Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/lxmQgaeOmS3-gCsqfHpFrhcSK04.roa
File:                     lxmQgaeOmS3-gCsqfHpFrhcSK04.roa (raw, json)
Hash identifier:          zHweRpPGwjyVjzoNUU8OeZA8r5hIHrykv3p9o0JytBo=
Subject key identifier:   97:19:90:81:A7:8E:99:2D:FE:80:2B:2A:7C:7A:45:AE:17:12:2B:4E
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       0190CBA8DA38E073C101B7058D33D7D4C946
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/lxmQgaeOmS3-gCsqfHpFrhcSK04.roa
Signing time:             Fri 19 Jul 2024 15:42:39 +0000
ROA not before:           Fri 19 Jul 2024 15:42:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32159
IP address blocks:        213.145.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:cb:a8:da:38:e0:73:c1:01:b7:05:8d:33:d7:d4:c9:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jul 19 15:42:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97199081a78e992dfe802b2a7c7a45ae17122b4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:74:b8:c1:09:a0:5c:71:ed:bb:19:e1:21:60:
                    0e:00:3a:c2:4c:e7:9a:a1:d5:dc:75:77:9d:44:28:
                    cf:04:89:40:53:ec:49:6e:4a:fa:b1:14:2d:32:2e:
                    07:5d:ed:d8:27:9c:fc:ba:82:2a:ed:5c:c7:36:4a:
                    87:00:22:85:bb:6b:55:67:c3:c2:ce:94:cc:e0:d8:
                    07:35:23:7f:12:f2:a8:af:a8:8b:62:f3:c5:43:6d:
                    32:67:a4:ad:60:6b:e7:75:45:b8:55:92:00:59:a0:
                    4b:9f:cb:2a:43:59:ba:96:0b:99:9f:6c:47:e0:99:
                    2d:80:c2:97:6f:77:f2:b5:54:98:e1:c0:44:9f:37:
                    c9:50:cd:ea:78:4c:c7:c9:26:b1:67:bb:3f:96:7c:
                    04:89:b0:8c:cf:18:8b:ff:d1:9e:9b:7b:2e:85:a4:
                    87:69:ef:ed:c6:f1:8a:74:79:3b:40:5d:60:08:6e:
                    68:8f:47:30:17:73:68:06:9e:bb:9f:58:3a:c6:b2:
                    b8:b3:81:a4:54:3e:27:78:33:4d:ab:37:4f:d8:0a:
                    3c:2f:ba:12:c7:dd:3f:82:7a:85:03:12:c6:52:08:
                    16:2b:53:8e:db:e4:ec:ad:64:19:6a:a3:4e:17:6f:
                    5c:49:87:ae:ec:25:64:96:dd:78:1c:97:0a:da:bd:
                    76:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:19:90:81:A7:8E:99:2D:FE:80:2B:2A:7C:7A:45:AE:17:12:2B:4E
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/lxmQgaeOmS3-gCsqfHpFrhcSK04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:03:30:90:a7:ea:41:1e:a3:f7:1a:2b:59:ae:bb:96:ba:45:
         5b:e0:3e:e3:3f:b6:17:51:84:62:fc:c0:ce:4b:2d:d1:5d:bb:
         7a:1d:23:e9:14:69:28:b6:df:e4:e0:d8:b3:da:7a:2d:c7:a9:
         0c:3c:9b:cb:42:c3:fb:11:ef:f9:d2:52:ee:e1:56:f1:f7:41:
         1b:b8:3c:5a:b4:e2:45:1b:c7:95:d7:54:22:6a:61:76:5e:cf:
         46:4d:f9:77:ab:6a:87:12:2b:d3:ed:57:7a:25:62:fa:fd:da:
         df:45:82:9a:75:e7:6e:97:07:b7:5a:4d:02:09:f9:99:b5:5f:
         8c:0c:b2:01:ff:9d:c5:94:83:aa:3b:55:3e:8e:d6:48:55:a0:
         b7:d0:93:d7:85:13:72:f8:6f:e9:1d:ca:48:7c:cf:6b:0d:11:
         56:41:a1:01:f2:c4:f6:72:4f:3f:43:e7:2c:07:2e:c1:52:6b:
         9e:f8:c6:85:a5:fb:ad:99:df:13:ce:32:11:47:78:9a:f3:46:
         2c:18:7e:b8:59:8a:42:04:90:0b:7a:5d:06:e5:84:7c:c4:92:
         d4:37:52:20:e8:1e:44:db:6e:3c:4a:34:4e:14:6c:40:8e:83:
         b6:ff:83:62:7b:90:6e:d3:70:fb:89:62:3b:11:8d:c9:0a:bf:
         13:ae:71:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDLqNo44HPBAbcFjTPX1MlGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjQwNzE5MTU0MjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzE5OTA4MWE3OGU5OTJkZmU4MDJiMmE3YzdhNDVhZTE3MTIyYjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXS4wQmgXHHtuxnhIWAOADrCTOea
odXcdXedRCjPBIlAU+xJbkr6sRQtMi4HXe3YJ5z8uoIq7VzHNkqHACKFu2tVZ8PC
zpTM4NgHNSN/EvKor6iLYvPFQ20yZ6StYGvndUW4VZIAWaBLn8sqQ1m6lguZn2xH
4JktgMKXb3fytVSY4cBEnzfJUM3qeEzHySaxZ7s/lnwEibCMzxiL/9Gem3suhaSH
ae/txvGKdHk7QF1gCG5oj0cwF3NoBp67n1g6xrK4s4GkVD4neDNNqzdP2Ao8L7oS
x90/gnqFAxLGUggWK1OO2+TsrWQZaqNOF29cSYeu7CVklt14HJcK2r12vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcZkIGnjpkt/oArKnx6Ra4XEitOMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvbHhtUWdhZU9tUzMtZ0NzcWZIcEZyaGNTSzA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFXMA0G
CSqGSIb3DQEBCwUAA4IBAQA9AzCQp+pBHqP3GitZrruWukVb4D7jP7YXUYRi/MDO
Sy3RXbt6HSPpFGkott/k4Niz2notx6kMPJvLQsP7Ee/50lLu4Vbx90EbuDxatOJF
G8eV11QiamF2Xs9GTfl3q2qHEivT7Vd6JWL6/drfRYKadedulwe3Wk0CCfmZtV+M
DLIB/53FlIOqO1U+jtZIVaC30JPXhRNy+G/pHcpIfM9rDRFWQaEB8sT2ck8/Q+cs
By7BUmue+MaFpfutmd8TzjIRR3ia80YsGH64WYpCBJALel0G5YR8xJLUN1Ig6B5E
2248SjROFGxAjoO2/4Nie5Bu03D7iWI7EY3JCr8TrnGZ
-----END CERTIFICATE-----