwOGY1
YTM3MGEwHhcNMjUwMTAyMDU0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjE1N2FmMGU0YTRiYWJlOTliMDAwM2ZkOWRjYmNmOGJmZjgyMGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNVv75yEX+V83A1MClzVNYIr7H2k
B9kAD+942YLXU/2hFV4w7aQOWkCnFsB1esz3ZpwaAreqYwCgYPdhxpw+h33gi12c
f9L7iXvRQIxg3SSw0d3CekJYsZjYYFktAxIi72ozV55vPFOX5JMzLqDFtBOLUVqp
Wz3NQCmHlwOoHOT6wG1XO84JGUFQUPTfgGESpgJ7YK3HinXCBT4nq2cbl/ZVSL8b
q3BtwzGUtBKuUXStiTRqcYxUfXkRPZgzALoveqGjE0ex5IyQwramsEs/r1MWD1kC
+8J6Mp+dR//xyZl3fRdiuDv9CZYamljhdKei1onDyXEHjRwfKbjUS97HjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYVevDkpLq+mbAAP9ncvPi/+CC9MB8GA1UdIwQY
MBaAFDrlBb/H/ZF2hrHIs6IY9VCPWjcKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3VVRnY4ZjlrWGFHc2Npem9oajFVSTlhTndvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS80MTkzZWEtYzgzZi00YmViLWEyMWUt
YTFjNzhhMGE2YmZkLzEvbGhWNjhPU2t1cjZac0FBXzJkeTgtTF80SUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS80MTkzZWEtYzgzZi00YmViLWEyMWUtYTFjNzhhMGE2YmZk
LzEvT3VVRnY4ZjlrWGFHc2Npem9oajFVSTlhTndvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSsAMA0G
CSqGSIb3DQEBCwUAA4IBAQBf+Tk2bC1+UlHVuSfVKXp1P6xq5G2qepLxPXIuu/ls
x/BeTrcjKABTEatsGmtCKxz6GY+z3jbzU8wdUSOkW3WcuLPTbPjXeneGqAWcdLbI
a+CGYaNczpP9ISxXK3CVtM9PYCKk8TiixPnE4g7ILO7I4fImfELLtANAO97cxbse
zUv6e2HGrrokRKKvEEQvYVJG84XoDb85F49MVXNsWuMYv+ihcRlM1895AdpILBpA
hFgdAQH1xKO710PpabjfagiexpkWcwciTBPa0BTFA+eq+4VWwioa6lTEor2TWNKv
TqeehOHWoCDaDmsTYSVZ7ra0dqZbbdo8LUN+mLDxA1Xb
-----END CERTIFICATE-----