Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/lZqe5XA_dnTRRCXrpa_IbbGalE8.roa
File:                     lZqe5XA_dnTRRCXrpa_IbbGalE8.roa (raw, json)
Hash identifier:          JjmEWi4EASeEY1luQr7sUn0IZ7opQFJcCrrHgAi5DYw=
Subject key identifier:   95:9A:9E:E5:70:3F:76:74:D1:44:25:EB:A5:AF:C8:6D:B1:9A:94:4F
Certificate issuer:       /CN=6832c32d2259013991260d530d9120031aaefcd0
Certificate serial:       018CC348F006F3F8519E04D79D2E9F2FA7D8
Authority key identifier: 68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/lZqe5XA_dnTRRCXrpa_IbbGalE8.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        145.46.161.0/24 maxlen: 24
                          145.46.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f0:06:f3:f8:51:9e:04:d7:9d:2e:9f:2f:a7:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6832c32d2259013991260d530d9120031aaefcd0
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=959a9ee5703f7674d14425eba5afc86db19a944f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b0:eb:26:ec:62:fe:29:d6:2a:09:9a:d7:57:
                    5d:c2:65:3a:42:e9:1c:78:f9:aa:4e:ac:87:45:53:
                    85:93:c9:0a:2b:d2:2d:3d:eb:f1:fe:52:99:2e:8a:
                    e2:fe:0a:b5:8d:b5:96:27:14:7c:01:2c:7a:8a:92:
                    11:c7:6d:16:e8:57:62:9b:b8:80:1c:2d:ce:88:0a:
                    cd:e2:92:79:54:3e:71:7f:af:e3:bc:b0:da:83:07:
                    f8:1a:92:2c:e8:af:2e:e6:5f:e1:bc:39:19:45:51:
                    dc:11:f5:63:66:4e:68:f1:cd:eb:38:5a:7b:ce:32:
                    df:32:be:f3:2e:b3:0f:42:ca:6c:1a:8d:9b:05:61:
                    1e:0e:30:c1:96:42:a3:f4:07:59:77:9f:91:3d:45:
                    ab:ff:c7:7b:5f:ed:93:a9:3b:ef:13:31:b1:bb:9d:
                    8b:ae:36:c8:e8:3a:1f:56:86:87:99:bf:8c:14:38:
                    45:f4:53:a0:e0:f5:d1:cd:eb:fd:a8:52:af:db:a8:
                    94:c9:98:09:d3:2e:0e:aa:d6:b5:45:21:2c:a4:a8:
                    a0:e6:17:ed:a5:84:7e:cf:07:e5:60:8b:96:99:a2:
                    4b:fd:26:49:5f:63:aa:5a:90:54:4f:c9:ee:1d:df:
                    f4:74:fe:dc:aa:57:8b:7d:46:4b:d4:64:1b:74:c0:
                    d1:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:9A:9E:E5:70:3F:76:74:D1:44:25:EB:A5:AF:C8:6D:B1:9A:94:4F
            X509v3 Authority Key Identifier:
                keyid:68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/lZqe5XA_dnTRRCXrpa_IbbGalE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.46.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ac:95:b6:c0:38:08:0e:90:c2:24:01:e3:8b:41:cb:62:45:97:
         76:cf:8c:c1:45:b4:93:93:ec:be:05:a2:f0:bc:0e:b7:cc:55:
         3a:a7:42:6d:a8:e7:2e:2a:04:68:34:e0:e0:93:f3:7c:26:44:
         ee:8f:e1:65:b1:3c:8e:85:9d:2f:0d:6d:67:09:65:65:61:e0:
         cd:fe:8a:4d:ee:ba:b7:29:48:52:24:0d:bf:dd:da:31:f8:c5:
         f3:9c:f7:7b:f9:53:c1:1c:66:71:3c:c1:0c:37:57:b5:b4:91:
         65:a8:0c:7f:6e:f4:f8:eb:e9:0a:73:49:90:77:ea:be:e0:0e:
         3f:96:35:d9:03:53:13:dc:f6:bc:45:c5:59:d3:8c:e8:0c:5c:
         d6:e6:d4:48:2d:8f:bd:e4:85:67:8d:37:ce:56:17:eb:a1:ea:
         f4:d0:6a:69:92:46:19:ce:68:69:7e:27:51:09:71:af:23:d6:
         a7:e6:93:23:89:36:e1:ff:06:74:ac:aa:d7:e8:b4:48:57:49:
         84:39:6a:66:51:69:89:bb:7b:7c:4c:00:86:5c:95:e4:40:b9:
         d7:52:3a:dd:c0:83:35:6e:58:9d:7c:01:5e:19:d9:df:87:72:
         b3:0c:f2:8c:27:36:13:1f:ca:d3:7c:92:ee:57:60:7a:12:51:
         6b:a8:f2:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPAG8/hRngTXnS6fL6fYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MzJjMzJkMjI1OTAxMzk5MTI2MGQ1MzBkOTEyMDAzMWFh
ZWZjZDAwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTlhOWVlNTcwM2Y3Njc0ZDE0NDI1ZWJhNWFmYzg2ZGIxOWE5NDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLDrJuxi/inWKgma11ddwmU6Qukc
ePmqTqyHRVOFk8kKK9ItPevx/lKZLori/gq1jbWWJxR8ASx6ipIRx20W6Fdim7iA
HC3OiArN4pJ5VD5xf6/jvLDagwf4GpIs6K8u5l/hvDkZRVHcEfVjZk5o8c3rOFp7
zjLfMr7zLrMPQspsGo2bBWEeDjDBlkKj9AdZd5+RPUWr/8d7X+2TqTvvEzGxu52L
rjbI6DofVoaHmb+MFDhF9FOg4PXRzev9qFKv26iUyZgJ0y4Oqta1RSEspKig5hft
pYR+zwflYIuWmaJL/SZJX2OqWpBUT8nuHd/0dP7cqleLfUZL1GQbdMDRgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWanuVwP3Z00UQl66WvyG2xmpRPMB8GA1UdIwQY
MBaAFGgywy0iWQE5kSYNUw2RIAMarvzQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYt
NzcwZjhlYWIyYWU3LzEvbFpxZTVYQV9kblRSUkNYcnBhX0liYkdhbEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYtNzcwZjhlYWIyYWU3
LzEvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkS6gMA0G
CSqGSIb3DQEBCwUAA4IBAQCslbbAOAgOkMIkAeOLQctiRZd2z4zBRbSTk+y+BaLw
vA63zFU6p0JtqOcuKgRoNODgk/N8JkTuj+FlsTyOhZ0vDW1nCWVlYeDN/opN7rq3
KUhSJA2/3dox+MXznPd7+VPBHGZxPMEMN1e1tJFlqAx/bvT46+kKc0mQd+q+4A4/
ljXZA1MT3Pa8RcVZ04zoDFzW5tRILY+95IVnjTfOVhfroer00GppkkYZzmhpfidR
CXGvI9an5pMjiTbh/wZ0rKrX6LRIV0mEOWpmUWmJu3t8TACGXJXkQLnXUjrdwIM1
blidfAFeGdnfh3KzDPKMJzYTH8rTfJLuV2B6ElFrqPKv
-----END CERTIFICATE-----