Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/LZ_t-9WHb3DK5u54HnmKvefvGtE.roa
File:                     LZ_t-9WHb3DK5u54HnmKvefvGtE.roa (raw, json)
Hash identifier:          zJuI+1UqmykwjGFOhGrp1V7qRrSpJoDwUINA4ioAmsc=
Subject key identifier:   2D:9F:ED:FB:D5:87:6F:70:CA:E6:EE:78:1E:79:8A:BD:E7:EF:1A:D1
Certificate issuer:       /CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
Certificate serial:       018E6375CC1E0A57C21A49EF49BD47AC86C8
Authority key identifier: 52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/LZ_t-9WHb3DK5u54HnmKvefvGtE.roa
Signing time:             Fri 22 Mar 2024 00:00:48 +0000
ROA not before:           Fri 22 Mar 2024 00:00:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        80.73.120.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:63:75:cc:1e:0a:57:c2:1a:49:ef:49:bd:47:ac:86:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
        Validity
            Not Before: Mar 22 00:00:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d9fedfbd5876f70cae6ee781e798abde7ef1ad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:0b:d5:e2:a3:83:68:e0:69:93:2f:72:11:f8:
                    b9:48:5a:09:c3:1a:be:e3:3e:01:2f:e7:a9:69:b5:
                    23:70:c0:54:18:70:58:cf:36:75:89:4d:97:bc:0f:
                    a0:c0:67:76:2b:3e:e9:4b:51:cf:39:cb:a5:cd:e7:
                    35:9f:fc:2c:a6:43:72:5b:aa:b1:d0:7b:a7:bd:61:
                    bd:ae:17:2f:00:6b:cc:7d:91:16:d2:cd:78:1a:72:
                    e0:fe:51:2e:4e:19:35:a4:fe:d3:1c:90:15:b3:32:
                    28:b2:cc:1e:92:c6:06:9e:b1:29:65:4a:11:2e:1b:
                    eb:1d:99:9f:7e:60:25:26:d6:d2:04:73:4a:07:57:
                    e0:6b:3e:f6:61:80:e6:e4:f6:00:a0:c3:20:ec:fd:
                    35:9a:4a:d4:da:08:3b:c1:4f:c2:30:ed:64:e4:2d:
                    a0:55:9c:01:98:e9:0d:3e:d9:36:41:fd:c2:85:35:
                    97:49:ce:58:72:ba:38:0b:4a:e7:13:bf:5f:df:30:
                    ec:a5:2a:22:5f:fb:c4:b1:d7:23:5f:16:ec:a8:85:
                    17:d1:9d:99:d3:70:32:6e:fb:ec:5a:4a:ff:80:95:
                    66:77:66:5b:4a:d0:76:bb:53:e5:5f:92:59:d9:05:
                    35:8a:02:49:23:39:44:09:da:b5:34:df:a3:3c:8a:
                    73:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:9F:ED:FB:D5:87:6F:70:CA:E6:EE:78:1E:79:8A:BD:E7:EF:1A:D1
            X509v3 Authority Key Identifier:
                keyid:52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/LZ_t-9WHb3DK5u54HnmKvefvGtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.73.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         06:20:36:69:07:ba:41:69:20:a4:b7:b7:12:96:d1:24:75:a0:
         26:81:19:f5:9b:38:57:2b:07:e8:00:c4:95:95:4d:db:e4:96:
         2d:42:2c:3f:9a:0d:24:a9:ec:77:1b:b9:1f:08:6b:66:47:6f:
         88:19:e5:fe:96:8a:fd:5a:a1:ec:88:4d:fa:76:94:5b:fc:db:
         cb:bb:34:f1:8d:b2:a7:ed:7a:59:d2:85:a4:23:1b:15:1b:e9:
         01:85:e4:1a:98:ed:4c:c9:87:db:6e:15:47:7c:68:0d:eb:81:
         17:a2:c8:09:24:89:bf:2e:1a:ae:10:9c:f2:5b:ab:49:23:63:
         1a:28:70:fa:81:de:40:f1:00:e3:da:c2:b6:8e:ef:e0:c4:60:
         e9:84:f6:f3:28:7e:ef:93:09:a8:66:62:27:23:81:04:89:2d:
         8c:41:bd:50:92:52:fc:3c:3e:83:dc:9b:64:bc:2b:d6:cb:60:
         e3:51:a8:bb:b8:e7:00:81:0b:1c:ce:63:8b:76:99:9a:18:0f:
         b2:0e:d6:74:8a:c2:17:ac:7e:57:67:dd:dd:ac:7f:77:06:36:
         fc:52:02:e5:c4:bf:34:e2:6e:3d:00:61:44:13:bf:f7:a2:6d:
         fd:ca:c5:a5:8e:d5:3d:35:93:3f:13:61:36:5e:16:bd:4d:46:
         58:bd:da:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5jdcweClfCGknvSb1HrIbIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTVjOTBjYTkyODMxM2JjNzBkMjY4M2JiMGY2NGQ2MzJi
MjczYTEwHhcNMjQwMzIyMDAwMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDlmZWRmYmQ1ODc2ZjcwY2FlNmVlNzgxZTc5OGFiZGU3ZWYxYWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AvV4qODaOBpky9yEfi5SFoJwxq+
4z4BL+epabUjcMBUGHBYzzZ1iU2XvA+gwGd2Kz7pS1HPOculzec1n/wspkNyW6qx
0HunvWG9rhcvAGvMfZEW0s14GnLg/lEuThk1pP7THJAVszIossweksYGnrEpZUoR
LhvrHZmffmAlJtbSBHNKB1fgaz72YYDm5PYAoMMg7P01mkrU2gg7wU/CMO1k5C2g
VZwBmOkNPtk2Qf3ChTWXSc5Ycro4C0rnE79f3zDspSoiX/vEsdcjXxbsqIUX0Z2Z
03AybvvsWkr/gJVmd2ZbStB2u1PlX5JZ2QU1igJJIzlECdq1NN+jPIpzPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2f7fvVh29wyubueB55ir3n7xrRMB8GA1UdIwQY
MBaAFFKlyQypKDE7xw0mg7sPZNYysnOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUt
MTNlZDYzM2Y5MjJhLzEvTFpfdC05V0hiM0RLNXU1NEhubUt2ZWZ2R3RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUtMTNlZDYzM2Y5MjJh
LzEvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUEl4MA0G
CSqGSIb3DQEBCwUAA4IBAQAGIDZpB7pBaSCkt7cSltEkdaAmgRn1mzhXKwfoAMSV
lU3b5JYtQiw/mg0kqex3G7kfCGtmR2+IGeX+lor9WqHsiE36dpRb/NvLuzTxjbKn
7XpZ0oWkIxsVG+kBheQamO1MyYfbbhVHfGgN64EXosgJJIm/LhquEJzyW6tJI2Ma
KHD6gd5A8QDj2sK2ju/gxGDphPbzKH7vkwmoZmInI4EEiS2MQb1QklL8PD6D3Jtk
vCvWy2DjUai7uOcAgQsczmOLdpmaGA+yDtZ0isIXrH5XZ93drH93Bjb8UgLlxL80
4m49AGFEE7/3om39ysWljtU9NZM/E2E2Xha9TUZYvdqa
-----END CERTIFICATE-----