Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/lRKO1_-GDSpvUMMPeWX_MaC3FWU.roa
File:                     lRKO1_-GDSpvUMMPeWX_MaC3FWU.roa (raw, json)
Hash identifier:          Oza4aef/HMo2FnfFsyroXgchMp4RCUO0vLYi9F7omMQ=
Subject key identifier:   95:12:8E:D7:FF:86:0D:2A:6F:50:C3:0F:79:65:FF:31:A0:B7:15:65
Certificate issuer:       /CN=517a0c96842bafc9f630ba14b83ea79bd12a53b9
Certificate serial:       018DAF2AEA7FF3B5D3A0A66714D8BE9A782A
Authority key identifier: 51:7A:0C:96:84:2B:AF:C9:F6:30:BA:14:B8:3E:A7:9B:D1:2A:53:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/lRKO1_-GDSpvUMMPeWX_MaC3FWU.roa
Signing time:             Thu 15 Feb 2024 23:47:21 +0000
ROA not before:           Thu 15 Feb 2024 23:47:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215528
IP address blocks:        2a13:cc82:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:af:2a:ea:7f:f3:b5:d3:a0:a6:67:14:d8:be:9a:78:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=517a0c96842bafc9f630ba14b83ea79bd12a53b9
        Validity
            Not Before: Feb 15 23:47:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95128ed7ff860d2a6f50c30f7965ff31a0b71565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c7:28:36:2f:0f:bc:30:f3:da:b4:c5:4f:42:
                    13:a0:b1:1c:50:b9:11:04:9c:71:83:3f:41:e4:04:
                    05:03:c6:e4:d0:8f:d8:46:24:a8:51:00:41:84:fc:
                    41:8c:72:90:b0:96:41:2c:41:c7:4d:98:57:a6:3a:
                    6e:22:8e:7e:f2:90:eb:71:4b:8d:a3:3f:d6:0c:b7:
                    2c:51:e0:b1:70:15:6b:d4:9a:b9:1f:70:d6:13:78:
                    68:81:68:7e:10:4d:a5:3d:13:30:0f:56:ec:04:6c:
                    d4:62:9e:dc:42:5a:67:23:30:f5:93:68:ef:49:83:
                    84:d1:38:c4:80:96:a5:08:f5:50:26:3f:24:a1:c4:
                    39:91:10:d1:1a:1d:4f:85:17:f7:b8:fd:e0:66:08:
                    e4:7b:f5:94:3f:49:3d:f4:af:0b:30:28:f3:d7:98:
                    57:99:ef:5f:0d:98:3a:c6:6c:cc:05:49:17:1e:bd:
                    3c:66:1d:e0:7c:04:08:06:9c:f7:55:d5:03:3e:a4:
                    69:bf:60:9f:9e:32:1e:32:ad:89:e4:94:90:eb:82:
                    45:44:9a:c8:05:4f:f9:b7:f2:e0:d8:f7:fd:b6:f7:
                    35:c7:c2:a0:66:90:69:0b:76:c5:a8:db:16:d9:23:
                    8a:44:68:54:22:36:a3:a0:67:90:8d:51:4d:74:38:
                    89:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:12:8E:D7:FF:86:0D:2A:6F:50:C3:0F:79:65:FF:31:A0:B7:15:65
            X509v3 Authority Key Identifier:
                keyid:51:7A:0C:96:84:2B:AF:C9:F6:30:BA:14:B8:3E:A7:9B:D1:2A:53:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/lRKO1_-GDSpvUMMPeWX_MaC3FWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:cc82:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:a8:f1:14:92:b6:90:01:1f:c1:15:55:83:2e:28:da:2b:39:
         87:9c:c8:27:ff:ea:66:46:b7:6d:6a:68:37:23:2a:c0:9c:09:
         dc:ca:9c:b1:2a:f8:d8:5c:30:12:3e:90:97:fb:3f:ce:ba:e5:
         41:05:a9:59:68:77:c8:64:30:52:67:3c:64:b5:61:b0:3f:07:
         ae:09:45:85:b2:4b:5d:75:01:64:6b:3e:24:a4:d4:4c:37:62:
         87:54:c5:bc:68:cb:8f:d5:67:70:7b:f9:1f:fd:29:c2:e7:94:
         c4:c1:b1:3a:3f:14:36:ca:db:61:65:eb:ee:5e:12:d4:b3:53:
         29:a7:76:6a:8f:24:10:f9:25:ae:c4:83:fa:dd:dd:93:65:a4:
         fb:76:b3:99:4f:40:75:32:57:7e:2c:91:9a:87:cc:0a:ad:50:
         54:22:88:ad:62:b1:e0:66:ff:77:a0:e7:fd:ea:3d:bd:32:b9:
         b3:a0:ed:b3:26:06:c6:ba:5e:a8:b4:4e:ef:6a:98:d8:21:6f:
         ac:4d:f2:f5:f5:22:37:ba:a6:12:d3:eb:00:1d:e2:9c:3f:15:
         03:9a:c2:68:38:20:35:ce:30:c7:aa:de:74:9f:30:65:82:35:
         3a:6d:80:d1:ac:1d:f4:48:27:68:64:bf:62:c0:5b:d6:e3:e7:
         39:e4:26:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2vKup/87XToKZnFNi+mngqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxN2EwYzk2ODQyYmFmYzlmNjMwYmExNGI4M2VhNzliZDEy
YTUzYjkwHhcNMjQwMjE1MjM0NzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTEyOGVkN2ZmODYwZDJhNmY1MGMzMGY3OTY1ZmYzMWEwYjcxNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8coNi8PvDDz2rTFT0IToLEcULkR
BJxxgz9B5AQFA8bk0I/YRiSoUQBBhPxBjHKQsJZBLEHHTZhXpjpuIo5+8pDrcUuN
oz/WDLcsUeCxcBVr1Jq5H3DWE3hogWh+EE2lPRMwD1bsBGzUYp7cQlpnIzD1k2jv
SYOE0TjEgJalCPVQJj8kocQ5kRDRGh1PhRf3uP3gZgjke/WUP0k99K8LMCjz15hX
me9fDZg6xmzMBUkXHr08Zh3gfAQIBpz3VdUDPqRpv2CfnjIeMq2J5JSQ64JFRJrI
BU/5t/Lg2Pf9tvc1x8KgZpBpC3bFqNsW2SOKRGhUIjajoGeQjVFNdDiJJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJUSjtf/hg0qb1DDD3ll/zGgtxVlMB8GA1UdIwQY
MBaAFFF6DJaEK6/J9jC6FLg+p5vRKlO5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVhvTWxvUXJyOG4yTUxvVXVENm5tOUVxVTdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xNGU0OTItODUyNS00ZWVjLTg0YmMt
YjBlYjY3MTVlMGFmLzEvbFJLTzFfLUdEU3B2VU1NUGVXWF9NYUMzRldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xNGU0OTItODUyNS00ZWVjLTg0YmMtYjBlYjY3MTVlMGFm
LzEvVVhvTWxvUXJyOG4yTUxvVXVENm5tOUVxVTdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPMggAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCHqPEUkraQAR/BFVWDLijaKzmHnMgn/+pmRrdt
amg3IyrAnAncypyxKvjYXDASPpCX+z/OuuVBBalZaHfIZDBSZzxktWGwPweuCUWF
sktddQFkaz4kpNRMN2KHVMW8aMuP1Wdwe/kf/SnC55TEwbE6PxQ2ytthZevuXhLU
s1Mpp3ZqjyQQ+SWuxIP63d2TZaT7drOZT0B1Mld+LJGah8wKrVBUIoitYrHgZv93
oOf96j29MrmzoO2zJgbGul6otE7vapjYIW+sTfL19SI3uqYS0+sAHeKcPxUDmsJo
OCA1zjDHqt50nzBlgjU6bYDRrB30SCdoZL9iwFvW4+c55CaR
-----END CERTIFICATE-----