Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/Ltotk8i7HZHvN-uRlGopNS5FUNY.roa
File:                     Ltotk8i7HZHvN-uRlGopNS5FUNY.roa (raw, json)
Hash identifier:          Ck0Ln9+nNsOq0PIGXWusqOo59vgbe0EfZCv4ROvPI4Q=
Subject key identifier:   2E:DA:2D:93:C8:BB:1D:91:EF:37:EB:91:94:6A:29:35:2E:45:50:D6
Certificate issuer:       /CN=007e6b5aa437d3693151502a211496e37d4ae2c5
Certificate serial:       018CC64B7402759C535132CE48898E8550AE
Authority key identifier: 00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/Ltotk8i7HZHvN-uRlGopNS5FUNY.roa
Signing time:             Mon 01 Jan 2024 18:31:22 +0000
ROA not before:           Mon 01 Jan 2024 18:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47957
IP address blocks:        160.92.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:03:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:74:02:75:9c:53:51:32:ce:48:89:8e:85:50:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=007e6b5aa437d3693151502a211496e37d4ae2c5
        Validity
            Not Before: Jan  1 18:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2eda2d93c8bb1d91ef37eb91946a29352e4550d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:27:ef:c9:a6:09:b0:93:dc:b8:f7:95:19:e8:
                    68:52:0b:82:0f:5b:78:4f:a5:e5:30:0d:6e:6e:58:
                    0e:b7:ea:4f:ad:70:22:0c:21:aa:97:58:b6:00:c1:
                    01:cc:bd:9d:52:d2:92:8b:dd:41:77:74:2c:f4:b1:
                    28:67:92:d8:57:b6:d9:d1:9b:75:e9:4e:f4:fe:91:
                    fb:70:b6:d5:a5:d1:e9:a0:07:00:28:8e:8e:3b:2d:
                    fc:a4:f3:07:ac:5e:73:77:bd:20:56:4f:15:5e:ff:
                    f7:35:45:bf:7d:1d:2c:61:2d:a5:76:b1:b1:53:1f:
                    2b:74:b0:9e:79:67:d9:ce:3c:4f:81:bd:3d:d8:6d:
                    9b:32:4a:f8:1b:41:44:86:f1:48:34:dc:ae:39:7b:
                    d9:61:b1:6f:5b:1a:a7:98:28:11:a1:b3:81:d1:64:
                    1a:3a:d7:ed:0a:2b:d4:f5:39:95:e0:d1:aa:6a:21:
                    c0:5a:ab:2f:72:45:ec:fd:37:3e:89:29:29:f7:cf:
                    93:ce:07:7d:ab:10:fe:4d:d7:81:b2:a9:e9:ab:72:
                    85:79:fa:f0:6e:29:2f:dc:4c:a1:5b:0b:ee:f2:8a:
                    50:b9:c7:03:a2:52:6c:85:96:83:4d:e4:c3:67:7d:
                    28:99:8d:9d:16:ee:df:ee:2d:a1:73:49:82:3d:5e:
                    e4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:DA:2D:93:C8:BB:1D:91:EF:37:EB:91:94:6A:29:35:2E:45:50:D6
            X509v3 Authority Key Identifier:
                keyid:00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/Ltotk8i7HZHvN-uRlGopNS5FUNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.92.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ba:f5:31:53:85:ce:ec:74:81:b7:cb:cf:7d:f5:ce:c9:90:a7:
         da:5e:4a:ee:c7:4f:dc:26:41:eb:6b:b7:0f:2e:c3:f8:1f:87:
         2d:f1:2a:86:e5:7c:c3:63:50:fa:0b:2a:19:89:ff:00:50:1d:
         29:c3:88:e6:82:64:a8:6d:bb:68:1b:eb:54:fe:9e:b2:03:be:
         fc:00:36:37:16:4f:9b:4a:e6:06:0c:77:41:f4:0f:81:ae:0d:
         5c:4a:ae:6c:94:6c:bc:7f:9b:e0:b2:a9:87:dc:43:9e:12:7e:
         c2:23:5e:35:7b:1a:45:1a:35:8a:49:a5:68:b9:be:55:34:0c:
         a9:39:8b:18:8b:dc:62:87:e7:16:4a:25:81:37:cd:3d:f6:96:
         ad:cb:f9:28:0d:61:23:f0:5a:68:58:67:7a:02:bf:3a:d9:27:
         95:a5:94:b1:35:08:ef:60:6e:cb:19:b7:27:56:bc:f6:d4:0a:
         6b:71:5f:59:a7:e5:7a:81:60:a3:59:18:32:13:e3:10:6b:f8:
         c5:a0:15:0f:64:15:a0:7d:f4:9f:d8:2d:09:d3:27:f1:18:fe:
         1e:06:0f:5a:3b:48:f2:61:90:02:e6:29:ee:0f:f3:d0:5a:a5:
         2d:91:96:36:55:e2:c6:a4:93:50:84:d1:6c:55:28:63:1c:cf:
         39:1c:8a:ad
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGS3QCdZxTUTLOSImOhVCuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwN2U2YjVhYTQzN2QzNjkzMTUxNTAyYTIxMTQ5NmUzN2Q0
YWUyYzUwHhcNMjQwMTAxMTgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWRhMmQ5M2M4YmIxZDkxZWYzN2ViOTE5NDZhMjkzNTJlNDU1MGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjifvyaYJsJPcuPeVGehoUguCD1t4
T6XlMA1ublgOt+pPrXAiDCGql1i2AMEBzL2dUtKSi91Bd3Qs9LEoZ5LYV7bZ0Zt1
6U70/pH7cLbVpdHpoAcAKI6OOy38pPMHrF5zd70gVk8VXv/3NUW/fR0sYS2ldrGx
Ux8rdLCeeWfZzjxPgb092G2bMkr4G0FEhvFINNyuOXvZYbFvWxqnmCgRobOB0WQa
OtftCivU9TmV4NGqaiHAWqsvckXs/Tc+iSkp98+Tzgd9qxD+TdeBsqnpq3KFefrw
bikv3EyhWwvu8opQuccDolJshZaDTeTDZ30omY2dFu7f7i2hc0mCPV7klwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFC7aLZPIux2R7zfrkZRqKTUuRVDWMB8GA1UdIwQY
MBaAFAB+a1qkN9NpMVFQKiEUluN9SuLFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYt
NWE4YzY3ODQyMzg5LzEvTHRvdGs4aTdIWkh2Ti11UmxHb3BOUzVGVU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYtNWE4YzY3ODQyMzg5
LzEvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoFwwDQYJ
KoZIhvcNAQELBQADggEBALr1MVOFzux0gbfLz331zsmQp9peSu7HT9wmQetrtw8u
w/gfhy3xKoblfMNjUPoLKhmJ/wBQHSnDiOaCZKhtu2gb61T+nrIDvvwANjcWT5tK
5gYMd0H0D4GuDVxKrmyUbLx/m+CyqYfcQ54SfsIjXjV7GkUaNYpJpWi5vlU0DKk5
ixiL3GKH5xZKJYE3zT32lq3L+SgNYSPwWmhYZ3oCvzrZJ5WllLE1CO9gbssZtydW
vPbUCmtxX1mn5XqBYKNZGDIT4xBr+MWgFQ9kFaB99J/YLQnTJ/EY/h4GD1o7SPJh
kALmKe4P89BapS2RljZV4sakk1CE0WxVKGMczzkciq0=
-----END CERTIFICATE-----