Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/LUoRdNd7OUNidWKpI-Q4rXmUBNQ.roa
File:                     LUoRdNd7OUNidWKpI-Q4rXmUBNQ.roa (raw, json)
Hash identifier:          ap5EBVX8w9EJ37Ed/2jDtcdGlwVG+YSJDBGfLzLdWtw=
Subject key identifier:   2D:4A:11:74:D7:7B:39:43:62:75:62:A9:23:E4:38:AD:79:94:04:D4
Certificate issuer:       /CN=c8d5aa7034250ab1a8789ac86cc0eef3bfc9db5f
Certificate serial:       018CC8011F4C344C4740C9A13B4B1D6A957A
Authority key identifier: C8:D5:AA:70:34:25:0A:B1:A8:78:9A:C8:6C:C0:EE:F3:BF:C9:DB:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yNWqcDQlCrGoeJrIbMDu87_J218.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/LUoRdNd7OUNidWKpI-Q4rXmUBNQ.roa
Signing time:             Tue 02 Jan 2024 02:29:25 +0000
ROA not before:           Tue 02 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197889
IP address blocks:        85.119.8.0/21 maxlen: 21
                          185.223.16.0/23 maxlen: 23
                          185.223.18.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/yNWqcDQlCrGoeJrIbMDu87_J218.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/yNWqcDQlCrGoeJrIbMDu87_J218.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yNWqcDQlCrGoeJrIbMDu87_J218.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:1f:4c:34:4c:47:40:c9:a1:3b:4b:1d:6a:95:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8d5aa7034250ab1a8789ac86cc0eef3bfc9db5f
        Validity
            Not Before: Jan  2 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d4a1174d77b3943627562a923e438ad799404d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c4:c3:fd:ac:f5:74:a5:f6:de:8a:13:55:ea:
                    6c:fc:32:cb:1b:c9:3e:3a:a4:e0:8e:d7:9d:ee:d6:
                    0d:08:df:88:ae:4f:ae:67:86:2b:3a:48:17:9b:02:
                    b3:d3:c9:64:bc:a6:9f:07:2c:af:ce:10:cc:4a:e7:
                    8b:f9:b7:29:8b:ed:cf:5d:48:09:6b:5d:15:1a:e1:
                    ca:be:63:bf:57:96:16:6c:29:06:de:b1:12:02:d1:
                    31:dd:c2:05:42:80:32:ab:4e:a8:74:81:41:15:54:
                    61:03:29:db:ea:7b:de:0e:02:a1:76:36:c8:84:2c:
                    ce:fd:e1:ab:ea:b3:73:88:27:39:41:73:6a:fb:4e:
                    7d:f3:ad:52:d2:9b:e7:a8:41:33:91:7e:f4:86:9d:
                    ce:0e:35:49:cf:b7:21:dc:e8:4e:30:b5:43:2f:ec:
                    15:48:cb:78:9c:cf:04:b4:87:78:f0:4d:6d:76:3d:
                    bf:94:94:89:75:2d:aa:57:06:ec:eb:04:bf:9d:75:
                    05:d2:63:1f:89:20:2e:2f:fa:4e:c5:5e:e4:1b:d2:
                    e5:e6:48:b9:47:b1:29:f7:8e:94:5d:4e:65:d0:f2:
                    e5:93:97:11:62:a9:c0:06:a9:9e:b5:55:7f:5d:4a:
                    d2:f8:06:01:6b:ec:ca:0d:03:08:d2:ca:af:a2:c1:
                    06:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:4A:11:74:D7:7B:39:43:62:75:62:A9:23:E4:38:AD:79:94:04:D4
            X509v3 Authority Key Identifier:
                keyid:C8:D5:AA:70:34:25:0A:B1:A8:78:9A:C8:6C:C0:EE:F3:BF:C9:DB:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNWqcDQlCrGoeJrIbMDu87_J218.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/LUoRdNd7OUNidWKpI-Q4rXmUBNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/yNWqcDQlCrGoeJrIbMDu87_J218.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.119.8.0/21
                  185.223.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:a1:75:32:b9:18:12:41:52:e9:ec:d2:0c:7b:fd:7e:23:71:
         8e:30:28:40:0c:d4:ea:f6:6f:48:d6:05:75:24:9a:93:6f:a2:
         1e:49:dc:72:c3:0c:a4:c6:d7:4f:8e:98:89:2d:8c:ad:6e:07:
         fc:6c:f8:9c:25:18:1a:11:d9:93:d2:f4:35:7d:1f:bb:60:bd:
         45:f7:79:f7:37:13:d8:2c:8a:0a:8a:36:53:b0:73:25:14:01:
         a0:67:c5:85:9d:79:86:2a:ae:44:b1:85:85:9a:98:5e:49:71:
         63:74:3c:15:0d:82:6f:71:7a:47:86:80:73:54:f6:cd:9e:23:
         a3:24:09:c0:82:16:49:41:52:97:70:b3:a4:39:48:ed:fa:7c:
         2f:1f:e8:53:a0:07:f3:b3:a4:b3:8c:14:82:23:c5:df:6d:6b:
         b3:56:b7:69:31:a9:80:d9:df:70:94:68:bd:52:89:cc:08:6a:
         a0:42:0a:a1:46:e6:bb:50:92:78:65:cc:cb:39:af:8a:f0:1b:
         66:6d:61:5e:c1:6d:40:9c:03:09:24:f1:53:fa:d6:2a:82:5e:
         f0:ac:f6:91:be:80:c9:e0:54:0a:48:b8:21:69:88:f5:85:61:
         8e:10:11:dc:c4:44:4b:c8:bb:85:72:63:b1:03:1a:3e:de:68:
         9b:6f:c6:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAR9MNExHQMmhO0sdapV6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDVhYTcwMzQyNTBhYjFhODc4OWFjODZjYzBlZWYzYmZj
OWRiNWYwHhcNMjQwMTAyMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDRhMTE3NGQ3N2IzOTQzNjI3NTYyYTkyM2U0MzhhZDc5OTQwNGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8TD/az1dKX23ooTVeps/DLLG8k+
OqTgjted7tYNCN+Irk+uZ4YrOkgXmwKz08lkvKafByyvzhDMSueL+bcpi+3PXUgJ
a10VGuHKvmO/V5YWbCkG3rESAtEx3cIFQoAyq06odIFBFVRhAynb6nveDgKhdjbI
hCzO/eGr6rNziCc5QXNq+059861S0pvnqEEzkX70hp3ODjVJz7ch3OhOMLVDL+wV
SMt4nM8EtId48E1tdj2/lJSJdS2qVwbs6wS/nXUF0mMfiSAuL/pOxV7kG9Ll5ki5
R7Ep946UXU5l0PLlk5cRYqnABqmetVV/XUrS+AYBa+zKDQMI0sqvosEGfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC1KEXTXezlDYnViqSPkOK15lATUMB8GA1UdIwQY
MBaAFMjVqnA0JQqxqHiayGzA7vO/ydtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5XcWNEUWxDckdvZUpySWJNRHU4N19KMjE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yZDQ5MGMtNmZmOC00NzFkLTk3ZDIt
MmQ3MmYyMzE5M2RiLzEvTFVvUmROZDdPVU5pZFdLcEktUTRyWG1VQk5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yZDQ5MGMtNmZmOC00NzFkLTk3ZDItMmQ3MmYyMzE5M2Ri
LzEveU5XcWNEUWxDckdvZUpySWJNRHU4N19KMjE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDVXcIAwQC
ud8QMA0GCSqGSIb3DQEBCwUAA4IBAQBsoXUyuRgSQVLp7NIMe/1+I3GOMChADNTq
9m9I1gV1JJqTb6IeSdxywwykxtdPjpiJLYytbgf8bPicJRgaEdmT0vQ1fR+7YL1F
93n3NxPYLIoKijZTsHMlFAGgZ8WFnXmGKq5EsYWFmpheSXFjdDwVDYJvcXpHhoBz
VPbNniOjJAnAghZJQVKXcLOkOUjt+nwvH+hToAfzs6SzjBSCI8XfbWuzVrdpMamA
2d9wlGi9UonMCGqgQgqhRua7UJJ4ZczLOa+K8BtmbWFewW1AnAMJJPFT+tYqgl7w
rPaRvoDJ4FQKSLghaYj1hWGOEBHcxERLyLuFcmOxAxo+3mibb8bD
-----END CERTIFICATE-----