Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/lmrSRQ5ihg55QvYqat1AjaV_GvQ.roa
File:                     lmrSRQ5ihg55QvYqat1AjaV_GvQ.roa (raw, json)
Hash identifier:          hnfw4d4vCZD3abd8/WtjTv2gdPGfcl5xx0Mpy2oIhPc=
Subject key identifier:   96:6A:D2:45:0E:62:86:0E:79:42:F6:2A:6A:DD:40:8D:A5:7F:1A:F4
Certificate issuer:       /CN=aebf394e2f1b251c88d988a87161084580786ef5
Certificate serial:       019423D6A9588CF4D6367673D398FD72EA4A
Authority key identifier: AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/lmrSRQ5ihg55QvYqat1AjaV_GvQ.roa
Signing time:             Wed 01 Jan 2025 21:47:38 +0000
ROA not before:           Wed 01 Jan 2025 21:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20824
IP address blocks:        178.249.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:a9:58:8c:f4:d6:36:76:73:d3:98:fd:72:ea:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aebf394e2f1b251c88d988a87161084580786ef5
        Validity
            Not Before: Jan  1 21:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=966ad2450e62860e7942f62a6add408da57f1af4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:53:87:b4:2d:14:44:9b:0a:af:7d:38:b0:57:
                    e0:51:b1:22:2b:44:28:1a:02:ee:15:79:35:b9:5f:
                    87:8b:4d:bf:33:43:ac:12:33:e7:4c:63:5e:b8:87:
                    37:b4:b7:4c:90:e8:29:e7:6c:5f:b8:e4:f5:4f:33:
                    ef:c6:40:ed:54:f5:88:e2:4d:1b:d9:07:9a:26:24:
                    3e:79:7b:c0:c5:b0:4a:28:68:6a:2c:39:c2:50:17:
                    87:07:d2:81:b7:fb:72:53:a0:f0:8b:f5:a4:6b:19:
                    9c:bf:da:20:c6:f7:4e:d6:0b:31:34:6d:e1:d9:b9:
                    f0:93:c2:c6:19:a1:8b:a4:4e:9e:e5:5b:f8:b5:ce:
                    ee:b9:c6:b3:25:e9:ea:29:cc:a3:c3:ce:bb:0c:18:
                    3f:14:c4:2d:ca:09:80:4f:6a:be:1a:53:09:6c:e4:
                    c1:b7:c7:65:8f:af:b2:92:dc:09:a0:36:1d:93:65:
                    ab:dc:6e:0f:de:8a:3c:14:4e:14:7d:78:87:a0:70:
                    3a:14:d8:88:1c:1a:36:a4:ca:bb:25:71:ab:51:09:
                    c8:87:7e:d9:26:43:12:e4:84:55:cd:7d:0b:52:cb:
                    af:4b:01:d4:94:f1:af:bd:95:33:9f:2a:90:30:64:
                    af:21:38:d7:42:3c:25:52:50:c9:0f:74:91:d0:52:
                    9f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:6A:D2:45:0E:62:86:0E:79:42:F6:2A:6A:DD:40:8D:A5:7F:1A:F4
            X509v3 Authority Key Identifier:
                keyid:AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/lmrSRQ5ihg55QvYqat1AjaV_GvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.249.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:86:36:39:07:ed:ab:d8:8b:63:50:d6:67:32:b0:b5:0c:c0:
         27:bd:68:d4:e6:37:36:17:82:94:75:37:03:8d:bb:32:cf:ef:
         7d:b0:d7:30:3f:e2:56:1d:79:b7:5f:f0:af:43:f8:b9:87:0d:
         10:a8:40:66:aa:2b:bf:3c:83:4a:f3:3b:74:99:f8:d4:5d:19:
         9a:2c:c9:ed:84:75:1c:40:57:5f:a5:e8:ec:34:b5:1b:e8:84:
         4f:48:49:60:34:96:36:39:87:2b:f3:9c:2a:8d:fe:af:fc:87:
         95:73:40:89:73:22:46:51:da:c6:64:aa:1b:39:a7:1f:71:7c:
         b6:bb:bb:f2:75:48:c5:5f:4c:9f:17:0f:37:f6:14:08:25:27:
         45:19:6f:51:75:02:11:a5:91:c1:7f:bd:d5:f0:09:d2:75:d6:
         68:b9:4a:be:89:27:1f:d8:6e:f1:c9:38:91:99:9a:04:d8:c4:
         db:d2:25:e1:cc:90:58:ac:d9:0d:ef:89:fc:f4:bf:ce:57:84:
         1d:d6:21:a5:7f:fc:28:ea:fb:01:44:6d:0b:e0:7c:b6:d4:11:
         35:bc:46:aa:f2:c5:87:10:ee:ea:1b:46:12:31:66:a2:35:5b:
         49:96:f2:92:57:bb:62:b9:54:fa:3c:02:8e:c4:c7:6f:ac:b0:
         11:fb:af:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1qlYjPTWNnZz05j9cupKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYmYzOTRlMmYxYjI1MWM4OGQ5ODhhODcxNjEwODQ1ODA3
ODZlZjUwHhcNMjUwMTAxMjE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjZhZDI0NTBlNjI4NjBlNzk0MmY2MmE2YWRkNDA4ZGE1N2YxYWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlOHtC0URJsKr304sFfgUbEiK0Qo
GgLuFXk1uV+Hi02/M0OsEjPnTGNeuIc3tLdMkOgp52xfuOT1TzPvxkDtVPWI4k0b
2QeaJiQ+eXvAxbBKKGhqLDnCUBeHB9KBt/tyU6Dwi/Wkaxmcv9ogxvdO1gsxNG3h
2bnwk8LGGaGLpE6e5Vv4tc7uucazJenqKcyjw867DBg/FMQtygmAT2q+GlMJbOTB
t8dlj6+yktwJoDYdk2Wr3G4P3oo8FE4UfXiHoHA6FNiIHBo2pMq7JXGrUQnIh37Z
JkMS5IRVzX0LUsuvSwHUlPGvvZUznyqQMGSvITjXQjwlUlDJD3SR0FKf7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZq0kUOYoYOeUL2KmrdQI2lfxr0MB8GA1UdIwQY
MBaAFK6/OU4vGyUciNmIqHFhCEWAeG71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2It
NjFlN2Y0MGQ1ZGQ2LzEvbG1yU1JRNWloZzU1UXZZcWF0MUFqYVZfR3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2ItNjFlN2Y0MGQ1ZGQ2
LzEvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvmlMA0G
CSqGSIb3DQEBCwUAA4IBAQBYhjY5B+2r2ItjUNZnMrC1DMAnvWjU5jc2F4KUdTcD
jbsyz+99sNcwP+JWHXm3X/CvQ/i5hw0QqEBmqiu/PINK8zt0mfjUXRmaLMnthHUc
QFdfpejsNLUb6IRPSElgNJY2OYcr85wqjf6v/IeVc0CJcyJGUdrGZKobOacfcXy2
u7vydUjFX0yfFw839hQIJSdFGW9RdQIRpZHBf73V8AnSddZouUq+iScf2G7xyTiR
mZoE2MTb0iXhzJBYrNkN74n89L/OV4Qd1iGlf/wo6vsBRG0L4Hy21BE1vEaq8sWH
EO7qG0YSMWaiNVtJlvKSV7tiuVT6PAKOxMdvrLAR+6/s
-----END CERTIFICATE-----