Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/LHzy93jejLfua__lp49Yht10cg4.roa
File:                     LHzy93jejLfua__lp49Yht10cg4.roa (raw, json)
Hash identifier:          +Pxk7BfXvDPKOZb+V9E2LwQFfxHHkQA8a+ipeBYUFC8=
Subject key identifier:   2C:7C:F2:F7:78:DE:8C:B7:EE:6B:FF:E5:A7:8F:58:86:DD:74:72:0E
Certificate issuer:       /CN=0f21b78ce97b0f5fb3d88bf95cfbb08b2fbea8e5
Certificate serial:       019424B396E1C9010FAA9F506A9B3F17ABEF
Authority key identifier: 0F:21:B7:8C:E9:7B:0F:5F:B3:D8:8B:F9:5C:FB:B0:8B:2F:BE:A8:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/LHzy93jejLfua__lp49Yht10cg4.roa
Signing time:             Thu 02 Jan 2025 01:48:56 +0000
ROA not before:           Thu 02 Jan 2025 01:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        132.68.0.0/15 maxlen: 15
                          132.68.0.0/16 maxlen: 16
                          132.69.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:96:e1:c9:01:0f:aa:9f:50:6a:9b:3f:17:ab:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f21b78ce97b0f5fb3d88bf95cfbb08b2fbea8e5
        Validity
            Not Before: Jan  2 01:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c7cf2f778de8cb7ee6bffe5a78f5886dd74720e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:45:1b:b5:cf:6f:5b:96:08:7d:49:54:00:70:
                    bd:70:dc:b5:83:b4:54:5b:f5:1e:58:56:f2:e7:e7:
                    1b:96:97:24:93:86:39:40:fd:b1:30:ca:c3:1d:42:
                    7c:f3:c7:b1:91:b3:95:91:f3:9f:eb:72:80:95:fa:
                    2d:1d:6f:f8:9b:26:4e:4d:5f:ce:17:72:46:7a:cf:
                    ce:8b:ae:fc:8e:56:63:7e:90:4a:d9:09:07:03:5f:
                    60:f5:a1:74:1a:e2:e2:fc:ee:9b:97:18:7d:e8:72:
                    a3:87:88:9b:cb:e9:e0:95:aa:e5:f3:4c:7f:91:d2:
                    ca:e0:9e:b3:91:30:b6:ee:54:6b:d3:60:a4:89:28:
                    5b:d6:88:fe:85:b6:4b:53:7d:6a:f6:f0:99:29:3a:
                    85:43:76:73:c8:f0:cd:2a:6c:bc:2a:af:13:ac:12:
                    da:94:ce:ca:99:aa:05:ed:46:f4:7f:2e:9d:26:3f:
                    ef:12:23:ff:d3:e0:e0:f2:cf:9e:bb:ce:6d:b5:8c:
                    6c:dd:f5:1c:71:56:b7:fb:04:38:c8:f1:de:9c:a5:
                    47:77:46:4f:61:c5:dc:e1:02:76:d5:47:11:50:1e:
                    bc:f1:a2:9e:f6:a7:2d:fe:f1:90:e0:db:00:ef:f5:
                    6a:15:16:dc:d8:2e:61:dc:bf:a6:83:92:9a:41:0a:
                    38:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:7C:F2:F7:78:DE:8C:B7:EE:6B:FF:E5:A7:8F:58:86:DD:74:72:0E
            X509v3 Authority Key Identifier:
                keyid:0F:21:B7:8C:E9:7B:0F:5F:B3:D8:8B:F9:5C:FB:B0:8B:2F:BE:A8:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/LHzy93jejLfua__lp49Yht10cg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.68.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         41:0c:e9:cc:11:3c:f0:1e:9c:a9:c0:ad:cf:ac:63:02:fe:9d:
         57:b3:5a:2c:7b:34:56:53:ac:7b:5f:12:3b:a5:63:af:df:53:
         be:91:54:dc:b3:70:1b:b7:4c:63:c3:58:c5:c6:0a:27:df:30:
         26:ef:88:da:c1:ef:3b:a6:43:f4:24:01:53:a5:41:8f:19:98:
         a2:f2:36:2b:6e:b1:0e:fe:da:f9:db:01:dc:d5:96:dc:e7:7d:
         61:b8:bc:15:52:6d:5a:99:21:89:82:68:13:d5:0c:a6:d9:75:
         f8:44:36:59:16:29:da:dc:cf:cc:9b:86:70:f0:ab:ee:36:53:
         36:9f:02:a1:84:33:d9:fb:e2:ff:24:2f:a5:49:bf:cc:6a:b7:
         1b:5e:55:86:d1:42:ba:3e:44:b2:44:67:31:a3:54:67:84:e9:
         f4:d5:1b:50:e9:d7:bd:1d:50:94:67:f7:3d:3d:7d:02:7d:e3:
         ec:e4:0f:9f:40:60:dc:97:75:19:39:d4:32:56:67:73:a1:e8:
         be:31:ab:5a:c2:23:2d:c1:3c:dc:d6:fc:b0:6f:f5:ab:b0:a5:
         5b:1b:e9:83:02:d2:17:07:36:e2:87:2d:30:12:d4:b0:7f:be:
         c4:9f:36:bb:87:e4:ac:cd:63:5f:64:df:25:5b:8b:ca:2a:61:
         43:4f:c9:63
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQks5bhyQEPqp9Qaps/F6vvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMjFiNzhjZTk3YjBmNWZiM2Q4OGJmOTVjZmJiMDhiMmZi
ZWE4ZTUwHhcNMjUwMTAyMDE0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzdjZjJmNzc4ZGU4Y2I3ZWU2YmZmZTVhNzhmNTg4NmRkNzQ3MjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0Ubtc9vW5YIfUlUAHC9cNy1g7RU
W/UeWFby5+cblpckk4Y5QP2xMMrDHUJ888exkbOVkfOf63KAlfotHW/4myZOTV/O
F3JGes/Oi678jlZjfpBK2QkHA19g9aF0GuLi/O6blxh96HKjh4iby+nglarl80x/
kdLK4J6zkTC27lRr02CkiShb1oj+hbZLU31q9vCZKTqFQ3ZzyPDNKmy8Kq8TrBLa
lM7KmaoF7Ub0fy6dJj/vEiP/0+Dg8s+eu85ttYxs3fUccVa3+wQ4yPHenKVHd0ZP
YcXc4QJ21UcRUB688aKe9qct/vGQ4NsA7/VqFRbc2C5h3L+mg5KaQQo48wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCx88vd43oy37mv/5aePWIbddHIOMB8GA1UdIwQY
MBaAFA8ht4zpew9fs9iL+Vz7sIsvvqjlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHlHM2pPbDdEMS16Mkl2NVhQdXdpeS0tcU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8wZjc1OTQtZjA0OC00NzNkLWEzOWEt
ZGRiOWU0ZGI5OGM2LzEvTEh6eTkzamVqTGZ1YV9fbHA0OVlodDEwY2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8wZjc1OTQtZjA0OC00NzNkLWEzOWEtZGRiOWU0ZGI5OGM2
LzEvRHlHM2pPbDdEMS16Mkl2NVhQdXdpeS0tcU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEQwDQYJ
KoZIhvcNAQELBQADggEBAEEM6cwRPPAenKnArc+sYwL+nVezWix7NFZTrHtfEjul
Y6/fU76RVNyzcBu3TGPDWMXGCiffMCbviNrB7zumQ/QkAVOlQY8ZmKLyNitusQ7+
2vnbAdzVltznfWG4vBVSbVqZIYmCaBPVDKbZdfhENlkWKdrcz8ybhnDwq+42Uzaf
AqGEM9n74v8kL6VJv8xqtxteVYbRQro+RLJEZzGjVGeE6fTVG1Dp170dUJRn9z09
fQJ94+zkD59AYNyXdRk51DJWZ3Oh6L4xq1rCIy3BPNzW/LBv9auwpVsb6YMC0hcH
NuKHLTAS1LB/vsSfNruH5KzNY19k3yVbi8oqYUNPyWM=
-----END CERTIFICATE-----