Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/lbnMjE-0fVyg9isaVCNmaPsm5tg.roa
File:                     lbnMjE-0fVyg9isaVCNmaPsm5tg.roa (raw, json)
Hash identifier:          yblooK60+06wrnT9Yuh2vGpshXqU3rLq6dPGLIYAS2w=
Subject key identifier:   95:B9:CC:8C:4F:B4:7D:5C:A0:F6:2B:1A:54:23:66:68:FB:26:E6:D8
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019427484BB84A4F4322D410BFF35FCADEDD
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/lbnMjE-0fVyg9isaVCNmaPsm5tg.roa
Signing time:             Thu 02 Jan 2025 13:50:36 +0000
ROA not before:           Thu 02 Jan 2025 13:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33980
IP address blocks:        192.165.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:4b:b8:4a:4f:43:22:d4:10:bf:f3:5f:ca:de:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95b9cc8c4fb47d5ca0f62b1a54236668fb26e6d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:18:01:e5:bb:47:07:f4:51:ed:68:e9:84:4d:
                    22:7f:2c:35:91:cb:84:ee:f8:f4:8f:b4:0c:ce:6f:
                    61:fb:0b:8d:eb:26:99:2e:86:f3:2f:a2:11:7e:a7:
                    3e:5e:00:47:a3:75:7a:c7:d5:84:f9:9b:f8:54:6b:
                    ef:43:4f:2d:d1:b9:62:5d:e9:8a:68:61:c7:14:68:
                    33:bb:4b:54:8b:8f:e0:b6:53:04:de:57:c2:c2:df:
                    cb:c4:44:d5:45:b6:fc:65:4e:3d:0c:71:03:f7:72:
                    26:e5:66:ba:60:68:aa:be:a0:3d:be:22:c2:87:82:
                    1f:7e:44:bf:77:dd:eb:d9:38:63:f6:55:25:3c:6b:
                    25:19:87:5a:8d:bb:4f:f2:37:cd:63:09:b0:94:c7:
                    dd:29:c9:28:a3:90:0b:88:7e:bf:59:d4:dd:96:28:
                    2e:eb:9a:e9:5a:ce:6c:b1:d0:f2:65:52:58:2e:75:
                    1b:43:fe:ff:5d:fe:12:6f:e9:36:8c:79:cd:40:4f:
                    7f:8f:08:b3:02:73:ab:7a:a1:75:5b:4a:64:80:9a:
                    8c:52:3b:da:98:9c:7a:52:fe:25:d5:b3:16:39:91:
                    2a:0b:df:91:1c:ed:ff:ef:33:5f:2a:80:db:14:51:
                    d7:40:55:ef:44:9d:00:28:6f:19:83:7f:b2:6b:18:
                    d6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B9:CC:8C:4F:B4:7D:5C:A0:F6:2B:1A:54:23:66:68:FB:26:E6:D8
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/lbnMjE-0fVyg9isaVCNmaPsm5tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.165.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:ad:83:d8:76:a3:5d:c7:e2:80:65:94:aa:fb:0d:51:3b:22:
         7f:ab:08:3c:60:41:43:c6:c4:90:4b:31:3a:6f:f6:f4:d4:3b:
         5c:6f:bb:90:8d:b8:75:e8:d3:7b:ec:27:4f:cc:52:b7:9f:be:
         7c:28:8e:32:90:9a:d4:2e:b6:8b:4c:41:c6:05:ed:70:ca:8b:
         c9:3d:fe:49:29:5b:b5:26:d6:6a:d8:68:e5:94:c4:94:11:69:
         b6:bb:c9:94:1c:b3:27:15:a0:ba:9e:4f:20:75:5f:06:e8:87:
         5d:76:d4:57:10:51:d1:f5:15:bd:21:bf:a7:38:49:94:48:b2:
         e0:50:da:b9:f3:7d:7f:52:01:d7:7c:68:49:60:55:20:0c:00:
         2d:af:04:45:72:a6:cd:ef:cb:b3:1f:cd:bc:b7:cb:3a:17:20:
         94:17:c1:c1:53:ca:62:c5:ad:c4:f3:43:11:bc:9a:f2:a0:7f:
         92:f4:65:a6:7e:d0:4a:7a:ed:fc:88:6b:62:a5:d0:89:35:b8:
         78:20:17:51:41:b6:a9:5e:d5:44:5b:7e:67:f5:85:85:5d:26:
         65:f6:b0:62:af:7b:e1:47:15:6e:22:32:77:d9:88:76:9e:ee:
         5b:58:4e:10:08:5c:61:a8:d4:77:77:56:0a:03:51:70:71:11:
         f0:35:81:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEu4Sk9DItQQv/Nfyt7dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWI5Y2M4YzRmYjQ3ZDVjYTBmNjJiMWE1NDIzNjY2OGZiMjZlNmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhgB5btHB/RR7WjphE0ifyw1kcuE
7vj0j7QMzm9h+wuN6yaZLobzL6IRfqc+XgBHo3V6x9WE+Zv4VGvvQ08t0bliXemK
aGHHFGgzu0tUi4/gtlME3lfCwt/LxETVRbb8ZU49DHED93Im5Wa6YGiqvqA9viLC
h4IffkS/d93r2Thj9lUlPGslGYdajbtP8jfNYwmwlMfdKckoo5ALiH6/WdTdligu
65rpWs5ssdDyZVJYLnUbQ/7/Xf4Sb+k2jHnNQE9/jwizAnOreqF1W0pkgJqMUjva
mJx6Uv4l1bMWOZEqC9+RHO3/7zNfKoDbFFHXQFXvRJ0AKG8Zg3+yaxjWawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJW5zIxPtH1coPYrGlQjZmj7JubYMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvbGJuTWpFLTBmVnlnOWlzYVZDTm1hUHNtNXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKVIMA0G
CSqGSIb3DQEBCwUAA4IBAQBQrYPYdqNdx+KAZZSq+w1ROyJ/qwg8YEFDxsSQSzE6
b/b01Dtcb7uQjbh16NN77CdPzFK3n758KI4ykJrULraLTEHGBe1wyovJPf5JKVu1
JtZq2GjllMSUEWm2u8mUHLMnFaC6nk8gdV8G6IdddtRXEFHR9RW9Ib+nOEmUSLLg
UNq5831/UgHXfGhJYFUgDAAtrwRFcqbN78uzH828t8s6FyCUF8HBU8pixa3E80MR
vJryoH+S9GWmftBKeu38iGtipdCJNbh4IBdRQbapXtVEW35n9YWFXSZl9rBir3vh
RxVuIjJ32Yh2nu5bWE4QCFxhqNR3d1YKA1FwcRHwNYE0
-----END CERTIFICATE-----