Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/1-lmapd5w9HD2F08R09w_tZRWCa0.roa
File:                     1-lmapd5w9HD2F08R09w_tZRWCa0.roa (raw, json)
Hash identifier:          wweZhb13in2MHBYbFFvgxz1Av+9tarTLaej3LMI0a4A=
Subject key identifier:   FA:59:9A:A5:DE:70:F4:70:F6:17:4F:11:D3:DC:3F:B5:94:56:09:AD
Certificate issuer:       /CN=d7880ed1021d0ecac71205673b004813b39dfc99
Certificate serial:       019426D98261052E311C7A7B830A34C3B971
Authority key identifier: D7:88:0E:D1:02:1D:0E:CA:C7:12:05:67:3B:00:48:13:B3:9D:FC:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/14gO0QIdDsrHEgVnOwBIE7Od_Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/1-lmapd5w9HD2F08R09w_tZRWCa0.roa
Signing time:             Thu 02 Jan 2025 11:49:36 +0000
ROA not before:           Thu 02 Jan 2025 11:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3262
IP address blocks:        217.18.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/14gO0QIdDsrHEgVnOwBIE7Od_Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/14gO0QIdDsrHEgVnOwBIE7Od_Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/14gO0QIdDsrHEgVnOwBIE7Od_Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:82:61:05:2e:31:1c:7a:7b:83:0a:34:c3:b9:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7880ed1021d0ecac71205673b004813b39dfc99
        Validity
            Not Before: Jan  2 11:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa599aa5de70f470f6174f11d3dc3fb5945609ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:72:98:2c:c2:4d:1c:31:90:a7:58:14:9c:2e:
                    e9:0e:5f:2e:52:ad:45:42:35:d0:a8:e6:62:ce:12:
                    17:ef:ac:44:93:90:d5:a2:bb:a8:42:e2:20:86:c8:
                    0e:cb:75:fb:9b:d9:ec:30:b9:8e:bf:6a:e5:04:0f:
                    33:d8:6e:c0:88:f6:56:52:cc:b0:e6:ae:e2:06:5b:
                    08:58:e4:f9:48:75:18:28:25:9d:4a:2e:f4:17:3f:
                    6e:57:43:06:c4:db:a9:62:bb:42:ca:86:9e:c3:c4:
                    f5:46:cb:d7:d4:b8:d4:1c:81:9e:9a:76:ff:0d:69:
                    6d:f9:e6:5d:10:b9:bb:cc:c4:0c:39:f3:a0:7f:f8:
                    26:bd:ad:f0:99:5e:39:9d:ad:53:b1:bc:c7:bc:05:
                    a9:b6:70:b9:a8:99:cc:cc:3c:97:41:23:eb:d4:66:
                    8d:f8:55:e0:8c:76:7e:06:18:8c:58:9d:56:6f:59:
                    ba:a7:5d:43:ce:ee:34:49:42:3b:89:dd:11:b8:22:
                    fb:cf:1b:55:7f:6f:4f:53:f3:ba:8d:6c:91:87:a4:
                    54:c4:34:4c:8e:f6:9b:4d:f4:d8:41:e2:27:ca:af:
                    56:fb:01:99:b1:aa:31:8a:a6:d6:03:7a:d4:aa:38:
                    4b:8e:27:5e:40:b7:a5:6e:f1:a6:17:50:43:4a:47:
                    1b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:59:9A:A5:DE:70:F4:70:F6:17:4F:11:D3:DC:3F:B5:94:56:09:AD
            X509v3 Authority Key Identifier:
                keyid:D7:88:0E:D1:02:1D:0E:CA:C7:12:05:67:3B:00:48:13:B3:9D:FC:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/14gO0QIdDsrHEgVnOwBIE7Od_Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/1-lmapd5w9HD2F08R09w_tZRWCa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/756505-2062-49e7-94fe-04777c198ef1/1/14gO0QIdDsrHEgVnOwBIE7Od_Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:5c:d3:e2:b8:86:49:66:05:22:e2:b9:5e:f0:29:ad:15:72:
         e5:10:8f:7e:9d:32:9e:db:5a:45:23:59:a8:eb:51:48:d8:bd:
         50:eb:cc:ff:dd:18:8c:e4:7f:a0:22:67:c7:a7:e2:e5:6f:d7:
         52:b4:ec:f1:cc:33:54:60:63:8e:68:cb:74:4b:6a:be:99:a6:
         1c:d7:4c:4f:a9:cf:da:c6:a2:ee:fa:86:d7:6c:d5:77:ea:94:
         2b:7f:c2:7f:04:b4:d0:a5:6f:63:81:f4:9a:8c:58:10:24:65:
         41:bc:3d:b2:ee:16:e7:b3:45:8f:8c:f2:ab:28:a1:fd:05:4b:
         ab:66:9f:e2:5b:a9:c2:f0:fc:55:86:29:96:4b:c9:71:ad:d9:
         9b:1d:32:6f:88:64:9a:1a:b5:c3:9a:56:6d:be:6a:8e:27:59:
         bb:2e:58:9e:b3:05:2c:b3:c7:66:d4:f9:e0:bd:46:4b:e7:f1:
         e3:49:5f:ab:47:27:ff:33:28:1f:6b:56:d7:31:37:7e:48:92:
         a9:ba:25:c9:08:03:d4:6a:95:ad:c6:98:3c:79:dc:a0:3f:61:
         ac:40:f3:3f:d4:b5:5b:08:25:b0:13:d9:bf:29:28:a3:8f:77:
         48:6e:b1:c0:22:8e:96:9c:ea:82:b5:30:21:f0:ea:f1:e1:48:
         e2:cf:b2:0c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQm2YJhBS4xHHp7gwo0w7lxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3ODgwZWQxMDIxZDBlY2FjNzEyMDU2NzNiMDA0ODEzYjM5
ZGZjOTkwHhcNMjUwMTAyMTE0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTU5OWFhNWRlNzBmNDcwZjYxNzRmMTFkM2RjM2ZiNTk0NTYwOWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnKYLMJNHDGQp1gUnC7pDl8uUq1F
QjXQqOZizhIX76xEk5DVoruoQuIghsgOy3X7m9nsMLmOv2rlBA8z2G7AiPZWUsyw
5q7iBlsIWOT5SHUYKCWdSi70Fz9uV0MGxNupYrtCyoaew8T1RsvX1LjUHIGemnb/
DWlt+eZdELm7zMQMOfOgf/gmva3wmV45na1TsbzHvAWptnC5qJnMzDyXQSPr1GaN
+FXgjHZ+BhiMWJ1Wb1m6p11Dzu40SUI7id0RuCL7zxtVf29PU/O6jWyRh6RUxDRM
jvabTfTYQeInyq9W+wGZsaoxiqbWA3rUqjhLjideQLelbvGmF1BDSkcbRQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpZmqXecPRw9hdPEdPcP7WUVgmtMB8GA1UdIwQY
MBaAFNeIDtECHQ7KxxIFZzsASBOznfyZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTRnTzBRSWREc3JIRWdWbk93QklFN09kX0prLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC83NTY1MDUtMjA2Mi00OWU3LTk0ZmUt
MDQ3NzdjMTk4ZWYxLzEvMS1sbWFwZDV3OUhEMkYwOFIwOXdfdFpSV0NhMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGQvNzU2NTA1LTIwNjItNDllNy05NGZlLTA0Nzc3YzE5OGVm
MS8xLzE0Z08wUUlkRHNySEVnVm5Pd0JJRTdPZF9Kay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkS7jAN
BgkqhkiG9w0BAQsFAAOCAQEACVzT4riGSWYFIuK5XvAprRVy5RCPfp0ynttaRSNZ
qOtRSNi9UOvM/90YjOR/oCJnx6fi5W/XUrTs8cwzVGBjjmjLdEtqvpmmHNdMT6nP
2sai7vqG12zVd+qUK3/CfwS00KVvY4H0moxYECRlQbw9su4W57NFj4zyqyih/QVL
q2af4lupwvD8VYYplkvJca3Zmx0yb4hkmhq1w5pWbb5qjidZuy5YnrMFLLPHZtT5
4L1GS+fx40lfq0cn/zMoH2tW1zE3fkiSqbolyQgD1GqVrcaYPHncoD9hrEDzP9S1
WwglsBPZvykoo493SG6xwCKOlpzqgrUwIfDq8eFI4s+yDA==
-----END CERTIFICATE-----