Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/JrwlI3s3WPfI9QHON_lzn72poRc.roa
File:                     JrwlI3s3WPfI9QHON_lzn72poRc.roa (raw, json)
Hash identifier:          bLbjIPTkBlOQbg0lNf4LiNVkkmriyBhVV6JqpMjUKUM=
Subject key identifier:   26:BC:25:23:7B:37:58:F7:C8:F5:01:CE:37:F9:73:9F:BD:A9:A1:17
Certificate issuer:       /CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
Certificate serial:       018CC8DCD91598C52B659256D60E05CE1DCA
Authority key identifier: AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/JrwlI3s3WPfI9QHON_lzn72poRc.roa
Signing time:             Tue 02 Jan 2024 06:29:25 +0000
ROA not before:           Tue 02 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60993
IP address blocks:        128.0.57.0/24 maxlen: 24
                          128.0.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d9:15:98:c5:2b:65:92:56:d6:0e:05:ce:1d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
        Validity
            Not Before: Jan  2 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26bc25237b3758f7c8f501ce37f9739fbda9a117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:04:2e:2b:58:26:78:2c:de:d8:c5:52:39:1e:
                    f0:41:c3:68:0c:26:35:e6:3a:c3:69:ca:05:b8:9d:
                    cb:75:39:68:f3:75:93:f6:89:b8:37:68:3e:ae:d5:
                    41:cf:db:58:78:3f:94:f9:fb:1a:8f:e6:4f:03:f5:
                    aa:66:57:0c:ad:38:a0:77:c1:ab:74:b9:95:32:f9:
                    28:78:33:46:31:f8:f3:bb:e9:82:77:d3:ed:02:e1:
                    b7:20:9f:63:98:87:0c:25:ec:f9:ed:85:4c:99:c4:
                    b5:36:78:da:b8:a8:51:d3:62:fc:71:a6:48:7e:1c:
                    02:7b:2f:5a:56:9d:2e:2d:43:74:3b:cb:1a:20:5c:
                    e0:1c:fe:6b:a3:25:1e:68:d5:e5:a8:3e:71:b8:fb:
                    3c:28:e0:3c:bb:37:44:62:fb:34:70:27:ad:c4:2c:
                    1a:52:4d:fc:0b:2e:64:65:80:0e:be:0b:ee:13:45:
                    ce:56:6a:60:4e:d9:8a:41:dd:b0:db:20:c7:e2:00:
                    50:40:4b:d3:62:4a:96:b8:2a:43:d9:7b:d4:db:d9:
                    a8:ff:9b:a5:96:34:bd:f0:06:c1:3f:ff:9f:df:09:
                    ca:7c:b2:25:5b:c1:b7:14:3d:b4:45:b6:6c:73:54:
                    21:77:57:f4:e9:e7:6f:97:cc:fb:ea:a5:dc:ad:fd:
                    51:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:BC:25:23:7B:37:58:F7:C8:F5:01:CE:37:F9:73:9F:BD:A9:A1:17
            X509v3 Authority Key Identifier:
                keyid:AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/JrwlI3s3WPfI9QHON_lzn72poRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.53.0/24
                  128.0.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:e5:94:fc:a1:9c:93:39:88:af:ff:2f:70:2b:57:57:07:02:
         c6:6e:87:9a:59:48:5e:2b:16:55:3f:c5:b2:5e:a4:fe:07:d6:
         28:c9:93:25:b1:a2:06:cb:79:90:f5:b5:d8:35:8b:eb:68:da:
         f5:e2:6c:a8:f0:f3:4f:5c:5f:b5:ac:94:b2:e9:e1:f6:c4:b7:
         35:1b:43:42:50:c9:e9:97:58:9d:ec:db:cb:35:b7:9f:2e:ff:
         43:90:c5:56:18:92:1e:af:8c:57:b7:b8:74:56:75:f6:1e:86:
         e2:4e:ad:19:f1:3b:ef:e3:ce:3d:be:e6:c0:e9:30:69:82:26:
         8d:59:5b:6c:b2:1c:27:c6:fe:62:70:fd:ab:c4:32:2b:50:06:
         f4:2b:31:17:2f:61:53:3a:6f:0a:4b:b3:69:d9:15:2b:22:b6:
         a5:dc:b5:1d:43:2b:56:f7:45:8c:38:ec:a3:7f:95:78:88:09:
         f9:6d:c9:76:6a:eb:9b:83:81:89:9c:05:7c:0b:ae:e5:d4:aa:
         e8:94:78:ea:6b:a9:1f:9d:72:83:2d:c9:f6:57:4b:34:e9:9e:
         3f:ac:29:f0:5f:65:80:8c:55:42:2e:39:8c:69:ad:37:45:6a:
         2c:c5:9a:95:2b:3c:a0:96:23:0b:eb:d0:9f:4e:4c:1e:09:83:
         b5:88:39:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3NkVmMUrZZJW1g4Fzh3KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOGM2YzU4YjYwN2ZmMjNhZTcxNzVhNjE2ODJjNzU0ODBm
MWUyMTQwHhcNMjQwMTAyMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmJjMjUyMzdiMzc1OGY3YzhmNTAxY2UzN2Y5NzM5ZmJkYTlhMTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwQuK1gmeCze2MVSOR7wQcNoDCY1
5jrDacoFuJ3LdTlo83WT9om4N2g+rtVBz9tYeD+U+fsaj+ZPA/WqZlcMrTigd8Gr
dLmVMvkoeDNGMfjzu+mCd9PtAuG3IJ9jmIcMJez57YVMmcS1NnjauKhR02L8caZI
fhwCey9aVp0uLUN0O8saIFzgHP5royUeaNXlqD5xuPs8KOA8uzdEYvs0cCetxCwa
Uk38Cy5kZYAOvgvuE0XOVmpgTtmKQd2w2yDH4gBQQEvTYkqWuCpD2XvU29mo/5ul
ljS98AbBP/+f3wnKfLIlW8G3FD20RbZsc1Qhd1f06edvl8z76qXcrf1R2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCa8JSN7N1j3yPUBzjf5c5+9qaEXMB8GA1UdIwQY
MBaAFKuMbFi2B/8jrnF1phaCx1SA8eIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2Mt
ODhhM2M0MWZhZWUyLzEvSnJ3bEkzczNXUGZJOVFIT05fbHpuNzJwb1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2MtODhhM2M0MWZhZWUy
LzEvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAgAA1AwQA
gAA5MA0GCSqGSIb3DQEBCwUAA4IBAQAC5ZT8oZyTOYiv/y9wK1dXBwLGboeaWUhe
KxZVP8WyXqT+B9YoyZMlsaIGy3mQ9bXYNYvraNr14myo8PNPXF+1rJSy6eH2xLc1
G0NCUMnpl1id7NvLNbefLv9DkMVWGJIer4xXt7h0VnX2HobiTq0Z8Tvv4849vubA
6TBpgiaNWVtsshwnxv5icP2rxDIrUAb0KzEXL2FTOm8KS7Np2RUrIral3LUdQytW
90WMOOyjf5V4iAn5bcl2auubg4GJnAV8C67l1KrolHjqa6kfnXKDLcn2V0s06Z4/
rCnwX2WAjFVCLjmMaa03RWosxZqVKzygliML69CfTkweCYO1iDkJ
-----END CERTIFICATE-----