Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/b5e940-6511-4805-8d0c-000ead39765a/1/LtjWQfUgtU4IZpbz5NRk6kgQmQo.roa
File:                     LtjWQfUgtU4IZpbz5NRk6kgQmQo.roa (raw, json)
Hash identifier:          6gUxK5T8V4pbNKMp13IKYImJNZWmrA01j0P9utXrw9Y=
Subject key identifier:   2E:D8:D6:41:F5:20:B5:4E:08:66:96:F3:E4:D4:64:EA:48:10:99:0A
Certificate issuer:       /CN=9b5193d843af193e24875686673c95896eae3497
Certificate serial:       018CC5015308BF7DD248565515F65FE10EDD
Authority key identifier: 9B:51:93:D8:43:AF:19:3E:24:87:56:86:67:3C:95:89:6E:AE:34:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m1GT2EOvGT4kh1aGZzyViW6uNJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/b5e940-6511-4805-8d0c-000ead39765a/1/LtjWQfUgtU4IZpbz5NRk6kgQmQo.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50117
IP address blocks:        193.104.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/b5e940-6511-4805-8d0c-000ead39765a/1/m1GT2EOvGT4kh1aGZzyViW6uNJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/b5e940-6511-4805-8d0c-000ead39765a/1/m1GT2EOvGT4kh1aGZzyViW6uNJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m1GT2EOvGT4kh1aGZzyViW6uNJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:53:08:bf:7d:d2:48:56:55:15:f6:5f:e1:0e:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b5193d843af193e24875686673c95896eae3497
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ed8d641f520b54e086696f3e4d464ea4810990a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ce:85:d5:b6:c2:8b:cb:2c:7b:81:c1:6e:6b:
                    35:fb:f2:50:b8:9f:60:4e:30:64:e1:b2:ed:bd:97:
                    a6:d9:3f:74:aa:70:0e:ba:33:7f:13:96:04:1f:fd:
                    7e:10:d6:5b:9d:27:64:b5:d0:36:c3:cb:58:49:29:
                    fd:e6:12:d0:13:66:e1:13:f3:73:c8:d5:91:64:08:
                    3a:33:5b:d7:2d:9d:9d:90:7c:26:d2:e8:80:52:9d:
                    7d:ff:cf:1d:b3:68:46:62:fc:90:75:c2:53:e1:38:
                    a3:d9:26:67:8b:56:fa:23:2a:03:37:51:87:ac:85:
                    64:d2:b0:3c:71:3e:45:7f:91:72:3d:0f:71:7e:e2:
                    17:9c:00:93:04:da:f6:bf:c9:9b:8e:92:fc:b3:25:
                    e5:0f:03:d5:be:3c:a4:39:23:36:57:31:55:14:3a:
                    92:92:26:cc:1b:60:fc:37:0b:a7:48:ed:88:f4:c2:
                    4e:8d:c6:c0:e7:fa:60:30:5f:fd:2e:78:e1:46:55:
                    4f:4c:78:6a:e6:c4:15:67:4e:5c:ce:0a:96:dc:9f:
                    7e:f7:7a:68:74:29:7e:5c:9d:ed:2b:fd:2d:ce:57:
                    66:c7:d3:07:e3:59:a4:12:66:22:1a:e2:11:93:de:
                    87:87:f1:83:bf:ea:41:50:a9:39:cd:fa:07:38:76:
                    0e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D8:D6:41:F5:20:B5:4E:08:66:96:F3:E4:D4:64:EA:48:10:99:0A
            X509v3 Authority Key Identifier:
                keyid:9B:51:93:D8:43:AF:19:3E:24:87:56:86:67:3C:95:89:6E:AE:34:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m1GT2EOvGT4kh1aGZzyViW6uNJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/b5e940-6511-4805-8d0c-000ead39765a/1/LtjWQfUgtU4IZpbz5NRk6kgQmQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/b5e940-6511-4805-8d0c-000ead39765a/1/m1GT2EOvGT4kh1aGZzyViW6uNJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:22:9b:bb:a5:66:85:8a:b4:78:85:f0:42:fa:b1:8c:d2:05:
         75:b3:32:69:8c:5f:35:4f:19:1d:27:ea:7f:63:84:46:d9:37:
         aa:21:e2:8a:5e:f3:3a:47:7c:f5:41:df:bf:af:38:82:f1:2a:
         a0:6f:6e:02:af:ae:90:58:81:15:a0:9d:86:51:63:b8:7d:36:
         3b:a7:5b:54:61:a8:63:e8:41:8f:95:a1:d8:c5:d8:f3:de:31:
         09:fa:2f:8a:cd:c2:b3:fc:a2:4d:92:54:e4:60:1d:4e:1a:bd:
         4e:af:26:15:46:48:09:9f:f6:c9:99:80:66:e9:b7:1f:a8:dc:
         ff:95:2a:d5:f4:85:c8:a4:74:2a:f8:74:37:30:71:7a:67:70:
         cf:db:ca:52:3f:6d:6c:8f:50:b1:6f:b1:2e:6f:54:64:27:89:
         43:e4:3e:eb:68:41:ac:83:a4:1e:c3:7f:f1:79:ec:57:7d:fd:
         b0:6e:f1:b2:1a:f8:7b:7e:c1:92:15:81:a7:1f:46:43:1b:7f:
         c6:9a:48:bd:a5:ff:aa:78:e6:94:e2:30:81:fd:25:11:7f:7c:
         d4:06:c9:44:48:2d:8f:ae:b5:2f:1d:da:a2:72:8c:93:9c:64:
         7c:cc:e0:ba:81:4c:7b:01:96:02:57:a6:56:d7:14:8b:5a:5d:
         6b:3b:3c:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAVMIv33SSFZVFfZf4Q7dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNTE5M2Q4NDNhZjE5M2UyNDg3NTY4NjY3M2M5NTg5NmVh
ZTM0OTcwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQ4ZDY0MWY1MjBiNTRlMDg2Njk2ZjNlNGQ0NjRlYTQ4MTA5OTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhc6F1bbCi8sse4HBbms1+/JQuJ9g
TjBk4bLtvZem2T90qnAOujN/E5YEH/1+ENZbnSdktdA2w8tYSSn95hLQE2bhE/Nz
yNWRZAg6M1vXLZ2dkHwm0uiAUp19/88ds2hGYvyQdcJT4Tij2SZni1b6IyoDN1GH
rIVk0rA8cT5Ff5FyPQ9xfuIXnACTBNr2v8mbjpL8syXlDwPVvjykOSM2VzFVFDqS
kibMG2D8NwunSO2I9MJOjcbA5/pgMF/9LnjhRlVPTHhq5sQVZ05czgqW3J9+93po
dCl+XJ3tK/0tzldmx9MH41mkEmYiGuIRk96Hh/GDv+pBUKk5zfoHOHYOEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7Y1kH1ILVOCGaW8+TUZOpIEJkKMB8GA1UdIwQY
MBaAFJtRk9hDrxk+JIdWhmc8lYlurjSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTFHVDJFT3ZHVDRraDFhR1p6eVZpVzZ1TkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9iNWU5NDAtNjUxMS00ODA1LThkMGMt
MDAwZWFkMzk3NjVhLzEvTHRqV1FmVWd0VTRJWnBiejVOUms2a2dRbVFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9iNWU5NDAtNjUxMS00ODA1LThkMGMtMDAwZWFkMzk3NjVh
LzEvbTFHVDJFT3ZHVDRraDFhR1p6eVZpVzZ1TkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWg9MA0G
CSqGSIb3DQEBCwUAA4IBAQAdIpu7pWaFirR4hfBC+rGM0gV1szJpjF81TxkdJ+p/
Y4RG2TeqIeKKXvM6R3z1Qd+/rziC8Sqgb24Cr66QWIEVoJ2GUWO4fTY7p1tUYahj
6EGPlaHYxdjz3jEJ+i+KzcKz/KJNklTkYB1OGr1OryYVRkgJn/bJmYBm6bcfqNz/
lSrV9IXIpHQq+HQ3MHF6Z3DP28pSP21sj1Cxb7Eub1RkJ4lD5D7raEGsg6Qew3/x
eexXff2wbvGyGvh7fsGSFYGnH0ZDG3/Gmki9pf+qeOaU4jCB/SURf3zUBslESC2P
rrUvHdqicoyTnGR8zOC6gUx7AZYCV6ZW1xSLWl1rOzw7
-----END CERTIFICATE-----