Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/LTfGB2oVia27haJCTBsPNBby1D4.roa
File:                     LTfGB2oVia27haJCTBsPNBby1D4.roa (raw, json)
Hash identifier:          rJV0KX1QkOOZ9tGuNc+wMczUJ6rQgnPcf1BYf+ZeRCM=
Subject key identifier:   2D:37:C6:07:6A:15:89:AD:BB:85:A2:42:4C:1B:0F:34:16:F2:D4:3E
Certificate issuer:       /CN=961b9df745c32df27df33ebcfd536f19e13474fe
Certificate serial:       018CC5DC37334A222A349E395CB98B0504EB
Authority key identifier: 96:1B:9D:F7:45:C3:2D:F2:7D:F3:3E:BC:FD:53:6F:19:E1:34:74:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lhud90XDLfJ98z68_VNvGeE0dP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/LTfGB2oVia27haJCTBsPNBby1D4.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60789
IP address blocks:        193.100.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/lhud90XDLfJ98z68_VNvGeE0dP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/lhud90XDLfJ98z68_VNvGeE0dP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lhud90XDLfJ98z68_VNvGeE0dP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:37:33:4a:22:2a:34:9e:39:5c:b9:8b:05:04:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=961b9df745c32df27df33ebcfd536f19e13474fe
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d37c6076a1589adbb85a2424c1b0f3416f2d43e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:fe:59:44:8f:c1:b3:f2:3d:76:68:35:64:1b:
                    e5:92:68:e8:91:d2:38:e5:20:2c:ba:76:65:b6:ef:
                    17:5d:8c:c1:6a:24:af:15:23:6c:35:2f:50:3a:9d:
                    86:15:dd:e9:c8:05:6f:19:39:fb:f7:00:49:24:a4:
                    a9:01:c8:8a:96:48:4c:9f:80:f6:51:00:21:85:6f:
                    3b:a6:2a:6f:14:51:04:71:f0:ed:4b:4a:f2:dc:83:
                    fb:85:6a:da:5b:76:92:e4:31:12:d4:69:c1:2b:b8:
                    c5:9c:93:fc:63:fe:f5:31:d3:b9:d2:bc:53:d7:90:
                    d8:64:dd:8e:cd:96:a1:59:ba:13:9f:1a:be:a0:cf:
                    d4:6a:a0:57:99:61:3c:a5:11:e1:e4:f3:00:3e:45:
                    65:8e:c8:1a:c0:bd:9c:1c:25:3b:c8:90:13:ed:89:
                    7a:38:83:71:fa:a4:b9:19:2e:23:5e:a9:82:34:8d:
                    93:0e:a5:9c:b8:1e:a5:62:30:25:ac:6d:51:87:bf:
                    49:03:c9:f4:30:95:24:f1:b5:b5:39:18:5a:3c:00:
                    35:d1:a0:da:8c:89:0d:44:44:51:c6:f2:23:7a:5a:
                    a2:3f:64:0b:86:44:95:3f:66:0b:3d:20:ac:14:ea:
                    bd:9f:34:89:a8:91:83:90:f6:4d:93:fe:e7:36:f7:
                    c6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:37:C6:07:6A:15:89:AD:BB:85:A2:42:4C:1B:0F:34:16:F2:D4:3E
            X509v3 Authority Key Identifier:
                keyid:96:1B:9D:F7:45:C3:2D:F2:7D:F3:3E:BC:FD:53:6F:19:E1:34:74:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lhud90XDLfJ98z68_VNvGeE0dP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/LTfGB2oVia27haJCTBsPNBby1D4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/lhud90XDLfJ98z68_VNvGeE0dP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.100.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:13:ce:9f:18:6f:c5:5a:26:ee:02:06:72:16:25:bb:a7:83:
         5f:c1:23:e8:ae:8c:b1:3e:1b:07:24:4f:75:f1:6c:1a:e7:b2:
         59:3e:06:d9:04:77:d8:7b:79:5a:e0:4b:42:f5:16:89:13:0f:
         f8:ac:2d:68:b2:84:b4:d9:bf:21:9d:7a:14:d6:5e:84:8e:7e:
         a8:2c:2c:ca:ce:c3:d3:af:f2:8c:29:45:01:bd:2a:5b:53:d4:
         fa:08:5b:70:79:e4:11:e1:ba:a3:c6:dd:99:25:9e:ed:92:f3:
         30:c2:ff:92:f8:f3:23:3a:d7:42:c3:8d:eb:87:6f:0e:aa:77:
         4c:0d:f9:bc:57:9d:04:c1:86:ec:e7:ad:dd:fe:5c:e5:bf:9e:
         47:fd:29:2e:79:82:38:c7:76:26:82:47:d6:8a:da:f9:80:9b:
         93:46:99:50:80:74:42:9c:80:d0:98:3f:bb:49:25:c5:2e:e4:
         88:91:1d:9e:89:0e:10:4c:28:53:dd:98:a9:9f:2f:de:5f:9b:
         da:1f:f1:5e:4c:a5:36:b7:15:8d:8f:bc:8b:fe:13:01:47:97:
         a3:c0:e1:23:e5:83:b6:7d:f1:7d:a6:67:11:88:51:d6:f1:0f:
         c8:35:44:e9:f4:b4:ae:5f:b0:bc:d0:31:4d:8f:fc:e7:e7:a9:
         d6:c3:90:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DczSiIqNJ45XLmLBQTrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MWI5ZGY3NDVjMzJkZjI3ZGYzM2ViY2ZkNTM2ZjE5ZTEz
NDc0ZmUwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDM3YzYwNzZhMTU4OWFkYmI4NWEyNDI0YzFiMGYzNDE2ZjJkNDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmP5ZRI/Bs/I9dmg1ZBvlkmjokdI4
5SAsunZltu8XXYzBaiSvFSNsNS9QOp2GFd3pyAVvGTn79wBJJKSpAciKlkhMn4D2
UQAhhW87pipvFFEEcfDtS0ry3IP7hWraW3aS5DES1GnBK7jFnJP8Y/71MdO50rxT
15DYZN2OzZahWboTnxq+oM/UaqBXmWE8pRHh5PMAPkVljsgawL2cHCU7yJAT7Yl6
OINx+qS5GS4jXqmCNI2TDqWcuB6lYjAlrG1Rh79JA8n0MJUk8bW1ORhaPAA10aDa
jIkNRERRxvIjelqiP2QLhkSVP2YLPSCsFOq9nzSJqJGDkPZNk/7nNvfG/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC03xgdqFYmtu4WiQkwbDzQW8tQ+MB8GA1UdIwQY
MBaAFJYbnfdFwy3yffM+vP1TbxnhNHT+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGh1ZDkwWERMZko5OHo2OF9WTnZHZUUwZFA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9lODQ5MjAtZjVjYi00NmQ3LWJjOTkt
ZmU1MzIxMGI1N2I2LzEvTFRmR0Iyb1ZpYTI3aGFKQ1RCc1BOQmJ5MUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9lODQ5MjAtZjVjYi00NmQ3LWJjOTktZmU1MzIxMGI1N2I2
LzEvbGh1ZDkwWERMZko5OHo2OF9WTnZHZUUwZFA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWRAMA0G
CSqGSIb3DQEBCwUAA4IBAQCTE86fGG/FWibuAgZyFiW7p4NfwSPoroyxPhsHJE91
8Wwa57JZPgbZBHfYe3la4EtC9RaJEw/4rC1osoS02b8hnXoU1l6Ejn6oLCzKzsPT
r/KMKUUBvSpbU9T6CFtweeQR4bqjxt2ZJZ7tkvMwwv+S+PMjOtdCw43rh28OqndM
Dfm8V50EwYbs563d/lzlv55H/SkueYI4x3YmgkfWitr5gJuTRplQgHRCnIDQmD+7
SSXFLuSIkR2eiQ4QTChT3Zipny/eX5vaH/FeTKU2txWNj7yL/hMBR5ejwOEj5YO2
ffF9pmcRiFHW8Q/INUTp9LSuX7C80DFNj/zn56nWw5D2
-----END CERTIFICATE-----