Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/lgBmfJ4pdpPhLUFGbohh0OwY1ME.roa
File:                     lgBmfJ4pdpPhLUFGbohh0OwY1ME.roa (raw, json)
Hash identifier:          x8hNwusXBAvn6wxypmaX2FEwzDRNl0nacxt9bBpq2Fc=
Subject key identifier:   96:00:66:7C:9E:29:76:93:E1:2D:41:46:6E:88:61:D0:EC:18:D4:C1
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019428266FAC300DC5B82DA1CD1F80635742
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/lgBmfJ4pdpPhLUFGbohh0OwY1ME.roa
Signing time:             Thu 02 Jan 2025 17:53:15 +0000
ROA not before:           Thu 02 Jan 2025 17:53:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.21.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:6f:ac:30:0d:c5:b8:2d:a1:cd:1f:80:63:57:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9600667c9e297693e12d41466e8861d0ec18d4c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:51:95:c9:4f:1d:ec:21:70:b8:57:e6:e5:d0:
                    4d:bb:65:e8:72:0f:1f:b3:b0:27:e3:07:6c:7e:4c:
                    d3:93:b6:48:1f:26:f6:d9:f8:8a:d0:83:77:45:2a:
                    80:96:67:f1:20:42:fe:86:fb:2a:f1:00:af:ef:1b:
                    d6:57:f5:2e:34:f1:b0:30:fc:61:92:f9:c0:1e:c3:
                    38:b8:ac:87:3d:2a:f2:18:40:37:30:7e:3b:ae:37:
                    f2:f4:bd:e8:4b:7f:16:93:d5:03:0f:6f:53:6b:5a:
                    5b:57:c7:3e:7f:c9:2b:4f:f1:72:e9:6b:9a:23:91:
                    a6:53:f6:3b:81:75:8d:37:c6:66:e4:7f:d4:47:91:
                    7a:46:15:cf:3c:97:28:c4:b1:da:52:96:9b:72:ac:
                    5c:1a:bc:8b:14:e4:1c:f6:08:df:bc:89:08:10:49:
                    84:b2:74:c5:08:6e:8c:66:a3:17:88:41:a7:b9:0c:
                    92:9d:d6:24:e0:d4:6c:f1:ec:73:28:67:76:92:a9:
                    9d:e9:37:8f:58:da:8c:ca:da:d3:d8:c7:cc:4c:1f:
                    90:a2:ba:70:b2:a5:f5:50:68:ee:ff:95:6a:c1:f2:
                    a6:3d:29:56:30:03:40:e9:7f:d7:30:f9:57:c3:84:
                    8a:79:50:bc:1d:a2:73:a5:19:0f:96:b9:1e:11:f3:
                    26:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:00:66:7C:9E:29:76:93:E1:2D:41:46:6E:88:61:D0:EC:18:D4:C1
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/lgBmfJ4pdpPhLUFGbohh0OwY1ME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:c2:3b:de:de:ef:49:b5:ae:24:70:46:df:83:07:62:65:f1:
         56:c6:6b:7d:a8:26:f9:91:10:e0:cb:10:ee:73:e6:f4:4a:9c:
         0d:9e:0b:16:06:99:23:2d:cd:bd:f3:8a:63:7c:a6:91:aa:d4:
         21:fa:0b:dd:9e:e6:7f:00:13:06:65:87:7b:f5:87:4e:58:9a:
         48:ae:e6:b1:f1:74:65:38:ab:fc:a6:cf:fe:a9:b6:59:e3:8f:
         6d:f9:36:32:db:98:9c:4a:5b:e3:f3:07:e0:9c:ee:d5:f4:56:
         ae:de:f4:1a:a4:24:3e:c3:e1:14:2a:a1:c5:ef:6a:78:6d:dc:
         00:1b:ec:bb:3b:0e:31:7f:45:4a:bb:d7:eb:7d:e3:e3:b0:26:
         e8:92:52:d6:01:ce:f3:1c:c5:24:c4:b0:a8:64:17:d0:73:c3:
         1c:44:0d:f1:29:da:da:a7:c8:6a:0d:59:ff:61:25:f2:c9:3b:
         c6:5d:66:a3:05:f2:37:09:9d:e5:fa:e8:20:e7:f3:3b:4f:fa:
         8e:17:d7:65:03:82:0d:7d:7d:36:b3:48:ae:a2:0b:00:05:6d:
         82:eb:c8:41:e2:cc:9f:b0:2a:4a:47:18:9d:54:f2:93:97:ae:
         1f:ee:5d:67:eb:c3:b7:56:02:a7:1b:5e:46:6c:a9:33:be:85:
         a9:34:3b:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJm+sMA3FuC2hzR+AY1dCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjAwNjY3YzllMjk3NjkzZTEyZDQxNDY2ZTg4NjFkMGVjMThkNGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFGVyU8d7CFwuFfm5dBNu2Xocg8f
s7An4wdsfkzTk7ZIHyb22fiK0IN3RSqAlmfxIEL+hvsq8QCv7xvWV/UuNPGwMPxh
kvnAHsM4uKyHPSryGEA3MH47rjfy9L3oS38Wk9UDD29Ta1pbV8c+f8krT/Fy6Wua
I5GmU/Y7gXWNN8Zm5H/UR5F6RhXPPJcoxLHaUpabcqxcGryLFOQc9gjfvIkIEEmE
snTFCG6MZqMXiEGnuQySndYk4NRs8exzKGd2kqmd6TePWNqMytrT2MfMTB+Qorpw
sqX1UGju/5VqwfKmPSlWMANA6X/XMPlXw4SKeVC8HaJzpRkPlrkeEfMm7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYAZnyeKXaT4S1BRm6IYdDsGNTBMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvbGdCbWZKNHBkcFBoTFVGR2JvaGgwT3dZMU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX9MA0G
CSqGSIb3DQEBCwUAA4IBAQCBwjve3u9Jta4kcEbfgwdiZfFWxmt9qCb5kRDgyxDu
c+b0SpwNngsWBpkjLc2984pjfKaRqtQh+gvdnuZ/ABMGZYd79YdOWJpIruax8XRl
OKv8ps/+qbZZ449t+TYy25icSlvj8wfgnO7V9Fau3vQapCQ+w+EUKqHF72p4bdwA
G+y7Ow4xf0VKu9frfePjsCboklLWAc7zHMUkxLCoZBfQc8McRA3xKdrap8hqDVn/
YSXyyTvGXWajBfI3CZ3l+ugg5/M7T/qOF9dlA4INfX02s0iuogsABW2C68hB4syf
sCpKRxidVPKTl64f7l1n68O3VgKnG15GbKkzvoWpNDtW
-----END CERTIFICATE-----