Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/1298e1-a1e4-4abc-ab1f-649d25a95907/1/lvisyME0LlQajyGS5pMcYDKFR08.roa
File:                     lvisyME0LlQajyGS5pMcYDKFR08.roa (raw, json)
Hash identifier:          31DzKjH8PvmlicGQvfn7fIzRcBCmYUXLsghB5MjrccU=
Subject key identifier:   96:F8:AC:C8:C1:34:2E:54:1A:8F:21:92:E6:93:1C:60:32:85:47:4F
Certificate issuer:       /CN=29f3424664725d5820baa782713143a3307691f3
Certificate serial:       01979CC583F6DC08C779A6E0BA8C92197800
Authority key identifier: 29:F3:42:46:64:72:5D:58:20:BA:A7:82:71:31:43:A3:30:76:91:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KfNCRmRyXVgguqeCcTFDozB2kfM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/1298e1-a1e4-4abc-ab1f-649d25a95907/1/lvisyME0LlQajyGS5pMcYDKFR08.roa
Signing time:             Mon 23 Jun 2025 12:31:19 +0000
ROA not before:           Mon 23 Jun 2025 12:31:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43312
IP address blocks:        91.200.124.0/22 maxlen: 22
                          193.201.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/1298e1-a1e4-4abc-ab1f-649d25a95907/1/KfNCRmRyXVgguqeCcTFDozB2kfM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/1298e1-a1e4-4abc-ab1f-649d25a95907/1/KfNCRmRyXVgguqeCcTFDozB2kfM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KfNCRmRyXVgguqeCcTFDozB2kfM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9c:c5:83:f6:dc:08:c7:79:a6:e0:ba:8c:92:19:78:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29f3424664725d5820baa782713143a3307691f3
        Validity
            Not Before: Jun 23 12:31:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96f8acc8c1342e541a8f2192e6931c603285474f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ab:6f:2a:b1:50:87:c1:b1:89:bd:58:05:79:
                    ce:99:31:6a:7d:e9:24:41:25:00:e2:dd:71:79:ee:
                    8a:74:ca:ad:a5:81:da:e7:d9:04:f7:74:cd:2c:bc:
                    a8:97:7d:e0:89:93:cb:8a:a7:18:15:f2:d2:93:37:
                    f2:71:9f:33:d8:07:72:f6:0d:88:f5:45:27:56:c0:
                    c6:14:31:c7:c3:44:63:45:8f:9f:8e:53:0f:41:66:
                    dd:60:30:12:4f:27:3a:c8:e4:f0:22:2f:dd:93:f5:
                    21:21:37:f6:12:a4:9e:7d:94:6b:d5:4d:3f:fc:0d:
                    1d:c4:16:1f:81:b3:fa:f0:7e:ef:a2:a7:de:cd:57:
                    15:ee:2f:3e:50:29:12:5b:03:d6:02:83:f1:5a:44:
                    7b:4e:c8:6d:dd:f0:63:83:92:5c:2d:e0:4c:24:ab:
                    a9:61:4e:81:3b:74:da:2c:7f:b0:47:ce:81:f2:11:
                    c7:f5:93:de:23:c4:cc:39:4e:80:c5:c5:e0:a6:3d:
                    18:91:3a:b7:b8:60:29:cf:a7:ae:42:50:3d:37:20:
                    c7:07:d5:73:ed:1b:79:74:cd:3b:f0:03:38:4e:ce:
                    10:d6:00:f3:47:d0:26:32:14:9f:0b:2b:b9:9f:88:
                    0f:5f:db:32:04:e9:e0:f9:7b:0e:33:3d:b9:57:53:
                    d2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:F8:AC:C8:C1:34:2E:54:1A:8F:21:92:E6:93:1C:60:32:85:47:4F
            X509v3 Authority Key Identifier:
                keyid:29:F3:42:46:64:72:5D:58:20:BA:A7:82:71:31:43:A3:30:76:91:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KfNCRmRyXVgguqeCcTFDozB2kfM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/1298e1-a1e4-4abc-ab1f-649d25a95907/1/lvisyME0LlQajyGS5pMcYDKFR08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/1298e1-a1e4-4abc-ab1f-649d25a95907/1/KfNCRmRyXVgguqeCcTFDozB2kfM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.124.0/22
                  193.201.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:b6:59:2f:18:4f:40:fd:0a:22:97:e2:01:18:4b:ad:c9:80:
         7d:74:8f:d4:45:e9:82:25:80:5d:af:60:3d:ae:c0:0d:98:23:
         df:2f:9f:ef:d9:e2:45:11:a6:94:1e:1e:3e:c1:41:a3:3f:bf:
         36:e5:4f:f0:dc:fb:a5:5a:c6:34:1a:7f:3b:8a:18:96:c6:57:
         ac:a9:63:37:74:c0:4b:8f:76:cf:3b:ff:2c:a7:8f:45:55:a7:
         88:74:8f:3f:23:5f:a9:11:41:2d:24:4c:68:fc:36:e7:96:6e:
         2b:07:ad:14:26:75:67:33:b5:83:13:3b:e9:c4:d0:17:74:3f:
         47:a0:11:fe:ce:68:54:cd:a1:d0:ab:84:2b:a7:b0:06:3e:2d:
         01:fc:2d:03:c0:44:53:82:24:92:6c:b7:43:55:cc:b9:b0:98:
         7a:bd:89:29:e0:13:a6:42:f3:a8:0a:a8:d8:73:b6:03:cd:6a:
         de:20:29:2c:d9:35:dd:7d:85:f2:60:06:df:be:68:3e:f1:8f:
         e9:2a:f3:42:c0:41:37:94:d5:df:f2:e9:26:64:8e:02:a6:14:
         36:56:56:05:bb:9f:ad:4b:bb:7a:6b:eb:06:cd:89:8b:09:08:
         50:ee:e1:44:b0:e5:5a:c0:69:49:fd:c5:97:0e:21:b0:e1:40:
         13:68:64:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZecxYP23AjHeabguoySGXgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZjM0MjQ2NjQ3MjVkNTgyMGJhYTc4MjcxMzE0M2EzMzA3
NjkxZjMwHhcNMjUwNjIzMTIzMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmY4YWNjOGMxMzQyZTU0MWE4ZjIxOTJlNjkzMWM2MDMyODU0NzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAratvKrFQh8Gxib1YBXnOmTFqfekk
QSUA4t1xee6KdMqtpYHa59kE93TNLLyol33giZPLiqcYFfLSkzfycZ8z2Ady9g2I
9UUnVsDGFDHHw0RjRY+fjlMPQWbdYDASTyc6yOTwIi/dk/UhITf2EqSefZRr1U0/
/A0dxBYfgbP68H7voqfezVcV7i8+UCkSWwPWAoPxWkR7Tsht3fBjg5JcLeBMJKup
YU6BO3TaLH+wR86B8hHH9ZPeI8TMOU6AxcXgpj0YkTq3uGApz6euQlA9NyDHB9Vz
7Rt5dM078AM4Ts4Q1gDzR9AmMhSfCyu5n4gPX9syBOng+XsOMz25V1PSdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJb4rMjBNC5UGo8hkuaTHGAyhUdPMB8GA1UdIwQY
MBaAFCnzQkZkcl1YILqngnExQ6MwdpHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZOQ1JtUnlYVmdndXFlQ2NURkRvekIya2ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8xMjk4ZTEtYTFlNC00YWJjLWFiMWYt
NjQ5ZDI1YTk1OTA3LzEvbHZpc3lNRTBMbFFhanlHUzVwTWNZREtGUjA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8xMjk4ZTEtYTFlNC00YWJjLWFiMWYtNjQ5ZDI1YTk1OTA3
LzEvS2ZOQ1JtUnlYVmdndXFlQ2NURkRvekIya2ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8h8AwQC
wcnYMA0GCSqGSIb3DQEBCwUAA4IBAQA8tlkvGE9A/Qoil+IBGEutyYB9dI/URemC
JYBdr2A9rsANmCPfL5/v2eJFEaaUHh4+wUGjP7825U/w3PulWsY0Gn87ihiWxles
qWM3dMBLj3bPO/8sp49FVaeIdI8/I1+pEUEtJExo/Dbnlm4rB60UJnVnM7WDEzvp
xNAXdD9HoBH+zmhUzaHQq4Qrp7AGPi0B/C0DwERTgiSSbLdDVcy5sJh6vYkp4BOm
QvOoCqjYc7YDzWreICks2TXdfYXyYAbfvmg+8Y/pKvNCwEE3lNXf8ukmZI4CphQ2
VlYFu5+tS7t6a+sGzYmLCQhQ7uFEsOVawGlJ/cWXDiGw4UATaGR8
-----END CERTIFICATE-----