Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/LfvParklu0gxciTOgFZh-BpaZYE.roa
File:                     LfvParklu0gxciTOgFZh-BpaZYE.roa (raw, json)
Hash identifier:          fxMbCosgtYcMMEyUONm7A6ez+akqjsDq1R4iKueGkms=
Subject key identifier:   2D:FB:CF:6A:B9:25:BB:48:31:72:24:CE:80:56:61:F8:1A:5A:65:81
Certificate issuer:       /CN=a5cce7916c7afa649532a7b829a459d6ee5e36bc
Certificate serial:       019422FC34D9B51D88EAD9CF67C45309DF1E
Authority key identifier: A5:CC:E7:91:6C:7A:FA:64:95:32:A7:B8:29:A4:59:D6:EE:5E:36:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcznkWx6-mSVMqe4KaRZ1u5eNrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/LfvParklu0gxciTOgFZh-BpaZYE.roa
Signing time:             Wed 01 Jan 2025 17:49:01 +0000
ROA not before:           Wed 01 Jan 2025 17:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208810
IP address blocks:        91.216.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/pcznkWx6-mSVMqe4KaRZ1u5eNrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/pcznkWx6-mSVMqe4KaRZ1u5eNrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcznkWx6-mSVMqe4KaRZ1u5eNrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:34:d9:b5:1d:88:ea:d9:cf:67:c4:53:09:df:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5cce7916c7afa649532a7b829a459d6ee5e36bc
        Validity
            Not Before: Jan  1 17:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2dfbcf6ab925bb48317224ce805661f81a5a6581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ea:22:64:9d:8f:7d:3f:c1:ec:21:c4:0f:1f:
                    e7:57:e2:a0:37:b4:f2:46:84:7e:2b:d8:3c:89:b9:
                    a5:36:fe:81:55:d1:d2:ca:16:13:c3:72:84:7a:4b:
                    c8:13:79:86:89:30:c7:8d:18:b9:1c:29:46:fc:ae:
                    dc:70:3a:3c:13:df:ea:68:6c:7e:e4:13:84:48:31:
                    f1:5e:00:84:2f:bb:f6:e2:af:57:0f:71:77:d7:10:
                    21:fa:62:47:bf:2a:48:4d:b0:fb:0c:6e:89:0e:4c:
                    14:3e:4b:99:28:9e:ab:07:04:8a:7c:ac:4f:46:91:
                    98:f1:0f:4d:a1:48:88:ce:7f:87:c5:e2:ee:57:39:
                    46:6b:d1:23:e2:f7:1c:59:ea:0d:e3:30:a4:23:bf:
                    46:a2:d1:63:26:ee:93:83:44:67:20:ca:aa:6d:7e:
                    2b:54:f6:e4:68:fd:46:18:fd:d9:47:8a:c3:da:81:
                    71:7c:ad:fe:7b:9d:77:62:05:43:a6:b7:5d:59:d1:
                    67:b9:62:c0:12:b9:1d:68:50:a2:cb:86:b9:64:7f:
                    f2:f2:31:4a:e6:73:da:60:cd:56:51:10:a1:ed:ab:
                    f6:af:2d:d6:26:c7:7d:f8:e6:eb:4c:f7:51:f1:66:
                    e6:67:23:e0:5c:21:84:61:f3:7f:66:fd:0a:5e:f2:
                    c0:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:FB:CF:6A:B9:25:BB:48:31:72:24:CE:80:56:61:F8:1A:5A:65:81
            X509v3 Authority Key Identifier:
                keyid:A5:CC:E7:91:6C:7A:FA:64:95:32:A7:B8:29:A4:59:D6:EE:5E:36:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcznkWx6-mSVMqe4KaRZ1u5eNrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/LfvParklu0gxciTOgFZh-BpaZYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/cf0072-10d7-4759-80f6-4296937c9d94/1/pcznkWx6-mSVMqe4KaRZ1u5eNrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:50:00:a3:45:76:02:f4:82:9e:44:75:43:e6:f4:c6:e2:62:
         e2:9a:70:7c:c7:3e:8e:36:e1:88:8b:99:27:ae:b6:04:0b:5d:
         9c:4e:26:bf:5c:fe:5b:08:31:fc:8c:71:c3:e5:05:8c:b3:a7:
         ec:94:29:64:7b:5f:72:d9:c5:3b:e7:d8:93:07:2e:40:19:64:
         a7:ff:48:a8:4d:fc:87:91:4c:8a:d9:a1:f0:9b:06:49:57:4a:
         49:25:df:e9:93:5f:51:30:36:74:1b:ae:da:15:d4:ab:f5:19:
         60:44:48:5b:5f:d7:cf:e3:f8:1e:07:3c:c9:93:db:c4:e5:b8:
         24:ec:6d:fd:56:8d:1f:4e:5c:3d:16:c0:54:65:30:64:de:51:
         f5:66:9e:3b:9c:59:88:c2:66:8b:a7:25:cd:6d:f1:b7:da:41:
         ff:4f:18:ca:b7:78:68:5a:cf:24:18:8a:24:03:11:2c:c9:5d:
         00:9a:ed:2e:f6:25:fc:55:b6:e4:a9:b4:31:5f:d7:7b:e4:08:
         37:9d:9d:2f:69:7d:5c:96:0e:35:04:88:0f:0f:0c:21:4c:fe:
         19:90:64:f1:67:31:de:42:d9:f2:9a:fa:47:e0:4f:37:98:d8:
         5c:b3:80:47:7e:11:0f:24:fb:e5:76:02:8d:22:f8:b9:a5:55:
         aa:4c:54:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/DTZtR2I6tnPZ8RTCd8eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1Y2NlNzkxNmM3YWZhNjQ5NTMyYTdiODI5YTQ1OWQ2ZWU1
ZTM2YmMwHhcNMjUwMTAxMTc0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGZiY2Y2YWI5MjViYjQ4MzE3MjI0Y2U4MDU2NjFmODFhNWE2NTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveoiZJ2PfT/B7CHEDx/nV+KgN7Ty
RoR+K9g8ibmlNv6BVdHSyhYTw3KEekvIE3mGiTDHjRi5HClG/K7ccDo8E9/qaGx+
5BOESDHxXgCEL7v24q9XD3F31xAh+mJHvypITbD7DG6JDkwUPkuZKJ6rBwSKfKxP
RpGY8Q9NoUiIzn+HxeLuVzlGa9Ej4vccWeoN4zCkI79GotFjJu6Tg0RnIMqqbX4r
VPbkaP1GGP3ZR4rD2oFxfK3+e513YgVDprddWdFnuWLAErkdaFCiy4a5ZH/y8jFK
5nPaYM1WURCh7av2ry3WJsd9+ObrTPdR8WbmZyPgXCGEYfN/Zv0KXvLAnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC37z2q5JbtIMXIkzoBWYfgaWmWBMB8GA1UdIwQY
MBaAFKXM55FsevpklTKnuCmkWdbuXja8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGN6bmtXeDYtbVNWTXFlNEthUloxdTVlTnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jZjAwNzItMTBkNy00NzU5LTgwZjYt
NDI5NjkzN2M5ZDk0LzEvTGZ2UGFya2x1MGd4Y2lUT2dGWmgtQnBhWllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jZjAwNzItMTBkNy00NzU5LTgwZjYtNDI5NjkzN2M5ZDk0
LzEvcGN6bmtXeDYtbVNWTXFlNEthUloxdTVlTnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9j6MA0G
CSqGSIb3DQEBCwUAA4IBAQDLUACjRXYC9IKeRHVD5vTG4mLimnB8xz6ONuGIi5kn
rrYEC12cTia/XP5bCDH8jHHD5QWMs6fslClke19y2cU759iTBy5AGWSn/0ioTfyH
kUyK2aHwmwZJV0pJJd/pk19RMDZ0G67aFdSr9RlgREhbX9fP4/geBzzJk9vE5bgk
7G39Vo0fTlw9FsBUZTBk3lH1Zp47nFmIwmaLpyXNbfG32kH/TxjKt3hoWs8kGIok
AxEsyV0Amu0u9iX8VbbkqbQxX9d75Ag3nZ0vaX1clg41BIgPDwwhTP4ZkGTxZzHe
QtnymvpH4E83mNhcs4BHfhEPJPvldgKNIvi5pVWqTFRy
-----END CERTIFICATE-----