Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/ltm_4ga5m6jNxcLkxfLRCu-BEZo.roa
File:                     ltm_4ga5m6jNxcLkxfLRCu-BEZo.roa (raw, json)
Hash identifier:          B7hDpa/Xi/ivuvNmaJ4x3ZPAW+3ZBUpRYOyvqRz8ADA=
Subject key identifier:   96:D9:BF:E2:06:B9:9B:A8:CD:C5:C2:E4:C5:F2:D1:0A:EF:81:11:9A
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018CC348ADDB612FE099F59EAE854A723406
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/ltm_4ga5m6jNxcLkxfLRCu-BEZo.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206074
IP address blocks:        2a0e:d784::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ad:db:61:2f:e0:99:f5:9e:ae:85:4a:72:34:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96d9bfe206b99ba8cdc5c2e4c5f2d10aef81119a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c4:5b:93:7f:eb:92:cb:79:1c:93:3c:79:ba:
                    b2:85:71:d6:8c:f8:21:a8:64:72:e0:83:68:ae:ca:
                    e9:f6:05:e0:6e:2c:93:cf:97:d9:52:c7:63:f1:7f:
                    54:db:39:b5:5b:49:b2:7c:ff:2f:b5:07:ca:a1:41:
                    00:fc:5d:18:56:79:fc:02:7d:9b:c3:31:5d:0e:96:
                    dd:4c:2e:90:06:19:c0:fb:7f:3f:7e:bb:be:60:49:
                    76:93:e9:c3:94:19:17:34:8c:75:ec:b3:21:fa:ee:
                    53:a1:db:63:cf:f4:83:6a:29:4c:a5:17:d6:81:88:
                    f8:21:a5:f9:c0:41:bf:31:db:1b:24:89:97:e1:9c:
                    11:f7:69:2f:a3:d1:20:66:90:03:c1:73:1d:c9:80:
                    f0:77:eb:98:ed:06:97:63:3a:6e:f3:0e:06:e5:48:
                    8d:d2:47:25:e2:43:a1:12:21:c8:b4:ff:53:bc:ad:
                    80:68:d6:61:55:15:11:f4:32:14:a2:80:32:3e:49:
                    c6:f7:99:6b:5c:89:16:47:6b:64:f3:3a:cb:ff:55:
                    b9:f8:a6:68:a7:83:e0:8c:51:79:f1:e7:d7:80:2c:
                    43:92:61:df:7f:b8:ea:1e:c7:8d:b9:14:41:e9:bd:
                    d3:6f:76:4d:8a:7c:a8:4f:ca:1b:24:07:e7:bc:71:
                    f2:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:D9:BF:E2:06:B9:9B:A8:CD:C5:C2:E4:C5:F2:D1:0A:EF:81:11:9A
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/ltm_4ga5m6jNxcLkxfLRCu-BEZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d784::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:a5:e9:76:da:f5:c8:66:0e:ee:f9:9f:ac:0d:d0:3e:2d:c9:
         8e:01:52:5d:ca:bf:f5:6c:01:94:22:b4:77:8b:b1:cc:3c:72:
         cd:4d:96:10:e5:03:01:96:14:35:a3:46:73:f4:39:21:07:ae:
         cd:e9:0e:97:78:04:a1:cc:1c:0d:ab:44:85:5b:e9:35:1d:8c:
         c5:d0:68:77:8f:e7:19:82:27:3b:bb:62:80:88:17:0d:c9:c2:
         e6:50:88:84:72:c5:67:ee:1a:44:d5:37:b6:bc:9e:25:7a:61:
         45:a8:d6:15:12:0e:28:f4:23:f3:fc:a4:1d:8d:a3:e6:52:6c:
         54:7c:96:15:d0:74:56:48:b4:61:86:32:0e:00:93:96:9b:df:
         70:51:f6:32:87:40:89:1f:6d:bc:6a:fd:76:b2:d1:95:43:d9:
         62:74:2d:e7:d4:4a:05:bd:6b:a3:d8:4e:b9:a4:b4:31:19:0f:
         3a:e8:9d:0a:bf:96:fc:6b:cb:99:da:6c:7e:1a:d0:9e:7a:36:
         f0:28:96:ff:dd:ca:9d:1e:92:53:d9:05:74:51:40:00:57:0c:
         aa:a3:2d:25:aa:a9:b0:a6:2a:70:2a:fd:0d:27:19:cb:4d:d2:
         e7:60:14:e7:e3:14:3f:10:63:84:67:9f:87:2b:ea:df:e0:57:
         d7:d8:80:4f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSK3bYS/gmfWeroVKcjQGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmQ5YmZlMjA2Yjk5YmE4Y2RjNWMyZTRjNWYyZDEwYWVmODExMTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcRbk3/rkst5HJM8ebqyhXHWjPgh
qGRy4INorsrp9gXgbiyTz5fZUsdj8X9U2zm1W0myfP8vtQfKoUEA/F0YVnn8An2b
wzFdDpbdTC6QBhnA+38/fru+YEl2k+nDlBkXNIx17LMh+u5Todtjz/SDailMpRfW
gYj4IaX5wEG/MdsbJImX4ZwR92kvo9EgZpADwXMdyYDwd+uY7QaXYzpu8w4G5UiN
0kcl4kOhEiHItP9TvK2AaNZhVRUR9DIUooAyPknG95lrXIkWR2tk8zrL/1W5+KZo
p4PgjFF58efXgCxDkmHff7jqHseNuRRB6b3Tb3ZNinyoT8obJAfnvHHy/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJbZv+IGuZuozcXC5MXy0QrvgRGaMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvbHRtXzRnYTVtNmpOeGNMa3hmTFJDdS1CRVpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7XhDAN
BgkqhkiG9w0BAQsFAAOCAQEAUaXpdtr1yGYO7vmfrA3QPi3JjgFSXcq/9WwBlCK0
d4uxzDxyzU2WEOUDAZYUNaNGc/Q5IQeuzekOl3gEocwcDatEhVvpNR2MxdBod4/n
GYInO7tigIgXDcnC5lCIhHLFZ+4aRNU3tryeJXphRajWFRIOKPQj8/ykHY2j5lJs
VHyWFdB0Vki0YYYyDgCTlpvfcFH2ModAiR9tvGr9drLRlUPZYnQt59RKBb1ro9hO
uaS0MRkPOuidCr+W/GvLmdpsfhrQnno28CiW/93KnR6SU9kFdFFAAFcMqqMtJaqp
sKYqcCr9DScZy03S52AU5+MUPxBjhGefhyvq3+BX19iATw==
-----END CERTIFICATE-----