Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/LpRuRlyn3UbVGVgZWKbAYjBWjHk.roa
File:                     LpRuRlyn3UbVGVgZWKbAYjBWjHk.roa (raw, json)
Hash identifier:          jcqsHtDLIpefDS+s9iuQA5UBkTdKpx2NDaq08KIaDoE=
Subject key identifier:   2E:94:6E:46:5C:A7:DD:46:D5:19:58:19:58:A6:C0:62:30:56:8C:79
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFB48052EB5B680F3FAE4BE56D095B
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/LpRuRlyn3UbVGVgZWKbAYjBWjHk.roa
Signing time:             Tue 02 Jan 2024 06:32:33 +0000
ROA not before:           Tue 02 Jan 2024 06:32:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216119
IP address blocks:        194.67.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:b4:80:52:eb:5b:68:0f:3f:ae:4b:e5:6d:09:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e946e465ca7dd46d519581958a6c06230568c79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d1:d4:15:2a:45:5b:6b:70:7d:a5:b6:10:d8:
                    00:b8:41:17:af:44:7f:40:89:d9:b5:d8:1e:04:19:
                    32:df:23:52:a5:8e:08:8a:14:2e:de:2e:48:3c:28:
                    3f:ad:93:ad:05:41:75:04:11:f3:b7:e6:37:c9:33:
                    f5:30:a5:8b:1e:29:b5:95:d5:12:30:dc:85:42:20:
                    9b:15:2a:41:50:17:85:55:9e:15:dc:77:4d:9c:cb:
                    68:b5:71:19:14:f5:f5:5e:9c:5f:75:02:c1:b0:80:
                    59:ce:60:37:a5:c6:7f:56:48:1a:dc:10:5b:21:03:
                    d0:ae:a9:88:18:35:08:74:42:f4:d4:8f:0f:38:73:
                    7b:23:0d:0e:8e:96:c8:e9:e4:2b:ab:18:5f:15:cc:
                    17:19:0c:d5:c8:40:ef:18:cd:e6:29:2d:7f:60:21:
                    2f:bd:75:fe:c2:b6:fd:25:f4:82:f7:88:97:9e:b8:
                    54:35:61:eb:a9:0e:9c:7c:15:9b:91:e4:53:7a:ad:
                    ed:fe:56:89:0c:55:f1:19:ac:80:45:11:3f:b1:7f:
                    5c:51:29:16:44:4f:81:58:cc:42:5f:e0:b8:b1:d0:
                    00:92:7f:6c:77:25:5e:7a:92:96:5a:db:10:ca:d6:
                    a5:c3:d6:4d:4f:cd:5d:70:04:3f:1d:f9:15:c3:d6:
                    9b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:94:6E:46:5C:A7:DD:46:D5:19:58:19:58:A6:C0:62:30:56:8C:79
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/LpRuRlyn3UbVGVgZWKbAYjBWjHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.67.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:a3:d3:3e:c7:37:b5:8d:30:c2:88:b1:39:27:d6:0b:02:2b:
         e0:2d:78:65:00:2d:a2:98:6e:14:7d:86:c9:d7:0f:57:77:c0:
         39:e8:0e:ab:08:85:0c:e7:22:1d:80:69:47:c6:8f:90:3e:93:
         c1:2b:d5:fc:11:c7:ad:24:2d:51:47:9b:84:9d:b3:41:52:0a:
         93:02:fb:ca:f7:7e:3e:10:0b:de:3a:9a:c9:e8:aa:21:41:ad:
         7e:96:47:f8:67:d3:f5:7b:a2:69:e8:b8:49:ae:41:26:00:31:
         2c:75:23:da:f0:fb:9e:38:ad:e2:de:19:83:8f:15:fa:bd:1a:
         81:c0:57:36:49:56:07:62:cc:c4:b6:39:05:8f:2a:21:1b:a4:
         3f:1b:1c:60:56:50:01:09:63:82:a7:1b:fe:70:9a:76:c7:68:
         af:39:c9:3f:49:4e:50:59:ee:88:f1:6c:5a:76:f7:a2:b4:42:
         07:f3:7f:64:fa:82:60:b1:3b:93:c8:ca:66:d4:93:95:03:57:
         cb:21:48:2d:83:88:d0:07:19:a8:16:f2:fa:70:8c:ef:75:0e:
         66:c9:38:c3:63:2b:ca:e8:77:f2:25:61:5d:68:81:15:7d:a9:
         75:3e:19:fd:a1:66:88:83:c2:b6:c7:77:fa:cb:2b:d8:d6:fe:
         0c:b4:32:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI37SAUutbaA8/rkvlbQlbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTk0NmU0NjVjYTdkZDQ2ZDUxOTU4MTk1OGE2YzA2MjMwNTY4Yzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9HUFSpFW2twfaW2ENgAuEEXr0R/
QInZtdgeBBky3yNSpY4IihQu3i5IPCg/rZOtBUF1BBHzt+Y3yTP1MKWLHim1ldUS
MNyFQiCbFSpBUBeFVZ4V3HdNnMtotXEZFPX1XpxfdQLBsIBZzmA3pcZ/Vkga3BBb
IQPQrqmIGDUIdEL01I8POHN7Iw0OjpbI6eQrqxhfFcwXGQzVyEDvGM3mKS1/YCEv
vXX+wrb9JfSC94iXnrhUNWHrqQ6cfBWbkeRTeq3t/laJDFXxGayARRE/sX9cUSkW
RE+BWMxCX+C4sdAAkn9sdyVeepKWWtsQytalw9ZNT81dcAQ/HfkVw9abRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6UbkZcp91G1RlYGVimwGIwVox5MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTHBSdVJseW4zVWJWR1ZnWldLYkFZakJXakhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkPDMA0G
CSqGSIb3DQEBCwUAA4IBAQBQo9M+xze1jTDCiLE5J9YLAivgLXhlAC2imG4UfYbJ
1w9Xd8A56A6rCIUM5yIdgGlHxo+QPpPBK9X8EcetJC1RR5uEnbNBUgqTAvvK934+
EAveOprJ6KohQa1+lkf4Z9P1e6Jp6LhJrkEmADEsdSPa8PueOK3i3hmDjxX6vRqB
wFc2SVYHYszEtjkFjyohG6Q/GxxgVlABCWOCpxv+cJp2x2ivOck/SU5QWe6I8Wxa
dveitEIH839k+oJgsTuTyMpm1JOVA1fLIUgtg4jQBxmoFvL6cIzvdQ5myTjDYyvK
6HfyJWFdaIEVfal1Phn9oWaIg8K2x3f6yyvY1v4MtDJO
-----END CERTIFICATE-----