Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/Lc0LaNsLJyd7pSn0vAVSo3IEhKE.roa
File:                     Lc0LaNsLJyd7pSn0vAVSo3IEhKE.roa (raw, json)
Hash identifier:          v66aSHQl9HUdvmWktRDTwv2SudqsGJRUwDYLSL3Mqac=
Subject key identifier:   2D:CD:0B:68:DB:0B:27:27:7B:A5:29:F4:BC:05:52:A3:72:04:84:A1
Certificate issuer:       /CN=ab2e5b67f25cbd882ca4d023d21ef98d483735db
Certificate serial:       018CC4254C6E5F3E6F68CACEDBEB741FA8B4
Authority key identifier: AB:2E:5B:67:F2:5C:BD:88:2C:A4:D0:23:D2:1E:F9:8D:48:37:35:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/Lc0LaNsLJyd7pSn0vAVSo3IEhKE.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25160
IP address blocks:        91.244.236.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4c:6e:5f:3e:6f:68:ca:ce:db:eb:74:1f:a8:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2e5b67f25cbd882ca4d023d21ef98d483735db
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dcd0b68db0b27277ba529f4bc0552a3720484a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:21:5a:5f:9c:b1:2c:c0:26:f2:b5:81:92:87:
                    f2:8e:02:ed:6d:e3:a3:43:9e:a9:70:bb:78:6b:14:
                    e1:39:4d:4d:91:c5:65:42:a7:3d:a6:39:bc:ed:7c:
                    3b:d2:f6:40:bb:81:85:75:48:44:37:56:df:5d:bc:
                    a3:61:5b:9f:92:3a:80:4f:e6:5f:6e:e5:d0:49:a9:
                    ae:f7:9b:a5:29:2e:34:db:cd:3e:4f:af:0f:b7:bf:
                    1f:b3:60:be:65:40:5b:6a:09:1f:de:50:15:5b:bd:
                    33:27:a4:77:61:10:bd:71:fb:f8:4b:29:a8:0f:87:
                    90:7b:90:b6:05:7d:6f:11:9c:09:62:38:cd:06:62:
                    bf:0b:fc:30:35:ce:d0:69:4e:7b:1a:1f:91:b2:50:
                    32:b9:40:4e:2f:36:82:24:63:2c:8c:25:8e:65:84:
                    db:f3:16:51:66:25:8d:34:92:c0:8d:c3:c1:27:25:
                    34:dc:fe:f2:ca:59:eb:6c:43:23:70:94:08:9f:e3:
                    b4:11:7b:74:f8:3f:36:4b:66:67:d5:f6:e1:31:6d:
                    72:8a:6f:ac:17:93:9f:d4:a5:45:98:08:22:d3:47:
                    a6:04:71:eb:8a:cb:10:6d:ba:e0:91:6d:38:bd:fe:
                    78:80:f0:62:fd:7e:53:65:d1:ea:28:a6:8d:c8:a5:
                    5a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:CD:0B:68:DB:0B:27:27:7B:A5:29:F4:BC:05:52:A3:72:04:84:A1
            X509v3 Authority Key Identifier:
                keyid:AB:2E:5B:67:F2:5C:BD:88:2C:A4:D0:23:D2:1E:F9:8D:48:37:35:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy5bZ_JcvYgspNAj0h75jUg3Nds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/Lc0LaNsLJyd7pSn0vAVSo3IEhKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67ffe9-8d98-4c6d-be2a-3f6ec249717c/1/qy5bZ_JcvYgspNAj0h75jUg3Nds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:86:8d:db:f6:1d:05:92:1c:71:20:cc:74:00:b7:ba:fc:dc:
         d3:0b:31:01:ce:32:03:9e:84:74:09:85:70:0e:6b:9b:b8:c8:
         f9:5c:0b:82:b4:b4:0f:64:58:1c:e5:4d:b0:19:69:c7:c6:9b:
         33:f0:a3:c4:ca:24:a5:f7:da:fb:25:a6:0d:e2:88:0f:ba:66:
         0e:74:ad:d7:c5:fb:2d:d6:91:b3:62:d2:96:52:01:ce:cf:33:
         19:d8:47:71:00:6d:ed:04:4b:05:a6:35:57:f2:1c:4b:d2:4f:
         79:f3:9f:0e:e0:95:9a:fa:b4:67:5b:e8:c8:48:92:7f:2e:4a:
         17:aa:d0:44:ef:d2:34:bc:ec:10:be:de:d0:54:4c:2a:74:08:
         15:43:84:3a:4e:15:1c:12:e7:f2:1b:97:22:ab:ed:e1:64:0b:
         29:82:b5:b6:76:0e:ec:d1:f8:06:e8:29:fd:e0:31:d9:ee:1e:
         fa:35:68:73:4f:6d:e4:2b:ab:32:2e:82:47:6a:da:18:44:39:
         06:24:24:3c:15:e1:f9:ac:d8:e0:24:74:b4:ef:aa:7b:28:7f:
         68:f3:8b:03:0d:9d:9a:27:bc:13:10:8f:81:24:09:37:df:ae:
         32:70:4c:9c:e4:4e:72:72:b4:50:3c:fa:9a:c4:47:48:6e:11:
         8a:c6:38:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUxuXz5vaMrO2+t0H6i0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMmU1YjY3ZjI1Y2JkODgyY2E0ZDAyM2QyMWVmOThkNDgz
NzM1ZGIwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGNkMGI2OGRiMGIyNzI3N2JhNTI5ZjRiYzA1NTJhMzcyMDQ4NGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriFaX5yxLMAm8rWBkofyjgLtbeOj
Q56pcLt4axThOU1NkcVlQqc9pjm87Xw70vZAu4GFdUhEN1bfXbyjYVufkjqAT+Zf
buXQSamu95ulKS40280+T68Pt78fs2C+ZUBbagkf3lAVW70zJ6R3YRC9cfv4Symo
D4eQe5C2BX1vEZwJYjjNBmK/C/wwNc7QaU57Gh+RslAyuUBOLzaCJGMsjCWOZYTb
8xZRZiWNNJLAjcPBJyU03P7yylnrbEMjcJQIn+O0EXt0+D82S2Zn1fbhMW1yim+s
F5Of1KVFmAgi00emBHHrissQbbrgkW04vf54gPBi/X5TZdHqKKaNyKVaIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3NC2jbCycne6Up9LwFUqNyBIShMB8GA1UdIwQY
MBaAFKsuW2fyXL2ILKTQI9Ie+Y1INzXbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXk1YlpfSmN2WWdzcE5BajBoNzVqVWczTmRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC82N2ZmZTktOGQ5OC00YzZkLWJlMmEt
M2Y2ZWMyNDk3MTdjLzEvTGMwTGFOc0xKeWQ3cFNuMHZBVlNvM0lFaEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC82N2ZmZTktOGQ5OC00YzZkLWJlMmEtM2Y2ZWMyNDk3MTdj
LzEvcXk1YlpfSmN2WWdzcE5BajBoNzVqVWczTmRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW/TsMA0G
CSqGSIb3DQEBCwUAA4IBAQAmho3b9h0FkhxxIMx0ALe6/NzTCzEBzjIDnoR0CYVw
DmubuMj5XAuCtLQPZFgc5U2wGWnHxpsz8KPEyiSl99r7JaYN4ogPumYOdK3Xxfst
1pGzYtKWUgHOzzMZ2EdxAG3tBEsFpjVX8hxL0k95858O4JWa+rRnW+jISJJ/LkoX
qtBE79I0vOwQvt7QVEwqdAgVQ4Q6ThUcEufyG5ciq+3hZAspgrW2dg7s0fgG6Cn9
4DHZ7h76NWhzT23kK6syLoJHatoYRDkGJCQ8FeH5rNjgJHS076p7KH9o84sDDZ2a
J7wTEI+BJAk3364ycEyc5E5ycrRQPPqaxEdIbhGKxjh8
-----END CERTIFICATE-----