Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/Li2QGj71qapKRjrdl_IAtyPAGW0.roa
File:                     Li2QGj71qapKRjrdl_IAtyPAGW0.roa (raw, json)
Hash identifier:          JiV48Ioy6Tl8dLMcxOSRfxsCasfKXdi5zen4biEpa9s=
Subject key identifier:   2E:2D:90:1A:3E:F5:A9:AA:4A:46:3A:DD:97:F2:00:B7:23:C0:19:6D
Certificate issuer:       /CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Certificate serial:       018CC6B77EBF52E19C4C28C4ED47875AAD22
Authority key identifier: B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/Li2QGj71qapKRjrdl_IAtyPAGW0.roa
Signing time:             Mon 01 Jan 2024 20:29:23 +0000
ROA not before:           Mon 01 Jan 2024 20:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1221
IP address blocks:        153.112.128.0/24 maxlen: 24
                          192.131.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7e:bf:52:e1:9c:4c:28:c4:ed:47:87:5a:ad:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
        Validity
            Not Before: Jan  1 20:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e2d901a3ef5a9aa4a463add97f200b723c0196d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:35:9a:c2:e0:24:0c:8e:2c:da:67:f3:2f:cb:
                    44:4b:b8:67:f1:ba:13:0f:ab:57:f4:bd:44:ce:86:
                    6e:bc:4e:50:18:fb:44:d9:d2:b7:b7:e8:81:7e:1d:
                    40:43:cf:92:e8:77:fc:96:40:64:12:1b:98:44:fa:
                    7d:80:3a:4b:ea:ae:e4:64:7f:3b:fa:44:19:14:ab:
                    44:fe:39:d0:8e:0d:10:67:96:3d:8f:5e:49:c6:11:
                    68:0e:a4:ee:57:95:96:b4:cb:b4:e3:4f:e5:0e:79:
                    be:ad:70:2e:f8:34:97:11:a1:e3:0f:38:ca:26:3e:
                    28:23:f7:00:83:a0:cb:34:28:80:86:9c:3e:86:b3:
                    65:6d:65:f7:c2:a6:b5:12:4f:cc:23:bf:37:81:3b:
                    33:03:e8:ee:c3:41:e8:64:59:56:1f:14:d6:e4:30:
                    df:1b:3f:1b:6a:96:7a:93:e4:22:07:0e:58:f5:8e:
                    ed:dd:1c:bb:a4:4c:42:78:22:3d:44:5c:4b:4d:7f:
                    0b:2e:72:02:5a:d3:64:8c:d8:90:1d:6d:89:af:85:
                    5b:93:12:0d:1b:50:31:d7:60:f2:39:25:b5:a2:47:
                    45:36:1f:4f:6e:02:89:0c:50:ff:04:13:49:49:46:
                    1f:e3:61:c3:ae:11:9b:c2:7c:6e:f9:a2:b8:a6:cf:
                    06:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:2D:90:1A:3E:F5:A9:AA:4A:46:3A:DD:97:F2:00:B7:23:C0:19:6D
            X509v3 Authority Key Identifier:
                keyid:B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/Li2QGj71qapKRjrdl_IAtyPAGW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.112.128.0/24
                  192.131.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:38:32:26:bb:72:14:df:98:71:ea:ef:67:f3:b4:c9:b0:1d:
         16:e8:57:19:42:04:ce:15:35:a1:1e:33:9a:b1:1b:62:da:c5:
         17:b7:87:df:30:97:0e:37:06:cc:a3:ff:38:2f:ce:7a:bb:af:
         4c:3d:34:84:78:09:5d:6d:84:22:5b:7e:66:7d:f4:d3:cd:49:
         cf:9d:8d:ff:78:d7:c0:50:6d:6c:c7:55:18:9f:88:85:74:48:
         30:aa:29:2a:cc:6e:b2:7d:19:ae:dc:d7:00:64:13:5c:14:2b:
         35:89:82:9b:ab:be:f4:c8:3b:a6:e2:57:c0:9f:b5:e1:1d:5b:
         03:36:58:72:fe:31:25:86:20:ff:52:52:22:ec:94:d5:e2:bc:
         1b:2d:94:ea:e7:9c:00:12:ca:e9:4f:2a:55:fe:7a:5a:2f:a6:
         c1:b2:b9:61:3d:a7:10:0e:23:23:d3:18:35:46:62:ac:83:ab:
         7f:4f:04:90:97:42:4a:f0:84:2d:0b:fe:e9:fb:55:56:e1:0f:
         b8:6c:b6:5d:73:11:b9:66:dc:a8:7f:94:41:6f:f7:a4:dc:f8:
         6a:d3:d4:d7:6a:4e:98:76:39:84:47:16:5b:93:1a:ab:78:f2:
         01:7d:e6:ee:e6:33:56:ab:fc:76:9d:56:fb:37:54:17:cc:7f:
         57:84:21:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt36/UuGcTCjE7UeHWq0iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODUyZmZiYTdkNTdjNWE4YWZiYjZlYTViZWFmN2RmZWMw
YzE0NWEwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTJkOTAxYTNlZjVhOWFhNGE0NjNhZGQ5N2YyMDBiNzIzYzAxOTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDWawuAkDI4s2mfzL8tES7hn8boT
D6tX9L1EzoZuvE5QGPtE2dK3t+iBfh1AQ8+S6Hf8lkBkEhuYRPp9gDpL6q7kZH87
+kQZFKtE/jnQjg0QZ5Y9j15JxhFoDqTuV5WWtMu040/lDnm+rXAu+DSXEaHjDzjK
Jj4oI/cAg6DLNCiAhpw+hrNlbWX3wqa1Ek/MI783gTszA+juw0HoZFlWHxTW5DDf
Gz8bapZ6k+QiBw5Y9Y7t3Ry7pExCeCI9RFxLTX8LLnICWtNkjNiQHW2Jr4VbkxIN
G1Ax12DyOSW1okdFNh9PbgKJDFD/BBNJSUYf42HDrhGbwnxu+aK4ps8GiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC4tkBo+9amqSkY63ZfyALcjwBltMB8GA1UdIwQY
MBaAFLSFL/un1Xxaivu26lvq99/sDBRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQt
ZjcxMDM4ZTk2N2E0LzEvTGkyUUdqNzFxYXBLUmpyZGxfSUF0eVBBR1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQtZjcxMDM4ZTk2N2E0
LzEvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmXCAAwQA
wIMZMA0GCSqGSIb3DQEBCwUAA4IBAQCPODImu3IU35hx6u9n87TJsB0W6FcZQgTO
FTWhHjOasRti2sUXt4ffMJcONwbMo/84L856u69MPTSEeAldbYQiW35mffTTzUnP
nY3/eNfAUG1sx1UYn4iFdEgwqikqzG6yfRmu3NcAZBNcFCs1iYKbq770yDum4lfA
n7XhHVsDNlhy/jElhiD/UlIi7JTV4rwbLZTq55wAEsrpTypV/npaL6bBsrlhPacQ
DiMj0xg1RmKsg6t/TwSQl0JK8IQtC/7p+1VW4Q+4bLZdcxG5Ztyof5RBb/ek3Phq
09TXak6YdjmERxZbkxqrePIBfebu5jNWq/x2nVb7N1QXzH9XhCHH
-----END CERTIFICATE-----