Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/LHdFFtkhND-G29Bb5TNwX3ZX6HI.roa
File:                     LHdFFtkhND-G29Bb5TNwX3ZX6HI.roa (raw, json)
Hash identifier:          5JCuzcczihsYGo60q4ytQ60HO2vUMA1Wb8XrWH6WiqE=
Subject key identifier:   2C:77:45:16:D9:21:34:3F:86:DB:D0:5B:E5:33:70:5F:76:57:E8:72
Certificate issuer:       /CN=4ccc60495b2a34d89211cc1c79524eab61ba1656
Certificate serial:       019425FC47061A9C9AB9C349EC224AE4846D
Authority key identifier: 4C:CC:60:49:5B:2A:34:D8:92:11:CC:1C:79:52:4E:AB:61:BA:16:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TMxgSVsqNNiSEcwceVJOq2G6FlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/LHdFFtkhND-G29Bb5TNwX3ZX6HI.roa
Signing time:             Thu 02 Jan 2025 07:47:57 +0000
ROA not before:           Thu 02 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134548
IP address blocks:        83.223.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/TMxgSVsqNNiSEcwceVJOq2G6FlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/TMxgSVsqNNiSEcwceVJOq2G6FlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TMxgSVsqNNiSEcwceVJOq2G6FlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:47:06:1a:9c:9a:b9:c3:49:ec:22:4a:e4:84:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ccc60495b2a34d89211cc1c79524eab61ba1656
        Validity
            Not Before: Jan  2 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c774516d921343f86dbd05be533705f7657e872
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:df:c4:29:08:1d:2a:a4:70:9b:76:70:79:2f:
                    d8:45:7d:45:8f:a3:98:f1:65:0e:ec:9a:12:cd:95:
                    c7:bc:c4:f8:1f:a1:eb:5d:54:74:c3:46:13:0c:c2:
                    a1:a5:06:9b:0f:17:2d:42:f3:92:a8:4f:07:90:9c:
                    92:36:ef:be:5e:0d:de:7d:74:f5:d4:83:ff:67:9d:
                    fe:5d:88:d7:73:a8:e9:92:ac:94:b1:34:3b:99:fd:
                    68:65:b7:02:52:c8:a9:36:e2:f3:51:64:23:e4:cf:
                    77:39:77:d6:82:55:66:93:ae:08:af:79:97:c7:be:
                    67:81:72:cc:11:3f:14:5e:56:45:d7:a8:62:87:e7:
                    23:f2:d3:f9:e3:0b:0b:25:b3:6f:c6:a7:a9:5e:c9:
                    05:02:93:5f:5e:35:6e:5f:08:62:1f:6e:5a:ab:74:
                    7c:0e:63:b7:52:cc:40:b2:eb:06:e3:94:16:a7:bc:
                    5d:24:25:7c:59:2e:a5:62:9b:ca:a8:29:ad:95:3e:
                    bf:b7:48:dd:51:ff:c1:65:0e:df:65:77:dc:b9:04:
                    63:61:15:f5:58:21:6e:04:37:17:81:06:80:8c:a5:
                    d4:48:c0:89:3c:3a:63:23:53:2b:bb:98:ed:90:a0:
                    49:4b:5f:dc:94:e9:3f:4d:63:e3:7a:d6:6c:3e:30:
                    2e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:77:45:16:D9:21:34:3F:86:DB:D0:5B:E5:33:70:5F:76:57:E8:72
            X509v3 Authority Key Identifier:
                keyid:4C:CC:60:49:5B:2A:34:D8:92:11:CC:1C:79:52:4E:AB:61:BA:16:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TMxgSVsqNNiSEcwceVJOq2G6FlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/LHdFFtkhND-G29Bb5TNwX3ZX6HI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/TMxgSVsqNNiSEcwceVJOq2G6FlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.223.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:14:9a:8c:4b:d0:5d:1d:6b:47:e3:42:10:de:4f:21:b1:9e:
         fe:19:9c:e7:69:d7:84:87:4b:a8:70:95:89:ef:38:7a:d5:5f:
         17:d0:95:b3:8a:6c:25:30:51:1d:a0:9e:35:9c:61:79:33:35:
         e3:b0:40:60:fc:a0:f6:e0:c1:b0:7d:91:4a:52:44:51:62:b0:
         b1:ca:d4:d6:1e:81:5c:53:69:a0:94:bf:40:a6:df:a7:92:2f:
         d6:9a:e2:b6:e8:9b:e6:09:f2:12:03:73:de:d9:e8:67:7b:91:
         a9:33:df:85:ce:cc:be:db:d2:91:94:c6:bf:e0:5d:b0:36:43:
         fb:f2:5f:bf:59:c4:e0:42:ca:94:21:a4:8e:83:93:5e:70:d2:
         0c:81:39:4e:3a:29:be:62:ae:31:da:27:83:3a:f7:26:fc:4b:
         ae:f3:df:5f:92:a2:0c:2d:c0:1f:4e:b9:49:dd:a1:7a:a4:af:
         9a:08:fa:4d:45:05:6e:0f:3f:3b:0b:15:3b:2e:34:91:7f:52:
         65:a4:eb:d1:2b:40:c1:4e:0d:7f:37:c2:d9:ef:9f:c7:8f:78:
         2f:0c:6e:63:4d:3e:b9:32:fc:14:68:d8:37:2a:d5:c7:10:9e:
         74:fb:a8:c6:cf:0d:8a:20:8d:9e:d4:bd:c8:3b:3e:5e:d6:f2:
         9f:f7:c4:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/EcGGpyaucNJ7CJK5IRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjY2M2MDQ5NWIyYTM0ZDg5MjExY2MxYzc5NTI0ZWFiNjFi
YTE2NTYwHhcNMjUwMTAyMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzc3NDUxNmQ5MjEzNDNmODZkYmQwNWJlNTMzNzA1Zjc2NTdlODcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiN/EKQgdKqRwm3ZweS/YRX1Fj6OY
8WUO7JoSzZXHvMT4H6HrXVR0w0YTDMKhpQabDxctQvOSqE8HkJySNu++Xg3efXT1
1IP/Z53+XYjXc6jpkqyUsTQ7mf1oZbcCUsipNuLzUWQj5M93OXfWglVmk64Ir3mX
x75ngXLMET8UXlZF16hih+cj8tP54wsLJbNvxqepXskFApNfXjVuXwhiH25aq3R8
DmO3UsxAsusG45QWp7xdJCV8WS6lYpvKqCmtlT6/t0jdUf/BZQ7fZXfcuQRjYRX1
WCFuBDcXgQaAjKXUSMCJPDpjI1Mru5jtkKBJS1/clOk/TWPjetZsPjAu7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCx3RRbZITQ/htvQW+UzcF92V+hyMB8GA1UdIwQY
MBaAFEzMYElbKjTYkhHMHHlSTqthuhZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE14Z1NWc3FOTmlTRWN3Y2VWSk9xMkc2RmxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8xNTFjNmMtNjE3Yy00NjQzLTlmNmUt
Njk4MDlkOGI5YzIwLzEvTEhkRkZ0a2hORC1HMjlCYjVUTndYM1pYNkhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8xNTFjNmMtNjE3Yy00NjQzLTlmNmUtNjk4MDlkOGI5YzIw
LzEvVE14Z1NWc3FOTmlTRWN3Y2VWSk9xMkc2RmxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU98tMA0G
CSqGSIb3DQEBCwUAA4IBAQBHFJqMS9BdHWtH40IQ3k8hsZ7+GZznadeEh0uocJWJ
7zh61V8X0JWzimwlMFEdoJ41nGF5MzXjsEBg/KD24MGwfZFKUkRRYrCxytTWHoFc
U2mglL9Apt+nki/WmuK26JvmCfISA3Pe2ehne5GpM9+Fzsy+29KRlMa/4F2wNkP7
8l+/WcTgQsqUIaSOg5NecNIMgTlOOim+Yq4x2ieDOvcm/Euu899fkqIMLcAfTrlJ
3aF6pK+aCPpNRQVuDz87CxU7LjSRf1JlpOvRK0DBTg1/N8LZ75/Hj3gvDG5jTT65
MvwUaNg3KtXHEJ50+6jGzw2KII2e1L3IOz5e1vKf98T6
-----END CERTIFICATE-----