Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/lt_EU_7XVRhGF-yEAFpjPB1ZGy8.roa
File:                     lt_EU_7XVRhGF-yEAFpjPB1ZGy8.roa (raw, json)
Hash identifier:          SZ1EVTnhPA/PjUBNRgzJqtEoQNHC1vVQ2qDYTBkOE7s=
Subject key identifier:   96:DF:C4:53:FE:D7:55:18:46:17:EC:84:00:5A:63:3C:1D:59:1B:2F
Certificate issuer:       /CN=88d5c80b358732cf1eceecf2f5bdc8ab3dc181ae
Certificate serial:       018DD04CC3BB726DF8254E8D25F4B90FE191
Authority key identifier: 88:D5:C8:0B:35:87:32:CF:1E:CE:EC:F2:F5:BD:C8:AB:3D:C1:81:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iNXICzWHMs8ezuzy9b3Iqz3Bga4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/lt_EU_7XVRhGF-yEAFpjPB1ZGy8.roa
Signing time:             Thu 22 Feb 2024 10:11:48 +0000
ROA not before:           Thu 22 Feb 2024 10:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3330
IP address blocks:        91.208.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/iNXICzWHMs8ezuzy9b3Iqz3Bga4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/iNXICzWHMs8ezuzy9b3Iqz3Bga4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iNXICzWHMs8ezuzy9b3Iqz3Bga4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d0:4c:c3:bb:72:6d:f8:25:4e:8d:25:f4:b9:0f:e1:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88d5c80b358732cf1eceecf2f5bdc8ab3dc181ae
        Validity
            Not Before: Feb 22 10:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96dfc453fed755184617ec84005a633c1d591b2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5b:1b:fd:29:b6:ad:a7:df:9c:2d:ab:67:24:
                    89:0b:65:5c:ad:3d:14:0b:4c:e4:6d:4e:9a:24:8f:
                    15:be:90:fa:0c:5d:61:c0:58:c0:e3:8b:02:90:ed:
                    1f:d5:d3:3b:bf:00:5f:6d:e3:12:e2:30:fd:8d:41:
                    d4:72:cd:bc:d3:d9:a8:22:05:bb:75:eb:f9:bb:d0:
                    cd:68:9e:f9:b0:d7:f5:d9:6d:b1:6d:64:c6:d4:87:
                    0a:dc:ea:8a:45:e6:f5:08:b5:cc:63:43:c5:b2:b3:
                    fb:57:b9:7d:bf:60:7a:20:62:06:45:72:09:f1:2b:
                    a1:66:90:83:ed:c0:9f:d5:43:5a:93:3a:d4:dd:f5:
                    40:0d:a9:c2:1a:ce:aa:cc:ff:52:03:8c:7c:e8:87:
                    79:3b:11:ae:2b:67:d7:15:31:dd:cc:8b:3f:a4:cf:
                    d3:8b:fd:55:55:12:a2:46:4f:54:24:62:10:16:60:
                    63:95:5e:f9:d1:a9:9e:ff:7a:70:86:0b:50:4c:57:
                    c8:27:b4:e9:9e:2c:d9:6e:ed:eb:cf:87:e0:7d:0f:
                    77:80:22:11:b8:9d:44:9c:c0:50:1b:db:6f:28:4c:
                    35:7d:e5:85:ca:e1:7e:f5:a1:42:7a:d1:a2:cf:27:
                    29:cc:d3:fb:2f:03:05:87:fd:a2:40:23:e9:02:22:
                    5a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:DF:C4:53:FE:D7:55:18:46:17:EC:84:00:5A:63:3C:1D:59:1B:2F
            X509v3 Authority Key Identifier:
                keyid:88:D5:C8:0B:35:87:32:CF:1E:CE:EC:F2:F5:BD:C8:AB:3D:C1:81:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iNXICzWHMs8ezuzy9b3Iqz3Bga4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/lt_EU_7XVRhGF-yEAFpjPB1ZGy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/b75b92-f1c7-4b56-9a9f-9a2f796c9477/1/iNXICzWHMs8ezuzy9b3Iqz3Bga4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:32:1c:d6:15:5c:82:dd:06:a8:e4:cd:4b:21:8e:03:ef:3a:
         f0:a2:e7:ac:6d:45:45:fd:28:d4:a8:35:13:81:b0:84:26:04:
         bd:32:32:32:3b:38:f5:1a:1b:93:30:ac:cc:5f:cc:1b:a8:e6:
         cc:02:3a:98:05:c1:2d:4d:88:46:9f:e9:c7:07:37:13:e4:f4:
         23:94:ea:b8:e1:c8:01:74:be:29:21:0a:e4:11:b2:7e:63:d4:
         4a:7e:69:c4:5a:a4:1a:50:f3:99:96:b5:f4:3c:68:1e:fb:ad:
         e4:54:69:c5:e7:18:c3:e1:27:33:a3:8f:63:35:0c:a6:b2:9d:
         1c:79:ca:89:fe:13:b1:c1:5b:4d:e5:ef:b8:f5:97:4e:b5:15:
         ec:38:2d:7b:f6:f7:69:99:ae:0c:7b:08:e6:33:7d:03:f6:9c:
         fc:61:96:37:6d:c5:55:3c:1c:56:6e:fb:c2:5e:46:b5:7c:94:
         c1:b8:d0:af:0e:40:b9:7d:01:5c:77:f0:c7:5d:6d:59:f2:c5:
         a7:43:15:35:6e:0c:f6:39:48:ce:4f:15:f5:2c:7e:8f:00:41:
         c8:a4:0c:4a:66:2b:22:02:2b:d0:e2:36:b3:25:fb:4f:ea:0b:
         41:16:62:58:64:80:0f:7e:cd:80:aa:42:26:81:b1:0b:f5:49:
         92:bf:f2:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3QTMO7cm34JU6NJfS5D+GRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZDVjODBiMzU4NzMyY2YxZWNlZWNmMmY1YmRjOGFiM2Rj
MTgxYWUwHhcNMjQwMjIyMTAxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmRmYzQ1M2ZlZDc1NTE4NDYxN2VjODQwMDVhNjMzYzFkNTkxYjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFsb/Sm2raffnC2rZySJC2VcrT0U
C0zkbU6aJI8VvpD6DF1hwFjA44sCkO0f1dM7vwBfbeMS4jD9jUHUcs2809moIgW7
dev5u9DNaJ75sNf12W2xbWTG1IcK3OqKReb1CLXMY0PFsrP7V7l9v2B6IGIGRXIJ
8SuhZpCD7cCf1UNakzrU3fVADanCGs6qzP9SA4x86Id5OxGuK2fXFTHdzIs/pM/T
i/1VVRKiRk9UJGIQFmBjlV750ame/3pwhgtQTFfIJ7TpnizZbu3rz4fgfQ93gCIR
uJ1EnMBQG9tvKEw1feWFyuF+9aFCetGizycpzNP7LwMFh/2iQCPpAiJaVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbfxFP+11UYRhfshABaYzwdWRsvMB8GA1UdIwQY
MBaAFIjVyAs1hzLPHs7s8vW9yKs9wYGuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU5YSUN6V0hNczhlenV6eTliM0lxejNCZ2E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9iNzViOTItZjFjNy00YjU2LTlhOWYt
OWEyZjc5NmM5NDc3LzEvbHRfRVVfN1hWUmhHRi15RUFGcGpQQjFaR3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9iNzViOTItZjFjNy00YjU2LTlhOWYtOWEyZjc5NmM5NDc3
LzEvaU5YSUN6V0hNczhlenV6eTliM0lxejNCZ2E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BQMA0G
CSqGSIb3DQEBCwUAA4IBAQCWMhzWFVyC3Qao5M1LIY4D7zrwouesbUVF/SjUqDUT
gbCEJgS9MjIyOzj1GhuTMKzMX8wbqObMAjqYBcEtTYhGn+nHBzcT5PQjlOq44cgB
dL4pIQrkEbJ+Y9RKfmnEWqQaUPOZlrX0PGge+63kVGnF5xjD4Sczo49jNQymsp0c
ecqJ/hOxwVtN5e+49ZdOtRXsOC179vdpma4MewjmM30D9pz8YZY3bcVVPBxWbvvC
Xka1fJTBuNCvDkC5fQFcd/DHXW1Z8sWnQxU1bgz2OUjOTxX1LH6PAEHIpAxKZisi
AivQ4jazJftP6gtBFmJYZIAPfs2AqkImgbEL9UmSv/K2
-----END CERTIFICATE-----