Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/a5b6f7-f551-441b-bb8f-79da7aaaa3b2/1/LNpyToh65v9-JaoWx8EJD_tML8w.roa
File:                     LNpyToh65v9-JaoWx8EJD_tML8w.roa (raw, json)
Hash identifier:          A/PtzYsWq/AoblTd9ZXTTzejnfZnuQg4A1ZmYli4w6w=
Subject key identifier:   2C:DA:72:4E:88:7A:E6:FF:7E:25:AA:16:C7:C1:09:0F:FB:4C:2F:CC
Certificate issuer:       /CN=2794556395b47bf43e0d5d556e7e255b6c8accc2
Certificate serial:       018CC26D0B4F997C1D35EC010898A322A0E6
Authority key identifier: 27:94:55:63:95:B4:7B:F4:3E:0D:5D:55:6E:7E:25:5B:6C:8A:CC:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5RVY5W0e_Q-DV1Vbn4lW2yKzMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/a5b6f7-f551-441b-bb8f-79da7aaaa3b2/1/LNpyToh65v9-JaoWx8EJD_tML8w.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39702
IP address blocks:        185.133.12.0/22 maxlen: 22
                          2a05:fe80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/a5b6f7-f551-441b-bb8f-79da7aaaa3b2/1/J5RVY5W0e_Q-DV1Vbn4lW2yKzMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/a5b6f7-f551-441b-bb8f-79da7aaaa3b2/1/J5RVY5W0e_Q-DV1Vbn4lW2yKzMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5RVY5W0e_Q-DV1Vbn4lW2yKzMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 12:54:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0b:4f:99:7c:1d:35:ec:01:08:98:a3:22:a0:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2794556395b47bf43e0d5d556e7e255b6c8accc2
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cda724e887ae6ff7e25aa16c7c1090ffb4c2fcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b6:56:b6:27:d6:bf:ba:ae:41:bd:e4:57:23:
                    13:0f:85:f5:a3:3b:4e:4f:10:f6:34:cd:fe:39:ef:
                    d9:90:d3:0c:7e:1f:5f:ac:aa:cd:93:97:09:bb:ca:
                    25:fb:ac:d6:dc:82:b0:04:ec:8c:08:8d:5a:a5:0b:
                    b5:08:ad:69:30:a7:92:9d:de:98:7a:d5:20:6b:c4:
                    4e:4a:22:28:ba:93:36:bc:f4:82:da:73:fa:a7:56:
                    72:1b:2d:37:42:a4:9e:bf:23:a3:00:b7:a3:52:47:
                    89:7d:e3:45:38:91:62:ec:b4:76:1e:8d:1a:c9:4c:
                    ee:8d:36:22:6d:90:13:c8:b6:6c:88:05:5c:56:5f:
                    8c:65:72:62:a4:2f:67:9d:d9:cb:8f:2f:e9:dc:67:
                    dc:cc:12:46:b6:5c:23:c7:ba:b8:a1:b5:e7:c0:1d:
                    65:48:4e:cd:d8:ea:b6:64:dc:f6:ab:cc:8a:8d:2f:
                    33:6e:2e:ca:fa:14:b5:35:61:23:42:89:2c:3e:ea:
                    82:a0:94:86:f3:85:f6:e8:6b:39:d7:8c:80:8e:7b:
                    16:81:39:ef:a0:9d:07:ca:d8:83:c0:18:9e:d9:9f:
                    4e:2c:c4:15:7e:39:b2:e2:a9:5b:85:66:2d:d2:f9:
                    72:a3:af:04:fe:0e:3c:4d:ab:1c:d6:dc:38:b5:78:
                    01:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:DA:72:4E:88:7A:E6:FF:7E:25:AA:16:C7:C1:09:0F:FB:4C:2F:CC
            X509v3 Authority Key Identifier:
                keyid:27:94:55:63:95:B4:7B:F4:3E:0D:5D:55:6E:7E:25:5B:6C:8A:CC:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5RVY5W0e_Q-DV1Vbn4lW2yKzMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/a5b6f7-f551-441b-bb8f-79da7aaaa3b2/1/LNpyToh65v9-JaoWx8EJD_tML8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/a5b6f7-f551-441b-bb8f-79da7aaaa3b2/1/J5RVY5W0e_Q-DV1Vbn4lW2yKzMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.12.0/22
                IPv6:
                  2a05:fe80::/29

    Signature Algorithm: sha256WithRSAEncryption
         d1:5d:14:ac:de:f7:a2:d0:17:10:e7:18:a3:b2:28:a7:72:e6:
         cc:3a:73:fa:a1:11:20:9d:80:c8:17:c7:a3:0e:39:73:5e:44:
         c5:73:63:c7:af:df:71:f3:16:6e:71:c5:37:2a:3b:60:05:16:
         67:66:95:a1:75:fd:c8:47:88:f0:f3:a1:25:18:a5:52:3b:33:
         60:ed:f4:83:db:b2:1c:82:f7:f8:19:2d:68:95:2c:5e:5d:eb:
         69:99:ef:fa:ed:3b:74:75:fe:d7:d6:c7:72:64:38:be:47:0f:
         fd:e8:e8:61:0b:e9:69:b8:05:8b:da:51:5f:c8:0e:4b:65:6f:
         bc:63:b8:4b:3d:9d:17:23:99:e2:5b:83:b1:3b:65:ae:b1:61:
         1f:26:3d:e1:72:8c:aa:d5:d5:c1:ce:c4:53:ce:2a:93:c2:58:
         46:6f:e8:ed:83:4d:f4:4f:f3:8c:66:e1:dd:07:2a:9a:d9:76:
         90:7a:30:08:60:54:31:2b:a8:75:ea:e8:89:8e:60:76:09:9c:
         0b:28:63:b9:3c:65:1e:07:4c:01:4e:49:95:9f:95:d1:7b:79:
         de:74:69:85:e9:f0:9f:d5:a4:1c:56:e6:e8:2f:6d:7f:22:7f:
         13:fd:c0:e6:e9:37:03:43:c8:ff:dd:24:ec:f4:6f:97:3d:b2:
         1c:ff:31:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbQtPmXwdNewBCJijIqDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTQ1NTYzOTViNDdiZjQzZTBkNWQ1NTZlN2UyNTViNmM4
YWNjYzIwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2RhNzI0ZTg4N2FlNmZmN2UyNWFhMTZjN2MxMDkwZmZiNGMyZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7ZWtifWv7quQb3kVyMTD4X1oztO
TxD2NM3+Oe/ZkNMMfh9frKrNk5cJu8ol+6zW3IKwBOyMCI1apQu1CK1pMKeSnd6Y
etUga8ROSiIoupM2vPSC2nP6p1ZyGy03QqSevyOjALejUkeJfeNFOJFi7LR2Ho0a
yUzujTYibZATyLZsiAVcVl+MZXJipC9nndnLjy/p3GfczBJGtlwjx7q4obXnwB1l
SE7N2Oq2ZNz2q8yKjS8zbi7K+hS1NWEjQoksPuqCoJSG84X26Gs514yAjnsWgTnv
oJ0HytiDwBie2Z9OLMQVfjmy4qlbhWYt0vlyo68E/g48Tasc1tw4tXgBlQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCzack6Ieub/fiWqFsfBCQ/7TC/MMB8GA1UdIwQY
MBaAFCeUVWOVtHv0Pg1dVW5+JVtsiszCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVSVlk1VzBlX1EtRFYxVmJuNGxXMnlLek1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hNWI2ZjctZjU1MS00NDFiLWJiOGYt
NzlkYTdhYWFhM2IyLzEvTE5weVRvaDY1djktSmFvV3g4RUpEX3RNTDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hNWI2ZjctZjU1MS00NDFiLWJiOGYtNzlkYTdhYWFhM2Iy
LzEvSjVSVlk1VzBlX1EtRFYxVmJuNGxXMnlLek1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYUMMA0E
AgACMAcDBQMqBf6AMA0GCSqGSIb3DQEBCwUAA4IBAQDRXRSs3vei0BcQ5xijsiin
cubMOnP6oREgnYDIF8ejDjlzXkTFc2PHr99x8xZuccU3KjtgBRZnZpWhdf3IR4jw
86ElGKVSOzNg7fSD27Icgvf4GS1olSxeXetpme/67Tt0df7X1sdyZDi+Rw/96Ohh
C+lpuAWL2lFfyA5LZW+8Y7hLPZ0XI5niW4OxO2WusWEfJj3hcoyq1dXBzsRTziqT
wlhGb+jtg030T/OMZuHdByqa2XaQejAIYFQxK6h16uiJjmB2CZwLKGO5PGUeB0wB
TkmVn5XRe3nedGmF6fCf1aQcVuboL21/In8T/cDm6TcDQ8j/3STs9G+XPbIc/zEq
-----END CERTIFICATE-----