Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/50f9e5-913c-4be6-9949-4c8ad7c46203/1/lxqC-CPlJvi44AT9ZbU7pYt-n4o.roa
File:                     lxqC-CPlJvi44AT9ZbU7pYt-n4o.roa (raw, json)
Hash identifier:          xj27zgbd/gTQ66cI588GSWIO9lCmgsVv4HH0K5G1xmQ=
Subject key identifier:   97:1A:82:F8:23:E5:26:F8:B8:E0:04:FD:65:B5:3B:A5:8B:7E:9F:8A
Certificate issuer:       /CN=6713b9c04ca698c0b7fafd1d17fc068b7099f6ac
Certificate serial:       018CC50142776EC488ED3095EBCAE6081DC0
Authority key identifier: 67:13:B9:C0:4C:A6:98:C0:B7:FA:FD:1D:17:FC:06:8B:70:99:F6:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZxO5wEymmMC3-v0dF_wGi3CZ9qw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/50f9e5-913c-4be6-9949-4c8ad7c46203/1/lxqC-CPlJvi44AT9ZbU7pYt-n4o.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204120
IP address blocks:        185.114.48.0/22 maxlen: 24
                          2a06:6e40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/50f9e5-913c-4be6-9949-4c8ad7c46203/1/ZxO5wEymmMC3-v0dF_wGi3CZ9qw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/50f9e5-913c-4be6-9949-4c8ad7c46203/1/ZxO5wEymmMC3-v0dF_wGi3CZ9qw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZxO5wEymmMC3-v0dF_wGi3CZ9qw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:42:77:6e:c4:88:ed:30:95:eb:ca:e6:08:1d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6713b9c04ca698c0b7fafd1d17fc068b7099f6ac
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=971a82f823e526f8b8e004fd65b53ba58b7e9f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c8:04:42:e4:af:3e:ba:5d:c1:c8:bf:4f:78:
                    a8:c1:37:0e:e0:ed:d3:4a:f7:80:88:35:8b:1d:e9:
                    30:6d:28:73:4a:4c:7f:f3:74:8f:46:96:af:03:3f:
                    b9:51:46:c3:a6:f4:0e:27:95:f8:24:50:a0:7f:3c:
                    d6:ec:94:e2:23:4b:66:42:2c:82:4b:c6:c8:9f:2b:
                    84:44:f3:61:0c:b4:dc:a5:4d:b2:0e:4d:33:6c:8a:
                    db:5f:b5:23:eb:9e:03:8c:a0:62:09:c5:25:e5:5f:
                    0d:30:c3:41:b6:80:72:eb:da:c1:d1:d8:ae:b3:15:
                    9e:c4:bd:fe:47:b6:55:7f:28:02:60:89:b3:aa:ce:
                    59:90:7e:8b:bf:a7:29:a8:b2:15:55:fb:d4:1b:0c:
                    bb:ab:84:96:f3:40:e2:71:fe:1a:b6:35:89:78:ea:
                    07:e1:34:04:42:34:3c:8b:e5:0f:df:64:5b:ef:73:
                    a8:4a:71:7f:5f:71:5f:37:fa:72:21:f6:06:ec:9f:
                    d7:76:9a:0f:19:9a:d0:f9:22:4d:c3:b4:21:74:5a:
                    56:c0:4f:3f:fd:50:21:01:37:b6:1e:07:a0:61:8b:
                    cf:fa:bf:53:ed:13:8e:b5:8a:ff:79:6f:2b:d0:b7:
                    d0:2f:9f:aa:0e:6f:3f:24:c5:5a:f6:9c:e5:af:c5:
                    47:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:1A:82:F8:23:E5:26:F8:B8:E0:04:FD:65:B5:3B:A5:8B:7E:9F:8A
            X509v3 Authority Key Identifier:
                keyid:67:13:B9:C0:4C:A6:98:C0:B7:FA:FD:1D:17:FC:06:8B:70:99:F6:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZxO5wEymmMC3-v0dF_wGi3CZ9qw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/50f9e5-913c-4be6-9949-4c8ad7c46203/1/lxqC-CPlJvi44AT9ZbU7pYt-n4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/50f9e5-913c-4be6-9949-4c8ad7c46203/1/ZxO5wEymmMC3-v0dF_wGi3CZ9qw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.48.0/22
                IPv6:
                  2a06:6e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:44:55:5d:49:37:b1:7e:40:68:27:83:bd:a1:58:a3:f6:5e:
         db:88:38:df:03:77:1c:7d:2e:c2:e8:75:a1:6b:cb:ff:18:93:
         d4:3d:f6:5b:f1:b5:4c:32:28:db:3b:25:eb:8a:88:fc:e4:82:
         47:17:5c:1d:50:e6:cb:5a:92:66:91:74:83:f5:78:41:bf:a9:
         54:cc:c8:fb:df:94:fc:1c:75:db:90:14:87:81:53:9f:4b:ed:
         bb:df:47:be:3e:d0:ea:e9:ba:99:6f:fc:2a:a4:37:4b:37:12:
         04:79:0e:dd:2c:d7:33:d9:35:8e:a2:16:65:6f:92:81:81:11:
         e8:37:ff:79:54:86:b0:0b:52:ec:f4:c0:c2:51:d5:a2:59:0c:
         87:69:a5:b4:f7:fe:d9:6d:a7:f1:3a:76:85:cd:5f:9c:c2:f1:
         2a:f4:03:7f:e6:dd:ad:d7:0d:27:71:84:01:70:2f:49:06:43:
         10:f3:8d:e1:e3:30:e0:8c:0b:8e:a5:b7:ca:71:f1:37:2f:20:
         61:2f:93:c4:e5:02:92:be:95:34:e6:0a:90:72:10:0a:0b:96:
         2b:3a:9e:00:e9:6a:57:db:8f:fe:e6:8a:7b:5b:f7:44:50:60:
         d3:58:1a:ee:12:61:64:db:35:69:8d:2e:bf:23:bc:aa:95:17:
         ac:03:6e:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAUJ3bsSI7TCV68rmCB3AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MTNiOWMwNGNhNjk4YzBiN2ZhZmQxZDE3ZmMwNjhiNzA5
OWY2YWMwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzFhODJmODIzZTUyNmY4YjhlMDA0ZmQ2NWI1M2JhNThiN2U5ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsgEQuSvPrpdwci/T3iowTcO4O3T
SveAiDWLHekwbShzSkx/83SPRpavAz+5UUbDpvQOJ5X4JFCgfzzW7JTiI0tmQiyC
S8bInyuERPNhDLTcpU2yDk0zbIrbX7Uj654DjKBiCcUl5V8NMMNBtoBy69rB0diu
sxWexL3+R7ZVfygCYImzqs5ZkH6Lv6cpqLIVVfvUGwy7q4SW80Dicf4atjWJeOoH
4TQEQjQ8i+UP32Rb73OoSnF/X3FfN/pyIfYG7J/XdpoPGZrQ+SJNw7QhdFpWwE8/
/VAhATe2HgegYYvP+r9T7ROOtYr/eW8r0LfQL5+qDm8/JMVa9pzlr8VHzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJcagvgj5Sb4uOAE/WW1O6WLfp+KMB8GA1UdIwQY
MBaAFGcTucBMppjAt/r9HRf8BotwmfasMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnhPNXdFeW1tTUMzLXYwZEZfd0dpM0NaOXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS81MGY5ZTUtOTEzYy00YmU2LTk5NDkt
NGM4YWQ3YzQ2MjAzLzEvbHhxQy1DUGxKdmk0NEFUOVpiVTdwWXQtbjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS81MGY5ZTUtOTEzYy00YmU2LTk5NDktNGM4YWQ3YzQ2MjAz
LzEvWnhPNXdFeW1tTUMzLXYwZEZfd0dpM0NaOXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXIwMA0E
AgACMAcDBQMqBm5AMA0GCSqGSIb3DQEBCwUAA4IBAQCiRFVdSTexfkBoJ4O9oVij
9l7biDjfA3ccfS7C6HWha8v/GJPUPfZb8bVMMijbOyXrioj85IJHF1wdUObLWpJm
kXSD9XhBv6lUzMj735T8HHXbkBSHgVOfS+2730e+PtDq6bqZb/wqpDdLNxIEeQ7d
LNcz2TWOohZlb5KBgRHoN/95VIawC1Ls9MDCUdWiWQyHaaW09/7ZbafxOnaFzV+c
wvEq9AN/5t2t1w0ncYQBcC9JBkMQ843h4zDgjAuOpbfKcfE3LyBhL5PE5QKSvpU0
5gqQchAKC5YrOp4A6WpX24/+5op7W/dEUGDTWBruEmFk2zVpjS6/I7yqlResA24H
-----END CERTIFICATE-----