Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/LtAL3K8AdfyisGKqq9Vjp_7EH0w.roa
File:                     LtAL3K8AdfyisGKqq9Vjp_7EH0w.roa (raw, json)
Hash identifier:          ExkUCXkAhlWeYSrTyMjTF0LGwM8Q8/UHTNY3ZJzGHYE=
Subject key identifier:   2E:D0:0B:DC:AF:00:75:FC:A2:B0:62:AA:AB:D5:63:A7:FE:C4:1F:4C
Certificate issuer:       /CN=91a071508338260551a55f01fd0708fdf5e08287
Certificate serial:       019424B3ADD06922B0C236DAB3495D52AC3E
Authority key identifier: 91:A0:71:50:83:38:26:05:51:A5:5F:01:FD:07:08:FD:F5:E0:82:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/LtAL3K8AdfyisGKqq9Vjp_7EH0w.roa
Signing time:             Thu 02 Jan 2025 01:49:02 +0000
ROA not before:           Thu 02 Jan 2025 01:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8467
IP address blocks:        185.83.244.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ad:d0:69:22:b0:c2:36:da:b3:49:5d:52:ac:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91a071508338260551a55f01fd0708fdf5e08287
        Validity
            Not Before: Jan  2 01:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ed00bdcaf0075fca2b062aaabd563a7fec41f4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5d:8f:ab:c3:34:6b:7c:73:53:79:45:24:2b:
                    6d:90:e6:7d:d0:d5:9f:aa:aa:4b:8d:4f:72:2c:c2:
                    df:a8:ed:5b:09:65:95:24:53:63:68:56:e6:fe:66:
                    99:51:ab:06:53:89:9a:4b:2b:97:48:21:99:d4:ec:
                    fc:58:c4:87:17:2c:b6:1d:60:db:57:b4:b7:d5:5d:
                    1e:9a:7a:e9:6c:86:0f:fb:1e:b6:1b:1a:d7:b6:6f:
                    b2:83:de:0d:77:7b:65:ab:d1:1f:5e:dc:0e:db:d4:
                    83:81:21:d2:15:f6:0f:ba:8d:14:ea:76:0f:b2:3a:
                    37:42:a9:f0:a3:b7:ac:e7:6a:50:d2:1b:d3:25:b8:
                    74:b1:2d:8b:87:9e:2d:19:47:20:a9:d1:a9:d6:ee:
                    dc:4c:9d:7e:51:1f:c2:7f:f3:35:64:be:21:3c:f3:
                    f8:f0:fa:3d:ab:44:69:12:be:7d:b0:19:73:80:c6:
                    74:fc:d2:be:de:69:0b:2b:39:61:4f:80:b4:0e:d0:
                    ff:28:e4:19:f9:15:ee:a0:15:a8:39:e2:15:71:a1:
                    1e:ca:e7:c5:36:ca:55:d5:2b:03:0d:79:3e:08:04:
                    44:dc:69:47:45:06:f5:9a:11:93:7a:8f:16:e3:12:
                    14:03:9a:ce:2a:b4:58:ff:14:21:d7:5a:72:5d:1f:
                    98:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D0:0B:DC:AF:00:75:FC:A2:B0:62:AA:AB:D5:63:A7:FE:C4:1F:4C
            X509v3 Authority Key Identifier:
                keyid:91:A0:71:50:83:38:26:05:51:A5:5F:01:FD:07:08:FD:F5:E0:82:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/LtAL3K8AdfyisGKqq9Vjp_7EH0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:a5:d0:d2:52:14:66:a7:b7:95:fe:05:f5:8f:d7:33:41:5f:
         93:58:e2:df:31:d5:fc:b7:4a:32:df:66:c0:66:78:56:9f:3e:
         70:70:1b:82:7b:be:68:28:0c:f0:1d:62:57:bc:d9:2b:94:54:
         4a:57:7c:8d:b6:a1:66:80:ad:87:0a:12:da:f6:11:3b:d4:f0:
         ce:7c:6e:37:5f:32:49:a6:b7:27:db:41:f3:38:ae:5e:ef:72:
         ad:77:69:8a:2f:81:41:2a:eb:64:a4:6c:b7:0c:e1:0e:b4:59:
         12:51:72:5a:6d:23:6e:ec:6f:30:d3:8b:f7:d7:26:54:3f:7f:
         74:ab:40:f7:24:9b:48:81:7b:ae:de:43:f5:a1:45:48:07:c4:
         28:ad:c2:5c:86:00:03:76:85:2c:e4:5d:7b:63:45:21:fd:0d:
         b9:e4:35:36:6e:e3:bb:94:e8:66:77:17:77:6e:43:a5:81:9e:
         38:24:59:49:4f:e8:68:b1:90:c4:fc:cc:ac:8c:a8:7b:7e:9c:
         f6:c7:17:fc:29:db:f0:36:13:c0:60:97:03:b0:70:67:0c:95:
         71:e5:51:ac:7d:28:a0:c0:bd:ec:5e:1b:8e:25:a8:b2:56:87:
         a3:1e:12:a5:61:7e:01:1a:15:d1:3f:a1:ae:80:65:46:6e:ab:
         4c:74:60:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks63QaSKwwjbas0ldUqw+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxYTA3MTUwODMzODI2MDU1MWE1NWYwMWZkMDcwOGZkZjVl
MDgyODcwHhcNMjUwMTAyMDE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQwMGJkY2FmMDA3NWZjYTJiMDYyYWFhYmQ1NjNhN2ZlYzQxZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzl2Pq8M0a3xzU3lFJCttkOZ90NWf
qqpLjU9yLMLfqO1bCWWVJFNjaFbm/maZUasGU4maSyuXSCGZ1Oz8WMSHFyy2HWDb
V7S31V0emnrpbIYP+x62GxrXtm+yg94Nd3tlq9EfXtwO29SDgSHSFfYPuo0U6nYP
sjo3Qqnwo7es52pQ0hvTJbh0sS2Lh54tGUcgqdGp1u7cTJ1+UR/Cf/M1ZL4hPPP4
8Po9q0RpEr59sBlzgMZ0/NK+3mkLKzlhT4C0DtD/KOQZ+RXuoBWoOeIVcaEeyufF
NspV1SsDDXk+CARE3GlHRQb1mhGTeo8W4xIUA5rOKrRY/xQh11pyXR+YrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7QC9yvAHX8orBiqqvVY6f+xB9MMB8GA1UdIwQY
MBaAFJGgcVCDOCYFUaVfAf0HCP314IKHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2FCeFVJTTRKZ1ZScFY4Ql9RY0lfZlhnZ29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xNWNjNTItNTFlZS00NjBlLTlhZWIt
ZWU1NTU5YjM2NThiLzEvTHRBTDNLOEFkZnlpc0dLcXE5VmpwXzdFSDB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xNWNjNTItNTFlZS00NjBlLTlhZWItZWU1NTU5YjM2NThi
LzEva2FCeFVJTTRKZ1ZScFY4Ql9RY0lfZlhnZ29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVP0MA0G
CSqGSIb3DQEBCwUAA4IBAQCKpdDSUhRmp7eV/gX1j9czQV+TWOLfMdX8t0oy32bA
ZnhWnz5wcBuCe75oKAzwHWJXvNkrlFRKV3yNtqFmgK2HChLa9hE71PDOfG43XzJJ
prcn20HzOK5e73Ktd2mKL4FBKutkpGy3DOEOtFkSUXJabSNu7G8w04v31yZUP390
q0D3JJtIgXuu3kP1oUVIB8QorcJchgADdoUs5F17Y0Uh/Q255DU2buO7lOhmdxd3
bkOlgZ44JFlJT+hosZDE/MysjKh7fpz2xxf8KdvwNhPAYJcDsHBnDJVx5VGsfSig
wL3sXhuOJaiyVoejHhKlYX4BGhXRP6GugGVGbqtMdGCG
-----END CERTIFICATE-----