Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/3cde9b-3705-4dc3-8d7e-516ffd87376c/1/LY7m4A9G04de_1CUY7dtBrypdsQ.roa
File:                     LY7m4A9G04de_1CUY7dtBrypdsQ.roa (raw, json)
Hash identifier:          uMSHSchsTSew5xQol4Y1IPW9wEX0rEYs92o6EVQt6L4=
Subject key identifier:   2D:8E:E6:E0:0F:46:D3:87:5E:FF:50:94:63:B7:6D:06:BC:A9:76:C4
Certificate issuer:       /CN=306d618355bd8937f75bb4650bb5c1af70f9a12e
Certificate serial:       018CC2DB2BC8FF34A7EAFF59764CB694B576
Authority key identifier: 30:6D:61:83:55:BD:89:37:F7:5B:B4:65:0B:B5:C1:AF:70:F9:A1:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MG1hg1W9iTf3W7RlC7XBr3D5oS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/3cde9b-3705-4dc3-8d7e-516ffd87376c/1/LY7m4A9G04de_1CUY7dtBrypdsQ.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        185.155.207.0/24 maxlen: 24
                          185.186.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/3cde9b-3705-4dc3-8d7e-516ffd87376c/1/MG1hg1W9iTf3W7RlC7XBr3D5oS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/3cde9b-3705-4dc3-8d7e-516ffd87376c/1/MG1hg1W9iTf3W7RlC7XBr3D5oS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MG1hg1W9iTf3W7RlC7XBr3D5oS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2b:c8:ff:34:a7:ea:ff:59:76:4c:b6:94:b5:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=306d618355bd8937f75bb4650bb5c1af70f9a12e
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d8ee6e00f46d3875eff509463b76d06bca976c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d8:af:7c:b9:98:d5:b6:53:1c:0f:e3:96:c3:
                    58:59:a6:fb:dd:16:9a:3e:33:e0:fd:0a:ba:42:06:
                    69:f6:c0:31:bb:ad:2b:73:4f:f5:8f:c3:ca:d8:8a:
                    7f:a0:94:6b:bd:60:0e:4e:30:24:88:a6:43:b0:e2:
                    34:67:68:20:5f:f9:b4:a2:b0:cf:d6:67:02:c0:78:
                    ef:36:79:ec:3d:ab:02:ce:18:0c:b4:3a:37:96:41:
                    db:17:2b:80:de:93:28:d7:0d:f0:d0:20:8e:cf:c2:
                    e6:df:8a:7e:fb:bd:59:89:ad:cf:8a:25:a9:ee:80:
                    e1:78:1e:e7:f3:4a:4b:6f:aa:66:41:00:2e:f6:9c:
                    cb:ca:ca:91:49:14:e7:3f:cf:e2:94:d5:6f:30:3b:
                    be:6b:5b:76:97:a1:2e:75:24:7b:fa:f3:51:46:68:
                    bf:27:85:5c:48:72:8d:d3:19:7a:d3:9a:7f:b5:ab:
                    a9:54:eb:c7:32:b4:f6:be:b4:d5:18:cb:5c:8e:16:
                    63:99:15:ac:ca:ed:77:40:0f:33:d0:9e:6d:ea:fe:
                    2a:b1:b6:44:2b:e9:87:0c:5b:ea:40:ca:71:e8:80:
                    24:65:c0:00:78:2c:ea:1f:2f:29:5b:b9:02:cd:ed:
                    6d:ae:e9:4f:bc:6a:fa:ea:f2:a2:e2:ab:aa:e8:ad:
                    4d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:8E:E6:E0:0F:46:D3:87:5E:FF:50:94:63:B7:6D:06:BC:A9:76:C4
            X509v3 Authority Key Identifier:
                keyid:30:6D:61:83:55:BD:89:37:F7:5B:B4:65:0B:B5:C1:AF:70:F9:A1:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MG1hg1W9iTf3W7RlC7XBr3D5oS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/3cde9b-3705-4dc3-8d7e-516ffd87376c/1/LY7m4A9G04de_1CUY7dtBrypdsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/3cde9b-3705-4dc3-8d7e-516ffd87376c/1/MG1hg1W9iTf3W7RlC7XBr3D5oS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.207.0/24
                  185.186.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:4a:cd:80:b8:77:98:66:12:e6:a3:aa:86:a2:ca:f2:0a:37:
         2f:9e:86:a8:29:f6:68:f8:d0:13:ee:0e:11:bc:94:18:32:47:
         a3:03:74:05:35:ca:ce:09:07:bf:9a:d4:e3:d3:ec:a8:b5:d2:
         67:8c:4f:b6:72:54:de:47:7e:14:80:b4:18:45:17:49:75:5c:
         2f:e0:16:b5:7a:39:4d:04:ee:db:64:28:19:4f:20:51:22:e0:
         66:5d:5b:56:d9:b1:1d:7e:b7:62:6f:2a:ac:ff:df:cf:8f:78:
         ff:b3:ba:8f:69:a4:11:9f:7c:42:56:78:5b:53:99:f6:4e:83:
         dc:63:a2:4c:dc:a0:ad:23:70:f0:34:d0:30:f5:ae:57:4a:8f:
         63:d7:9c:56:4f:a1:71:e8:51:2d:c7:5c:14:ce:3c:3c:67:f8:
         2b:d5:7d:09:34:70:4d:ca:27:bd:00:10:8a:8a:8e:8f:7f:2e:
         de:c1:a3:fb:4d:a3:94:00:52:ee:f7:60:26:06:5f:a5:d0:ab:
         fb:9e:19:14:41:41:af:b4:8d:89:24:7c:7a:05:96:db:04:21:
         6b:53:d3:39:9e:51:ee:5a:18:14:5e:03:02:14:ed:72:d5:6a:
         94:c5:34:4e:03:b2:a0:89:00:3b:c3:f9:cb:84:c5:95:42:21:
         29:8f:92:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2yvI/zSn6v9Zdky2lLV2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNmQ2MTgzNTViZDg5MzdmNzViYjQ2NTBiYjVjMWFmNzBm
OWExMmUwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDhlZTZlMDBmNDZkMzg3NWVmZjUwOTQ2M2I3NmQwNmJjYTk3NmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtivfLmY1bZTHA/jlsNYWab73Raa
PjPg/Qq6QgZp9sAxu60rc0/1j8PK2Ip/oJRrvWAOTjAkiKZDsOI0Z2ggX/m0orDP
1mcCwHjvNnnsPasCzhgMtDo3lkHbFyuA3pMo1w3w0CCOz8Lm34p++71Zia3PiiWp
7oDheB7n80pLb6pmQQAu9pzLysqRSRTnP8/ilNVvMDu+a1t2l6EudSR7+vNRRmi/
J4VcSHKN0xl605p/taupVOvHMrT2vrTVGMtcjhZjmRWsyu13QA8z0J5t6v4qsbZE
K+mHDFvqQMpx6IAkZcAAeCzqHy8pW7kCze1trulPvGr66vKi4quq6K1NywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC2O5uAPRtOHXv9QlGO3bQa8qXbEMB8GA1UdIwQY
MBaAFDBtYYNVvYk391u0ZQu1wa9w+aEuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUcxaGcxVzlpVGYzVzdSbEM3WEJyM0Q1b1M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8zY2RlOWItMzcwNS00ZGMzLThkN2Ut
NTE2ZmZkODczNzZjLzEvTFk3bTRBOUcwNGRlXzFDVVk3ZHRCcnlwZHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8zY2RlOWItMzcwNS00ZGMzLThkN2UtNTE2ZmZkODczNzZj
LzEvTUcxaGcxVzlpVGYzVzdSbEM3WEJyM0Q1b1M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZvPAwQA
ubq3MA0GCSqGSIb3DQEBCwUAA4IBAQBDSs2AuHeYZhLmo6qGosryCjcvnoaoKfZo
+NAT7g4RvJQYMkejA3QFNcrOCQe/mtTj0+yotdJnjE+2clTeR34UgLQYRRdJdVwv
4Ba1ejlNBO7bZCgZTyBRIuBmXVtW2bEdfrdibyqs/9/Pj3j/s7qPaaQRn3xCVnhb
U5n2ToPcY6JM3KCtI3DwNNAw9a5XSo9j15xWT6Fx6FEtx1wUzjw8Z/gr1X0JNHBN
yie9ABCKio6Pfy7ewaP7TaOUAFLu92AmBl+l0Kv7nhkUQUGvtI2JJHx6BZbbBCFr
U9M5nlHuWhgUXgMCFO1y1WqUxTROA7KgiQA7w/nLhMWVQiEpj5KZ
-----END CERTIFICATE-----