Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/LTquGO6JvOxW-LYJu4ZO5vl58sw.roa
File:                     LTquGO6JvOxW-LYJu4ZO5vl58sw.roa (raw, json)
Hash identifier:          v+hhHffkC8MxjORjl69a74aTRaVaz0829ZGGCSWHn0k=
Subject key identifier:   2D:3A:AE:18:EE:89:BC:EC:56:F8:B6:09:BB:86:4E:E6:F9:79:F2:CC
Certificate issuer:       /CN=5f41c664c0c013dffb6e0dd1d73b369cba5fbd1c
Certificate serial:       0194244589997701A69713F3468BC5E5F6FC
Authority key identifier: 5F:41:C6:64:C0:C0:13:DF:FB:6E:0D:D1:D7:3B:36:9C:BA:5F:BD:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X0HGZMDAE9_7bg3R1zs2nLpfvRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/LTquGO6JvOxW-LYJu4ZO5vl58sw.roa
Signing time:             Wed 01 Jan 2025 23:48:44 +0000
ROA not before:           Wed 01 Jan 2025 23:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.98.156.0/24 maxlen: 24
                          2a12:a900:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/X0HGZMDAE9_7bg3R1zs2nLpfvRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/X0HGZMDAE9_7bg3R1zs2nLpfvRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X0HGZMDAE9_7bg3R1zs2nLpfvRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 23:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:89:99:77:01:a6:97:13:f3:46:8b:c5:e5:f6:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f41c664c0c013dffb6e0dd1d73b369cba5fbd1c
        Validity
            Not Before: Jan  1 23:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d3aae18ee89bcec56f8b609bb864ee6f979f2cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:11:66:4e:8a:7f:5a:05:36:c3:88:ea:cf:fa:
                    99:70:96:ca:e4:a5:8d:1e:dd:15:d5:29:5e:d8:85:
                    ec:7e:35:f0:53:30:a5:17:a7:b5:53:8d:06:17:96:
                    89:53:a4:0f:2a:16:61:74:e1:a4:76:7f:ac:50:b4:
                    46:81:3e:92:8c:4f:73:31:aa:12:14:c4:f3:ec:5d:
                    90:b4:d7:a2:39:62:35:df:09:4d:db:c1:31:67:ce:
                    fc:34:54:38:b8:e9:0e:f7:db:a9:0b:42:44:d4:0b:
                    a9:0c:d9:70:5a:15:e1:db:a1:e1:f4:a7:43:85:43:
                    f3:3b:38:6c:4f:26:4f:7e:b5:56:63:8d:82:a7:78:
                    a8:6e:64:50:f5:c2:c9:90:63:a8:50:b4:64:93:ca:
                    06:47:df:2b:d9:ca:78:fe:eb:dc:fc:27:4f:4e:93:
                    80:7e:4d:ad:38:e6:75:0c:53:91:77:6c:65:09:a2:
                    e9:7e:03:53:f4:ed:01:67:1c:3f:26:d4:7b:b2:74:
                    d9:b8:58:79:60:54:5a:a6:b1:a3:f2:c2:b5:34:ca:
                    19:08:fb:f4:fb:c0:eb:3c:65:19:cc:87:b3:99:4b:
                    cc:7a:83:5b:24:df:dc:01:47:61:a3:10:15:44:40:
                    b5:fa:76:24:3b:cf:81:5e:ca:d8:b6:63:46:6a:59:
                    c3:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:3A:AE:18:EE:89:BC:EC:56:F8:B6:09:BB:86:4E:E6:F9:79:F2:CC
            X509v3 Authority Key Identifier:
                keyid:5F:41:C6:64:C0:C0:13:DF:FB:6E:0D:D1:D7:3B:36:9C:BA:5F:BD:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X0HGZMDAE9_7bg3R1zs2nLpfvRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/LTquGO6JvOxW-LYJu4ZO5vl58sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/379a1d-52b9-4669-9625-62306abdfa03/1/X0HGZMDAE9_7bg3R1zs2nLpfvRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.156.0/24
                IPv6:
                  2a12:a900:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:01:4c:02:d5:e2:74:52:2d:f9:05:93:40:2e:fc:bf:5f:9a:
         76:ec:5c:fe:ba:97:ce:70:f5:d5:a8:2e:c6:71:05:b9:b5:75:
         07:7a:e4:e1:f6:2a:01:65:61:2c:25:10:88:85:35:8c:c3:ab:
         cf:f0:60:07:96:d2:3e:54:7c:bb:a1:d7:28:a4:8f:7a:6b:61:
         05:52:37:57:17:2c:a9:18:28:e8:3e:63:96:6a:3d:89:65:21:
         c4:ef:32:0b:7d:1e:39:75:73:1e:c6:1b:3e:d8:d0:6a:a7:e5:
         00:f9:d1:65:52:12:e3:51:a5:a1:1c:64:16:f5:91:96:9d:f7:
         49:2f:1e:0c:0e:42:f6:b2:15:b0:85:d5:d2:1c:b6:b6:b4:54:
         eb:51:a5:ae:fd:b8:3b:2a:87:7a:65:94:d4:3c:e8:0c:27:be:
         87:24:32:c4:5f:ad:21:04:ed:4f:bf:5c:f3:9b:5b:a4:52:1a:
         b0:32:39:5d:e4:98:96:e2:78:8b:0e:ec:3f:71:68:4b:b1:f2:
         3e:bc:c1:62:35:69:14:7e:19:4b:7f:d6:d0:d3:04:40:c8:e7:
         3e:af:0e:ae:07:42:82:78:2f:35:76:9c:80:74:1e:86:57:dd:
         2f:60:6d:17:7f:ef:fe:30:aa:21:d6:52:0b:93:27:1a:d5:75:
         f2:eb:db:28
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkRYmZdwGmlxPzRovF5fb8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNDFjNjY0YzBjMDEzZGZmYjZlMGRkMWQ3M2IzNjljYmE1
ZmJkMWMwHhcNMjUwMTAxMjM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDNhYWUxOGVlODliY2VjNTZmOGI2MDliYjg2NGVlNmY5NzlmMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxFmTop/WgU2w4jqz/qZcJbK5KWN
Ht0V1Sle2IXsfjXwUzClF6e1U40GF5aJU6QPKhZhdOGkdn+sULRGgT6SjE9zMaoS
FMTz7F2QtNeiOWI13wlN28ExZ878NFQ4uOkO99upC0JE1AupDNlwWhXh26Hh9KdD
hUPzOzhsTyZPfrVWY42Cp3iobmRQ9cLJkGOoULRkk8oGR98r2cp4/uvc/CdPTpOA
fk2tOOZ1DFORd2xlCaLpfgNT9O0BZxw/JtR7snTZuFh5YFRaprGj8sK1NMoZCPv0
+8DrPGUZzIezmUvMeoNbJN/cAUdhoxAVREC1+nYkO8+BXsrYtmNGalnDBQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC06rhjuibzsVvi2CbuGTub5efLMMB8GA1UdIwQY
MBaAFF9BxmTAwBPf+24N0dc7Npy6X70cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDBIR1pNREFFOV83YmczUjF6czJuTHBmdlJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zNzlhMWQtNTJiOS00NjY5LTk2MjUt
NjIzMDZhYmRmYTAzLzEvTFRxdUdPNkp2T3hXLUxZSnU0Wk81dmw1OHN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zNzlhMWQtNTJiOS00NjY5LTk2MjUtNjIzMDZhYmRmYTAz
LzEvWDBIR1pNREFFOV83YmczUjF6czJuTHBmdlJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuWKcMA8E
AgACMAkDBwAqEqkAAAEwDQYJKoZIhvcNAQELBQADggEBAKgBTALV4nRSLfkFk0Au
/L9fmnbsXP66l85w9dWoLsZxBbm1dQd65OH2KgFlYSwlEIiFNYzDq8/wYAeW0j5U
fLuh1yikj3prYQVSN1cXLKkYKOg+Y5ZqPYllIcTvMgt9Hjl1cx7GGz7Y0Gqn5QD5
0WVSEuNRpaEcZBb1kZad90kvHgwOQvayFbCF1dIctra0VOtRpa79uDsqh3pllNQ8
6AwnvockMsRfrSEE7U+/XPObW6RSGrAyOV3kmJbieIsO7D9xaEux8j68wWI1aRR+
GUt/1tDTBEDI5z6vDq4HQoJ4LzV2nIB0HoZX3S9gbRd/7/4wqiHWUguTJxrVdfLr
2yg=
-----END CERTIFICATE-----