Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/LG4mu_cNIPurkJ8EQDfX5Wd6-YY.roa
File:                     LG4mu_cNIPurkJ8EQDfX5Wd6-YY.roa (raw, json)
Hash identifier:          ExludKFGbqrdV48fPq2ORTcrerANRKxzzbShgrQ9fkk=
Subject key identifier:   2C:6E:26:BB:F7:0D:20:FB:AB:90:9F:04:40:37:D7:E5:67:7A:F9:86
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       018CC50149DBF3260FA45E4F6B5835E010A7
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/LG4mu_cNIPurkJ8EQDfX5Wd6-YY.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.225.236.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:49:db:f3:26:0f:a4:5e:4f:6b:58:35:e0:10:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c6e26bbf70d20fbab909f044037d7e5677af986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:74:38:1e:dc:90:b4:ca:03:d5:25:c2:6f:20:
                    6b:a7:bd:97:6e:da:c7:f1:11:c2:ab:24:8e:d5:68:
                    4d:54:01:9e:5a:cd:ce:bd:46:e1:fc:72:20:07:fa:
                    ab:bc:8b:71:d8:6b:f3:c9:db:22:31:eb:e7:84:6e:
                    24:ad:7e:9d:68:6b:df:cd:ec:c5:90:ab:09:bf:60:
                    e1:2b:61:aa:ab:8b:17:76:91:f0:d7:0a:a2:ae:48:
                    a8:7c:55:6a:27:cf:66:e7:f0:0c:d5:6d:51:2a:f6:
                    e9:bb:af:62:03:30:ac:55:ac:c3:10:5b:a2:77:46:
                    f7:c6:9b:e5:93:d8:e3:4f:51:89:c7:6a:d2:ea:e2:
                    bb:08:c3:13:be:05:3e:dd:c2:32:da:1e:a3:b8:a9:
                    99:c2:fa:fa:72:91:5f:44:02:df:81:fd:43:42:48:
                    cb:fe:b1:31:d5:c5:ad:72:fc:c7:07:fe:68:e1:0e:
                    b4:de:61:3c:c8:3f:7b:d2:28:0b:8b:7e:e0:c3:42:
                    1f:4f:4a:c5:5a:5a:60:4e:b6:8b:8a:44:e2:0f:a6:
                    a4:5d:5f:e3:b7:57:e5:3c:22:aa:38:95:71:99:dd:
                    7a:2f:15:bc:af:19:d5:ad:f3:d5:00:83:26:f5:a4:
                    96:cf:6d:b4:6a:7e:3e:11:b8:28:90:6c:df:e0:a8:
                    37:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:6E:26:BB:F7:0D:20:FB:AB:90:9F:04:40:37:D7:E5:67:7A:F9:86
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/LG4mu_cNIPurkJ8EQDfX5Wd6-YY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:a2:86:63:06:67:bd:93:ec:1d:ad:2a:1b:23:10:6e:20:fe:
         93:5e:fe:39:0e:11:39:c9:8c:01:c6:fa:a8:f4:90:52:2f:69:
         5a:06:e1:bc:0d:e3:a9:d7:2a:d6:5a:75:da:48:cf:75:b9:8a:
         1c:35:ab:c6:23:17:01:81:46:b9:5e:87:0b:a2:af:18:57:3e:
         71:dc:63:a5:54:3d:9d:18:e9:a9:f8:55:95:be:f0:55:d6:32:
         a7:1e:db:53:57:ba:56:84:5b:10:82:13:d2:71:33:16:8d:ee:
         0b:2b:69:3c:b1:7f:5b:fd:ca:af:6b:c7:f1:5a:35:c4:8f:c1:
         f4:71:85:c5:45:f0:ce:e7:88:b1:22:6d:5c:38:83:74:39:98:
         26:fb:d1:ad:d4:d3:98:64:2b:71:3f:ee:89:3c:b2:f0:df:27:
         28:69:0f:ae:69:7f:c7:bf:09:c2:f6:92:d3:9b:e2:16:39:7a:
         2d:5b:33:28:8c:92:ba:5e:ca:97:b7:c8:e2:47:63:c7:18:2a:
         69:91:75:35:57:d5:e3:8f:27:0d:01:98:13:f8:24:51:96:86:
         d9:dd:3a:d3:cb:af:e5:d7:7d:3f:40:3e:64:3e:ae:58:e3:c9:
         e5:ec:24:d6:50:1a:b7:40:f5:a1:67:4f:e0:a0:08:51:d1:85:
         c4:82:ca:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUnb8yYPpF5Pa1g14BCnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzZlMjZiYmY3MGQyMGZiYWI5MDlmMDQ0MDM3ZDdlNTY3N2FmOTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXQ4HtyQtMoD1SXCbyBrp72XbtrH
8RHCqySO1WhNVAGeWs3OvUbh/HIgB/qrvItx2GvzydsiMevnhG4krX6daGvfzezF
kKsJv2DhK2Gqq4sXdpHw1wqirkiofFVqJ89m5/AM1W1RKvbpu69iAzCsVazDEFui
d0b3xpvlk9jjT1GJx2rS6uK7CMMTvgU+3cIy2h6juKmZwvr6cpFfRALfgf1DQkjL
/rEx1cWtcvzHB/5o4Q603mE8yD970igLi37gw0IfT0rFWlpgTraLikTiD6akXV/j
t1flPCKqOJVxmd16LxW8rxnVrfPVAIMm9aSWz220an4+EbgokGzf4Kg3owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxuJrv3DSD7q5CfBEA31+VnevmGMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvTEc0bXVfY05JUHVya0o4RVFEZlg1V2Q2LVlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueHsMA0G
CSqGSIb3DQEBCwUAA4IBAQC4ooZjBme9k+wdrSobIxBuIP6TXv45DhE5yYwBxvqo
9JBSL2laBuG8DeOp1yrWWnXaSM91uYocNavGIxcBgUa5XocLoq8YVz5x3GOlVD2d
GOmp+FWVvvBV1jKnHttTV7pWhFsQghPScTMWje4LK2k8sX9b/cqva8fxWjXEj8H0
cYXFRfDO54ixIm1cOIN0OZgm+9Gt1NOYZCtxP+6JPLLw3ycoaQ+uaX/HvwnC9pLT
m+IWOXotWzMojJK6XsqXt8jiR2PHGCppkXU1V9XjjycNAZgT+CRRlobZ3TrTy6/l
130/QD5kPq5Y48nl7CTWUBq3QPWhZ0/goAhR0YXEgsqK
-----END CERTIFICATE-----