Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/pLvK0bnpjcS5YzPt0yHkKKoGKds.roa
File:                     pLvK0bnpjcS5YzPt0yHkKKoGKds.roa (raw, json)
Hash identifier:          tN/ID28PuqS0easHI77UaJccAQXmFfeukorXtiMUtnM=
Subject key identifier:   A4:BB:CA:D1:B9:E9:8D:C4:B9:63:33:ED:D3:21:E4:28:AA:06:29:DB
Certificate issuer:       /CN=297ae7592ca52491dc166a30fe1477d712bd465d
Certificate serial:       0192296B928263A59B462770455CB4F6E34F
Authority key identifier: 29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/pLvK0bnpjcS5YzPt0yHkKKoGKds.roa
Signing time:             Wed 25 Sep 2024 13:42:48 +0000
ROA not before:           Wed 25 Sep 2024 13:42:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215730
IP address blocks:        94.159.96.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:29:6b:92:82:63:a5:9b:46:27:70:45:5c:b4:f6:e3:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ae7592ca52491dc166a30fe1477d712bd465d
        Validity
            Not Before: Sep 25 13:42:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4bbcad1b9e98dc4b96333edd321e428aa0629db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:60:24:70:db:cd:a0:4c:b4:7e:9d:5b:b0:01:
                    5e:13:ca:8d:f4:4c:05:aa:97:76:dc:17:63:71:af:
                    0d:09:d9:0e:b1:f6:3a:bd:c4:a1:96:0a:a1:72:e9:
                    98:9c:37:c0:17:4c:04:4b:da:cd:51:33:36:ef:0a:
                    22:1e:19:e7:52:3c:04:6c:48:85:44:9c:da:68:17:
                    9e:8f:2f:97:dd:96:44:d3:82:83:2f:af:ce:c5:f0:
                    5d:94:28:d5:08:54:13:5c:38:64:12:8f:17:8a:4d:
                    20:11:a6:cc:e9:9e:8f:88:29:05:c1:73:d7:12:37:
                    e5:17:a6:06:86:d1:27:8f:d4:6c:c2:c6:59:54:1c:
                    dd:af:17:47:ba:7d:8f:9e:5d:0f:19:f0:a9:8c:dc:
                    28:c1:13:3c:4d:49:21:8e:c0:90:e8:5e:b7:9f:c3:
                    1b:6d:7a:5c:c8:e3:fc:b3:cb:d0:3f:69:74:f4:2a:
                    24:7b:55:e3:e2:bb:6a:c6:f9:49:b3:03:f4:df:41:
                    02:69:80:fd:4a:e0:b0:4e:0e:b0:95:3e:2b:69:ec:
                    63:34:0d:88:fa:0a:e8:b1:a5:45:84:04:c1:d3:ad:
                    08:05:a3:9a:bc:9e:88:fd:16:a6:f8:cf:51:00:09:
                    d3:57:bc:d3:ab:7b:fd:28:6d:2c:98:a9:48:d3:dc:
                    2e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:BB:CA:D1:B9:E9:8D:C4:B9:63:33:ED:D3:21:E4:28:AA:06:29:DB
            X509v3 Authority Key Identifier:
                keyid:29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/pLvK0bnpjcS5YzPt0yHkKKoGKds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.159.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         65:ef:11:37:f6:8c:1a:0b:e1:0a:f6:86:52:04:d7:3a:d2:69:
         e1:97:e2:8e:c8:af:4a:7e:1f:ce:55:f6:e6:5e:f2:50:b4:c9:
         19:bb:3a:d2:45:3e:da:37:06:75:32:6d:7a:e3:b9:3d:c0:78:
         ad:2b:de:42:6e:a3:57:2e:c2:2f:35:bd:66:d2:c3:09:e8:43:
         6e:ee:ed:a3:ae:8f:5b:47:35:9a:c7:1a:1b:7d:b6:a2:c4:81:
         3a:fc:fc:9a:ad:53:79:ed:7f:6b:e3:a3:c8:bd:91:a5:d2:d2:
         89:8c:83:ac:59:c1:fb:22:e7:65:17:3c:9d:9c:36:28:2f:53:
         b4:08:ee:af:75:f6:de:66:18:de:68:a8:72:86:97:84:53:ef:
         dd:fc:82:a0:90:64:ee:35:58:84:4b:d1:b3:ef:e8:6e:71:58:
         dc:80:d3:2e:d1:9c:09:0b:58:62:7c:03:ae:6e:b3:0d:ee:6c:
         a4:be:f7:91:2c:04:69:86:e4:d6:62:79:34:0a:81:a8:f7:e0:
         a9:0f:ce:e3:54:15:53:b3:dc:14:f2:42:2f:21:56:66:ff:fd:
         7a:f4:6b:ce:5e:3a:ea:70:16:0e:e6:34:c6:44:fb:4a:1d:66:
         16:6b:60:fd:4e:58:fa:a1:a3:db:79:39:60:13:5f:d3:31:fd:
         3a:25:25:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIpa5KCY6WbRidwRVy09uNPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2FlNzU5MmNhNTI0OTFkYzE2NmEzMGZlMTQ3N2Q3MTJi
ZDQ2NWQwHhcNMjQwOTI1MTM0MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGJiY2FkMWI5ZTk4ZGM0Yjk2MzMzZWRkMzIxZTQyOGFhMDYyOWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmAkcNvNoEy0fp1bsAFeE8qN9EwF
qpd23Bdjca8NCdkOsfY6vcShlgqhcumYnDfAF0wES9rNUTM27woiHhnnUjwEbEiF
RJzaaBeejy+X3ZZE04KDL6/OxfBdlCjVCFQTXDhkEo8Xik0gEabM6Z6PiCkFwXPX
EjflF6YGhtEnj9RswsZZVBzdrxdHun2Pnl0PGfCpjNwowRM8TUkhjsCQ6F63n8Mb
bXpcyOP8s8vQP2l09Coke1Xj4rtqxvlJswP030ECaYD9SuCwTg6wlT4raexjNA2I
+grosaVFhATB060IBaOavJ6I/Ram+M9RAAnTV7zTq3v9KG0smKlI09wuWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKS7ytG56Y3EuWMz7dMh5CiqBinbMB8GA1UdIwQY
MBaAFCl651kspSSR3BZqMP4Ud9cSvUZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgt
MzkxMGE1OWExMTIxLzEvcEx2SzBibnBqY1M1WXpQdDB5SGtLS29HS2RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgtMzkxMGE1OWExMTIx
LzEvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEXp9gMA0G
CSqGSIb3DQEBCwUAA4IBAQBl7xE39owaC+EK9oZSBNc60mnhl+KOyK9Kfh/OVfbm
XvJQtMkZuzrSRT7aNwZ1Mm1647k9wHitK95CbqNXLsIvNb1m0sMJ6ENu7u2jro9b
RzWaxxobfbaixIE6/PyarVN57X9r46PIvZGl0tKJjIOsWcH7IudlFzydnDYoL1O0
CO6vdfbeZhjeaKhyhpeEU+/d/IKgkGTuNViES9Gz7+hucVjcgNMu0ZwJC1hifAOu
brMN7mykvveRLARphuTWYnk0CoGo9+CpD87jVBVTs9wU8kIvIVZm//169GvOXjrq
cBYO5jTGRPtKHWYWa2D9Tlj6oaPbeTlgE1/TMf06JSXY
-----END CERTIFICATE-----