Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/lKXrokKPFOF3aznjmWojVE7APiQ.roa
File:                     lKXrokKPFOF3aznjmWojVE7APiQ.roa (raw, json)
Hash identifier:          PRGVlrmspET+S9gMw9HSgp3fT7nUxwmOOvlgERWds3M=
Subject key identifier:   94:A5:EB:A2:42:8F:14:E1:77:6B:39:E3:99:6A:23:54:4E:C0:3E:24
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       0194221F8EDA984FA6944AE48A1A2A76693D
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/lKXrokKPFOF3aznjmWojVE7APiQ.roa
Signing time:             Wed 01 Jan 2025 13:48:01 +0000
ROA not before:           Wed 01 Jan 2025 13:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61082
IP address blocks:        82.119.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8e:da:98:4f:a6:94:4a:e4:8a:1a:2a:76:69:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 13:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94a5eba2428f14e1776b39e3996a23544ec03e24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:30:3e:15:59:43:f7:a6:01:d2:34:49:7c:b0:
                    fc:cf:55:23:37:86:50:84:1b:7c:56:a0:74:ee:16:
                    7e:37:22:b6:1b:54:38:21:36:94:2a:fb:07:d4:d4:
                    ca:cc:20:b2:9b:dc:15:b5:16:68:85:c0:ea:47:6e:
                    42:43:37:11:0e:5a:af:9e:3d:6b:01:2f:31:45:e8:
                    15:b5:f0:01:98:51:7e:47:9c:b4:30:be:53:8b:7f:
                    21:90:56:74:a8:3c:08:30:49:60:2d:3e:c8:ac:1f:
                    1d:70:bb:ea:d4:08:23:78:61:1d:62:a0:a7:8c:65:
                    20:69:ad:7d:bc:45:f8:c6:d8:ff:a9:07:7e:88:0a:
                    51:c2:0b:a7:be:c6:d5:0e:c2:3e:27:d2:cf:e3:ee:
                    90:32:52:68:bc:d8:fe:93:6b:8a:b0:84:9f:3e:5f:
                    2c:a2:fd:f5:f7:3a:2b:b6:3a:00:1e:83:d3:80:8b:
                    ed:49:01:06:14:7b:dc:da:de:1b:f9:02:7b:bf:df:
                    38:bc:60:f1:6a:47:a8:49:db:00:71:91:b2:b0:ff:
                    c1:ae:2b:ed:cc:7a:ff:90:0d:a7:f7:40:f7:c3:14:
                    b9:4c:c5:2f:75:43:7f:27:6a:a3:4a:f8:ba:3a:b8:
                    db:43:8b:ae:17:cd:2f:b7:b3:80:4b:63:18:13:94:
                    95:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:A5:EB:A2:42:8F:14:E1:77:6B:39:E3:99:6A:23:54:4E:C0:3E:24
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/lKXrokKPFOF3aznjmWojVE7APiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:1a:14:e1:a6:74:69:fe:bd:c6:b5:e9:6d:39:73:7f:16:20:
         66:f9:55:f4:d7:f2:07:08:27:a1:b2:20:49:c3:93:c0:fa:af:
         de:40:1b:7e:f0:76:c0:f4:5c:c3:8f:10:1c:b9:bb:91:9d:21:
         22:eb:14:42:4f:23:e1:09:5c:cf:f3:f7:fb:7d:1b:78:a6:ad:
         ad:bf:c6:e4:74:64:c8:6d:b6:2e:4c:19:ca:ec:7d:9f:99:b9:
         f2:36:a2:bd:d2:53:65:bc:46:f3:9d:d7:8c:dd:87:8f:24:9a:
         33:b6:46:ab:98:33:95:81:3d:d5:a1:03:6f:dc:47:e5:69:e1:
         3f:79:d9:22:e0:de:72:0a:f3:1a:3f:0e:57:b4:bc:11:e8:57:
         4a:df:23:c5:4e:02:db:60:e8:aa:c7:66:2b:3a:90:15:ba:d1:
         e8:80:00:eb:85:dc:b5:0f:2f:7b:2a:b4:72:97:98:58:f7:02:
         3e:74:58:e7:56:ab:e0:cf:41:ba:b7:17:08:c0:f7:ca:01:ab:
         16:36:84:33:cc:2b:0a:9b:21:75:56:c2:1f:cd:84:24:90:ac:
         40:65:6e:6b:ae:31:4f:06:f6:87:6b:bb:a9:bc:f0:7f:6c:09:
         d7:f6:09:fc:5c:df:71:53:23:62:cf:b4:1a:76:84:ac:14:da:
         3d:5c:d4:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH47amE+mlErkihoqdmk9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjUwMTAxMTM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGE1ZWJhMjQyOGYxNGUxNzc2YjM5ZTM5OTZhMjM1NDRlYzAzZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTA+FVlD96YB0jRJfLD8z1UjN4ZQ
hBt8VqB07hZ+NyK2G1Q4ITaUKvsH1NTKzCCym9wVtRZohcDqR25CQzcRDlqvnj1r
AS8xRegVtfABmFF+R5y0ML5Ti38hkFZ0qDwIMElgLT7IrB8dcLvq1AgjeGEdYqCn
jGUgaa19vEX4xtj/qQd+iApRwgunvsbVDsI+J9LP4+6QMlJovNj+k2uKsISfPl8s
ov319zortjoAHoPTgIvtSQEGFHvc2t4b+QJ7v984vGDxakeoSdsAcZGysP/Brivt
zHr/kA2n90D3wxS5TMUvdUN/J2qjSvi6OrjbQ4uuF80vt7OAS2MYE5SV2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSl66JCjxThd2s545lqI1ROwD4kMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvbEtYcm9rS1BGT0YzYXpuam1Xb2pWRTdBUGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUndGMA0G
CSqGSIb3DQEBCwUAA4IBAQDQGhThpnRp/r3GteltOXN/FiBm+VX01/IHCCehsiBJ
w5PA+q/eQBt+8HbA9FzDjxAcubuRnSEi6xRCTyPhCVzP8/f7fRt4pq2tv8bkdGTI
bbYuTBnK7H2fmbnyNqK90lNlvEbzndeM3YePJJoztkarmDOVgT3VoQNv3EflaeE/
edki4N5yCvMaPw5XtLwR6FdK3yPFTgLbYOiqx2YrOpAVutHogADrhdy1Dy97KrRy
l5hY9wI+dFjnVqvgz0G6txcIwPfKAasWNoQzzCsKmyF1VsIfzYQkkKxAZW5rrjFP
BvaHa7upvPB/bAnX9gn8XN9xUyNiz7QadoSsFNo9XNTA
-----END CERTIFICATE-----