Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/1b0289-31ff-431f-9489-9a8d2bf00320/1/lZgAX56xJ7ESX3QysCob7DlKdko.roa
File:                     lZgAX56xJ7ESX3QysCob7DlKdko.roa (raw, json)
Hash identifier:          FGGMS/DJNqyABUbmVKY16yqMN6Twq7HR/c03KKr4hec=
Subject key identifier:   95:98:00:5F:9E:B1:27:B1:12:5F:74:32:B0:2A:1B:EC:39:4A:76:4A
Certificate issuer:       /CN=6aca71f2d9fe2b49c6762f3d9a0e8bf332dfded1
Certificate serial:       018CC4936C39B7F91E04A56B4183A8687373
Authority key identifier: 6A:CA:71:F2:D9:FE:2B:49:C6:76:2F:3D:9A:0E:8B:F3:32:DF:DE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aspx8tn-K0nGdi89mg6L8zLf3tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/1b0289-31ff-431f-9489-9a8d2bf00320/1/lZgAX56xJ7ESX3QysCob7DlKdko.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31276
IP address blocks:        45.91.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/1b0289-31ff-431f-9489-9a8d2bf00320/1/aspx8tn-K0nGdi89mg6L8zLf3tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/1b0289-31ff-431f-9489-9a8d2bf00320/1/aspx8tn-K0nGdi89mg6L8zLf3tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aspx8tn-K0nGdi89mg6L8zLf3tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6c:39:b7:f9:1e:04:a5:6b:41:83:a8:68:73:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aca71f2d9fe2b49c6762f3d9a0e8bf332dfded1
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9598005f9eb127b1125f7432b02a1bec394a764a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:83:43:7b:4f:89:9c:a6:01:c8:94:8f:82:65:
                    cd:e1:03:c0:73:91:fa:8e:cb:b7:b4:32:ff:4a:80:
                    49:48:79:8b:f6:df:30:72:5f:c2:5c:23:f5:16:eb:
                    d4:4c:de:08:36:92:e8:c4:60:60:4b:0a:34:68:ec:
                    5e:ce:20:fe:f0:79:f9:2c:e0:17:44:b9:f5:97:61:
                    b2:cc:f7:05:82:c7:d5:fe:4d:8a:05:61:e2:8a:01:
                    64:0a:e0:4a:c9:e3:09:c7:c2:4b:f3:b3:85:dd:9b:
                    2b:fe:0f:6b:f4:52:4d:f9:bb:2d:97:82:2d:1b:47:
                    16:09:03:71:9a:65:6c:af:28:1b:57:85:13:78:64:
                    ba:2b:4a:4b:24:b1:13:80:b8:45:c5:af:82:13:1c:
                    fb:6c:21:ba:91:7e:20:a5:c4:93:7b:ee:6b:04:ff:
                    77:69:be:1c:e0:9b:64:9b:dd:0e:8c:0b:be:98:26:
                    6d:c3:e2:fb:3e:73:33:09:4e:11:f0:7a:02:09:5d:
                    86:cf:e4:83:a1:21:cc:2c:6d:50:50:34:59:9f:5c:
                    03:4c:cd:75:31:ab:74:0c:f1:47:fa:76:92:61:7c:
                    d3:d9:2c:61:a1:18:b8:9a:84:fb:79:a0:42:40:42:
                    bf:1a:dd:ca:a9:cb:67:d2:2e:51:d6:5a:6d:c4:bb:
                    3d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:98:00:5F:9E:B1:27:B1:12:5F:74:32:B0:2A:1B:EC:39:4A:76:4A
            X509v3 Authority Key Identifier:
                keyid:6A:CA:71:F2:D9:FE:2B:49:C6:76:2F:3D:9A:0E:8B:F3:32:DF:DE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aspx8tn-K0nGdi89mg6L8zLf3tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/1b0289-31ff-431f-9489-9a8d2bf00320/1/lZgAX56xJ7ESX3QysCob7DlKdko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/1b0289-31ff-431f-9489-9a8d2bf00320/1/aspx8tn-K0nGdi89mg6L8zLf3tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:03:8a:88:96:52:b9:00:e2:6e:92:0c:cd:15:0e:0e:c9:70:
         21:02:c4:9f:4a:4c:cb:e1:07:9e:03:c9:7e:42:3b:7a:7c:e6:
         ad:a0:af:1e:4f:fe:a7:65:5e:ef:4a:43:82:aa:b3:6c:b3:06:
         eb:81:0b:46:7e:c1:06:2e:3f:6b:aa:d3:02:ac:a9:c4:07:aa:
         7f:51:0b:ab:1c:f7:34:b0:a3:5c:79:4d:73:84:c3:48:ad:ec:
         5f:5b:5b:4f:b4:f1:11:7e:ab:9b:e5:b2:9d:59:d5:eb:30:a6:
         ac:4c:f9:9d:a3:e9:5b:14:a6:5b:80:4f:fc:0a:4b:e6:1e:40:
         86:4b:90:70:05:26:0c:4b:0a:4e:d7:8c:5a:5d:a3:d3:7f:c4:
         8c:9d:de:c6:08:a6:9c:42:22:b9:40:46:70:4e:37:05:ec:4e:
         c2:8d:01:e1:c7:6e:01:7b:8f:6a:3f:38:3e:b1:0b:9e:76:a4:
         21:ab:07:e6:c0:68:46:62:c2:13:09:9b:de:07:fa:6e:3f:5a:
         12:48:9d:e4:20:53:84:8b:ee:84:ec:99:aa:aa:81:54:99:2b:
         52:22:52:32:d4:b6:61:b9:46:22:c4:bd:17:2d:04:58:53:42:
         8c:d4:b1:9f:eb:1a:9e:6b:1e:53:c5:8a:70:4e:5e:03:97:ca:
         f8:3d:03:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2w5t/keBKVrQYOoaHNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhY2E3MWYyZDlmZTJiNDljNjc2MmYzZDlhMGU4YmYzMzJk
ZmRlZDEwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTk4MDA1ZjllYjEyN2IxMTI1Zjc0MzJiMDJhMWJlYzM5NGE3NjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYNDe0+JnKYByJSPgmXN4QPAc5H6
jsu3tDL/SoBJSHmL9t8wcl/CXCP1FuvUTN4INpLoxGBgSwo0aOxeziD+8Hn5LOAX
RLn1l2GyzPcFgsfV/k2KBWHiigFkCuBKyeMJx8JL87OF3Zsr/g9r9FJN+bstl4It
G0cWCQNxmmVsrygbV4UTeGS6K0pLJLETgLhFxa+CExz7bCG6kX4gpcSTe+5rBP93
ab4c4Jtkm90OjAu+mCZtw+L7PnMzCU4R8HoCCV2Gz+SDoSHMLG1QUDRZn1wDTM11
Mat0DPFH+naSYXzT2SxhoRi4moT7eaBCQEK/Gt3Kqctn0i5R1lptxLs9dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWYAF+esSexEl90MrAqG+w5SnZKMB8GA1UdIwQY
MBaAFGrKcfLZ/itJxnYvPZoOi/My397RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXNweDh0bi1LMG5HZGk4OW1nNkw4ekxmM3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8xYjAyODktMzFmZi00MzFmLTk0ODkt
OWE4ZDJiZjAwMzIwLzEvbFpnQVg1NnhKN0VTWDNReXNDb2I3RGxLZGtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8xYjAyODktMzFmZi00MzFmLTk0ODktOWE4ZDJiZjAwMzIw
LzEvYXNweDh0bi1LMG5HZGk4OW1nNkw4ekxmM3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVvUMA0G
CSqGSIb3DQEBCwUAA4IBAQA9A4qIllK5AOJukgzNFQ4OyXAhAsSfSkzL4QeeA8l+
Qjt6fOatoK8eT/6nZV7vSkOCqrNsswbrgQtGfsEGLj9rqtMCrKnEB6p/UQurHPc0
sKNceU1zhMNIrexfW1tPtPERfqub5bKdWdXrMKasTPmdo+lbFKZbgE/8CkvmHkCG
S5BwBSYMSwpO14xaXaPTf8SMnd7GCKacQiK5QEZwTjcF7E7CjQHhx24Be49qPzg+
sQuedqQhqwfmwGhGYsITCZveB/puP1oSSJ3kIFOEi+6E7JmqqoFUmStSIlIy1LZh
uUYixL0XLQRYU0KM1LGf6xqeax5TxYpwTl4Dl8r4PQOA
-----END CERTIFICATE-----