Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Lyf2AjnEtywTvbEucBqRCQHWwmM.roa
File:                     Lyf2AjnEtywTvbEucBqRCQHWwmM.roa (raw, json)
Hash identifier:          jnHmAmmjwSIXSmZIjA6xDn1rtoEVo6BECV59p2BwLFE=
Subject key identifier:   2F:27:F6:02:39:C4:B7:2C:13:BD:B1:2E:70:1A:91:09:01:D6:C2:63
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D65CBF035CF345090F5F7BB7A74CB
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Lyf2AjnEtywTvbEucBqRCQHWwmM.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202690
IP address blocks:        212.5.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:65:cb:f0:35:cf:34:50:90:f5:f7:bb:7a:74:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f27f60239c4b72c13bdb12e701a910901d6c263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a7:48:a5:d2:39:e6:17:c1:3c:f6:2b:db:69:
                    c5:19:6b:38:22:4d:5a:ac:c9:42:99:96:67:ee:80:
                    55:96:50:12:b4:36:90:70:a0:59:ce:1a:15:a2:2a:
                    1a:de:9c:dd:3c:21:b9:f5:be:af:38:96:65:13:2f:
                    7e:6c:fb:05:f8:e0:55:fb:e4:e2:25:52:f9:ea:b4:
                    f3:dc:8b:f7:83:d9:a5:2b:f6:cd:70:8b:2b:b5:74:
                    22:45:43:1d:e2:7c:7e:95:9b:a2:c9:92:38:b0:cc:
                    35:90:e1:11:8f:94:a1:fd:f5:04:df:b3:57:e8:d3:
                    3f:3e:ec:bf:24:cb:08:6c:38:9a:77:ad:b7:11:86:
                    05:19:54:d0:ca:5e:73:6b:8c:c7:8c:fa:be:3e:4a:
                    f9:03:28:91:7f:be:12:c2:79:84:b5:24:ba:f7:96:
                    ff:1b:ec:f2:81:d7:78:fb:28:a0:df:95:96:86:0c:
                    e3:37:ca:eb:f5:da:aa:be:fb:ee:aa:7a:c1:44:3f:
                    92:8a:74:ac:64:ce:07:ac:72:df:56:b7:af:60:65:
                    07:6b:17:60:5a:a6:c3:79:97:12:24:6a:f2:c1:0a:
                    0c:69:c9:ed:e6:00:2d:1a:6c:07:eb:d5:e1:4f:d3:
                    8c:31:96:d1:c1:23:38:5d:c6:75:73:09:20:f7:99:
                    6d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:27:F6:02:39:C4:B7:2C:13:BD:B1:2E:70:1A:91:09:01:D6:C2:63
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/Lyf2AjnEtywTvbEucBqRCQHWwmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.5.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:7c:3c:b5:a9:bf:87:1e:5e:21:8a:a0:a4:a6:2c:54:70:97:
         67:44:bc:de:31:b3:11:cc:2c:81:cf:f7:91:08:0c:09:6d:a4:
         1d:54:ab:73:b0:51:7d:ed:a9:cd:0e:c4:c6:fb:9d:0a:fb:66:
         56:a0:85:a7:a0:f2:1d:d7:e2:e7:3d:d1:4a:f8:18:e1:df:68:
         77:7b:37:c4:1a:6b:67:5e:fc:a3:33:45:aa:ce:ba:14:a7:d7:
         26:ba:5b:dc:4e:5e:30:d8:c9:49:b6:c4:b4:7a:b9:e2:4a:81:
         44:a2:48:6e:19:16:a9:4b:3b:9a:a6:73:ea:e4:17:ca:ac:b0:
         09:be:57:7d:f7:10:8b:f0:e2:b0:a7:6a:ea:df:0b:b8:43:89:
         1b:15:18:8d:dd:45:6c:3c:0a:c5:e4:a5:b8:8a:4f:14:47:4f:
         a5:34:58:c6:38:04:cb:b4:a5:7e:9b:14:e2:43:77:7b:08:a0:
         df:8b:ee:67:16:73:95:7f:0a:f7:82:d0:fb:ff:59:03:61:e6:
         56:cd:5d:a3:02:2e:ed:a3:9f:3b:e4:68:cc:bd:bb:87:f7:be:
         7e:d3:a1:c5:9f:78:90:b6:72:75:d1:23:bd:75:50:46:62:d8:
         11:ff:98:6b:76:19:c6:f2:34:45:25:7b:be:ff:70:2e:16:66:
         ec:a4:e0:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWXL8DXPNFCQ9fe7enTLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjI3ZjYwMjM5YzRiNzJjMTNiZGIxMmU3MDFhOTEwOTAxZDZjMjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqdIpdI55hfBPPYr22nFGWs4Ik1a
rMlCmZZn7oBVllAStDaQcKBZzhoVoioa3pzdPCG59b6vOJZlEy9+bPsF+OBV++Ti
JVL56rTz3Iv3g9mlK/bNcIsrtXQiRUMd4nx+lZuiyZI4sMw1kOERj5Sh/fUE37NX
6NM/Puy/JMsIbDiad623EYYFGVTQyl5za4zHjPq+Pkr5AyiRf74SwnmEtSS695b/
G+zygdd4+yig35WWhgzjN8rr9dqqvvvuqnrBRD+SinSsZM4HrHLfVrevYGUHaxdg
WqbDeZcSJGrywQoMacnt5gAtGmwH69XhT9OMMZbRwSM4XcZ1cwkg95lt6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8n9gI5xLcsE72xLnAakQkB1sJjMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvTHlmMkFqbkV0eXdUdmJFdWNCcVJDUUhXd21NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AWcMA0G
CSqGSIb3DQEBCwUAA4IBAQBofDy1qb+HHl4hiqCkpixUcJdnRLzeMbMRzCyBz/eR
CAwJbaQdVKtzsFF97anNDsTG+50K+2ZWoIWnoPId1+LnPdFK+Bjh32h3ezfEGmtn
XvyjM0WqzroUp9cmulvcTl4w2MlJtsS0erniSoFEokhuGRapSzuapnPq5BfKrLAJ
vld99xCL8OKwp2rq3wu4Q4kbFRiN3UVsPArF5KW4ik8UR0+lNFjGOATLtKV+mxTi
Q3d7CKDfi+5nFnOVfwr3gtD7/1kDYeZWzV2jAi7to5875GjMvbuH975+06HFn3iQ
tnJ10SO9dVBGYtgR/5hrdhnG8jRFJXu+/3AuFmbspOB3
-----END CERTIFICATE-----