Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/LTS3jguBVTtu2DmVZyxLuBmmlu8.roa
File:                     LTS3jguBVTtu2DmVZyxLuBmmlu8.roa (raw, json)
Hash identifier:          yaOPpdmCSbuMd6Xy1YDApMq7nFPK7WHksJsppxkgZBE=
Subject key identifier:   2D:34:B7:8E:0B:81:55:3B:6E:D8:39:95:67:2C:4B:B8:19:A6:96:EF
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196535A5431A4ACD077B0563C2BA432FC9A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/LTS3jguBVTtu2DmVZyxLuBmmlu8.roa
Signing time:             Sun 20 Apr 2025 13:19:10 +0000
ROA not before:           Sun 20 Apr 2025 13:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56594
IP address blocks:        151.242.43.0/24 maxlen: 24
                          151.242.69.0/24 maxlen: 24
                          151.243.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:53:5a:54:31:a4:ac:d0:77:b0:56:3c:2b:a4:32:fc:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 20 13:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d34b78e0b81553b6ed83995672c4bb819a696ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d2:66:88:ed:af:af:37:ec:bb:cc:c3:72:3b:
                    ef:c6:3e:98:99:bd:8e:9f:fb:85:66:a1:f8:5f:83:
                    63:e2:2f:55:4d:54:61:82:8a:58:fa:73:7a:87:74:
                    36:31:1d:a2:4f:ff:08:14:61:3c:04:cf:2f:35:f8:
                    d0:fe:27:a6:c2:3a:d6:54:55:d9:08:c3:8c:22:b5:
                    5a:3b:b9:c4:76:0e:28:a0:3f:73:54:46:e5:cf:4d:
                    de:76:79:09:12:50:3d:3e:79:37:f4:8d:c2:6d:e4:
                    f3:44:97:b9:e8:3f:8f:8f:38:c3:e5:83:41:a3:69:
                    3d:84:46:3f:c2:84:dd:d9:dc:6f:54:cf:90:bb:e4:
                    b3:3d:67:51:be:89:ba:63:3e:d4:6d:54:04:25:c5:
                    16:e1:81:f6:a9:d6:b8:e4:59:4a:24:ce:ab:a0:8c:
                    31:0a:2d:d3:3d:24:a8:c4:f5:ff:c6:42:cd:d0:3b:
                    92:f1:4e:da:65:29:5d:c0:bc:e3:9c:ca:7e:f6:0b:
                    e2:e2:ed:75:a9:f2:83:56:24:b7:00:71:25:c3:17:
                    6c:84:be:2c:2d:d6:ef:64:7a:ee:7f:84:4c:21:ff:
                    44:56:12:87:57:bc:2a:85:7f:1f:7d:87:35:49:cd:
                    b0:dc:73:bc:17:6d:8d:1e:f7:8e:ca:f6:3d:37:3e:
                    58:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:34:B7:8E:0B:81:55:3B:6E:D8:39:95:67:2C:4B:B8:19:A6:96:EF
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/LTS3jguBVTtu2DmVZyxLuBmmlu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.43.0/24
                  151.242.69.0/24
                  151.243.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:fd:c4:c9:ce:a1:e5:14:33:5a:a2:32:2b:84:70:9b:5e:d8:
         fc:65:55:03:6b:1c:a1:85:88:4f:a9:fc:de:b3:1d:af:03:47:
         00:75:97:9d:45:5f:60:a9:08:8f:34:52:8f:15:26:8c:53:52:
         3e:c2:cc:08:e9:13:1e:f9:cb:94:09:bd:5d:ab:51:03:5d:dc:
         03:66:16:89:96:48:bd:3c:78:8f:48:7b:bb:86:ac:65:0f:e5:
         1a:82:1f:96:b9:5d:91:63:87:e8:23:9d:e5:eb:16:0a:8b:97:
         9d:52:bf:46:6c:73:61:e3:c2:49:43:88:4d:97:6c:b3:37:43:
         af:fe:a1:90:48:71:e0:f3:63:48:88:a3:ac:ce:6d:0e:be:9a:
         6e:13:e4:a7:75:cd:30:33:e6:40:5d:e4:03:96:06:66:0e:20:
         35:45:d8:1d:95:da:31:f3:7c:b2:59:ba:ec:f7:63:0a:cb:c4:
         4b:ab:f3:f8:16:69:e7:50:4c:b0:e5:39:51:8a:9b:62:bc:d3:
         62:d2:c0:95:bb:14:f3:e5:d5:59:fb:bb:e8:f8:5f:89:e2:9b:
         cb:a4:d3:96:4a:af:33:e4:88:2e:97:80:7c:d2:aa:8e:1b:0c:
         f0:90:ed:c3:6c:5b:1d:5e:a0:0e:37:50:76:92:f4:7a:0e:05:
         fe:c8:5c:7b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZTWlQxpKzQd7BWPCukMvyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDIwMTMxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDM0Yjc4ZTBiODE1NTNiNmVkODM5OTU2NzJjNGJiODE5YTY5NmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtJmiO2vrzfsu8zDcjvvxj6Ymb2O
n/uFZqH4X4Nj4i9VTVRhgopY+nN6h3Q2MR2iT/8IFGE8BM8vNfjQ/iemwjrWVFXZ
CMOMIrVaO7nEdg4ooD9zVEblz03ednkJElA9Pnk39I3CbeTzRJe56D+PjzjD5YNB
o2k9hEY/woTd2dxvVM+Qu+SzPWdRvom6Yz7UbVQEJcUW4YH2qda45FlKJM6roIwx
Ci3TPSSoxPX/xkLN0DuS8U7aZSldwLzjnMp+9gvi4u11qfKDViS3AHElwxdshL4s
LdbvZHruf4RMIf9EVhKHV7wqhX8ffYc1Sc2w3HO8F22NHveOyvY9Nz5Y0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC00t44LgVU7btg5lWcsS7gZppbvMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTFRTM2pndUJWVHR1MkRtVlp5eEx1Qm1tbHU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAl/IrAwQA
l/JFAwQAl/MsMA0GCSqGSIb3DQEBCwUAA4IBAQAR/cTJzqHlFDNaojIrhHCbXtj8
ZVUDaxyhhYhPqfzesx2vA0cAdZedRV9gqQiPNFKPFSaMU1I+wswI6RMe+cuUCb1d
q1EDXdwDZhaJlki9PHiPSHu7hqxlD+Uagh+WuV2RY4foI53l6xYKi5edUr9GbHNh
48JJQ4hNl2yzN0Ov/qGQSHHg82NIiKOszm0OvppuE+Sndc0wM+ZAXeQDlgZmDiA1
Rdgdldox83yyWbrs92MKy8RLq/P4FmnnUEyw5TlRiptivNNi0sCVuxTz5dVZ+7vo
+F+J4pvLpNOWSq8z5Igul4B80qqOGwzwkO3DbFsdXqAON1B2kvR6DgX+yFx7
-----END CERTIFICATE-----