Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lbIP4JZWhRE79FoTj02hfBkdN9U.roa
File:                     lbIP4JZWhRE79FoTj02hfBkdN9U.roa (raw, json)
Hash identifier:          UmpTEyTvDDtacG8R6LJOmoidepJdCHnpTWfSmIAqUAA=
Subject key identifier:   95:B2:0F:E0:96:56:85:11:3B:F4:5A:13:8F:4D:A1:7C:19:1D:37:D5
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       0195AFA214F4BB1C5F36AB5A68C27D1792E3
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lbIP4JZWhRE79FoTj02hfBkdN9U.roa
Signing time:             Wed 19 Mar 2025 18:19:49 +0000
ROA not before:           Wed 19 Mar 2025 18:19:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213520
IP address blocks:        193.23.218.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:af:a2:14:f4:bb:1c:5f:36:ab:5a:68:c2:7d:17:92:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 19 18:19:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95b20fe0965685113bf45a138f4da17c191d37d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:d1:7a:cf:df:ba:a8:13:4c:31:43:c5:2e:ae:
                    87:a3:f9:87:1a:c0:fc:d5:2e:65:1e:e3:17:0a:73:
                    9e:a1:b9:d2:93:75:41:ad:53:7f:20:5d:d5:a2:8b:
                    d6:24:ad:f6:52:ca:9e:fa:3d:91:49:ce:66:83:f8:
                    65:b6:cf:58:6a:5e:3c:e5:76:c7:04:21:74:fd:c7:
                    2b:fa:da:14:37:5b:3c:99:ee:89:34:13:0a:13:fa:
                    37:20:bd:fc:0c:44:b1:a0:41:e1:f6:81:17:98:18:
                    29:09:a8:7f:77:cc:10:07:93:70:b4:e9:d4:e9:15:
                    fa:23:11:fa:0f:41:be:58:6e:ea:5b:7b:30:54:57:
                    c5:b2:c0:90:29:e1:76:12:39:d8:5e:e5:75:d0:09:
                    e4:71:ca:b6:8c:cf:b8:a3:42:42:c4:9b:96:3b:79:
                    44:03:18:f0:8a:1d:7f:d9:7d:28:11:a5:f8:b7:62:
                    04:50:20:79:6a:13:9e:0f:3a:4c:6f:af:e3:ae:ae:
                    55:64:6e:43:99:03:7b:bc:74:be:d6:b7:77:11:2d:
                    9f:7f:38:41:d3:d9:c4:b0:3d:4f:12:9b:fb:dc:cb:
                    32:a3:6b:66:33:63:31:15:ec:fc:95:56:3e:d0:1a:
                    a1:1e:85:6c:c6:13:26:05:c5:2b:87:37:eb:59:d3:
                    b4:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B2:0F:E0:96:56:85:11:3B:F4:5A:13:8F:4D:A1:7C:19:1D:37:D5
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lbIP4JZWhRE79FoTj02hfBkdN9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:de:37:cc:8e:52:23:4d:bd:a8:43:94:b1:b9:4a:a6:ce:dc:
         44:72:41:01:83:55:f8:0d:43:a6:51:fa:fd:2d:5c:8a:dc:06:
         14:20:f8:d1:17:20:5d:d0:ac:0c:65:f4:cb:fb:10:a0:16:17:
         b0:5f:e6:23:fa:cf:75:c5:06:66:fe:01:f5:c0:00:df:e0:cf:
         5d:5e:bf:2e:b9:e3:1b:61:e4:f0:b6:ae:8d:97:a9:d1:1c:bf:
         1c:d5:ec:9a:0c:8d:a2:5f:60:2c:f0:9c:38:cf:04:8b:71:a1:
         19:dd:ce:70:d0:08:c2:f6:90:26:de:26:83:4b:d0:3d:02:e1:
         d6:ac:81:ce:4b:62:f8:16:31:af:4b:d1:53:07:7f:d4:60:41:
         92:b3:91:ca:6d:68:c7:8d:ad:fe:16:9e:dc:d7:3c:df:ec:c0:
         c0:9a:75:fa:fb:b2:98:3f:a8:d3:83:02:87:77:b6:21:93:95:
         8c:47:e3:4a:92:a7:9a:5b:27:ac:49:c1:c0:22:3e:41:67:f8:
         0c:99:39:0f:29:82:0c:e7:54:3e:cb:da:ca:ee:13:4c:ac:08:
         0b:e9:48:2e:55:49:b3:7d:56:38:94:ec:f8:15:39:cb:a0:bc:
         f0:ad:15:33:02:22:95:9b:98:b7:48:d4:6d:47:59:f4:c4:21:
         ca:16:07:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWvohT0uxxfNqtaaMJ9F5LjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMzE5MTgxOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWIyMGZlMDk2NTY4NTExM2JmNDVhMTM4ZjRkYTE3YzE5MWQzN2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8NF6z9+6qBNMMUPFLq6Ho/mHGsD8
1S5lHuMXCnOeobnSk3VBrVN/IF3VoovWJK32Usqe+j2RSc5mg/hlts9Yal485XbH
BCF0/ccr+toUN1s8me6JNBMKE/o3IL38DESxoEHh9oEXmBgpCah/d8wQB5NwtOnU
6RX6IxH6D0G+WG7qW3swVFfFssCQKeF2EjnYXuV10Ankccq2jM+4o0JCxJuWO3lE
Axjwih1/2X0oEaX4t2IEUCB5ahOeDzpMb6/jrq5VZG5DmQN7vHS+1rd3ES2ffzhB
09nEsD1PEpv73Msyo2tmM2MxFez8lVY+0BqhHoVsxhMmBcUrhzfrWdO06QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWyD+CWVoURO/RaE49NoXwZHTfVMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbGJJUDRKWldoUkU3OUZvVGowMmhmQmtkTjlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRfaMA0G
CSqGSIb3DQEBCwUAA4IBAQCa3jfMjlIjTb2oQ5SxuUqmztxEckEBg1X4DUOmUfr9
LVyK3AYUIPjRFyBd0KwMZfTL+xCgFhewX+Yj+s91xQZm/gH1wADf4M9dXr8uueMb
YeTwtq6Nl6nRHL8c1eyaDI2iX2As8Jw4zwSLcaEZ3c5w0AjC9pAm3iaDS9A9AuHW
rIHOS2L4FjGvS9FTB3/UYEGSs5HKbWjHja3+Fp7c1zzf7MDAmnX6+7KYP6jTgwKH
d7Yhk5WMR+NKkqeaWyesScHAIj5BZ/gMmTkPKYIM51Q+y9rK7hNMrAgL6UguVUmz
fVY4lOz4FTnLoLzwrRUzAiKVm5i3SNRtR1n0xCHKFgeG
-----END CERTIFICATE-----