Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/LWdhLEQwVNZXo7prefR4ljzbiyg.roa
File:                     LWdhLEQwVNZXo7prefR4ljzbiyg.roa (raw, json)
Hash identifier:          Qvhb/axMKjsUqF5JmI3xVARtGwY/2dtkkMf115x9CP8=
Subject key identifier:   2D:67:61:2C:44:30:54:D6:57:A3:BA:6B:79:F4:78:96:3C:DB:8B:28
Certificate issuer:       /CN=97c60d4d458cec3b8d618a01300642b588c3173b
Certificate serial:       018CC34926AC8EEF95C1AA0B42754F0381F5
Authority key identifier: 97:C6:0D:4D:45:8C:EC:3B:8D:61:8A:01:30:06:42:B5:88:C3:17:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l8YNTUWM7DuNYYoBMAZCtYjDFzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/LWdhLEQwVNZXo7prefR4ljzbiyg.roa
Signing time:             Mon 01 Jan 2024 04:30:00 +0000
ROA not before:           Mon 01 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58272
IP address blocks:        91.199.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/l8YNTUWM7DuNYYoBMAZCtYjDFzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/l8YNTUWM7DuNYYoBMAZCtYjDFzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l8YNTUWM7DuNYYoBMAZCtYjDFzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:26:ac:8e:ef:95:c1:aa:0b:42:75:4f:03:81:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97c60d4d458cec3b8d618a01300642b588c3173b
        Validity
            Not Before: Jan  1 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d67612c443054d657a3ba6b79f478963cdb8b28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4f:b1:c4:da:42:70:16:8e:3a:81:54:f6:b0:
                    03:e1:29:93:da:7f:fc:04:f7:e0:7d:48:cd:1f:43:
                    f3:c5:07:48:2c:6a:6d:1a:a4:31:d1:14:9e:2b:db:
                    b6:de:ab:9b:41:4d:92:33:e1:2c:2d:c1:e7:25:aa:
                    15:2c:e8:f3:14:cc:c8:33:26:fc:82:70:00:ad:64:
                    49:dc:34:b1:27:95:97:91:f2:b1:42:37:98:19:ea:
                    2f:99:44:49:8a:9a:94:ae:57:8d:d4:5b:27:2a:29:
                    13:16:8c:fa:19:21:af:13:f4:d9:61:0b:7c:8b:b3:
                    0d:77:26:b8:36:3c:40:ff:97:52:75:b9:0f:9e:df:
                    ac:75:e9:a4:d6:08:ca:b6:aa:6e:9f:ff:36:7d:42:
                    1b:3a:68:8f:a8:d6:db:2a:5b:13:e0:d8:04:70:aa:
                    c6:9a:57:d4:23:e4:be:5f:28:5a:d2:19:8c:ff:cf:
                    77:5e:af:2b:7a:3d:b1:88:ec:36:76:8a:b7:78:2a:
                    66:c6:7b:10:09:60:52:ff:36:a3:99:c6:6f:f8:b1:
                    15:93:78:e7:d9:eb:d9:35:1a:17:ef:1f:4a:c7:00:
                    74:36:a6:c9:cb:44:69:6e:11:e5:cd:fd:76:99:cb:
                    91:98:9a:05:4b:2b:b0:46:6c:fb:c3:7e:cd:80:8e:
                    48:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:67:61:2C:44:30:54:D6:57:A3:BA:6B:79:F4:78:96:3C:DB:8B:28
            X509v3 Authority Key Identifier:
                keyid:97:C6:0D:4D:45:8C:EC:3B:8D:61:8A:01:30:06:42:B5:88:C3:17:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l8YNTUWM7DuNYYoBMAZCtYjDFzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/LWdhLEQwVNZXo7prefR4ljzbiyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/l8YNTUWM7DuNYYoBMAZCtYjDFzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:e6:1b:6a:b8:d7:76:11:51:6b:f6:ba:48:c3:9e:98:08:9b:
         3d:d9:ff:34:59:fe:b6:86:53:29:b8:37:9d:a4:89:e7:26:b7:
         3e:33:ef:6a:20:6c:f4:fc:2f:59:07:b6:98:0b:25:a6:2a:d3:
         ee:fb:cd:56:8e:46:19:0d:54:3e:5c:14:cc:89:09:f3:a5:de:
         df:1c:78:2e:3f:0d:49:36:6e:99:c5:5b:b9:91:70:c0:42:4b:
         1c:30:57:66:33:7f:bf:71:6d:eb:8a:de:37:03:99:62:50:91:
         45:e8:a7:4f:99:83:a8:ac:e4:9d:29:27:a1:32:a0:50:28:1f:
         1b:71:cc:2c:bf:35:53:61:22:02:67:97:69:73:19:e3:02:c3:
         91:3e:a4:b7:fd:4e:c5:e2:d6:e7:b6:9d:26:b1:ed:ae:d9:57:
         2e:67:66:f3:35:67:00:14:a9:7e:07:93:bc:09:47:a5:f3:d8:
         90:62:82:5a:cf:f9:1d:8a:c9:e2:ba:a4:fa:85:d2:14:f2:67:
         cf:77:99:59:bd:b4:dc:2c:91:b3:2d:fe:01:1b:cb:e2:eb:0d:
         be:f4:c0:74:c0:94:af:6a:6f:a9:85:a7:e4:37:de:e5:49:bf:
         6b:59:08:28:42:79:6b:43:76:b8:84:80:e0:73:e8:2c:08:b3:
         04:f7:bc:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSasju+VwaoLQnVPA4H1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YzYwZDRkNDU4Y2VjM2I4ZDYxOGEwMTMwMDY0MmI1ODhj
MzE3M2IwHhcNMjQwMTAxMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDY3NjEyYzQ0MzA1NGQ2NTdhM2JhNmI3OWY0Nzg5NjNjZGI4YjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkk+xxNpCcBaOOoFU9rAD4SmT2n/8
BPfgfUjNH0PzxQdILGptGqQx0RSeK9u23qubQU2SM+EsLcHnJaoVLOjzFMzIMyb8
gnAArWRJ3DSxJ5WXkfKxQjeYGeovmURJipqUrleN1FsnKikTFoz6GSGvE/TZYQt8
i7MNdya4NjxA/5dSdbkPnt+sdemk1gjKtqpun/82fUIbOmiPqNbbKlsT4NgEcKrG
mlfUI+S+Xyha0hmM/893Xq8rej2xiOw2doq3eCpmxnsQCWBS/zajmcZv+LEVk3jn
2evZNRoX7x9KxwB0NqbJy0RpbhHlzf12mcuRmJoFSyuwRmz7w37NgI5IMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1nYSxEMFTWV6O6a3n0eJY824soMB8GA1UdIwQY
MBaAFJfGDU1FjOw7jWGKATAGQrWIwxc7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDhZTlRVV003RHVOWVlvQk1BWkN0WWpERnpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYjRiMTctYWE2Yi00ZmMyLWEwM2Yt
N2MwMzYxNzgxMjZjLzEvTFdkaExFUXdWTlpYbzdwcmVmUjRsanpiaXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYjRiMTctYWE2Yi00ZmMyLWEwM2YtN2MwMzYxNzgxMjZj
LzEvbDhZTlRVV003RHVOWVlvQk1BWkN0WWpERnpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8erMA0G
CSqGSIb3DQEBCwUAA4IBAQAn5htquNd2EVFr9rpIw56YCJs92f80Wf62hlMpuDed
pInnJrc+M+9qIGz0/C9ZB7aYCyWmKtPu+81WjkYZDVQ+XBTMiQnzpd7fHHguPw1J
Nm6ZxVu5kXDAQkscMFdmM3+/cW3rit43A5liUJFF6KdPmYOorOSdKSehMqBQKB8b
ccwsvzVTYSICZ5dpcxnjAsORPqS3/U7F4tbntp0mse2u2VcuZ2bzNWcAFKl+B5O8
CUel89iQYoJaz/kdisniuqT6hdIU8mfPd5lZvbTcLJGzLf4BG8vi6w2+9MB0wJSv
am+phafkN97lSb9rWQgoQnlrQ3a4hIDgc+gsCLME97wl
-----END CERTIFICATE-----