Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/lwZLvnybnsS2ZEIohO5dyBhq1Hk.roa
File:                     lwZLvnybnsS2ZEIohO5dyBhq1Hk.roa (raw, json)
Hash identifier:          yA0niluY/c0P2R05fUaWRZx1uAQBQX/NcNCYJRWJDnE=
Subject key identifier:   97:06:4B:BE:7C:9B:9E:C4:B6:64:42:28:84:EE:5D:C8:18:6A:D4:79
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB61466FFC7B92EBE4E80387C62D0B
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/lwZLvnybnsS2ZEIohO5dyBhq1Hk.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        87.248.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:61:46:6f:fc:7b:92:eb:e4:e8:03:87:c6:2d:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97064bbe7c9b9ec4b664422884ee5dc8186ad479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:71:e4:3a:9e:d3:1d:20:2e:d8:b0:98:ce:92:
                    c4:e8:2c:74:4a:33:07:b3:13:58:b7:2e:64:bf:7c:
                    de:dd:2b:26:ba:e4:4c:3e:6c:94:ae:e4:12:b4:7d:
                    bd:d9:f7:48:c2:f3:8a:aa:88:14:61:64:5c:05:3b:
                    32:c7:57:81:53:28:7b:28:72:1c:9f:92:c4:41:98:
                    1d:9f:8c:1e:e4:b0:32:d5:85:a0:af:31:fb:eb:ae:
                    88:08:b1:02:79:48:40:60:46:dd:27:b3:3e:8d:06:
                    d1:3d:40:d6:7e:72:00:ba:7c:1f:c8:43:12:ec:cb:
                    39:2c:32:35:d0:48:a8:6f:1d:1d:05:1f:a9:9e:b4:
                    b3:8e:dc:90:6d:86:6c:ac:8c:59:bc:1f:f6:92:9f:
                    fb:11:82:9a:66:cd:b8:da:1e:e1:e1:c2:31:f1:f2:
                    8b:7d:1c:af:56:f0:7d:49:26:a6:29:0d:b2:e5:2f:
                    0d:fc:e4:b4:f5:64:23:00:00:17:98:0f:84:fd:91:
                    c7:87:8b:7e:65:82:40:c5:3d:67:23:c3:03:ab:23:
                    51:66:ec:ac:67:21:ce:48:e7:b0:74:59:8f:7e:e2:
                    61:5d:fb:63:c4:38:72:0c:bd:aa:92:20:a2:de:30:
                    5d:2e:67:ef:16:b6:b3:ea:cd:08:72:0b:cd:90:f5:
                    24:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:06:4B:BE:7C:9B:9E:C4:B6:64:42:28:84:EE:5D:C8:18:6A:D4:79
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/lwZLvnybnsS2ZEIohO5dyBhq1Hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:71:a7:e3:50:4e:cf:c6:18:a6:36:9b:21:a6:27:ae:d8:df:
         b6:7b:86:39:e3:64:c6:b0:bc:fc:36:e5:90:78:73:84:31:e9:
         1c:17:a8:6e:4f:38:ef:6b:a2:3b:db:ea:8c:4f:71:a5:ed:b1:
         9b:0c:18:39:54:03:4d:2e:06:4e:c5:2f:c1:06:9a:0c:2d:a1:
         57:97:a0:a8:36:3a:cf:97:fe:c1:94:fc:c5:9a:d1:b9:4d:ad:
         84:eb:8e:30:b6:1d:3c:3c:be:e5:1f:11:3c:b5:fa:2b:ae:c5:
         7e:39:ed:75:13:3b:55:24:3e:30:60:6d:b3:94:c9:3f:ac:26:
         a5:a4:24:76:1d:57:67:a0:90:ff:c6:68:7f:0a:21:06:4a:78:
         d9:ac:77:38:3e:30:02:96:81:85:d2:c6:c4:f6:62:0d:af:4d:
         04:42:ac:1d:ab:09:e9:11:61:1d:87:c6:d7:aa:72:e8:bc:a8:
         7c:ee:e3:a7:7c:63:fb:48:43:3b:c1:8d:28:27:4b:96:12:75:
         fc:a2:f4:a5:cf:98:16:2d:39:f6:c7:7e:0e:84:77:58:4a:a7:
         02:9b:4a:d2:0d:ca:b4:80:0a:2b:3e:a0:a1:f0:2d:32:3b:f9:
         09:06:de:f9:2d:3d:63:ff:f3:46:ba:c5:e3:5d:88:27:d6:ff:
         55:40:79:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22FGb/x7kuvk6AOHxi0LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzA2NGJiZTdjOWI5ZWM0YjY2NDQyMjg4NGVlNWRjODE4NmFkNDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8XHkOp7THSAu2LCYzpLE6Cx0SjMH
sxNYty5kv3ze3SsmuuRMPmyUruQStH292fdIwvOKqogUYWRcBTsyx1eBUyh7KHIc
n5LEQZgdn4we5LAy1YWgrzH7666ICLECeUhAYEbdJ7M+jQbRPUDWfnIAunwfyEMS
7Ms5LDI10Eiobx0dBR+pnrSzjtyQbYZsrIxZvB/2kp/7EYKaZs242h7h4cIx8fKL
fRyvVvB9SSamKQ2y5S8N/OS09WQjAAAXmA+E/ZHHh4t+ZYJAxT1nI8MDqyNRZuys
ZyHOSOewdFmPfuJhXftjxDhyDL2qkiCi3jBdLmfvFraz6s0IcgvNkPUkBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcGS758m57EtmRCKITuXcgYatR5MB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvbHdaTHZueWJuc1MyWkVJb2hPNWR5QmhxMUhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iUMA0G
CSqGSIb3DQEBCwUAA4IBAQAjcafjUE7PxhimNpshpieu2N+2e4Y542TGsLz8NuWQ
eHOEMekcF6huTzjva6I72+qMT3Gl7bGbDBg5VANNLgZOxS/BBpoMLaFXl6CoNjrP
l/7BlPzFmtG5Ta2E644wth08PL7lHxE8tforrsV+Oe11EztVJD4wYG2zlMk/rCal
pCR2HVdnoJD/xmh/CiEGSnjZrHc4PjACloGF0sbE9mINr00EQqwdqwnpEWEdh8bX
qnLovKh87uOnfGP7SEM7wY0oJ0uWEnX8ovSlz5gWLTn2x34OhHdYSqcCm0rSDcq0
gAorPqCh8C0yO/kJBt75LT1j//NGusXjXYgn1v9VQHkx
-----END CERTIFICATE-----