Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/lq1z_TN99nrnHdTyYmZ-LvW8w-E.roa
File:                     lq1z_TN99nrnHdTyYmZ-LvW8w-E.roa (raw, json)
Hash identifier:          w5xPW7ugNEcPMGJSpePGAqiLp0JgfDQN16HZxMK0zZ0=
Subject key identifier:   96:AD:73:FD:33:7D:F6:7A:E7:1D:D4:F2:62:66:7E:2E:F5:BC:C3:E1
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       01919D457F4D1852AFA255B54951287EC35E
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/lq1z_TN99nrnHdTyYmZ-LvW8w-E.roa
Signing time:             Thu 29 Aug 2024 08:34:23 +0000
ROA not before:           Thu 29 Aug 2024 08:34:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43053
IP address blocks:        95.131.0.0/21 maxlen: 21
                          149.255.160.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9d:45:7f:4d:18:52:af:a2:55:b5:49:51:28:7e:c3:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Aug 29 08:34:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96ad73fd337df67ae71dd4f262667e2ef5bcc3e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a3:9d:d2:f4:0e:8a:e5:ac:7f:96:d3:c7:2d:
                    3e:f8:5d:ef:92:03:e2:16:9c:4f:34:33:6a:1d:ae:
                    d3:10:9a:3c:b8:bb:20:99:3b:fa:20:6f:c4:83:ac:
                    b2:39:3f:bd:92:3e:54:83:c4:5d:2b:bc:f0:dd:6d:
                    08:ff:f7:3e:c6:2a:4b:b6:40:6b:79:26:e0:a9:81:
                    b3:b0:53:0f:af:00:76:8e:2e:46:d8:ab:b7:d2:28:
                    ad:96:20:37:14:92:c4:ae:09:94:a5:27:64:8b:c4:
                    bc:c8:46:6d:c5:3a:8b:c9:6f:28:9d:08:40:31:34:
                    a6:5c:82:5d:15:f2:2b:ae:4c:e7:b6:4d:1f:26:b8:
                    a3:8b:78:8c:76:79:d2:3a:00:ad:68:16:1e:50:73:
                    80:35:5c:ab:fa:73:74:f5:3b:ee:7a:7d:d2:f2:cd:
                    e9:4b:1b:27:9e:9b:45:b5:50:07:35:ff:4d:ad:5c:
                    bf:ec:f3:d9:e4:35:c1:30:a4:eb:7b:6e:c6:27:87:
                    ae:aa:1d:43:9f:47:2a:4a:18:9c:66:9b:7c:dd:bb:
                    45:07:cc:b5:c6:db:e0:10:79:c0:5e:96:1e:52:f3:
                    62:e5:fa:94:61:ca:a2:cd:35:a6:fb:12:4b:1b:5c:
                    85:ee:54:6f:50:00:9e:8c:c8:4c:b6:4c:52:d1:7a:
                    f7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:AD:73:FD:33:7D:F6:7A:E7:1D:D4:F2:62:66:7E:2E:F5:BC:C3:E1
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/lq1z_TN99nrnHdTyYmZ-LvW8w-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.0.0/21
                  149.255.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5b:eb:d3:f4:dc:f6:ee:81:19:50:8f:61:32:5b:1a:cf:39:93:
         5a:e6:dd:82:d6:52:bc:80:5a:34:de:90:82:e9:ab:3a:1d:10:
         b2:b9:8f:47:44:27:f6:e9:c5:bf:e9:2d:22:85:e5:57:7f:22:
         1f:c6:8f:4e:b8:57:16:dc:f6:f6:02:f3:34:c5:91:22:07:92:
         97:a6:a2:e5:cb:31:0c:94:ec:48:28:2b:ca:6c:86:f2:51:14:
         3d:25:d9:2a:89:ed:59:57:dd:94:63:2d:35:32:20:6c:0b:eb:
         aa:5a:67:02:8f:5a:44:ee:e5:ec:09:23:97:7b:3d:29:f9:0c:
         7a:0b:a5:4c:06:52:dc:e2:d9:12:b1:60:17:c0:7c:af:37:3f:
         81:76:33:b7:10:c5:85:67:84:8e:92:bd:06:a9:66:36:a5:e0:
         49:1a:48:c3:cc:91:11:71:34:e9:a2:ab:45:ee:b2:30:84:35:
         c6:99:1a:cd:a3:23:86:b6:31:c1:e5:e7:b6:59:fb:b6:c7:29:
         ac:65:9b:ce:68:41:96:b3:e0:48:cb:77:50:f3:f6:e5:19:e1:
         ce:8b:c2:36:e2:b9:40:6c:73:82:c4:c8:f3:e8:db:c3:53:f0:
         08:94:c1:f5:bb:b9:29:bc:67:4b:8b:78:72:4b:53:d6:1d:ab:
         44:bf:dc:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGdRX9NGFKvolW1SVEofsNeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwODI5MDgzNDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmFkNzNmZDMzN2RmNjdhZTcxZGQ0ZjI2MjY2N2UyZWY1YmNjM2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaOd0vQOiuWsf5bTxy0++F3vkgPi
FpxPNDNqHa7TEJo8uLsgmTv6IG/Eg6yyOT+9kj5Ug8RdK7zw3W0I//c+xipLtkBr
eSbgqYGzsFMPrwB2ji5G2Ku30iitliA3FJLErgmUpSdki8S8yEZtxTqLyW8onQhA
MTSmXIJdFfIrrkzntk0fJriji3iMdnnSOgCtaBYeUHOANVyr+nN09Tvuen3S8s3p
SxsnnptFtVAHNf9NrVy/7PPZ5DXBMKTre27GJ4euqh1Dn0cqShicZpt83btFB8y1
xtvgEHnAXpYeUvNi5fqUYcqizTWm+xJLG1yF7lRvUACejMhMtkxS0Xr36wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJatc/0zffZ65x3U8mJmfi71vMPhMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvbHExel9UTjk5bnJuSGRUeVltWi1Mdlc4dy1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDX4MAAwQD
lf+gMA0GCSqGSIb3DQEBCwUAA4IBAQBb69P03PbugRlQj2EyWxrPOZNa5t2C1lK8
gFo03pCC6as6HRCyuY9HRCf26cW/6S0iheVXfyIfxo9OuFcW3Pb2AvM0xZEiB5KX
pqLlyzEMlOxIKCvKbIbyURQ9Jdkqie1ZV92UYy01MiBsC+uqWmcCj1pE7uXsCSOX
ez0p+Qx6C6VMBlLc4tkSsWAXwHyvNz+BdjO3EMWFZ4SOkr0GqWY2peBJGkjDzJER
cTTpoqtF7rIwhDXGmRrNoyOGtjHB5ee2Wfu2xymsZZvOaEGWs+BIy3dQ8/blGeHO
i8I24rlAbHOCxMjz6NvDU/AIlMH1u7kpvGdLi3hyS1PWHatEv9z0
-----END CERTIFICATE-----