Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/lafIxv08ZBU1kMg4vU91qV80Yh0.roa
File:                     lafIxv08ZBU1kMg4vU91qV80Yh0.roa (raw, json)
Hash identifier:          LCpr7695QWq1Dm7ylhu4ajKQ06op85kmAw0/20WE5uU=
Subject key identifier:   95:A7:C8:C6:FD:3C:64:15:35:90:C8:38:BD:4F:75:A9:5F:34:62:1D
Certificate issuer:       /CN=f52e9a043f3128336e3c97c2542574c8ad929ac9
Certificate serial:       018CCA2B9A52F2F792677D6F260E352A4D89
Authority key identifier: F5:2E:9A:04:3F:31:28:33:6E:3C:97:C2:54:25:74:C8:AD:92:9A:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9S6aBD8xKDNuPJfCVCV0yK2Smsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/lafIxv08ZBU1kMg4vU91qV80Yh0.roa
Signing time:             Tue 02 Jan 2024 12:35:04 +0000
ROA not before:           Tue 02 Jan 2024 12:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        193.200.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/9S6aBD8xKDNuPJfCVCV0yK2Smsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/9S6aBD8xKDNuPJfCVCV0yK2Smsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9S6aBD8xKDNuPJfCVCV0yK2Smsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:9a:52:f2:f7:92:67:7d:6f:26:0e:35:2a:4d:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f52e9a043f3128336e3c97c2542574c8ad929ac9
        Validity
            Not Before: Jan  2 12:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95a7c8c6fd3c64153590c838bd4f75a95f34621d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f3:44:b6:cd:06:f2:44:c1:78:d1:01:0b:fb:
                    bf:95:c6:ff:85:73:78:74:70:dc:3a:e8:ce:50:31:
                    e2:d1:6c:83:57:19:76:53:09:89:79:84:b9:47:9f:
                    6f:f0:50:49:1a:01:ac:e5:98:e4:b6:9f:a6:a1:34:
                    b5:6f:ee:a7:ef:37:31:f8:56:da:22:3d:e1:40:4b:
                    41:a8:a7:fb:f1:b0:17:2d:ac:50:06:5d:6f:3f:ba:
                    c1:a8:5f:81:9b:09:85:aa:19:a0:fc:c8:b2:c5:77:
                    32:57:65:40:f0:17:c0:46:88:0c:c9:93:13:e1:81:
                    d1:ca:11:39:f5:f1:56:ba:fe:3d:bb:82:81:2f:d0:
                    ca:2a:c8:d7:45:90:ac:95:4a:26:ec:1c:38:d6:cd:
                    4c:ed:0d:0a:29:84:2b:1c:0e:02:42:96:8c:a3:a6:
                    3d:22:74:1c:87:0d:48:92:81:2a:89:30:40:9a:83:
                    87:ae:b2:67:83:95:5d:5e:20:d8:80:dd:90:50:56:
                    19:8b:cb:d9:de:0a:0f:4c:13:32:2b:05:d2:ad:76:
                    8a:84:23:5a:e2:d9:c6:71:65:46:a0:65:df:7b:86:
                    5b:74:30:97:0c:ba:af:63:61:5a:f1:b6:62:78:4e:
                    c6:84:7b:1b:8d:5a:6e:d6:cf:dd:c6:53:27:2e:4f:
                    0f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:A7:C8:C6:FD:3C:64:15:35:90:C8:38:BD:4F:75:A9:5F:34:62:1D
            X509v3 Authority Key Identifier:
                keyid:F5:2E:9A:04:3F:31:28:33:6E:3C:97:C2:54:25:74:C8:AD:92:9A:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9S6aBD8xKDNuPJfCVCV0yK2Smsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/lafIxv08ZBU1kMg4vU91qV80Yh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/fb3e98-d00f-45dd-bd19-eff8b95d20c5/1/9S6aBD8xKDNuPJfCVCV0yK2Smsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:e4:fa:b8:a7:94:15:fc:aa:5a:58:95:f9:6b:6c:ac:e1:ef:
         b8:fa:d7:50:ab:54:0a:34:6e:58:91:97:06:29:89:60:54:fa:
         90:7a:8b:48:ae:92:4d:98:b3:59:6a:93:44:72:46:52:8f:ee:
         fb:9f:cf:8c:51:b6:05:8b:87:e2:00:0d:40:01:ed:8d:3b:cb:
         a2:29:8e:c5:ac:5a:7e:b8:e6:45:e3:f8:d3:50:00:d3:40:10:
         15:d2:fe:42:48:7b:6a:60:7a:b9:a4:9a:86:d1:9d:19:3d:73:
         fc:43:8f:bf:10:d7:68:dc:8f:95:87:f6:13:18:6f:fc:02:1c:
         28:f1:10:07:c2:4f:55:c5:3f:35:0b:7e:ef:b5:3d:01:6f:d1:
         af:a4:04:bb:21:84:f7:b9:be:97:13:d3:c1:e5:9c:66:4a:3c:
         a5:ce:2d:2d:d8:1e:97:2c:31:4a:99:88:9a:c2:23:7b:42:9c:
         72:71:4d:c5:69:c7:c0:77:a1:0f:58:cc:77:ae:51:53:4f:c1:
         b0:30:c7:30:00:74:99:f8:a4:d4:d4:87:d6:8c:c7:50:5c:3e:
         e6:76:8e:91:cb:cf:77:d7:0d:62:2d:b5:0b:a2:2e:64:df:56:
         d0:f6:e2:22:69:1c:e5:f7:53:ba:a1:27:4f:fe:7c:bb:2d:2e:
         29:0d:72:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK5pS8veSZ31vJg41Kk2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MmU5YTA0M2YzMTI4MzM2ZTNjOTdjMjU0MjU3NGM4YWQ5
MjlhYzkwHhcNMjQwMTAyMTIzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWE3YzhjNmZkM2M2NDE1MzU5MGM4MzhiZDRmNzVhOTVmMzQ2MjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfNEts0G8kTBeNEBC/u/lcb/hXN4
dHDcOujOUDHi0WyDVxl2UwmJeYS5R59v8FBJGgGs5Zjktp+moTS1b+6n7zcx+Fba
Ij3hQEtBqKf78bAXLaxQBl1vP7rBqF+BmwmFqhmg/MiyxXcyV2VA8BfARogMyZMT
4YHRyhE59fFWuv49u4KBL9DKKsjXRZCslUom7Bw41s1M7Q0KKYQrHA4CQpaMo6Y9
InQchw1IkoEqiTBAmoOHrrJng5VdXiDYgN2QUFYZi8vZ3goPTBMyKwXSrXaKhCNa
4tnGcWVGoGXfe4ZbdDCXDLqvY2Fa8bZieE7GhHsbjVpu1s/dxlMnLk8P/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWnyMb9PGQVNZDIOL1PdalfNGIdMB8GA1UdIwQY
MBaAFPUumgQ/MSgzbjyXwlQldMitkprJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVM2YUJEOHhLRE51UEpmQ1ZDVjB5SzJTbXNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9mYjNlOTgtZDAwZi00NWRkLWJkMTkt
ZWZmOGI5NWQyMGM1LzEvbGFmSXh2MDhaQlUxa01nNHZVOTFxVjgwWWgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9mYjNlOTgtZDAwZi00NWRkLWJkMTktZWZmOGI5NWQyMGM1
LzEvOVM2YUJEOHhLRE51UEpmQ1ZDVjB5SzJTbXNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcidMA0G
CSqGSIb3DQEBCwUAA4IBAQCV5Pq4p5QV/KpaWJX5a2ys4e+4+tdQq1QKNG5YkZcG
KYlgVPqQeotIrpJNmLNZapNEckZSj+77n8+MUbYFi4fiAA1AAe2NO8uiKY7FrFp+
uOZF4/jTUADTQBAV0v5CSHtqYHq5pJqG0Z0ZPXP8Q4+/ENdo3I+Vh/YTGG/8Ahwo
8RAHwk9VxT81C37vtT0Bb9GvpAS7IYT3ub6XE9PB5ZxmSjylzi0t2B6XLDFKmYia
wiN7QpxycU3FacfAd6EPWMx3rlFTT8GwMMcwAHSZ+KTU1IfWjMdQXD7mdo6Ry893
1w1iLbULoi5k31bQ9uIiaRzl91O6oSdP/ny7LS4pDXLV
-----END CERTIFICATE-----