Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/li1hnnMI_R3TUdz-aLT-Za_FJHE.roa
File:                     li1hnnMI_R3TUdz-aLT-Za_FJHE.roa (raw, json)
Hash identifier:          +0BEWKQVz5IoRC9F3TA4PWL4F+N6nEVjDJrOqkMMQik=
Subject key identifier:   96:2D:61:9E:73:08:FD:1D:D3:51:DC:FE:68:B4:FE:65:AF:C5:24:71
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0190C6A276E9A43DBCC271BD5AC6065E90E6
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/li1hnnMI_R3TUdz-aLT-Za_FJHE.roa
Signing time:             Thu 18 Jul 2024 16:17:34 +0000
ROA not before:           Thu 18 Jul 2024 16:17:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152179
IP address blocks:        194.124.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c6:a2:76:e9:a4:3d:bc:c2:71:bd:5a:c6:06:5e:90:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jul 18 16:17:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=962d619e7308fd1dd351dcfe68b4fe65afc52471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:1e:73:fb:87:6e:cb:53:fd:89:db:a6:11:52:
                    1f:08:d8:2b:8e:8e:e9:be:a2:88:83:5d:95:18:20:
                    f3:9b:fc:8c:d0:a7:bb:12:a1:f9:00:12:9b:71:29:
                    74:7d:4e:04:b3:d4:e1:12:0a:d5:66:87:7c:08:cb:
                    2f:39:44:0d:6e:bc:ce:06:dd:aa:1d:8a:6b:fd:e7:
                    60:5f:54:58:4a:38:ba:f4:bf:a7:47:b8:53:b3:f2:
                    41:91:39:28:01:67:e4:bd:3f:5e:b4:95:bd:58:9a:
                    f6:10:1d:63:cf:79:0c:8b:bb:7f:b5:46:84:90:7b:
                    1a:b7:86:b9:e5:62:e7:45:5f:9c:d5:89:6e:cb:89:
                    c4:05:b9:94:b9:94:1e:41:49:9b:b3:f3:80:fd:ca:
                    ff:96:9c:e2:36:59:d3:43:28:7a:34:5d:20:ea:22:
                    43:33:46:5c:47:e2:95:d9:94:e6:8e:e4:7e:b4:35:
                    3a:e2:e8:6e:8a:76:48:8d:70:a7:10:6a:e1:6a:55:
                    3a:14:5e:51:12:0d:2c:c4:b0:ee:49:5b:7e:40:0f:
                    67:f9:28:59:e0:c2:ac:df:35:d2:ca:52:95:81:ff:
                    17:ab:73:a8:93:f8:c2:2b:74:af:e8:dd:9a:fa:11:
                    22:d7:f0:c3:bb:89:46:3d:8e:3a:37:f9:00:23:2c:
                    2a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:2D:61:9E:73:08:FD:1D:D3:51:DC:FE:68:B4:FE:65:AF:C5:24:71
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/li1hnnMI_R3TUdz-aLT-Za_FJHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:f0:ca:ff:ee:ff:d3:2f:fb:3f:22:ad:7e:d5:0f:bb:83:29:
         1f:3b:ad:10:2b:d0:f0:ae:d0:29:fc:02:2f:7e:d9:de:d6:27:
         52:0f:44:a7:7c:b6:d0:cb:56:1b:24:0b:11:e3:e5:98:f5:55:
         42:6e:cb:89:48:e9:5e:f9:bd:fb:60:b0:75:a5:f7:b4:09:27:
         04:ce:d7:af:24:ec:8c:4e:b5:95:3b:c5:58:49:7a:05:61:ce:
         74:3f:0f:d0:23:9c:a7:6c:c2:17:03:ed:63:87:06:a4:98:63:
         aa:52:97:da:b2:ba:75:80:2a:79:e0:5a:82:9b:3c:40:67:90:
         01:c1:17:9a:91:14:73:dd:4c:68:22:67:0f:49:f6:fa:d0:44:
         3c:b5:95:38:46:10:c0:c5:fe:cd:5b:3d:b2:7a:90:fc:bf:76:
         d3:3e:05:5e:1f:d0:5e:90:90:63:b2:6f:c7:79:82:1c:0c:f4:
         e9:57:48:89:ee:6b:ae:7d:37:ff:d8:df:30:bf:91:6c:11:4a:
         07:c9:6e:ab:2f:03:21:55:31:84:59:9f:e6:66:91:81:17:2d:
         f8:aa:36:3e:65:08:b0:03:f0:17:f1:00:b5:7f:3d:62:2f:dd:
         34:7d:a7:2e:53:ac:1c:5b:50:52:f1:8a:eb:68:e1:98:d3:8b:
         20:52:4e:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDGonbppD28wnG9WsYGXpDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNzE4MTYxNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjJkNjE5ZTczMDhmZDFkZDM1MWRjZmU2OGI0ZmU2NWFmYzUyNDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtx5z+4duy1P9idumEVIfCNgrjo7p
vqKIg12VGCDzm/yM0Ke7EqH5ABKbcSl0fU4Es9ThEgrVZod8CMsvOUQNbrzOBt2q
HYpr/edgX1RYSji69L+nR7hTs/JBkTkoAWfkvT9etJW9WJr2EB1jz3kMi7t/tUaE
kHsat4a55WLnRV+c1Yluy4nEBbmUuZQeQUmbs/OA/cr/lpziNlnTQyh6NF0g6iJD
M0ZcR+KV2ZTmjuR+tDU64uhuinZIjXCnEGrhalU6FF5REg0sxLDuSVt+QA9n+ShZ
4MKs3zXSylKVgf8Xq3Ook/jCK3Sv6N2a+hEi1/DDu4lGPY46N/kAIywqKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYtYZ5zCP0d01Hc/mi0/mWvxSRxMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvbGkxaG5uTUlfUjNUVWR6LWFMVC1aYV9GSkhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnxFMA0G
CSqGSIb3DQEBCwUAA4IBAQBv8Mr/7v/TL/s/Iq1+1Q+7gykfO60QK9DwrtAp/AIv
ftne1idSD0SnfLbQy1YbJAsR4+WY9VVCbsuJSOle+b37YLB1pfe0CScEztevJOyM
TrWVO8VYSXoFYc50Pw/QI5ynbMIXA+1jhwakmGOqUpfasrp1gCp54FqCmzxAZ5AB
wReakRRz3UxoImcPSfb60EQ8tZU4RhDAxf7NWz2yepD8v3bTPgVeH9BekJBjsm/H
eYIcDPTpV0iJ7muufTf/2N8wv5FsEUoHyW6rLwMhVTGEWZ/mZpGBFy34qjY+ZQiw
A/AX8QC1fz1iL900facuU6wcW1BS8YrraOGY04sgUk4d
-----END CERTIFICATE-----