Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/48ef27-5858-424b-add1-0f6455f05276/1/2LNHKRM6LGb1SQNMFWHYsqL4gA0.roa
File:                     2LNHKRM6LGb1SQNMFWHYsqL4gA0.roa (raw, json)
Hash identifier:          Lebm8MWbqU7lJJEa9svp1kAtq13EnCHpdLokMxqIu7I=
Subject key identifier:   D8:B3:47:29:13:3A:2C:66:F5:49:03:4C:15:61:D8:B2:A2:F8:80:0D
Certificate issuer:       /CN=d2f38d4aeb4d0288dbb854d1eae0bd8ad3f841fa
Certificate serial:       018CC7940966E5688EF0552C644371531111
Authority key identifier: D2:F3:8D:4A:EB:4D:02:88:DB:B8:54:D1:EA:E0:BD:8A:D3:F8:41:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0vONSutNAojbuFTR6uC9itP4Qfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/48ef27-5858-424b-add1-0f6455f05276/1/2LNHKRM6LGb1SQNMFWHYsqL4gA0.roa
Signing time:             Tue 02 Jan 2024 00:30:16 +0000
ROA not before:           Tue 02 Jan 2024 00:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210303
IP address blocks:        194.107.252.0/22 maxlen: 22
                          2a09:8900::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/48ef27-5858-424b-add1-0f6455f05276/1/0vONSutNAojbuFTR6uC9itP4Qfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/48ef27-5858-424b-add1-0f6455f05276/1/0vONSutNAojbuFTR6uC9itP4Qfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0vONSutNAojbuFTR6uC9itP4Qfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:09:66:e5:68:8e:f0:55:2c:64:43:71:53:11:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2f38d4aeb4d0288dbb854d1eae0bd8ad3f841fa
        Validity
            Not Before: Jan  2 00:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8b34729133a2c66f549034c1561d8b2a2f8800d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:86:7c:aa:d1:44:78:5b:fe:39:f8:54:e3:f5:
                    16:89:b5:94:0f:f4:e3:1b:b8:e6:38:9f:80:52:51:
                    01:a9:a8:8b:78:85:6f:27:59:03:c6:06:f0:64:ae:
                    53:ee:95:aa:6f:f5:a2:5b:d5:b8:6f:fd:f7:ef:e1:
                    86:8e:ad:61:37:0a:12:5c:f0:98:0a:93:1f:c1:37:
                    c3:23:be:90:53:ea:a2:22:2f:96:b4:51:b3:a1:4a:
                    2f:6a:e9:d7:9c:b3:12:c3:56:ca:33:a3:05:8f:ed:
                    45:4c:b3:ed:cc:02:8b:9f:ef:6c:d3:cf:e9:c3:fd:
                    7b:96:56:95:70:9e:bf:fe:da:34:ec:49:39:e1:bf:
                    47:80:4b:c9:72:18:7d:f8:c0:5d:ea:53:5d:f6:4a:
                    29:ef:94:60:bd:c4:9e:7f:7a:b5:ce:58:e8:7b:57:
                    81:83:1b:23:c4:52:1e:b1:48:12:11:4d:12:20:26:
                    0e:12:a5:e3:29:93:ad:f6:6c:d4:b0:30:bb:7a:3c:
                    5a:3e:5b:3f:02:f8:73:b7:f9:ad:50:4c:94:44:0b:
                    46:8e:95:1e:6e:e4:03:72:12:61:33:67:92:04:2c:
                    f3:d6:15:8f:bb:34:df:df:50:d9:22:62:b4:c6:93:
                    ed:bb:36:1d:72:73:47:ce:7a:48:6f:03:9f:0a:af:
                    b2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:B3:47:29:13:3A:2C:66:F5:49:03:4C:15:61:D8:B2:A2:F8:80:0D
            X509v3 Authority Key Identifier:
                keyid:D2:F3:8D:4A:EB:4D:02:88:DB:B8:54:D1:EA:E0:BD:8A:D3:F8:41:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0vONSutNAojbuFTR6uC9itP4Qfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/48ef27-5858-424b-add1-0f6455f05276/1/2LNHKRM6LGb1SQNMFWHYsqL4gA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/48ef27-5858-424b-add1-0f6455f05276/1/0vONSutNAojbuFTR6uC9itP4Qfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.107.252.0/22
                IPv6:
                  2a09:8900::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:0b:1e:71:34:db:31:24:e1:51:86:20:23:54:ac:50:5e:ef:
         4d:d5:1c:18:df:28:28:93:42:84:c4:93:1e:c7:8f:26:fc:96:
         82:61:c6:28:f7:fd:93:0a:82:a2:63:f0:15:9e:d1:d7:72:1a:
         65:1e:a7:4d:8c:57:71:ec:66:46:a5:60:54:8c:2a:1f:ad:76:
         2d:d9:35:ba:88:da:2f:8b:36:19:6b:fa:7e:53:89:92:6e:b8:
         30:22:0c:04:bd:96:36:b5:97:8a:04:23:90:19:a6:bc:3f:18:
         a9:86:80:e1:4b:26:71:e3:c2:81:74:b7:e9:47:c4:eb:35:a0:
         aa:38:78:70:01:71:bb:93:32:18:29:d0:08:ca:24:c2:d2:2a:
         8e:13:65:7f:9a:67:17:3f:96:59:07:e0:4a:bc:2a:65:9e:fa:
         dd:35:0b:1d:01:24:d8:5b:fb:5b:5f:50:ca:12:f8:0c:1d:06:
         57:25:c4:87:57:9f:44:f5:d4:5f:69:e7:0b:54:cb:a1:d5:5c:
         30:84:68:f9:38:40:ad:f7:0b:7d:25:2d:11:16:e7:9f:ba:59:
         75:8d:b7:81:8d:8e:69:49:3b:1c:04:75:0c:58:0a:5e:a7:46:
         f2:53:27:a9:07:d4:5b:7d:dd:a5:c8:9d:ab:9a:5d:19:b0:f6:
         be:dc:57:3b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlAlm5WiO8FUsZENxUxERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZjM4ZDRhZWI0ZDAyODhkYmI4NTRkMWVhZTBiZDhhZDNm
ODQxZmEwHhcNMjQwMTAyMDAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGIzNDcyOTEzM2EyYzY2ZjU0OTAzNGMxNTYxZDhiMmEyZjg4MDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoZ8qtFEeFv+OfhU4/UWibWUD/Tj
G7jmOJ+AUlEBqaiLeIVvJ1kDxgbwZK5T7pWqb/WiW9W4b/337+GGjq1hNwoSXPCY
CpMfwTfDI76QU+qiIi+WtFGzoUovaunXnLMSw1bKM6MFj+1FTLPtzAKLn+9s08/p
w/17llaVcJ6//to07Ek54b9HgEvJchh9+MBd6lNd9kop75RgvcSef3q1zljoe1eB
gxsjxFIesUgSEU0SICYOEqXjKZOt9mzUsDC7ejxaPls/Avhzt/mtUEyURAtGjpUe
buQDchJhM2eSBCzz1hWPuzTf31DZImK0xpPtuzYdcnNHznpIbwOfCq+ySQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNizRykTOixm9UkDTBVh2LKi+IANMB8GA1UdIwQY
MBaAFNLzjUrrTQKI27hU0ergvYrT+EH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHZPTlN1dE5Bb2pidUZUUjZ1QzlpdFA0UWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS80OGVmMjctNTg1OC00MjRiLWFkZDEt
MGY2NDU1ZjA1Mjc2LzEvMkxOSEtSTTZMR2IxU1FOTUZXSFlzcUw0Z0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS80OGVmMjctNTg1OC00MjRiLWFkZDEtMGY2NDU1ZjA1Mjc2
LzEvMHZPTlN1dE5Bb2pidUZUUjZ1QzlpdFA0UWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwmv8MA0E
AgACMAcDBQMqCYkAMA0GCSqGSIb3DQEBCwUAA4IBAQAiCx5xNNsxJOFRhiAjVKxQ
Xu9N1RwY3ygok0KExJMex48m/JaCYcYo9/2TCoKiY/AVntHXchplHqdNjFdx7GZG
pWBUjCofrXYt2TW6iNovizYZa/p+U4mSbrgwIgwEvZY2tZeKBCOQGaa8PxiphoDh
SyZx48KBdLfpR8TrNaCqOHhwAXG7kzIYKdAIyiTC0iqOE2V/mmcXP5ZZB+BKvCpl
nvrdNQsdASTYW/tbX1DKEvgMHQZXJcSHV59E9dRfaecLVMuh1VwwhGj5OECt9wt9
JS0RFuefull1jbeBjY5pSTscBHUMWApep0byUyepB9Rbfd2lyJ2rml0ZsPa+3Fc7
-----END CERTIFICATE-----