Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/LD5gQfKQIY3BNPrgDlFLUDM8itw.roa
File:                     LD5gQfKQIY3BNPrgDlFLUDM8itw.roa (raw, json)
Hash identifier:          NAWqzSFhYmFjPt51Icov2nH6jEi13PbG7SaGhm6oUGU=
Subject key identifier:   2C:3E:60:41:F2:90:21:8D:C1:34:FA:E0:0E:51:4B:50:33:3C:8A:DC
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56DFCC5B92F3FF698B71A634D5A6B9C
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/LD5gQfKQIY3BNPrgDlFLUDM8itw.roa
Signing time:             Mon 01 Jan 2024 14:29:28 +0000
ROA not before:           Mon 01 Jan 2024 14:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28753
IP address blocks:        91.243.42.0/24 maxlen: 24
                          91.243.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 21:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fc:c5:b9:2f:3f:f6:98:b7:1a:63:4d:5a:6b:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c3e6041f290218dc134fae00e514b50333c8adc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:5b:78:be:14:78:67:a1:c1:51:9b:e5:35:9b:
                    d7:0c:29:e3:20:3d:1f:45:34:1b:1f:83:0b:75:7b:
                    91:b3:d0:6b:08:4a:6b:ab:22:22:80:5b:c2:20:89:
                    e9:ca:ee:d0:3a:4a:e9:e4:81:e4:d0:78:e3:e1:4a:
                    b2:f0:77:6c:43:33:fa:ce:97:c2:0c:f8:75:c6:9d:
                    37:a8:54:75:80:f3:eb:c6:1b:cf:a9:94:c7:d1:47:
                    cc:86:5a:e3:51:d3:16:27:22:bb:6c:36:f8:57:a7:
                    84:46:29:b9:23:a5:29:99:91:9b:e1:ff:08:fd:47:
                    92:5c:a8:b7:11:62:ff:65:27:8b:83:88:4b:2a:ff:
                    5d:9a:f4:b5:c6:89:2d:70:5f:46:9b:54:6b:ef:e0:
                    a7:1a:ec:a1:32:bf:f0:bc:7b:96:15:20:35:95:16:
                    6c:63:52:ef:84:0e:25:71:01:14:4f:81:81:56:ea:
                    52:13:d8:09:b7:a9:76:7e:7c:12:85:74:34:9d:2c:
                    ec:57:ab:36:b0:c8:d8:20:e7:11:2c:70:3b:a4:7b:
                    36:06:e2:13:e0:1d:bd:20:45:3e:0d:54:73:ed:44:
                    06:d4:50:1c:ca:56:44:1b:1b:dd:ed:fa:34:d1:92:
                    20:53:10:97:5a:37:76:22:5f:32:c3:1e:1e:f0:7e:
                    64:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:3E:60:41:F2:90:21:8D:C1:34:FA:E0:0E:51:4B:50:33:3C:8A:DC
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/LD5gQfKQIY3BNPrgDlFLUDM8itw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.41.0-91.243.42.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:eb:59:8c:f3:01:ff:c4:84:35:be:78:ba:a2:20:d6:d9:42:
         1f:d7:b3:2c:3c:51:00:02:6c:b6:20:6d:6b:d3:07:17:ec:c7:
         1c:8f:76:04:67:40:ed:a4:4b:55:54:cc:85:b0:41:61:e8:b0:
         47:1a:55:46:f7:6b:4a:ea:ad:7f:4d:5f:c4:97:da:3d:88:df:
         a8:a4:de:a6:a2:0c:08:40:8c:7a:b4:e3:3d:57:61:fd:7b:59:
         57:b6:eb:57:0c:8f:b4:a3:a0:28:c6:b7:61:f8:45:70:2a:95:
         13:be:02:35:c4:39:f3:b9:64:fe:06:74:2e:72:23:00:8a:35:
         ca:7b:12:de:90:56:18:ef:92:ff:e2:65:3a:88:35:cf:66:33:
         d4:22:24:1e:83:b4:80:2e:26:e2:11:07:be:b8:39:eb:2b:09:
         a3:ca:86:20:08:16:a5:0a:ca:ae:78:38:59:3d:c9:ff:06:0b:
         fb:9b:79:4d:c6:e7:4d:68:d4:44:12:b6:bd:5f:b6:f6:8c:25:
         ef:63:b9:e1:70:eb:3b:06:3e:49:5d:ba:06:be:c8:c1:da:87:
         1e:43:e2:d9:bd:08:fd:59:09:ec:3d:cf:af:84:77:65:fb:d2:
         96:94:82:4e:a2:d6:67:69:9a:a5:e7:1b:b7:77:a4:75:5b:7e:
         35:74:4f:8e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbfzFuS8/9pi3GmNNWmucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzNlNjA0MWYyOTAyMThkYzEzNGZhZTAwZTUxNGI1MDMzM2M4YWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31t4vhR4Z6HBUZvlNZvXDCnjID0f
RTQbH4MLdXuRs9BrCEprqyIigFvCIInpyu7QOkrp5IHk0Hjj4Uqy8HdsQzP6zpfC
DPh1xp03qFR1gPPrxhvPqZTH0UfMhlrjUdMWJyK7bDb4V6eERim5I6UpmZGb4f8I
/UeSXKi3EWL/ZSeLg4hLKv9dmvS1xoktcF9Gm1Rr7+CnGuyhMr/wvHuWFSA1lRZs
Y1LvhA4lcQEUT4GBVupSE9gJt6l2fnwShXQ0nSzsV6s2sMjYIOcRLHA7pHs2BuIT
4B29IEU+DVRz7UQG1FAcylZEGxvd7fo00ZIgUxCXWjd2Il8ywx4e8H5kIwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCw+YEHykCGNwTT64A5RS1AzPIrcMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvTEQ1Z1FmS1FJWTNCTlByZ0RsRkxVRE04aXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABb8ykD
BABb8yowDQYJKoZIhvcNAQELBQADggEBAH/rWYzzAf/EhDW+eLqiINbZQh/Xsyw8
UQACbLYgbWvTBxfsxxyPdgRnQO2kS1VUzIWwQWHosEcaVUb3a0rqrX9NX8SX2j2I
36ik3qaiDAhAjHq04z1XYf17WVe261cMj7SjoCjGt2H4RXAqlRO+AjXEOfO5ZP4G
dC5yIwCKNcp7Et6QVhjvkv/iZTqINc9mM9QiJB6DtIAuJuIRB764OesrCaPKhiAI
FqUKyq54OFk9yf8GC/ubeU3G501o1EQStr1ftvaMJe9jueFw6zsGPklduga+yMHa
hx5D4tm9CP1ZCew9z6+Ed2X70paUgk6i1mdpmqXnG7d3pHVbfjV0T44=
-----END CERTIFICATE-----