Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/2a8f7e-e605-4114-90e8-f600d0fd03ce/1/LKhnv9hiKADsxHu3D6dmKV3Uxjg.roa
File:                     LKhnv9hiKADsxHu3D6dmKV3Uxjg.roa (raw, json)
Hash identifier:          0L9zVHVS309CjYdnW1dV9AT/2h16ixsLw5MG8iD7p+4=
Subject key identifier:   2C:A8:67:BF:D8:62:28:00:EC:C4:7B:B7:0F:A7:66:29:5D:D4:C6:38
Certificate issuer:       /CN=ac2119178bfd923a4b5ec406d9fe1452b2776efa
Certificate serial:       018CC64AF37C82EDC67263F2E9AED859792C
Authority key identifier: AC:21:19:17:8B:FD:92:3A:4B:5E:C4:06:D9:FE:14:52:B2:77:6E:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rCEZF4v9kjpLXsQG2f4UUrJ3bvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/2a8f7e-e605-4114-90e8-f600d0fd03ce/1/LKhnv9hiKADsxHu3D6dmKV3Uxjg.roa
Signing time:             Mon 01 Jan 2024 18:30:49 +0000
ROA not before:           Mon 01 Jan 2024 18:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39790
IP address blocks:        81.91.80.0/20 maxlen: 21
                          185.14.224.0/22 maxlen: 23
                          2001:1568::/32 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/2a8f7e-e605-4114-90e8-f600d0fd03ce/1/rCEZF4v9kjpLXsQG2f4UUrJ3bvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/2a8f7e-e605-4114-90e8-f600d0fd03ce/1/rCEZF4v9kjpLXsQG2f4UUrJ3bvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rCEZF4v9kjpLXsQG2f4UUrJ3bvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f3:7c:82:ed:c6:72:63:f2:e9:ae:d8:59:79:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac2119178bfd923a4b5ec406d9fe1452b2776efa
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ca867bfd8622800ecc47bb70fa766295dd4c638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6a:9a:24:63:1e:de:a2:17:22:0e:00:29:d8:
                    a5:6b:e5:13:65:ee:48:b0:15:f0:d0:b1:8d:0e:4b:
                    c9:62:19:0e:92:f6:f0:69:ac:f1:42:3c:ba:3c:ac:
                    1b:97:7c:4f:99:f3:a7:fc:39:1e:d7:6e:ae:9a:0e:
                    bb:f4:8c:53:a7:d5:21:a4:37:3c:aa:31:ce:28:5f:
                    6b:94:0d:50:2e:1b:29:9b:b4:e9:14:74:ef:f9:9e:
                    2a:6a:45:91:ae:2b:fd:70:4d:75:0d:0d:a5:c2:ca:
                    d5:6b:97:18:c9:e5:a7:76:46:0d:c9:0f:00:2e:fc:
                    93:5c:18:57:cb:da:72:68:28:42:72:c0:af:9e:b5:
                    a3:f9:7e:bb:53:b1:a1:2f:35:ca:5a:b5:61:43:b2:
                    24:73:2d:bd:b9:78:71:be:dd:f9:e8:e3:87:b3:64:
                    ee:57:0a:89:68:5f:f9:17:d6:92:73:65:98:cb:d5:
                    a6:32:59:d4:02:76:cb:36:8b:c4:21:2f:97:a4:b0:
                    61:f8:50:23:66:e8:47:6b:71:32:f5:11:de:64:c3:
                    b4:ed:40:79:3e:07:e3:ed:e4:d0:68:49:64:56:b3:
                    41:87:bf:b6:3f:91:d5:f0:65:1e:79:79:38:b5:4b:
                    c5:1e:db:99:e1:7b:4a:d5:64:09:21:52:9f:91:97:
                    0e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:A8:67:BF:D8:62:28:00:EC:C4:7B:B7:0F:A7:66:29:5D:D4:C6:38
            X509v3 Authority Key Identifier:
                keyid:AC:21:19:17:8B:FD:92:3A:4B:5E:C4:06:D9:FE:14:52:B2:77:6E:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rCEZF4v9kjpLXsQG2f4UUrJ3bvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/2a8f7e-e605-4114-90e8-f600d0fd03ce/1/LKhnv9hiKADsxHu3D6dmKV3Uxjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/2a8f7e-e605-4114-90e8-f600d0fd03ce/1/rCEZF4v9kjpLXsQG2f4UUrJ3bvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.91.80.0/20
                  185.14.224.0/22
                IPv6:
                  2001:1568::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:7c:bc:b6:2f:6f:42:11:5f:af:4f:8e:26:07:de:f0:88:59:
         82:e4:e1:17:22:46:ae:e9:b7:6e:75:a9:78:91:da:89:75:0f:
         a1:3e:dc:d5:bf:42:bf:51:ec:ed:4e:b1:63:91:7b:f2:64:b9:
         1d:e5:38:9d:44:7c:36:d6:aa:6a:c1:41:a8:18:1a:21:ff:66:
         f8:d8:f8:e7:5c:43:55:4a:8a:ab:92:56:27:66:ed:ab:87:ec:
         b1:00:ff:28:cc:78:fe:cb:b3:54:9d:d5:80:1b:55:a5:73:3b:
         e4:58:d4:27:96:a7:ad:52:7b:6a:40:b4:64:51:a8:fa:16:76:
         0d:2f:ed:23:ed:9c:ff:65:59:18:bd:4b:b1:82:8f:81:c5:d4:
         ee:da:37:8a:65:fe:6b:24:2e:80:1a:55:2e:21:51:bc:f1:e4:
         ab:a9:65:ec:b5:80:9e:10:23:52:4c:49:bd:a2:5b:6d:9d:18:
         65:48:64:4c:a7:56:4b:ec:d3:ce:60:e4:62:fc:d4:ae:f3:1d:
         0c:99:31:ad:e4:cd:9b:17:e8:56:05:9c:c3:f4:16:32:27:76:
         ea:15:70:dc:19:89:bb:84:2e:2d:e7:b4:37:a0:1b:80:e0:c2:
         07:35:b7:6b:74:f9:c3:3c:7a:70:d2:c2:9b:ef:34:73:4f:2e:
         68:85:0a:f3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGSvN8gu3GcmPy6a7YWXksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMjExOTE3OGJmZDkyM2E0YjVlYzQwNmQ5ZmUxNDUyYjI3
NzZlZmEwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2E4NjdiZmQ4NjIyODAwZWNjNDdiYjcwZmE3NjYyOTVkZDRjNjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGqaJGMe3qIXIg4AKdila+UTZe5I
sBXw0LGNDkvJYhkOkvbwaazxQjy6PKwbl3xPmfOn/Dke126umg679IxTp9UhpDc8
qjHOKF9rlA1QLhspm7TpFHTv+Z4qakWRriv9cE11DQ2lwsrVa5cYyeWndkYNyQ8A
LvyTXBhXy9pyaChCcsCvnrWj+X67U7GhLzXKWrVhQ7Ikcy29uXhxvt356OOHs2Tu
VwqJaF/5F9aSc2WYy9WmMlnUAnbLNovEIS+XpLBh+FAjZuhHa3Ey9RHeZMO07UB5
Pgfj7eTQaElkVrNBh7+2P5HV8GUeeXk4tUvFHtuZ4XtK1WQJIVKfkZcO2wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCyoZ7/YYigA7MR7tw+nZild1MY4MB8GA1UdIwQY
MBaAFKwhGReL/ZI6S17EBtn+FFKyd276MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckNFWkY0djlranBMWHNRRzJmNFVVckozYnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yYThmN2UtZTYwNS00MTE0LTkwZTgt
ZjYwMGQwZmQwM2NlLzEvTEtobnY5aGlLQURzeEh1M0Q2ZG1LVjNVeGpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yYThmN2UtZTYwNS00MTE0LTkwZTgtZjYwMGQwZmQwM2Nl
LzEvckNFWkY0djlranBMWHNRRzJmNFVVckozYnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUVtQAwQC
uQ7gMA0EAgACMAcDBQAgARVoMA0GCSqGSIb3DQEBCwUAA4IBAQBJfLy2L29CEV+v
T44mB97wiFmC5OEXIkau6bdudal4kdqJdQ+hPtzVv0K/UeztTrFjkXvyZLkd5Tid
RHw21qpqwUGoGBoh/2b42PjnXENVSoqrklYnZu2rh+yxAP8ozHj+y7NUndWAG1Wl
czvkWNQnlqetUntqQLRkUaj6FnYNL+0j7Zz/ZVkYvUuxgo+BxdTu2jeKZf5rJC6A
GlUuIVG88eSrqWXstYCeECNSTEm9olttnRhlSGRMp1ZL7NPOYORi/NSu8x0MmTGt
5M2bF+hWBZzD9BYyJ3bqFXDcGYm7hC4t57Q3oBuA4MIHNbdrdPnDPHpw0sKb7zRz
Ty5ohQrz
-----END CERTIFICATE-----