Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/lLO55w1fy2We8ZpzoszbdUDhqO0.roa
File:                     lLO55w1fy2We8ZpzoszbdUDhqO0.roa (raw, json)
Hash identifier:          GAIKddV3pS2VHfLfiaH+5FGpGuCQkNZQL5htJ0qqWB4=
Subject key identifier:   94:B3:B9:E7:0D:5F:CB:65:9E:F1:9A:73:A2:CC:DB:75:40:E1:A8:ED
Certificate issuer:       /CN=a27c641b530a7c6ba234022e3327246232367100
Certificate serial:       0190EE24C1E0EB9897CD295A7F7F25CC6E6A
Authority key identifier: A2:7C:64:1B:53:0A:7C:6B:A2:34:02:2E:33:27:24:62:32:36:71:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/onxkG1MKfGuiNAIuMyckYjI2cQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/lLO55w1fy2We8ZpzoszbdUDhqO0.roa
Signing time:             Fri 26 Jul 2024 08:25:04 +0000
ROA not before:           Fri 26 Jul 2024 08:25:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60606
IP address blocks:        91.239.200.0/22 maxlen: 23
                          2001:67c:e94::/48 maxlen: 49

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/onxkG1MKfGuiNAIuMyckYjI2cQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/onxkG1MKfGuiNAIuMyckYjI2cQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/onxkG1MKfGuiNAIuMyckYjI2cQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ee:24:c1:e0:eb:98:97:cd:29:5a:7f:7f:25:cc:6e:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a27c641b530a7c6ba234022e3327246232367100
        Validity
            Not Before: Jul 26 08:25:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94b3b9e70d5fcb659ef19a73a2ccdb7540e1a8ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:18:9b:48:50:f9:8a:7b:c1:94:21:c0:20:0a:
                    de:f3:d6:77:38:e1:22:b4:7c:cf:4f:67:6d:11:37:
                    f6:7b:03:7c:76:e5:9e:c3:92:9c:9d:18:94:df:8c:
                    cb:e3:9f:fd:69:94:b6:d6:46:7a:2c:da:87:ef:ba:
                    15:9b:a8:11:e8:ba:f1:dc:82:cb:a8:ab:f5:94:cd:
                    c9:f6:6f:f4:c9:02:b7:43:28:ca:c4:f5:de:86:c7:
                    f1:d9:7f:b5:dc:ea:1a:41:93:08:96:63:fd:3f:05:
                    0f:fc:c9:a6:d8:df:cf:96:31:c9:68:5e:5b:3f:45:
                    f7:2a:bb:17:b2:63:6f:b6:37:be:69:77:25:4d:c9:
                    85:b8:8f:ef:df:8b:fd:4b:a8:d7:2e:30:6c:46:37:
                    88:77:37:2f:e3:46:40:2f:49:07:7f:f0:ff:29:2e:
                    03:8c:14:1f:8a:16:79:94:a7:1d:2a:e0:25:47:35:
                    34:48:5e:30:81:a8:f9:b2:f0:f6:67:6e:aa:78:e1:
                    4f:52:ca:68:38:4f:55:e1:14:03:ff:70:a0:3d:f7:
                    f2:e0:bb:e5:4e:cd:31:05:e5:d0:ba:54:70:57:89:
                    8d:20:a6:ab:e2:08:be:da:d6:87:bf:03:07:aa:fc:
                    46:0d:49:d1:a7:9e:e8:27:15:3e:8e:4b:8e:b0:b8:
                    19:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:B3:B9:E7:0D:5F:CB:65:9E:F1:9A:73:A2:CC:DB:75:40:E1:A8:ED
            X509v3 Authority Key Identifier:
                keyid:A2:7C:64:1B:53:0A:7C:6B:A2:34:02:2E:33:27:24:62:32:36:71:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/onxkG1MKfGuiNAIuMyckYjI2cQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/lLO55w1fy2We8ZpzoszbdUDhqO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/006f56-1d8e-45cc-8694-1f188fcce855/1/onxkG1MKfGuiNAIuMyckYjI2cQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.200.0/22
                IPv6:
                  2001:67c:e94::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:d6:fd:83:c3:43:89:1b:43:a5:bd:1b:a2:3c:57:a1:24:be:
         94:d7:b2:a5:06:ca:b7:72:8e:07:36:67:47:bb:08:4a:6b:94:
         41:e7:93:c2:7a:c7:39:67:a3:64:7f:eb:97:25:da:c4:63:03:
         b0:a7:66:ba:63:11:df:65:14:e5:06:52:a2:6a:c4:2c:06:e1:
         9d:51:d3:21:e8:db:f1:46:9d:b0:0d:51:00:8b:26:4a:eb:85:
         98:e5:47:f1:a0:b0:e3:26:d4:a0:5b:a4:46:f9:19:e2:25:f5:
         6f:ae:d0:53:3c:d6:a7:51:b5:1e:09:d9:34:00:58:d6:85:f4:
         65:fe:f2:d7:99:7f:3c:55:85:38:dc:ec:b8:9d:15:6f:92:5a:
         77:07:da:08:c8:b2:20:b9:6e:58:dc:bf:11:e0:ea:66:5e:7d:
         62:79:0e:de:61:9f:e7:65:47:e3:60:95:55:9d:a8:55:e9:45:
         fe:1d:80:5b:0d:f4:16:aa:2e:74:d0:a4:79:7f:2e:d9:ad:5e:
         07:89:9e:c1:56:9f:e4:24:ce:1a:0c:82:34:a9:5b:4d:b8:2c:
         9a:70:b4:aa:15:e3:29:0f:a2:e3:8a:25:85:b3:84:f1:17:6c:
         a4:9f:45:04:79:8e:7f:57:5b:96:e7:47:00:31:90:ae:8f:3d:
         91:f8:3c:ce
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZDuJMHg65iXzSlaf38lzG5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyN2M2NDFiNTMwYTdjNmJhMjM0MDIyZTMzMjcyNDYyMzIz
NjcxMDAwHhcNMjQwNzI2MDgyNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGIzYjllNzBkNWZjYjY1OWVmMTlhNzNhMmNjZGI3NTQwZTFhOGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBibSFD5invBlCHAIAre89Z3OOEi
tHzPT2dtETf2ewN8duWew5KcnRiU34zL45/9aZS21kZ6LNqH77oVm6gR6Lrx3ILL
qKv1lM3J9m/0yQK3QyjKxPXehsfx2X+13OoaQZMIlmP9PwUP/Mmm2N/PljHJaF5b
P0X3KrsXsmNvtje+aXclTcmFuI/v34v9S6jXLjBsRjeIdzcv40ZAL0kHf/D/KS4D
jBQfihZ5lKcdKuAlRzU0SF4wgaj5svD2Z26qeOFPUspoOE9V4RQD/3CgPffy4Lvl
Ts0xBeXQulRwV4mNIKar4gi+2taHvwMHqvxGDUnRp57oJxU+jkuOsLgZDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJSzuecNX8tlnvGac6LM23VA4ajtMB8GA1UdIwQY
MBaAFKJ8ZBtTCnxrojQCLjMnJGIyNnEAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb254a0cxTUtmR3VpTkFJdU15Y2tZakkyY1FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wMDZmNTYtMWQ4ZS00NWNjLTg2OTQt
MWYxODhmY2NlODU1LzEvbExPNTV3MWZ5MldlOFpwem9zemJkVURocU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wMDZmNTYtMWQ4ZS00NWNjLTg2OTQtMWYxODhmY2NlODU1
LzEvb254a0cxTUtmR3VpTkFJdU15Y2tZakkyY1FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCW+/IMA8E
AgACMAkDBwAgAQZ8DpQwDQYJKoZIhvcNAQELBQADggEBAGjW/YPDQ4kbQ6W9G6I8
V6EkvpTXsqUGyrdyjgc2Z0e7CEprlEHnk8J6xzlno2R/65cl2sRjA7CnZrpjEd9l
FOUGUqJqxCwG4Z1R0yHo2/FGnbANUQCLJkrrhZjlR/GgsOMm1KBbpEb5GeIl9W+u
0FM81qdRtR4J2TQAWNaF9GX+8teZfzxVhTjc7LidFW+SWncH2gjIsiC5bljcvxHg
6mZefWJ5Dt5hn+dlR+NglVWdqFXpRf4dgFsN9BaqLnTQpHl/LtmtXgeJnsFWn+Qk
zhoMgjSpW024LJpwtKoV4ykPouOKJYWzhPEXbKSfRQR5jn9XW5bnRwAxkK6PPZH4
PM4=
-----END CERTIFICATE-----