Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/c2a2b1-8657-4cf2-a1a8-c2b61f86b0aa/1/lnwUkdM1gLWyftPThbOk63qV1YE.roa
File:                     lnwUkdM1gLWyftPThbOk63qV1YE.roa (raw, json)
Hash identifier:          5Yz3ZYrEItUyoEgB96u1UZg1pa+eb3g2C2A6KezAaL0=
Subject key identifier:   96:7C:14:91:D3:35:80:B5:B2:7E:D3:D3:85:B3:A4:EB:7A:95:D5:81
Certificate issuer:       /CN=93e9f4bddf4b2df110ac308346f46d9450f13b3a
Certificate serial:       01907DA27AC3383F25F65042BE4843A670E4
Authority key identifier: 93:E9:F4:BD:DF:4B:2D:F1:10:AC:30:83:46:F4:6D:94:50:F1:3B:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-n0vd9LLfEQrDCDRvRtlFDxOzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/c2a2b1-8657-4cf2-a1a8-c2b61f86b0aa/1/lnwUkdM1gLWyftPThbOk63qV1YE.roa
Signing time:             Thu 04 Jul 2024 12:05:18 +0000
ROA not before:           Thu 04 Jul 2024 12:05:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50595
IP address blocks:        193.164.246.0/23 maxlen: 23
                          195.72.96.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/c2a2b1-8657-4cf2-a1a8-c2b61f86b0aa/1/k-n0vd9LLfEQrDCDRvRtlFDxOzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/c2a2b1-8657-4cf2-a1a8-c2b61f86b0aa/1/k-n0vd9LLfEQrDCDRvRtlFDxOzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-n0vd9LLfEQrDCDRvRtlFDxOzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7d:a2:7a:c3:38:3f:25:f6:50:42:be:48:43:a6:70:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e9f4bddf4b2df110ac308346f46d9450f13b3a
        Validity
            Not Before: Jul  4 12:05:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=967c1491d33580b5b27ed3d385b3a4eb7a95d581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:54:52:70:4d:f9:d0:de:5a:ab:ac:85:f0:d9:
                    98:32:9c:38:6b:e4:75:64:4a:b9:52:c1:06:58:98:
                    a7:fa:3c:f5:22:26:14:d3:c5:fe:04:6c:d9:9e:92:
                    10:8c:4b:8e:63:64:6d:0f:7e:a6:f8:48:cb:64:56:
                    f4:79:ab:12:0b:12:72:f2:87:d5:cb:65:1c:ad:76:
                    86:00:27:02:07:02:e0:45:d3:2b:13:23:16:f2:46:
                    27:62:07:c7:b9:f2:6d:66:c5:05:10:be:6e:72:57:
                    74:50:f0:d7:9d:6c:31:89:15:82:c3:25:df:4c:70:
                    e5:d1:b9:89:90:6d:72:a8:ee:b5:63:7e:f0:ab:6b:
                    8f:94:67:fd:c7:16:dc:48:cf:ef:21:4d:b8:18:ee:
                    7d:85:d6:5a:64:56:4d:84:62:28:15:ab:b4:01:a4:
                    b7:6d:b6:d1:7e:c4:fe:70:4c:69:ac:a6:22:ff:05:
                    d8:3c:00:bf:88:a7:9d:13:2a:17:df:a3:7d:20:2d:
                    eb:84:1b:bc:c9:ca:e4:15:3a:d3:40:6c:6e:fd:80:
                    0f:cc:11:f3:60:7b:aa:00:de:f7:64:fd:2c:8c:41:
                    77:26:46:13:a1:3f:d1:5c:c2:d8:58:33:67:40:be:
                    6d:2d:55:77:c6:e6:d5:a3:94:cc:5e:c5:4e:12:a0:
                    f5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:7C:14:91:D3:35:80:B5:B2:7E:D3:D3:85:B3:A4:EB:7A:95:D5:81
            X509v3 Authority Key Identifier:
                keyid:93:E9:F4:BD:DF:4B:2D:F1:10:AC:30:83:46:F4:6D:94:50:F1:3B:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-n0vd9LLfEQrDCDRvRtlFDxOzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/c2a2b1-8657-4cf2-a1a8-c2b61f86b0aa/1/lnwUkdM1gLWyftPThbOk63qV1YE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/c2a2b1-8657-4cf2-a1a8-c2b61f86b0aa/1/k-n0vd9LLfEQrDCDRvRtlFDxOzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.246.0/23
                  195.72.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         67:cb:bb:cf:56:dd:c2:1d:53:54:df:9b:49:7f:54:16:33:93:
         10:9f:67:5c:a1:d9:3e:45:da:01:ff:b4:3a:1f:92:71:d1:39:
         e7:70:af:7c:d9:d4:d8:d0:37:d1:23:23:d7:ca:d0:0b:52:f1:
         aa:39:d2:14:cf:ab:b6:b6:12:2b:39:b6:35:7f:9a:29:6d:b7:
         50:54:bb:33:0e:e0:9e:ac:f3:2c:fc:a2:71:d6:4a:e4:41:c7:
         38:b9:d6:1b:fd:7e:24:9e:fa:28:4f:1e:ff:94:01:bb:55:e4:
         a9:14:15:3e:65:42:b0:a1:5b:ab:74:9f:13:09:30:0d:da:5e:
         d8:20:34:35:5a:26:9c:6e:a2:eb:2a:d0:83:3e:b2:a7:99:19:
         ed:83:d5:fa:7e:ab:d6:9b:e1:6f:43:0b:1b:1f:3a:d0:7a:dd:
         72:75:05:cf:47:1e:2c:f5:e9:f3:dc:16:43:5d:e9:7d:e2:ae:
         3c:b0:b9:98:c0:f7:41:a1:fa:ff:96:b9:a0:7f:6b:3b:17:8d:
         72:18:ca:ce:e8:ef:20:22:9e:39:47:59:6e:3e:09:3c:e9:13:
         b6:89:66:f1:ae:42:53:cc:5c:21:06:4c:fe:00:47:f3:4a:62:
         22:ef:95:ca:7a:5b:c7:12:31:10:9e:17:d4:b1:fc:65:aa:11:
         1c:1e:9c:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZB9onrDOD8l9lBCvkhDpnDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZTlmNGJkZGY0YjJkZjExMGFjMzA4MzQ2ZjQ2ZDk0NTBm
MTNiM2EwHhcNMjQwNzA0MTIwNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjdjMTQ5MWQzMzU4MGI1YjI3ZWQzZDM4NWIzYTRlYjdhOTVkNTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFRScE350N5aq6yF8NmYMpw4a+R1
ZEq5UsEGWJin+jz1IiYU08X+BGzZnpIQjEuOY2RtD36m+EjLZFb0easSCxJy8ofV
y2UcrXaGACcCBwLgRdMrEyMW8kYnYgfHufJtZsUFEL5ucld0UPDXnWwxiRWCwyXf
THDl0bmJkG1yqO61Y37wq2uPlGf9xxbcSM/vIU24GO59hdZaZFZNhGIoFau0AaS3
bbbRfsT+cExprKYi/wXYPAC/iKedEyoX36N9IC3rhBu8ycrkFTrTQGxu/YAPzBHz
YHuqAN73ZP0sjEF3JkYToT/RXMLYWDNnQL5tLVV3xubVo5TMXsVOEqD1swIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJZ8FJHTNYC1sn7T04WzpOt6ldWBMB8GA1UdIwQY
MBaAFJPp9L3fSy3xEKwwg0b0bZRQ8Ts6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1uMHZkOUxMZkVRckRDRFJ2UnRsRkR4T3pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9jMmEyYjEtODY1Ny00Y2YyLWExYTgt
YzJiNjFmODZiMGFhLzEvbG53VWtkTTFnTFd5ZnRQVGhiT2s2M3FWMVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9jMmEyYjEtODY1Ny00Y2YyLWExYTgtYzJiNjFmODZiMGFh
LzEvay1uMHZkOUxMZkVRckRDRFJ2UnRsRkR4T3pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwaT2AwQE
w0hgMA0GCSqGSIb3DQEBCwUAA4IBAQBny7vPVt3CHVNU35tJf1QWM5MQn2dcodk+
RdoB/7Q6H5Jx0TnncK982dTY0DfRIyPXytALUvGqOdIUz6u2thIrObY1f5opbbdQ
VLszDuCerPMs/KJx1krkQcc4udYb/X4knvooTx7/lAG7VeSpFBU+ZUKwoVurdJ8T
CTAN2l7YIDQ1WiacbqLrKtCDPrKnmRntg9X6fqvWm+FvQwsbHzrQet1ydQXPRx4s
9enz3BZDXel94q48sLmYwPdBofr/lrmgf2s7F41yGMrO6O8gIp45R1luPgk86RO2
iWbxrkJTzFwhBkz+AEfzSmIi75XKelvHEjEQnhfUsfxlqhEcHpxI
-----END CERTIFICATE-----