Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/LzvFlUKI2yXkJjU4l60IBSw4Qzk.roa
File:                     LzvFlUKI2yXkJjU4l60IBSw4Qzk.roa (raw, json)
Hash identifier:          XttCDjpt+cw+AsgAEgGOByO8DVJyVhIJ/a1QBBgYATQ=
Subject key identifier:   2F:3B:C5:95:42:88:DB:25:E4:26:35:38:97:AD:08:05:2C:38:43:39
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       018CC9BC25FD441323FA55DB52479D639D6B
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/LzvFlUKI2yXkJjU4l60IBSw4Qzk.roa
Signing time:             Tue 02 Jan 2024 10:33:20 +0000
ROA not before:           Tue 02 Jan 2024 10:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41339
IP address blocks:        46.233.56.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:25:fd:44:13:23:fa:55:db:52:47:9d:63:9d:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 10:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f3bc5954288db25e426353897ad08052c384339
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ac:e2:a7:58:c0:9d:e1:b5:8d:d4:af:71:80:
                    e9:38:d5:89:9b:22:70:0a:2b:a6:11:2f:85:63:5f:
                    1c:52:c4:d6:bb:ee:23:ad:29:39:55:79:b2:61:59:
                    d9:90:4e:47:3a:a7:52:f6:8b:e9:5c:47:5d:2a:4c:
                    9f:95:08:16:19:d3:4b:5b:5f:4f:b2:a7:98:44:14:
                    46:19:be:91:2e:b7:b7:2e:74:07:58:b0:09:1c:38:
                    03:9b:78:ee:21:f8:6f:f4:c9:a4:fa:9f:79:c1:1f:
                    57:ab:dd:52:a0:88:45:ef:50:e6:f2:04:48:6b:c1:
                    97:f7:a7:51:ec:99:51:2b:49:af:c5:8c:e4:b6:13:
                    5d:72:b6:79:02:c3:1b:94:c1:a8:ad:d1:d4:8b:25:
                    1d:62:e9:c7:b3:63:4d:32:e3:45:c6:8f:a0:09:ba:
                    d7:98:71:8e:0a:f3:50:b8:9c:95:0f:d1:a3:02:53:
                    f8:76:6e:91:14:2c:01:93:34:cf:58:f9:87:3c:11:
                    4f:e0:bc:2e:3b:77:8e:39:ef:5c:d6:72:38:db:cf:
                    b6:de:20:04:2b:e3:21:7c:03:43:7f:b5:d0:ec:8f:
                    f2:0f:6a:93:14:81:06:ed:16:c8:3f:5b:f6:0a:4d:
                    67:4a:72:d5:d2:4c:ae:38:d8:6c:64:a5:71:c5:09:
                    25:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:3B:C5:95:42:88:DB:25:E4:26:35:38:97:AD:08:05:2C:38:43:39
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/LzvFlUKI2yXkJjU4l60IBSw4Qzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         33:67:81:da:7a:52:74:01:f7:55:4c:0d:bc:15:eb:06:68:06:
         5c:bd:44:c4:6c:25:cc:d7:8a:1f:20:65:cc:71:b0:b5:84:ca:
         4d:8d:c3:a3:01:f0:b2:07:9c:d4:7f:a4:c8:49:dc:22:1e:ba:
         fa:bb:7c:f2:6e:96:88:72:1f:c6:cd:3b:d0:c3:da:8f:73:60:
         2e:7a:bc:99:3f:5f:ea:70:9d:72:2a:15:6c:1d:b2:f3:01:b3:
         56:79:15:4c:2b:08:6b:52:0a:57:33:36:92:d9:ac:4e:16:de:
         cb:2d:92:85:0a:72:bb:b4:da:f2:b6:9e:92:cf:fb:64:16:2a:
         83:1e:d0:d4:4e:2c:94:25:be:1a:0f:93:63:38:0e:2b:2c:84:
         c0:6b:d6:91:dc:48:d9:80:71:33:65:9f:02:1b:2c:01:80:e4:
         83:c7:3d:5c:ed:0e:91:d6:01:9d:22:68:ff:41:bc:f5:1e:4b:
         95:73:f9:80:44:bd:55:49:dd:61:f7:26:b6:6d:7e:ca:eb:c8:
         0c:00:51:31:ac:f9:cf:76:ec:62:71:6c:b2:66:68:e7:4b:50:
         02:41:5a:93:a9:1f:22:70:b1:72:2b:2c:d3:bf:0f:43:86:63:
         68:cb:04:85:19:7f:04:ed:58:41:b6:11:85:82:41:ce:67:4f:
         26:2e:80:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCX9RBMj+lXbUkedY51rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjQwMTAyMTAzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjNiYzU5NTQyODhkYjI1ZTQyNjM1Mzg5N2FkMDgwNTJjMzg0MzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqzip1jAneG1jdSvcYDpONWJmyJw
CiumES+FY18cUsTWu+4jrSk5VXmyYVnZkE5HOqdS9ovpXEddKkyflQgWGdNLW19P
sqeYRBRGGb6RLre3LnQHWLAJHDgDm3juIfhv9Mmk+p95wR9Xq91SoIhF71Dm8gRI
a8GX96dR7JlRK0mvxYzkthNdcrZ5AsMblMGordHUiyUdYunHs2NNMuNFxo+gCbrX
mHGOCvNQuJyVD9GjAlP4dm6RFCwBkzTPWPmHPBFP4LwuO3eOOe9c1nI428+23iAE
K+MhfANDf7XQ7I/yD2qTFIEG7RbIP1v2Ck1nSnLV0kyuONhsZKVxxQkl7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC87xZVCiNsl5CY1OJetCAUsOEM5MB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvTHp2RmxVS0kyeVhrSmpVNGw2MElCU3c0UXprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLuk4MA0G
CSqGSIb3DQEBCwUAA4IBAQAzZ4HaelJ0AfdVTA28FesGaAZcvUTEbCXM14ofIGXM
cbC1hMpNjcOjAfCyB5zUf6TISdwiHrr6u3zybpaIch/GzTvQw9qPc2AueryZP1/q
cJ1yKhVsHbLzAbNWeRVMKwhrUgpXMzaS2axOFt7LLZKFCnK7tNrytp6Sz/tkFiqD
HtDUTiyUJb4aD5NjOA4rLITAa9aR3EjZgHEzZZ8CGywBgOSDxz1c7Q6R1gGdImj/
Qbz1HkuVc/mARL1VSd1h9ya2bX7K68gMAFExrPnPduxicWyyZmjnS1ACQVqTqR8i
cLFyKyzTvw9DhmNoywSFGX8E7VhBthGFgkHOZ08mLoC3
-----END CERTIFICATE-----