Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1-LihHgtCNLo93aCuw-DARejTqEQ.roa
File:                     1-LihHgtCNLo93aCuw-DARejTqEQ.roa (raw, json)
Hash identifier:          ZnHgGuigycbO5++3tmS9Pe0CNJRJaxAcAzBde9nno/c=
Subject key identifier:   F8:B8:A1:1E:0B:42:34:BA:3D:DD:A0:AE:C3:E0:C0:45:E8:D3:A8:44
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348DD1D69627B9A4610790B550CBF32
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1-LihHgtCNLo93aCuw-DARejTqEQ.roa
Signing time:             Mon 01 Jan 2024 04:29:41 +0000
ROA not before:           Mon 01 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60420
IP address blocks:        212.243.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:dd:1d:69:62:7b:9a:46:10:79:0b:55:0c:bf:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8b8a11e0b4234ba3ddda0aec3e0c045e8d3a844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:24:25:15:47:5e:12:4b:28:ca:fc:cf:9a:c9:
                    8d:bc:9c:e5:fd:2c:96:23:b7:cc:d7:ad:de:9f:4d:
                    90:c5:3d:35:fd:a5:18:27:48:d2:40:ae:8d:d8:df:
                    c0:96:eb:2d:01:98:e3:c5:42:ce:fa:2d:50:72:48:
                    88:17:91:be:bd:3e:82:53:2c:9d:e4:a5:10:54:64:
                    f5:26:00:f8:4d:17:bc:4d:3c:65:ec:8c:64:89:3f:
                    e5:0f:0d:aa:fd:ab:7e:ce:ca:b8:3a:02:d5:e6:3e:
                    03:f6:f2:83:7c:d1:19:3e:21:64:53:4f:51:c0:cf:
                    7c:ab:3e:08:94:72:10:60:90:a2:58:2e:a1:62:dd:
                    6d:06:6e:23:ec:3c:a0:b3:22:cf:15:88:45:d6:da:
                    97:3f:d7:34:ae:fa:db:f0:a8:c4:2b:c8:2e:58:2b:
                    9d:5d:b1:15:16:e3:38:43:40:54:3d:a1:ab:0d:40:
                    4a:cc:88:07:33:44:3a:c8:85:50:e5:c8:80:f3:2f:
                    b0:84:cb:81:87:6c:2b:a2:cd:b7:89:0f:a2:46:a0:
                    2f:56:48:15:4c:07:1a:3a:de:0c:84:b1:36:da:64:
                    0b:1f:ab:68:e2:51:03:92:7d:ca:64:f6:c8:26:6d:
                    96:2a:b5:99:91:1c:f6:d9:6e:33:36:a9:95:3e:17:
                    e6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:B8:A1:1E:0B:42:34:BA:3D:DD:A0:AE:C3:E0:C0:45:E8:D3:A8:44
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1-LihHgtCNLo93aCuw-DARejTqEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.243.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:1c:e6:7d:39:21:cc:3a:46:7b:84:06:9a:67:6f:e2:e3:09:
         6e:ea:2a:9e:c5:6d:63:27:0f:76:31:cb:48:b3:46:8a:30:28:
         4d:01:ce:81:bc:a0:13:a9:e9:2d:5b:03:b6:e4:66:fa:37:c7:
         e2:fd:69:d5:21:ce:ee:29:f0:9d:73:46:5b:a5:b9:4f:4e:89:
         7c:fa:4e:62:04:d4:71:7a:2a:0d:c6:a9:12:9c:11:2e:66:57:
         1e:f0:39:f8:0a:ea:37:4b:df:74:59:93:98:f1:5f:d6:13:0d:
         dc:5b:51:66:29:8e:fd:34:86:74:15:63:e8:e3:26:f5:c4:5b:
         13:1b:9c:26:71:6f:20:fa:8d:20:92:20:22:c4:49:aa:cc:3a:
         5d:42:c1:6f:ac:4d:47:b7:4e:18:1d:47:99:af:c5:fb:f9:b8:
         64:f0:cb:d4:a8:67:99:5e:24:41:3f:06:63:2c:c9:3e:a8:55:
         38:a1:3f:18:8e:16:0b:f6:a0:ee:8c:99:4a:aa:a1:cf:bd:73:
         c2:93:d9:71:f4:26:2e:e6:bb:a6:f6:68:f6:c1:fe:3e:a9:7c:
         c5:6d:23:30:3d:ba:94:93:07:03:8b:5b:a4:64:6e:53:18:2a:
         28:5e:4c:3c:22:42:d2:90:18:8e:d6:3b:45:4d:e4:0c:d9:74:
         67:5f:e0:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSN0daWJ7mkYQeQtVDL8yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGI4YTExZTBiNDIzNGJhM2RkZGEwYWVjM2UwYzA0NWU4ZDNhODQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yQlFUdeEksoyvzPmsmNvJzl/SyW
I7fM163en02QxT01/aUYJ0jSQK6N2N/AlustAZjjxULO+i1QckiIF5G+vT6CUyyd
5KUQVGT1JgD4TRe8TTxl7IxkiT/lDw2q/at+zsq4OgLV5j4D9vKDfNEZPiFkU09R
wM98qz4IlHIQYJCiWC6hYt1tBm4j7DygsyLPFYhF1tqXP9c0rvrb8KjEK8guWCud
XbEVFuM4Q0BUPaGrDUBKzIgHM0Q6yIVQ5ciA8y+whMuBh2wros23iQ+iRqAvVkgV
TAcaOt4MhLE22mQLH6to4lEDkn3KZPbIJm2WKrWZkRz22W4zNqmVPhfmaQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPi4oR4LQjS6Pd2grsPgwEXo06hEMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvMS1MaWhIZ3RDTkxvOTNhQ3V3LURBUmVqVHFFUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjkvYzhjNmY2LTU5NWMtNDViMS1hNzZlLWJkMTkyNjc2Yzli
Yi8xL0ptUHoyeFV1QlZyQlJiMjdRcDRCaGxRZ1RJMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANTzfzAN
BgkqhkiG9w0BAQsFAAOCAQEAvBzmfTkhzDpGe4QGmmdv4uMJbuoqnsVtYycPdjHL
SLNGijAoTQHOgbygE6npLVsDtuRm+jfH4v1p1SHO7inwnXNGW6W5T06JfPpOYgTU
cXoqDcapEpwRLmZXHvA5+ArqN0vfdFmTmPFf1hMN3FtRZimO/TSGdBVj6OMm9cRb
ExucJnFvIPqNIJIgIsRJqsw6XULBb6xNR7dOGB1Hma/F+/m4ZPDL1KhnmV4kQT8G
YyzJPqhVOKE/GI4WC/ag7oyZSqqhz71zwpPZcfQmLua7pvZo9sH+Pql8xW0jMD26
lJMHA4tbpGRuUxgqKF5MPCJC0pAYjtY7RU3kDNl0Z1/g2Q==
-----END CERTIFICATE-----