Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/LFFlvPXw1rmFMx2FNEdYaXI36DA.roa
File:                     LFFlvPXw1rmFMx2FNEdYaXI36DA.roa (raw, json)
Hash identifier:          l8w+Fg6XUn8+D9ub5RCs6MkoQrZhezm5qzBQVULYAKE=
Subject key identifier:   2C:51:65:BC:F5:F0:D6:B9:85:33:1D:85:34:47:58:69:72:37:E8:30
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       018EE6280890D6A173C0A3A5A1B74C833307
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/LFFlvPXw1rmFMx2FNEdYaXI36DA.roa
Signing time:             Tue 16 Apr 2024 09:06:07 +0000
ROA not before:           Tue 16 Apr 2024 09:06:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        185.94.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:28:08:90:d6:a1:73:c0:a3:a5:a1:b7:4c:83:33:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Apr 16 09:06:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c5165bcf5f0d6b985331d85344758697237e830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fc:7c:42:48:2e:e6:94:ed:6a:cd:37:80:65:
                    29:7f:74:37:f6:38:e8:a9:9a:c9:b8:08:10:4b:eb:
                    23:34:50:6e:d3:96:85:3c:c4:a3:ba:36:db:28:6e:
                    89:7d:b2:10:47:a3:fc:77:64:13:b3:ed:a9:b8:53:
                    2e:1a:04:c4:9e:a7:be:10:eb:89:94:97:53:76:c0:
                    df:b1:5b:0b:9c:11:6e:5a:4d:e6:8f:d6:1c:f9:4e:
                    73:0f:f5:f5:88:b9:70:d6:26:3a:d7:76:46:86:bd:
                    ab:6c:cd:17:d7:eb:40:f4:33:ff:ab:b7:a1:89:b2:
                    02:ff:ef:a3:af:60:16:f2:dd:eb:b7:b5:68:03:a1:
                    4a:4f:ae:8c:8b:2f:6e:f7:73:bc:44:d2:2d:e8:19:
                    01:81:12:61:48:bd:cd:e9:9b:2a:f0:a2:06:74:b3:
                    56:5b:e5:84:b6:2d:de:7b:47:e9:46:47:7e:25:4a:
                    47:b4:85:1b:09:68:cf:94:d6:ab:f8:b5:30:15:fc:
                    0d:99:bc:25:2c:d6:eb:60:fd:dd:f2:34:43:d6:82:
                    a0:a4:6e:f3:af:3e:30:45:b1:6d:a4:5b:ee:68:8b:
                    f4:fa:f9:3d:1f:6f:89:f5:f2:af:88:1d:06:f4:9e:
                    5f:1a:0f:f8:69:5d:ea:30:12:ef:84:93:1a:98:40:
                    77:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:51:65:BC:F5:F0:D6:B9:85:33:1D:85:34:47:58:69:72:37:E8:30
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/LFFlvPXw1rmFMx2FNEdYaXI36DA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:10:0c:38:c0:ab:0d:a4:47:80:11:45:53:78:5b:79:ab:86:
         f7:6f:af:03:f5:91:e4:d2:cb:9c:f1:d2:91:f5:4c:f1:1d:31:
         31:5d:85:d0:83:51:89:31:e0:e5:e6:e1:91:07:61:cc:19:6d:
         b1:66:78:34:f2:07:a1:3a:05:be:02:ed:42:33:34:56:cb:6a:
         8f:ef:ab:17:8e:88:81:b3:ab:c5:07:4a:c1:b4:9e:6f:0a:2e:
         27:66:4f:77:aa:a0:4f:5b:13:5b:79:36:b1:a2:a2:bf:f2:a2:
         3c:5a:9f:d7:ff:88:d0:6a:6d:5a:59:c2:93:83:fd:3f:11:61:
         b5:ba:ea:b0:a4:c2:97:91:8a:6d:9b:c2:88:30:a6:85:28:1a:
         3f:26:b1:87:b9:63:10:6c:c9:3a:63:41:c4:06:29:fc:7b:7a:
         c2:a8:d1:ee:5a:ee:ea:52:53:70:4e:85:9a:14:e5:7b:30:22:
         d0:35:78:48:0f:80:ff:c4:f6:d7:ab:b4:20:07:06:fe:f0:56:
         17:e0:da:d9:cc:71:dc:3d:a3:60:5c:88:f4:47:45:69:f4:69:
         b5:c1:f2:eb:84:1c:8c:ce:5a:4b:15:7f:0f:94:90:e0:90:f5:
         4e:9e:e2:ac:07:26:f7:26:b0:e7:c3:a9:79:15:b0:1d:dc:a9:
         66:36:80:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7mKAiQ1qFzwKOlobdMgzMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjQwNDE2MDkwNjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzUxNjViY2Y1ZjBkNmI5ODUzMzFkODUzNDQ3NTg2OTcyMzdlODMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfx8Qkgu5pTtas03gGUpf3Q39jjo
qZrJuAgQS+sjNFBu05aFPMSjujbbKG6JfbIQR6P8d2QTs+2puFMuGgTEnqe+EOuJ
lJdTdsDfsVsLnBFuWk3mj9Yc+U5zD/X1iLlw1iY613ZGhr2rbM0X1+tA9DP/q7eh
ibIC/++jr2AW8t3rt7VoA6FKT66Miy9u93O8RNIt6BkBgRJhSL3N6Zsq8KIGdLNW
W+WEti3ee0fpRkd+JUpHtIUbCWjPlNar+LUwFfwNmbwlLNbrYP3d8jRD1oKgpG7z
rz4wRbFtpFvuaIv0+vk9H2+J9fKviB0G9J5fGg/4aV3qMBLvhJMamEB3rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxRZbz18Na5hTMdhTRHWGlyN+gwMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvTEZGbHZQWHcxcm1GTXgyRk5FZFlhWEkzNkRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV5AMA0G
CSqGSIb3DQEBCwUAA4IBAQC0EAw4wKsNpEeAEUVTeFt5q4b3b68D9ZHk0suc8dKR
9UzxHTExXYXQg1GJMeDl5uGRB2HMGW2xZng08gehOgW+Au1CMzRWy2qP76sXjoiB
s6vFB0rBtJ5vCi4nZk93qqBPWxNbeTaxoqK/8qI8Wp/X/4jQam1aWcKTg/0/EWG1
uuqwpMKXkYptm8KIMKaFKBo/JrGHuWMQbMk6Y0HEBin8e3rCqNHuWu7qUlNwToWa
FOV7MCLQNXhID4D/xPbXq7QgBwb+8FYX4NrZzHHcPaNgXIj0R0Vp9Gm1wfLrhByM
zlpLFX8PlJDgkPVOnuKsByb3JrDnw6l5FbAd3KlmNoDY
-----END CERTIFICATE-----