Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/lhSh68FljrO7wEKZo-qXGTfhzlE.roa
File:                     lhSh68FljrO7wEKZo-qXGTfhzlE.roa (raw, json)
Hash identifier:          I914mCRjyHYm2Pwd9b34kWk8XH3x42fFqaYwN5Q9h50=
Subject key identifier:   96:14:A1:EB:C1:65:8E:B3:BB:C0:42:99:A3:EA:97:19:37:E1:CE:51
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       019696EE218EABD6DA39ED352B6B9690D11F
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/lhSh68FljrO7wEKZo-qXGTfhzlE.roa
Signing time:             Sat 03 May 2025 16:15:10 +0000
ROA not before:           Sat 03 May 2025 16:15:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        82.206.48.0/21 maxlen: 24
                          82.206.112.0/21 maxlen: 24
                          82.206.120.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:96:ee:21:8e:ab:d6:da:39:ed:35:2b:6b:96:90:d1:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: May  3 16:15:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9614a1ebc1658eb3bbc04299a3ea971937e1ce51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:bb:97:57:3f:18:92:2c:5d:34:3f:1d:37:b7:
                    42:10:94:97:eb:f5:a5:cc:32:e9:f6:6f:c5:0a:03:
                    59:38:87:0d:73:7d:30:c5:9d:1a:a9:1d:a6:5b:7c:
                    16:36:50:09:9d:eb:51:66:95:05:ae:2b:2a:e0:7f:
                    85:7d:d0:e1:64:76:6d:c9:11:49:4e:7b:2d:ef:6f:
                    6e:ff:af:f9:0f:f0:dd:2a:81:c2:b9:f4:18:46:71:
                    f2:c4:f9:20:c3:c1:a1:c0:5a:cc:ce:62:17:89:8f:
                    2a:d6:f5:ad:88:0a:9d:78:d7:ca:00:c1:58:ce:f8:
                    31:64:94:8d:9f:78:5e:b8:f3:78:7a:49:65:3a:5d:
                    50:c2:57:b0:a5:80:24:d5:bc:24:28:c5:a2:0c:dd:
                    b0:2d:7e:6a:14:27:37:14:a6:e7:74:ba:3f:37:82:
                    3d:cd:33:c7:07:15:de:e1:32:cd:56:d3:05:68:9a:
                    f6:e6:29:6d:14:e8:09:85:f3:07:7d:52:d1:e7:1b:
                    b1:ba:b7:1a:ff:c6:92:25:2e:2a:20:d7:5c:15:81:
                    14:3a:db:36:ec:64:e4:49:27:2f:e8:99:0d:e1:c7:
                    db:bf:5f:9f:42:86:ab:f7:58:bc:0d:1b:27:75:7b:
                    5b:92:cd:a4:de:17:56:9d:59:dc:d6:0e:1e:f4:04:
                    b5:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:14:A1:EB:C1:65:8E:B3:BB:C0:42:99:A3:EA:97:19:37:E1:CE:51
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/lhSh68FljrO7wEKZo-qXGTfhzlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.48.0/21
                  82.206.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         43:cc:31:b9:0c:cd:ba:8d:53:b9:45:86:fc:5e:87:ad:39:bd:
         4f:72:75:75:4a:8a:1e:52:b8:cb:da:61:26:ee:1d:8a:a6:98:
         58:49:c5:82:e5:99:2e:a2:34:b8:68:ba:58:40:ee:cd:67:83:
         8a:74:04:59:67:e0:cd:8b:5d:b5:4a:04:76:55:c8:44:b7:4a:
         ae:1d:2b:8f:66:69:66:8a:45:de:2c:06:e6:2b:8b:3d:f9:12:
         48:13:62:7b:31:55:b4:42:ee:c5:32:ef:65:71:74:a9:93:d7:
         56:8b:4b:d4:5e:ce:f3:df:7e:b1:b8:c2:87:14:7d:34:01:3c:
         69:3d:09:0d:17:51:cf:b0:23:3d:82:6f:d5:c6:7b:47:02:ee:
         4e:9b:41:d0:57:bf:fb:38:30:83:6f:b7:44:9d:97:5c:61:73:
         2c:22:a0:e1:02:f7:03:fa:40:17:76:2d:86:18:f8:5c:fa:6d:
         df:1b:f4:b5:02:62:d3:76:64:fa:f5:41:c3:e5:49:ab:3a:57:
         20:fb:54:c9:79:4e:52:70:55:3d:cb:f6:0d:c1:72:ae:06:85:
         7d:76:37:e3:6e:55:82:fc:3d:02:4e:26:77:de:a3:66:03:f6:
         e0:8b:0b:a1:ae:bd:71:3d:d2:d7:c1:a1:a2:f3:44:4e:62:c9:
         c3:4a:37:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaW7iGOq9baOe01K2uWkNEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjUwNTAzMTYxNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjE0YTFlYmMxNjU4ZWIzYmJjMDQyOTlhM2VhOTcxOTM3ZTFjZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqruXVz8YkixdND8dN7dCEJSX6/Wl
zDLp9m/FCgNZOIcNc30wxZ0aqR2mW3wWNlAJnetRZpUFrisq4H+FfdDhZHZtyRFJ
Tnst729u/6/5D/DdKoHCufQYRnHyxPkgw8GhwFrMzmIXiY8q1vWtiAqdeNfKAMFY
zvgxZJSNn3heuPN4ekllOl1QwlewpYAk1bwkKMWiDN2wLX5qFCc3FKbndLo/N4I9
zTPHBxXe4TLNVtMFaJr25iltFOgJhfMHfVLR5xuxurca/8aSJS4qINdcFYEUOts2
7GTkSScv6JkN4cfbv1+fQoar91i8DRsndXtbks2k3hdWnVnc1g4e9AS1OQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJYUoevBZY6zu8BCmaPqlxk34c5RMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvbGhTaDY4Rmxqck83d0VLWm8tcVhHVGZoemxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDUs4wAwQE
Us5wMA0GCSqGSIb3DQEBCwUAA4IBAQBDzDG5DM26jVO5RYb8XoetOb1PcnV1Sooe
UrjL2mEm7h2KpphYScWC5ZkuojS4aLpYQO7NZ4OKdARZZ+DNi121SgR2VchEt0qu
HSuPZmlmikXeLAbmK4s9+RJIE2J7MVW0Qu7FMu9lcXSpk9dWi0vUXs7z336xuMKH
FH00ATxpPQkNF1HPsCM9gm/VxntHAu5Om0HQV7/7ODCDb7dEnZdcYXMsIqDhAvcD
+kAXdi2GGPhc+m3fG/S1AmLTdmT69UHD5UmrOlcg+1TJeU5ScFU9y/YNwXKuBoV9
djfjblWC/D0CTiZ33qNmA/bgiwuhrr1xPdLXwaGi80ROYsnDSjdo
-----END CERTIFICATE-----