Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/LudzlVtppUgbGOzEDsFNoEfY7NY.roa
File:                     LudzlVtppUgbGOzEDsFNoEfY7NY.roa (raw, json)
Hash identifier:          BnqozZVqQzlAYTzdStUTJczVw5E6l9tZxgZ2u1NjOsk=
Subject key identifier:   2E:E7:73:95:5B:69:A5:48:1B:18:EC:C4:0E:C1:4D:A0:47:D8:EC:D6
Certificate issuer:       /CN=f15096fe3390449c936e857061d4a6965d408a31
Certificate serial:       018CCA99BD6B7A3535AF1A145A4F9FD89E74
Authority key identifier: F1:50:96:FE:33:90:44:9C:93:6E:85:70:61:D4:A6:96:5D:40:8A:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8VCW_jOQRJyTboVwYdSmll1AijE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/LudzlVtppUgbGOzEDsFNoEfY7NY.roa
Signing time:             Tue 02 Jan 2024 14:35:22 +0000
ROA not before:           Tue 02 Jan 2024 14:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197883
IP address blocks:        5.42.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/8VCW_jOQRJyTboVwYdSmll1AijE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/8VCW_jOQRJyTboVwYdSmll1AijE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8VCW_jOQRJyTboVwYdSmll1AijE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:bd:6b:7a:35:35:af:1a:14:5a:4f:9f:d8:9e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f15096fe3390449c936e857061d4a6965d408a31
        Validity
            Not Before: Jan  2 14:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ee773955b69a5481b18ecc40ec14da047d8ecd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1c:85:1f:55:b4:5b:d2:d7:88:55:71:97:e5:
                    26:79:66:38:86:58:d6:4a:fb:26:d4:80:b8:20:37:
                    59:c1:44:72:db:e1:5a:bd:06:4f:52:1b:6d:e4:98:
                    5d:9b:4c:14:a5:84:65:ae:12:dd:27:df:0c:97:84:
                    59:eb:56:ac:88:a1:ae:88:ca:b5:61:12:fd:2e:1b:
                    d9:3e:1d:66:1c:83:2c:2d:6d:7f:82:c0:1c:fd:8a:
                    8f:e5:82:ef:a7:2c:80:9d:ed:e0:c2:26:45:27:fc:
                    08:29:38:7a:28:1e:c0:f3:96:43:e9:91:1e:80:b2:
                    18:06:71:50:46:1a:e6:8a:9b:2e:24:a6:3f:8d:ff:
                    ba:63:e6:a5:e2:0c:85:67:2b:b2:31:5d:be:b1:f2:
                    b2:6a:41:bb:5f:91:c0:9e:11:d5:4b:f1:37:44:9d:
                    d1:0f:56:c4:aa:cb:ed:9b:bd:60:d1:61:db:bc:d0:
                    37:34:ea:3b:5e:e9:dc:80:5b:67:f7:34:88:b5:db:
                    b6:5e:7d:04:fe:94:5f:61:3e:86:81:98:26:3b:82:
                    7c:b5:f9:65:ac:2e:83:07:58:3c:a0:50:5c:64:9b:
                    ae:fd:e9:6b:0e:e0:aa:46:1b:d1:32:f4:df:40:79:
                    f3:9e:fa:65:97:91:27:69:60:45:c3:b0:a5:d2:c0:
                    2f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:E7:73:95:5B:69:A5:48:1B:18:EC:C4:0E:C1:4D:A0:47:D8:EC:D6
            X509v3 Authority Key Identifier:
                keyid:F1:50:96:FE:33:90:44:9C:93:6E:85:70:61:D4:A6:96:5D:40:8A:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8VCW_jOQRJyTboVwYdSmll1AijE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/LudzlVtppUgbGOzEDsFNoEfY7NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/5d6d69-8880-4a92-8756-5815fd3da297/1/8VCW_jOQRJyTboVwYdSmll1AijE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:85:cb:9c:fc:1d:97:1d:b8:ad:e9:a8:81:00:c9:bb:23:ff:
         9a:18:43:5e:5b:00:48:0d:ca:83:ee:8e:20:2e:f4:02:cd:a5:
         55:fb:cb:ea:3b:b5:8b:d4:4d:47:2d:3b:1e:7c:73:be:f3:4d:
         56:bb:39:13:64:f7:54:03:26:33:20:d5:2f:d0:b9:d3:53:4a:
         e7:33:87:50:f6:ee:e9:c2:81:02:f6:38:d6:35:6b:c1:ae:20:
         99:64:33:83:67:4f:a7:46:91:71:64:76:fa:67:73:70:ef:05:
         3f:28:ed:77:35:7d:af:a9:ee:4c:33:c0:e9:18:5c:a4:fb:13:
         86:18:9e:47:79:ff:38:d0:06:9b:ed:e5:6c:15:97:d0:a7:1a:
         1b:7b:8d:41:eb:ff:e4:2d:aa:93:81:5b:0c:8a:95:44:64:a2:
         c7:ed:39:81:48:e7:fd:19:bb:42:27:d6:9c:94:0c:7a:31:d4:
         08:09:91:c8:01:e9:41:46:ab:d2:0f:23:77:f2:13:97:34:57:
         63:30:e2:3e:7e:d2:63:8a:f1:4a:ba:67:05:bc:84:b8:ee:9b:
         38:55:74:82:eb:f6:b2:0f:7b:b8:87:8b:21:d5:e6:ab:c4:ec:
         02:13:70:ec:8c:c7:bc:dc:69:f6:31:47:ee:7a:28:7f:3c:b3:
         52:a5:b6:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmb1rejU1rxoUWk+f2J50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNTA5NmZlMzM5MDQ0OWM5MzZlODU3MDYxZDRhNjk2NWQ0
MDhhMzEwHhcNMjQwMTAyMTQzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWU3NzM5NTViNjlhNTQ4MWIxOGVjYzQwZWMxNGRhMDQ3ZDhlY2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhyFH1W0W9LXiFVxl+UmeWY4hljW
Svsm1IC4IDdZwURy2+FavQZPUhtt5Jhdm0wUpYRlrhLdJ98Ml4RZ61asiKGuiMq1
YRL9LhvZPh1mHIMsLW1/gsAc/YqP5YLvpyyAne3gwiZFJ/wIKTh6KB7A85ZD6ZEe
gLIYBnFQRhrmipsuJKY/jf+6Y+al4gyFZyuyMV2+sfKyakG7X5HAnhHVS/E3RJ3R
D1bEqsvtm71g0WHbvNA3NOo7XuncgFtn9zSItdu2Xn0E/pRfYT6GgZgmO4J8tfll
rC6DB1g8oFBcZJuu/elrDuCqRhvRMvTfQHnznvpll5EnaWBFw7Cl0sAvmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7nc5VbaaVIGxjsxA7BTaBH2OzWMB8GA1UdIwQY
MBaAFPFQlv4zkESck26FcGHUppZdQIoxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFZDV19qT1FSSnlUYm9Wd1lkU21sbDFBaWpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC81ZDZkNjktODg4MC00YTkyLTg3NTYt
NTgxNWZkM2RhMjk3LzEvTHVkemxWdHBwVWdiR096RURzRk5vRWZZN05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC81ZDZkNjktODg4MC00YTkyLTg3NTYtNTgxNWZkM2RhMjk3
LzEvOFZDV19qT1FSSnlUYm9Wd1lkU21sbDFBaWpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrBMA0G
CSqGSIb3DQEBCwUAA4IBAQBshcuc/B2XHbit6aiBAMm7I/+aGENeWwBIDcqD7o4g
LvQCzaVV+8vqO7WL1E1HLTsefHO+801WuzkTZPdUAyYzINUv0LnTU0rnM4dQ9u7p
woEC9jjWNWvBriCZZDODZ0+nRpFxZHb6Z3Nw7wU/KO13NX2vqe5MM8DpGFyk+xOG
GJ5Hef840Aab7eVsFZfQpxobe41B6//kLaqTgVsMipVEZKLH7TmBSOf9GbtCJ9ac
lAx6MdQICZHIAelBRqvSDyN38hOXNFdjMOI+ftJjivFKumcFvIS47ps4VXSC6/ay
D3u4h4sh1earxOwCE3DsjMe83Gn2MUfueih/PLNSpbaL
-----END CERTIFICATE-----