Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/LAAXyeCsKKp9Dz45YbLfoQ5KP18.roa
File:                     LAAXyeCsKKp9Dz45YbLfoQ5KP18.roa (raw, json)
Hash identifier:          ziZz6s3A7Ge6nTpyl3MbW3ZjCVYk7a3PlnoACkiNCRw=
Subject key identifier:   2C:00:17:C9:E0:AC:28:AA:7D:0F:3E:39:61:B2:DF:A1:0E:4A:3F:5F
Certificate issuer:       /CN=9b19758a087876816dc19361eaf1e9412de73f86
Certificate serial:       018CC5DC204BD24AD440B3D4BF054B3BA023
Authority key identifier: 9B:19:75:8A:08:78:76:81:6D:C1:93:61:EA:F1:E9:41:2D:E7:3F:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mxl1igh4doFtwZNh6vHpQS3nP4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/LAAXyeCsKKp9Dz45YbLfoQ5KP18.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211462
IP address blocks:        185.150.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/mxl1igh4doFtwZNh6vHpQS3nP4Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/mxl1igh4doFtwZNh6vHpQS3nP4Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mxl1igh4doFtwZNh6vHpQS3nP4Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:20:4b:d2:4a:d4:40:b3:d4:bf:05:4b:3b:a0:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b19758a087876816dc19361eaf1e9412de73f86
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c0017c9e0ac28aa7d0f3e3961b2dfa10e4a3f5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b9:89:cc:f8:69:6a:7f:93:7e:f0:48:d6:46:
                    de:32:5f:02:c5:c7:66:b5:c1:b0:18:f4:2e:13:e0:
                    32:9f:64:bd:9e:82:a8:7d:ab:56:d1:72:b9:10:90:
                    54:37:23:2b:5a:73:a0:50:2a:aa:cf:3e:f9:29:39:
                    a4:95:86:a2:44:3a:34:e2:0d:8c:d6:b0:00:50:ff:
                    2b:b5:7f:5f:29:1d:c4:ed:f0:ec:1d:6c:bb:d0:b9:
                    fd:6b:57:73:b0:ce:f7:87:02:7d:f3:63:51:a7:37:
                    75:70:3d:53:69:e0:31:e8:75:34:d2:3f:bd:89:13:
                    2c:30:bc:24:da:73:51:1d:01:73:a8:79:1b:c8:1c:
                    b0:1a:79:19:11:9f:09:84:90:43:6c:e5:10:42:60:
                    e7:2c:22:c1:7a:63:42:aa:b6:31:09:8f:e9:ce:0f:
                    ed:ae:74:60:4b:1b:f0:d1:61:e9:d1:2d:af:dc:59:
                    5e:07:69:b3:83:91:fc:29:5f:43:ae:7d:5f:ca:33:
                    43:47:db:e4:84:26:48:72:3c:3f:38:16:cd:dc:57:
                    78:d5:40:63:bf:37:78:c4:ef:c1:a6:95:42:70:ff:
                    a2:aa:03:a0:7b:70:59:52:92:bc:19:44:f1:73:21:
                    bc:22:a8:d2:d4:4a:f5:61:a1:28:45:ef:87:65:e1:
                    da:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:00:17:C9:E0:AC:28:AA:7D:0F:3E:39:61:B2:DF:A1:0E:4A:3F:5F
            X509v3 Authority Key Identifier:
                keyid:9B:19:75:8A:08:78:76:81:6D:C1:93:61:EA:F1:E9:41:2D:E7:3F:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mxl1igh4doFtwZNh6vHpQS3nP4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/LAAXyeCsKKp9Dz45YbLfoQ5KP18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/mxl1igh4doFtwZNh6vHpQS3nP4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:24:f5:43:b6:41:17:fb:21:b2:74:cf:81:db:fe:44:61:73:
         b3:51:4f:aa:2e:f2:a9:41:f2:e4:f8:c2:72:6d:76:33:e8:69:
         45:be:89:08:de:8b:03:7c:cf:1f:9b:df:e8:1c:13:55:a2:d4:
         53:97:4f:77:ba:f8:dd:0b:57:ac:ed:00:0c:e7:67:61:a0:65:
         65:92:ef:87:01:07:ed:da:3f:2f:93:5c:95:44:c0:30:24:38:
         14:59:0a:3d:1b:a9:42:39:3e:b1:67:a8:ef:8e:ac:d8:66:5f:
         ce:a4:a4:68:95:b4:76:0e:13:9d:08:14:c8:db:d0:8d:57:f6:
         59:d0:1c:be:97:e5:c0:ed:ef:a3:9c:4d:2b:83:7e:0c:70:23:
         71:21:89:f8:b6:16:d8:7b:af:90:7f:34:30:a9:40:2d:b5:c3:
         3c:97:ee:a9:f2:07:d6:9f:35:77:f2:7e:89:0c:d5:71:0f:c6:
         76:8d:49:7d:02:2f:14:0c:9b:85:33:32:3e:95:1b:6e:3f:16:
         41:e6:55:fa:44:a1:ff:a7:ab:ab:fa:fb:86:ef:65:b5:82:0d:
         85:a7:9a:81:b8:37:00:c8:06:73:89:e3:3d:fd:62:24:34:5e:
         6e:84:12:e8:fd:1f:1c:7c:9d:48:be:4f:b4:60:7d:59:16:04:
         64:01:00:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CBL0krUQLPUvwVLO6AjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMTk3NThhMDg3ODc2ODE2ZGMxOTM2MWVhZjFlOTQxMmRl
NzNmODYwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzAwMTdjOWUwYWMyOGFhN2QwZjNlMzk2MWIyZGZhMTBlNGEzZjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7mJzPhpan+TfvBI1kbeMl8Cxcdm
tcGwGPQuE+Ayn2S9noKofatW0XK5EJBUNyMrWnOgUCqqzz75KTmklYaiRDo04g2M
1rAAUP8rtX9fKR3E7fDsHWy70Ln9a1dzsM73hwJ982NRpzd1cD1TaeAx6HU00j+9
iRMsMLwk2nNRHQFzqHkbyBywGnkZEZ8JhJBDbOUQQmDnLCLBemNCqrYxCY/pzg/t
rnRgSxvw0WHp0S2v3FleB2mzg5H8KV9Drn1fyjNDR9vkhCZIcjw/OBbN3Fd41UBj
vzd4xO/BppVCcP+iqgOge3BZUpK8GUTxcyG8IqjS1Er1YaEoRe+HZeHaSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwAF8ngrCiqfQ8+OWGy36EOSj9fMB8GA1UdIwQY
MBaAFJsZdYoIeHaBbcGTYerx6UEt5z+GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXhsMWlnaDRkb0Z0d1pOaDZ2SHBRUzNuUDRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9iYTZmM2UtZTk1Yi00OGQyLTg0MTkt
NDEzZGE2NjdhOGJlLzEvTEFBWHllQ3NLS3A5RHo0NVliTGZvUTVLUDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9iYTZmM2UtZTk1Yi00OGQyLTg0MTktNDEzZGE2NjdhOGJl
LzEvbXhsMWlnaDRkb0Z0d1pOaDZ2SHBRUzNuUDRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZYSMA0G
CSqGSIb3DQEBCwUAA4IBAQCoJPVDtkEX+yGydM+B2/5EYXOzUU+qLvKpQfLk+MJy
bXYz6GlFvokI3osDfM8fm9/oHBNVotRTl093uvjdC1es7QAM52dhoGVlku+HAQft
2j8vk1yVRMAwJDgUWQo9G6lCOT6xZ6jvjqzYZl/OpKRolbR2DhOdCBTI29CNV/ZZ
0By+l+XA7e+jnE0rg34McCNxIYn4thbYe6+QfzQwqUAttcM8l+6p8gfWnzV38n6J
DNVxD8Z2jUl9Ai8UDJuFMzI+lRtuPxZB5lX6RKH/p6ur+vuG72W1gg2Fp5qBuDcA
yAZzieM9/WIkNF5uhBLo/R8cfJ1Ivk+0YH1ZFgRkAQCf
-----END CERTIFICATE-----