Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lpI80LUJsC0eR3etxsT17bRWwL8.roa
File:                     lpI80LUJsC0eR3etxsT17bRWwL8.roa (raw, json)
Hash identifier:          LH8queniVPWIELvkZC0CM2cA0Matv/G8ktOMMybUZRE=
Subject key identifier:   96:92:3C:D0:B5:09:B0:2D:1E:47:77:AD:C6:C4:F5:ED:B4:56:C0:BF
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018F5336E1E7A6BD38C8F20FEB08653D437D
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lpI80LUJsC0eR3etxsT17bRWwL8.roa
Signing time:             Tue 07 May 2024 13:20:56 +0000
ROA not before:           Tue 07 May 2024 13:20:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209604
IP address blocks:        89.45.45.0/24 maxlen: 24
                          93.114.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:36:e1:e7:a6:bd:38:c8:f2:0f:eb:08:65:3d:43:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May  7 13:20:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96923cd0b509b02d1e4777adc6c4f5edb456c0bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ed:98:12:b5:a8:41:74:cc:b8:e8:7f:ff:f6:
                    df:7d:97:7d:a1:6e:6e:8f:38:cf:fa:77:76:8a:00:
                    24:7f:d1:be:8b:e7:58:91:c9:fe:32:3d:00:98:b4:
                    ca:8b:b7:35:4c:d7:50:12:2e:1a:57:d2:fd:8a:04:
                    cf:48:97:3b:cc:20:f2:52:79:44:12:8d:57:89:c4:
                    35:5b:24:0b:2f:96:59:c5:cc:d2:db:86:31:9f:16:
                    bb:00:a5:32:43:96:9a:66:c7:8d:a4:f0:f0:f0:bb:
                    6f:66:d8:ec:06:d4:27:99:ac:f8:01:b5:80:b5:b1:
                    54:95:5d:6f:b7:d1:35:3f:d3:b7:f6:e7:78:2b:b4:
                    94:58:c1:d3:ee:9b:61:14:00:6f:ab:57:b2:7c:52:
                    f8:b0:b3:c6:5f:db:bd:e3:a6:37:23:ff:72:45:23:
                    70:34:89:20:9d:7d:2d:19:e8:b3:da:5d:c7:36:f1:
                    c8:23:1b:81:bc:98:d3:b1:68:45:03:dd:79:90:ea:
                    ba:bb:fb:e9:20:59:04:04:51:5d:c6:e3:d9:a3:64:
                    5f:9d:5b:f6:b6:14:23:ba:78:a7:b5:fb:f5:09:29:
                    c1:19:c1:c7:62:59:b2:fc:4d:3d:62:59:21:34:7e:
                    eb:de:d4:c6:d7:b3:68:36:a0:ef:13:d3:59:03:56:
                    67:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:92:3C:D0:B5:09:B0:2D:1E:47:77:AD:C6:C4:F5:ED:B4:56:C0:BF
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lpI80LUJsC0eR3etxsT17bRWwL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.45.0/24
                  93.114.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:b1:e2:ed:4a:1e:3d:0c:ef:db:fe:b3:9f:52:e6:de:c7:04:
         0e:b7:a7:74:ad:31:ef:4e:e4:2e:6a:84:59:df:c1:a3:92:75:
         f3:81:57:45:35:52:1b:5f:06:ac:0d:26:63:5d:2c:c1:df:12:
         2d:4d:b2:ab:7e:ee:80:30:f4:4a:19:c2:ac:8f:3d:71:88:14:
         f4:1d:90:c4:c0:1a:62:56:ea:cb:b8:fe:31:17:7f:af:18:11:
         c3:6e:a5:b1:b9:5d:e4:62:7c:0a:f2:2e:c3:ae:1b:ac:88:0a:
         17:e3:1e:08:03:b8:60:34:c3:71:56:cb:90:2f:2a:74:c5:b8:
         0b:2f:bb:2c:19:54:84:21:3d:a2:af:f2:27:32:d8:4a:ff:72:
         9b:60:07:59:28:34:bc:c6:0f:62:fb:c1:45:98:c1:69:2d:cd:
         c1:bb:77:59:1c:d2:7e:5d:a5:67:60:54:6e:d8:78:e5:cd:2e:
         cb:1c:7f:6e:7c:0d:64:28:36:66:a3:21:ac:79:98:8a:f4:60:
         73:03:be:8a:6b:c2:8b:9b:30:3c:23:ee:51:29:cf:ff:05:d2:
         e0:4a:3e:59:a1:cb:c5:2d:35:f3:0c:82:13:b5:7f:0b:e2:84:
         6c:52:5f:07:59:e1:63:b1:aa:0a:ad:aa:3b:3e:77:da:f9:51:
         0d:3e:11:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9TNuHnpr04yPIP6whlPUN9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNTA3MTMyMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjkyM2NkMGI1MDliMDJkMWU0Nzc3YWRjNmM0ZjVlZGI0NTZjMGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtO2YErWoQXTMuOh///bffZd9oW5u
jzjP+nd2igAkf9G+i+dYkcn+Mj0AmLTKi7c1TNdQEi4aV9L9igTPSJc7zCDyUnlE
Eo1XicQ1WyQLL5ZZxczS24Yxnxa7AKUyQ5aaZseNpPDw8LtvZtjsBtQnmaz4AbWA
tbFUlV1vt9E1P9O39ud4K7SUWMHT7pthFABvq1eyfFL4sLPGX9u946Y3I/9yRSNw
NIkgnX0tGeiz2l3HNvHIIxuBvJjTsWhFA915kOq6u/vpIFkEBFFdxuPZo2RfnVv2
thQjunintfv1CSnBGcHHYlmy/E09YlkhNH7r3tTG17NoNqDvE9NZA1ZnPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJaSPNC1CbAtHkd3rcbE9e20VsC/MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvbHBJODBMVUpzQzBlUjNldHhzVDE3YlJXd0w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS0tAwQA
XXK3MA0GCSqGSIb3DQEBCwUAA4IBAQCGseLtSh49DO/b/rOfUubexwQOt6d0rTHv
TuQuaoRZ38GjknXzgVdFNVIbXwasDSZjXSzB3xItTbKrfu6AMPRKGcKsjz1xiBT0
HZDEwBpiVurLuP4xF3+vGBHDbqWxuV3kYnwK8i7DrhusiAoX4x4IA7hgNMNxVsuQ
Lyp0xbgLL7ssGVSEIT2ir/InMthK/3KbYAdZKDS8xg9i+8FFmMFpLc3Bu3dZHNJ+
XaVnYFRu2HjlzS7LHH9ufA1kKDZmoyGseZiK9GBzA76Ka8KLmzA8I+5RKc//BdLg
Sj5ZocvFLTXzDIITtX8L4oRsUl8HWeFjsaoKrao7Pnfa+VENPhFE
-----END CERTIFICATE-----