Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/4fa4b4-7c96-4eb7-9940-3f2316b553f5/1/aclLQnt_Q3nEsaOQmDEZoZTM8qk.roa
File:                     aclLQnt_Q3nEsaOQmDEZoZTM8qk.roa (raw, json)
Hash identifier:          luLxkBrn5YFSKobUXnSl/eCXQ21ihlSRwskLwk4YXuo=
Subject key identifier:   69:C9:4B:42:7B:7F:43:79:C4:B1:A3:90:98:31:19:A1:94:CC:F2:A9
Certificate issuer:       /CN=f9503c075a690556bd462122b24699e1b6b19278
Certificate serial:       018E56F9A51AFDDB2B6E5D88EAC674085249
Authority key identifier: F9:50:3C:07:5A:69:05:56:BD:46:21:22:B2:46:99:E1:B6:B1:92:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-VA8B1ppBVa9RiEiskaZ4baxkng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/4fa4b4-7c96-4eb7-9940-3f2316b553f5/1/aclLQnt_Q3nEsaOQmDEZoZTM8qk.roa
Signing time:             Tue 19 Mar 2024 13:49:44 +0000
ROA not before:           Tue 19 Mar 2024 13:49:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60207
IP address blocks:        193.105.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/4fa4b4-7c96-4eb7-9940-3f2316b553f5/1/1-VA8B1ppBVa9RiEiskaZ4baxkng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/4fa4b4-7c96-4eb7-9940-3f2316b553f5/1/1-VA8B1ppBVa9RiEiskaZ4baxkng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-VA8B1ppBVa9RiEiskaZ4baxkng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 01:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:56:f9:a5:1a:fd:db:2b:6e:5d:88:ea:c6:74:08:52:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9503c075a690556bd462122b24699e1b6b19278
        Validity
            Not Before: Mar 19 13:49:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69c94b427b7f4379c4b1a390983119a194ccf2a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:13:47:8e:ab:2b:e1:97:e0:a9:c5:10:64:57:
                    3f:bc:4e:09:0d:f6:70:42:cc:a9:da:4c:61:b7:51:
                    7b:53:69:2b:d3:db:43:aa:b6:d7:32:fb:d4:42:05:
                    51:24:19:ba:cf:51:85:8d:15:c6:41:f1:8c:ca:aa:
                    36:5d:76:7f:f2:7a:dc:6d:85:1d:02:f6:28:01:38:
                    4c:57:44:35:3d:55:b8:64:b2:5c:fa:4e:e8:95:b2:
                    af:a5:63:34:4e:6f:38:e7:4d:f8:7f:44:a4:7f:52:
                    29:cb:03:ca:eb:6c:74:b2:a0:e7:22:8c:6b:51:87:
                    fe:64:1e:9f:91:99:d0:d6:2c:3b:cb:e8:91:7f:6d:
                    b3:1c:86:0c:d4:ed:6c:12:4f:6c:d2:81:49:0b:a7:
                    8d:01:98:0a:cf:d3:52:14:05:a6:a5:68:40:22:d6:
                    85:8a:c8:eb:74:1b:14:af:e9:75:f5:6e:66:f2:43:
                    1f:ad:d4:15:b1:cd:e9:40:1f:ea:78:b3:f2:8b:45:
                    f5:63:f8:eb:79:24:13:da:ea:7c:4e:ce:1c:75:af:
                    da:69:66:37:79:60:0c:c0:2e:2d:a3:93:e1:68:c9:
                    a4:06:1f:6d:9d:e0:b2:c9:4c:54:b0:43:20:ee:b9:
                    7c:64:6c:90:c9:d2:f5:c9:76:43:d4:e2:83:70:58:
                    2b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C9:4B:42:7B:7F:43:79:C4:B1:A3:90:98:31:19:A1:94:CC:F2:A9
            X509v3 Authority Key Identifier:
                keyid:F9:50:3C:07:5A:69:05:56:BD:46:21:22:B2:46:99:E1:B6:B1:92:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-VA8B1ppBVa9RiEiskaZ4baxkng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/4fa4b4-7c96-4eb7-9940-3f2316b553f5/1/aclLQnt_Q3nEsaOQmDEZoZTM8qk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/4fa4b4-7c96-4eb7-9940-3f2316b553f5/1/1-VA8B1ppBVa9RiEiskaZ4baxkng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:50:8d:0c:81:6c:69:73:57:9e:92:b0:e8:40:19:e7:b0:bc:
         a9:5f:f8:92:75:6c:16:fe:35:96:62:15:5b:3c:64:59:90:d9:
         d4:7d:51:2b:52:c1:4c:8d:d4:4d:cf:04:1e:c9:02:e2:df:e8:
         ab:cb:70:be:ac:ac:32:31:b8:6c:68:3f:6a:b4:29:75:16:89:
         75:aa:2d:55:e0:cc:4d:49:2a:ce:60:5a:b6:b4:81:5c:08:55:
         f9:ea:12:37:55:f2:b1:72:e9:37:0a:2d:e3:68:37:85:d7:69:
         2e:f0:68:9f:a4:78:4b:89:55:d6:df:3d:c5:88:3c:9e:f0:1b:
         8c:c4:12:09:bb:bd:6e:60:02:d1:87:44:89:90:15:15:bd:89:
         b9:79:0d:25:1e:fd:0b:b8:32:09:ae:22:16:f1:08:46:e5:ab:
         a4:e2:dd:25:e2:49:1e:46:87:5c:b9:e6:c3:5d:2f:2f:c0:5c:
         fe:56:32:3a:fc:4a:7b:13:46:0d:11:2a:ef:7f:cc:6d:68:9b:
         b1:dd:cd:9d:b1:c8:3e:fa:ba:13:5d:e7:21:2a:6a:5d:f1:df:
         86:91:e0:4d:66:1d:4a:76:ec:96:b2:fa:71:f0:fb:f6:37:4d:
         7e:61:d6:89:78:35:45:ed:8d:59:cc:c1:25:24:bd:ac:d1:aa:
         78:ce:2b:9a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY5W+aUa/dsrbl2I6sZ0CFJJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NTAzYzA3NWE2OTA1NTZiZDQ2MjEyMmIyNDY5OWUxYjZi
MTkyNzgwHhcNMjQwMzE5MTM0OTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWM5NGI0MjdiN2Y0Mzc5YzRiMWEzOTA5ODMxMTlhMTk0Y2NmMmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixNHjqsr4ZfgqcUQZFc/vE4JDfZw
Qsyp2kxht1F7U2kr09tDqrbXMvvUQgVRJBm6z1GFjRXGQfGMyqo2XXZ/8nrcbYUd
AvYoAThMV0Q1PVW4ZLJc+k7olbKvpWM0Tm845034f0Skf1IpywPK62x0sqDnIoxr
UYf+ZB6fkZnQ1iw7y+iRf22zHIYM1O1sEk9s0oFJC6eNAZgKz9NSFAWmpWhAItaF
isjrdBsUr+l19W5m8kMfrdQVsc3pQB/qeLPyi0X1Y/jreSQT2up8Ts4cda/aaWY3
eWAMwC4to5PhaMmkBh9tneCyyUxUsEMg7rl8ZGyQydL1yXZD1OKDcFgrkQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGnJS0J7f0N5xLGjkJgxGaGUzPKpMB8GA1UdIwQY
MBaAFPlQPAdaaQVWvUYhIrJGmeG2sZJ4MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1WQThCMXBwQlZhOVJpRWlza2FaNGJheGtuZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzUvNGZhNGI0LTdjOTYtNGViNy05OTQw
LTNmMjMxNmI1NTNmNS8xL2FjbExRbnRfUTNuRXNhT1FtREVab1pUTThxay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzUvNGZhNGI0LTdjOTYtNGViNy05OTQwLTNmMjMxNmI1NTNm
NS8xLzEtVkE4QjFwcEJWYTlSaUVpc2thWjRiYXhrbmcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBaY0w
DQYJKoZIhvcNAQELBQADggEBAGVQjQyBbGlzV56SsOhAGeewvKlf+JJ1bBb+NZZi
FVs8ZFmQ2dR9UStSwUyN1E3PBB7JAuLf6KvLcL6srDIxuGxoP2q0KXUWiXWqLVXg
zE1JKs5gWra0gVwIVfnqEjdV8rFy6TcKLeNoN4XXaS7waJ+keEuJVdbfPcWIPJ7w
G4zEEgm7vW5gAtGHRImQFRW9ibl5DSUe/Qu4MgmuIhbxCEblq6Ti3SXiSR5Gh1y5
5sNdLy/AXP5WMjr8SnsTRg0RKu9/zG1om7HdzZ2xyD76uhNd5yEqal3x34aR4E1m
HUp27Jay+nHw+/Y3TX5h1ol4NUXtjVnMwSUkvazRqnjOK5o=
-----END CERTIFICATE-----