Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ed7c8a-3952-4401-9dd4-44692dbccb32/1/liPbIzkz79MDLIxDc5Q1z4LPdSM.roa
File:                     liPbIzkz79MDLIxDc5Q1z4LPdSM.roa (raw, json)
Hash identifier:          BiV1dA+mvXWAkFGjfyWJPrCby1Fn3sF4fAf0tp9W+R8=
Subject key identifier:   96:23:DB:23:39:33:EF:D3:03:2C:8C:43:73:94:35:CF:82:CF:75:23
Certificate issuer:       /CN=9a4d76dd2f46068b0871ad4500ac6e577afe469c
Certificate serial:       018DF54EA4E7A662089C1B8BF126F732C060
Authority key identifier: 9A:4D:76:DD:2F:46:06:8B:08:71:AD:45:00:AC:6E:57:7A:FE:46:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mk123S9GBosIca1FAKxuV3r-Rpw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ed7c8a-3952-4401-9dd4-44692dbccb32/1/liPbIzkz79MDLIxDc5Q1z4LPdSM.roa
Signing time:             Thu 29 Feb 2024 14:39:48 +0000
ROA not before:           Thu 29 Feb 2024 14:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51696
IP address blocks:        93.115.9.0/24 maxlen: 32
                          94.142.134.0/23 maxlen: 32
                          2a0c:1000::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/ed7c8a-3952-4401-9dd4-44692dbccb32/1/mk123S9GBosIca1FAKxuV3r-Rpw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/ed7c8a-3952-4401-9dd4-44692dbccb32/1/mk123S9GBosIca1FAKxuV3r-Rpw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mk123S9GBosIca1FAKxuV3r-Rpw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f5:4e:a4:e7:a6:62:08:9c:1b:8b:f1:26:f7:32:c0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a4d76dd2f46068b0871ad4500ac6e577afe469c
        Validity
            Not Before: Feb 29 14:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9623db233933efd3032c8c43739435cf82cf7523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:85:ce:81:e6:45:0b:1b:4b:9b:e9:c8:4d:d3:
                    6d:b8:5a:08:da:3e:da:c6:c1:fd:44:ea:85:04:45:
                    05:8b:e9:4b:b3:a3:31:45:a7:b0:3b:ab:6c:d1:61:
                    0e:d3:16:e1:f8:da:14:8e:6d:e3:5d:72:db:9b:90:
                    ef:9a:28:50:da:0a:05:b5:df:80:47:f0:6a:34:5a:
                    60:b2:49:b6:b4:03:b8:f0:e6:48:f3:54:3a:2a:3c:
                    f2:45:ce:c0:c7:d7:d4:b2:1e:65:a6:f4:2a:e3:68:
                    98:93:09:39:5c:73:10:ba:f2:de:a1:95:cc:76:9c:
                    ed:94:c3:91:22:7d:29:f6:fb:5e:cc:e8:25:3a:fb:
                    e7:d1:d1:de:b0:06:90:08:43:c8:82:52:b0:d2:62:
                    e9:70:4d:ed:3d:21:2f:cd:74:95:05:fd:76:61:ce:
                    b3:96:00:8c:49:67:9f:4f:3f:84:33:8d:09:2d:bf:
                    42:d8:9f:ce:c7:4a:d4:85:b4:e1:fd:b7:59:52:c7:
                    87:27:72:07:03:33:83:d4:10:15:a4:34:5a:05:43:
                    59:17:14:a6:51:d4:25:5a:73:c3:6d:bf:e2:54:42:
                    07:de:c0:cd:6e:45:78:35:aa:f5:1a:0e:31:60:20:
                    69:4f:24:6e:dd:11:70:68:5c:a8:df:22:de:a4:8a:
                    7f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:23:DB:23:39:33:EF:D3:03:2C:8C:43:73:94:35:CF:82:CF:75:23
            X509v3 Authority Key Identifier:
                keyid:9A:4D:76:DD:2F:46:06:8B:08:71:AD:45:00:AC:6E:57:7A:FE:46:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mk123S9GBosIca1FAKxuV3r-Rpw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ed7c8a-3952-4401-9dd4-44692dbccb32/1/liPbIzkz79MDLIxDc5Q1z4LPdSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ed7c8a-3952-4401-9dd4-44692dbccb32/1/mk123S9GBosIca1FAKxuV3r-Rpw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.9.0/24
                  94.142.134.0/23
                IPv6:
                  2a0c:1000::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:ed:32:6f:53:f8:8f:72:16:ec:75:17:9e:7f:71:d9:92:1b:
         19:1b:d3:c9:43:11:72:91:38:06:92:70:d9:0a:a6:f2:14:df:
         7c:7c:d8:01:06:8a:7e:03:a0:2d:04:66:55:d4:23:78:9e:38:
         15:8b:3e:f9:b1:82:47:bf:ea:74:6e:11:27:a6:18:58:d9:55:
         2a:2a:3e:53:0b:34:3b:04:73:11:5b:63:c4:35:f0:07:c2:e8:
         da:09:95:76:b4:9b:12:bb:c5:a7:b9:f2:e5:4d:a1:6a:e2:b6:
         40:d5:e3:3e:87:11:f8:87:03:a4:dd:6f:d1:70:47:21:6f:f6:
         1a:98:08:1b:cf:17:0b:03:c0:70:b2:4f:c0:05:99:a3:8d:d6:
         6a:07:20:28:58:e4:8d:1f:46:99:81:ee:a2:0f:0d:ca:46:b8:
         98:56:8a:a5:ba:ab:06:34:9b:92:c4:2f:99:f8:96:f9:cd:8e:
         90:f6:d8:dd:93:ef:2c:77:d9:9f:07:12:23:47:97:a3:23:47:
         46:fc:4b:95:30:60:a4:5e:2f:d4:71:87:60:76:48:f4:c3:ed:
         00:dd:06:3f:c1:9f:4d:74:48:66:2e:a1:fc:46:05:2f:73:91:
         9d:6f:2a:a1:41:1e:77:90:0a:38:a3:ac:7f:bc:b3:6c:94:c4:
         7f:76:64:62
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY31TqTnpmIInBuL8Sb3MsBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNGQ3NmRkMmY0NjA2OGIwODcxYWQ0NTAwYWM2ZTU3N2Fm
ZTQ2OWMwHhcNMjQwMjI5MTQzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjIzZGIyMzM5MzNlZmQzMDMyYzhjNDM3Mzk0MzVjZjgyY2Y3NTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoXOgeZFCxtLm+nITdNtuFoI2j7a
xsH9ROqFBEUFi+lLs6MxRaewO6ts0WEO0xbh+NoUjm3jXXLbm5DvmihQ2goFtd+A
R/BqNFpgskm2tAO48OZI81Q6KjzyRc7Ax9fUsh5lpvQq42iYkwk5XHMQuvLeoZXM
dpztlMORIn0p9vtezOglOvvn0dHesAaQCEPIglKw0mLpcE3tPSEvzXSVBf12Yc6z
lgCMSWefTz+EM40JLb9C2J/Ox0rUhbTh/bdZUseHJ3IHAzOD1BAVpDRaBUNZFxSm
UdQlWnPDbb/iVEIH3sDNbkV4Nar1Gg4xYCBpTyRu3RFwaFyo3yLepIp/mwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJYj2yM5M+/TAyyMQ3OUNc+Cz3UjMB8GA1UdIwQY
MBaAFJpNdt0vRgaLCHGtRQCsbld6/kacMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWsxMjNTOUdCb3NJY2ExRkFLeHVWM3ItUnB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lZDdjOGEtMzk1Mi00NDAxLTlkZDQt
NDQ2OTJkYmNjYjMyLzEvbGlQYkl6a3o3OU1ETEl4RGM1UTF6NExQZFNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lZDdjOGEtMzk1Mi00NDAxLTlkZDQtNDQ2OTJkYmNjYjMy
LzEvbWsxMjNTOUdCb3NJY2ExRkFLeHVWM3ItUnB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAXXMJAwQB
Xo6GMA0EAgACMAcDBQMqDBAAMA0GCSqGSIb3DQEBCwUAA4IBAQBd7TJvU/iPchbs
dReef3HZkhsZG9PJQxFykTgGknDZCqbyFN98fNgBBop+A6AtBGZV1CN4njgViz75
sYJHv+p0bhEnphhY2VUqKj5TCzQ7BHMRW2PENfAHwujaCZV2tJsSu8WnufLlTaFq
4rZA1eM+hxH4hwOk3W/RcEchb/YamAgbzxcLA8Bwsk/ABZmjjdZqByAoWOSNH0aZ
ge6iDw3KRriYVoqluqsGNJuSxC+Z+Jb5zY6Q9tjdk+8sd9mfBxIjR5ejI0dG/EuV
MGCkXi/UcYdgdkj0w+0A3QY/wZ9NdEhmLqH8RgUvc5GdbyqhQR53kAo4o6x/vLNs
lMR/dmRi
-----END CERTIFICATE-----