Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/LVAav_DbE0Bn_vYesALzQOtzKjY.roa
File:                     LVAav_DbE0Bn_vYesALzQOtzKjY.roa (raw, json)
Hash identifier:          4RX3D3BO7OZGFhz2Gjt6JnBHkmsWj0HFcGJycXe3uBc=
Subject key identifier:   2D:50:1A:BF:F0:DB:13:40:67:FE:F6:1E:B0:02:F3:40:EB:73:2A:36
Certificate issuer:       /CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
Certificate serial:       019647DAE6DCED797CAAA2F8AE412FAB9E0A
Authority key identifier: 24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/LVAav_DbE0Bn_vYesALzQOtzKjY.roa
Signing time:             Fri 18 Apr 2025 07:44:10 +0000
ROA not before:           Fri 18 Apr 2025 07:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11426
IP address blocks:        37.153.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 22:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:47:da:e6:dc:ed:79:7c:aa:a2:f8:ae:41:2f:ab:9e:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2415bf9c61c85db7c99ac4cdf79257e7997ab77c
        Validity
            Not Before: Apr 18 07:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d501abff0db134067fef61eb002f340eb732a36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:99:4d:de:e1:75:ec:91:97:7e:be:7f:64:73:
                    7f:c0:b4:55:d5:b4:76:de:03:f6:d8:ce:87:cb:f0:
                    7b:2f:f4:a1:23:33:49:b0:00:70:cf:1a:b9:0b:6b:
                    6d:0f:a8:97:fe:7e:f2:79:44:10:62:21:47:59:b2:
                    f8:8a:a0:e3:0a:aa:28:8f:2b:c1:79:22:dc:81:68:
                    79:fc:41:e4:67:93:ad:1b:31:f3:2f:03:68:7f:79:
                    5a:03:a6:78:a8:b6:1a:9e:e5:af:d5:76:9b:f9:0c:
                    2d:9a:39:1e:dd:5c:cf:ff:af:a3:da:cc:e5:a7:fd:
                    74:aa:c9:7b:71:64:41:4f:a0:a2:69:7d:e3:b3:99:
                    66:10:23:13:e5:16:67:40:a4:6f:f6:76:77:e8:36:
                    35:98:9e:d5:e9:8c:ab:0f:48:7a:d1:4f:9e:c7:42:
                    7c:94:1a:90:c5:28:e0:48:47:2f:14:fa:6a:0d:69:
                    0f:48:e0:a5:5b:b7:05:b1:4c:fb:8a:55:fb:13:02:
                    c0:d7:ca:88:74:99:7b:c4:89:ae:c9:cc:2d:39:2c:
                    ba:26:71:49:d0:df:67:70:73:79:d1:b7:7d:65:53:
                    b2:4c:e6:78:0b:cd:cf:77:d3:39:6d:40:58:89:4f:
                    7c:de:19:e0:ae:59:c6:1c:d2:cb:ef:e4:6f:65:ce:
                    6c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:50:1A:BF:F0:DB:13:40:67:FE:F6:1E:B0:02:F3:40:EB:73:2A:36
            X509v3 Authority Key Identifier:
                keyid:24:15:BF:9C:61:C8:5D:B7:C9:9A:C4:CD:F7:92:57:E7:99:7A:B7:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBW_nGHIXbfJmsTN95JX55l6t3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/LVAav_DbE0Bn_vYesALzQOtzKjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/3389eb-1857-49d2-841c-6a18dc8816db/1/JBW_nGHIXbfJmsTN95JX55l6t3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:1a:23:5b:25:43:4c:19:21:94:42:46:e4:ba:0d:20:7b:05:
         6e:d1:07:5f:1b:b9:8d:d9:d7:b2:9c:8b:a5:41:ac:65:97:07:
         3c:b3:47:e5:d0:5e:c3:e4:dd:2a:a3:3c:e4:d2:01:f7:6d:9b:
         29:b0:8c:6d:35:fa:2b:f1:64:59:09:ea:6b:ed:10:2a:8d:4a:
         4d:de:86:88:f3:91:e2:5b:1e:58:8c:c2:56:03:b6:a4:cc:0a:
         b1:ae:87:00:ed:8c:d5:e9:43:79:b0:a3:e8:8b:f6:5e:5c:7c:
         90:b4:c9:8e:4d:b4:b3:c3:7d:2f:a9:11:45:58:54:e2:36:b3:
         e3:cb:b3:53:ec:83:0b:45:52:1a:99:51:b2:4c:52:89:16:53:
         59:45:55:2c:40:4c:ee:68:eb:fe:1a:59:47:1a:a9:ac:ed:b6:
         8d:85:e4:7a:bc:a5:43:ad:47:1b:62:9a:42:8c:76:36:76:06:
         5e:0a:03:5b:1c:ab:f4:7e:e2:b8:e2:f9:0b:69:ff:70:68:12:
         6b:e2:20:ad:1c:ac:24:20:ff:6e:86:fc:1d:b3:9f:90:1f:a7:
         b2:88:c3:ea:c7:3b:32:0c:bc:74:7a:5a:4b:c2:b3:0b:3c:d2:
         37:b1:d3:a1:82:95:bf:0a:d8:a0:5d:da:b0:f8:43:58:fe:7b:
         da:d6:f7:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZH2ubc7Xl8qqL4rkEvq54KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTViZjljNjFjODVkYjdjOTlhYzRjZGY3OTI1N2U3OTk3
YWI3N2MwHhcNMjUwNDE4MDc0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDUwMWFiZmYwZGIxMzQwNjdmZWY2MWViMDAyZjM0MGViNzMyYTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlplN3uF17JGXfr5/ZHN/wLRV1bR2
3gP22M6Hy/B7L/ShIzNJsABwzxq5C2ttD6iX/n7yeUQQYiFHWbL4iqDjCqoojyvB
eSLcgWh5/EHkZ5OtGzHzLwNof3laA6Z4qLYanuWv1Xab+Qwtmjke3VzP/6+j2szl
p/10qsl7cWRBT6CiaX3js5lmECMT5RZnQKRv9nZ36DY1mJ7V6YyrD0h60U+ex0J8
lBqQxSjgSEcvFPpqDWkPSOClW7cFsUz7ilX7EwLA18qIdJl7xImuycwtOSy6JnFJ
0N9ncHN50bd9ZVOyTOZ4C83Pd9M5bUBYiU983hngrlnGHNLL7+RvZc5s2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1QGr/w2xNAZ/72HrAC80Drcyo2MB8GA1UdIwQY
MBaAFCQVv5xhyF23yZrEzfeSV+eZerd8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMt
NmExOGRjODgxNmRiLzEvTFZBYXZfRGJFMEJuX3ZZZXNBTHpRT3R6S2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8zMzg5ZWItMTg1Ny00OWQyLTg0MWMtNmExOGRjODgxNmRi
LzEvSkJXX25HSElYYmZKbXNUTjk1Slg1NWw2dDN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmaMA0G
CSqGSIb3DQEBCwUAA4IBAQCtGiNbJUNMGSGUQkbkug0gewVu0QdfG7mN2deynIul
Qaxllwc8s0fl0F7D5N0qozzk0gH3bZspsIxtNfor8WRZCepr7RAqjUpN3oaI85Hi
Wx5YjMJWA7akzAqxrocA7YzV6UN5sKPoi/ZeXHyQtMmOTbSzw30vqRFFWFTiNrPj
y7NT7IMLRVIamVGyTFKJFlNZRVUsQEzuaOv+GllHGqms7baNheR6vKVDrUcbYppC
jHY2dgZeCgNbHKv0fuK44vkLaf9waBJr4iCtHKwkIP9uhvwds5+QH6eyiMPqxzsy
DLx0elpLwrMLPNI3sdOhgpW/CtigXdqw+ENY/nva1veV
-----END CERTIFICATE-----