Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/LNKNgTNId43khryu3-iXIx1uR08.roa
File:                     LNKNgTNId43khryu3-iXIx1uR08.roa (raw, json)
Hash identifier:          nGrZKtac07nT+o7TlQYZDkVRKS6sZq1OMEMZm12Ec90=
Subject key identifier:   2C:D2:8D:81:33:48:77:8D:E4:86:BC:AE:DF:E8:97:23:1D:6E:47:4F
Certificate issuer:       /CN=fbf43fe9fd3af2bcf4ba7a83f111e6559125f3fd
Certificate serial:       018CC9BC1844877D1C6F8D33FF12D07E4D46
Authority key identifier: FB:F4:3F:E9:FD:3A:F2:BC:F4:BA:7A:83:F1:11:E6:55:91:25:F3:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-_Q_6f068rz0unqD8RHmVZEl8_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/LNKNgTNId43khryu3-iXIx1uR08.roa
Signing time:             Tue 02 Jan 2024 10:33:16 +0000
ROA not before:           Tue 02 Jan 2024 10:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43366
IP address blocks:        213.109.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/1-_Q_6f068rz0unqD8RHmVZEl8_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/1-_Q_6f068rz0unqD8RHmVZEl8_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-_Q_6f068rz0unqD8RHmVZEl8_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:18:44:87:7d:1c:6f:8d:33:ff:12:d0:7e:4d:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbf43fe9fd3af2bcf4ba7a83f111e6559125f3fd
        Validity
            Not Before: Jan  2 10:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cd28d813348778de486bcaedfe897231d6e474f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ed:f8:ea:c3:f7:dd:a5:01:d9:3a:94:27:f6:
                    8e:0a:9d:a3:cf:55:86:4d:d5:e2:ce:38:b2:64:ed:
                    f8:a6:94:5d:21:16:d0:86:c7:e4:bc:43:2e:e8:dc:
                    0a:d7:dc:f3:d9:0c:62:bf:df:cf:89:64:74:18:54:
                    ae:32:94:c6:33:fe:5c:e1:03:4d:00:0c:ee:27:2d:
                    31:01:2d:ca:c9:8b:ab:33:72:bd:a4:b4:15:57:95:
                    27:3f:4f:03:de:12:0f:73:1c:65:9a:61:5f:90:c2:
                    bc:9a:bd:d4:e1:8b:83:92:5f:6f:f7:d4:4a:cc:38:
                    2f:54:38:1b:b5:99:17:44:fb:98:88:fc:47:ce:94:
                    45:fb:1b:f9:06:e3:29:22:1c:11:71:7b:c1:fa:63:
                    77:fc:5c:80:ce:f1:ea:7c:a5:ee:d7:0f:9a:48:a8:
                    e9:b1:52:48:fe:68:69:60:75:68:56:e2:96:c3:3a:
                    47:61:a8:26:2d:94:9a:31:74:dc:1d:a9:b4:81:30:
                    89:c1:d8:fa:9a:f0:f5:87:71:5c:77:bd:85:a1:36:
                    7b:23:72:3d:18:26:d5:b7:62:c8:9a:7c:43:ea:3e:
                    3f:e7:49:79:13:86:51:b9:75:f9:65:e8:64:39:55:
                    f3:f1:5a:6a:c2:25:96:e9:05:96:8a:2a:95:10:94:
                    fe:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:D2:8D:81:33:48:77:8D:E4:86:BC:AE:DF:E8:97:23:1D:6E:47:4F
            X509v3 Authority Key Identifier:
                keyid:FB:F4:3F:E9:FD:3A:F2:BC:F4:BA:7A:83:F1:11:E6:55:91:25:F3:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_Q_6f068rz0unqD8RHmVZEl8_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/LNKNgTNId43khryu3-iXIx1uR08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8c97fe-3f8c-4db4-ab93-752d81cdda40/1/1-_Q_6f068rz0unqD8RHmVZEl8_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:31:47:0b:32:d5:ca:c1:cd:2d:a5:86:8e:7a:36:a6:8b:1a:
         b4:0f:18:56:d7:e6:ad:b1:98:25:af:f1:e5:ac:4c:44:ba:b5:
         88:3c:da:f1:c8:c7:4a:b0:3b:15:15:a8:e4:b5:72:46:c1:a7:
         d8:ff:f7:3c:35:21:64:dd:08:a0:51:cc:cb:87:56:ea:57:b2:
         1b:3a:7a:5b:1c:10:26:55:0c:85:c6:db:bd:41:dd:a2:90:8d:
         53:72:0b:d5:0a:d6:f8:b9:6f:dc:90:09:31:53:b5:1b:cc:16:
         cc:53:f5:fb:52:f9:79:c3:6f:cc:91:d7:b0:78:ac:41:2e:32:
         78:31:f1:96:8f:32:6c:e2:11:0e:0e:9a:a6:a6:1c:d1:cf:f5:
         45:e7:87:23:9a:11:0e:98:86:7e:81:a5:e2:ec:4c:54:c4:3f:
         36:81:1d:cc:ee:17:4d:a0:b6:c4:31:d8:f2:2b:d8:15:2c:a9:
         7c:17:2a:92:15:c5:87:8e:ad:36:0a:36:38:4e:4a:f1:ab:1a:
         83:e6:ee:75:72:66:9d:ae:63:c2:89:b5:40:02:01:83:54:1b:
         e1:af:f1:0c:16:68:3f:65:99:37:7e:ee:e7:5b:cc:a0:3d:5a:
         ec:52:b6:ea:1b:94:d6:02:12:df:0c:07:15:56:24:bd:fd:30:
         f6:79:eb:56
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvBhEh30cb40z/xLQfk1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjQzZmU5ZmQzYWYyYmNmNGJhN2E4M2YxMTFlNjU1OTEy
NWYzZmQwHhcNMjQwMTAyMTAzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2QyOGQ4MTMzNDg3NzhkZTQ4NmJjYWVkZmU4OTcyMzFkNmU0NzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmu346sP33aUB2TqUJ/aOCp2jz1WG
TdXizjiyZO34ppRdIRbQhsfkvEMu6NwK19zz2Qxiv9/PiWR0GFSuMpTGM/5c4QNN
AAzuJy0xAS3KyYurM3K9pLQVV5UnP08D3hIPcxxlmmFfkMK8mr3U4YuDkl9v99RK
zDgvVDgbtZkXRPuYiPxHzpRF+xv5BuMpIhwRcXvB+mN3/FyAzvHqfKXu1w+aSKjp
sVJI/mhpYHVoVuKWwzpHYagmLZSaMXTcHam0gTCJwdj6mvD1h3Fcd72FoTZ7I3I9
GCbVt2LImnxD6j4/50l5E4ZRuXX5ZehkOVXz8VpqwiWW6QWWiiqVEJT+twIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCzSjYEzSHeN5Ia8rt/olyMdbkdPMB8GA1UdIwQY
MBaAFPv0P+n9OvK89Lp6g/ER5lWRJfP9MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fUV82ZjA2OHJ6MHVucUQ4UkhtVlpFbDhfMC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzYvOGM5N2ZlLTNmOGMtNGRiNC1hYjkz
LTc1MmQ4MWNkZGE0MC8xL0xOS05nVE5JZDQza2hyeXUzLWlYSXgxdVIwOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzYvOGM5N2ZlLTNmOGMtNGRiNC1hYjkzLTc1MmQ4MWNkZGE0
MC8xLzEtX1FfNmYwNjhyejB1bnFEOFJIbVZaRWw4XzAuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADVbZYw
DQYJKoZIhvcNAQELBQADggEBAKYxRwsy1crBzS2lho56NqaLGrQPGFbX5q2xmCWv
8eWsTES6tYg82vHIx0qwOxUVqOS1ckbBp9j/9zw1IWTdCKBRzMuHVupXshs6elsc
ECZVDIXG271B3aKQjVNyC9UK1vi5b9yQCTFTtRvMFsxT9ftS+XnDb8yR17B4rEEu
Mngx8ZaPMmziEQ4OmqamHNHP9UXnhyOaEQ6Yhn6BpeLsTFTEPzaBHczuF02gtsQx
2PIr2BUsqXwXKpIVxYeOrTYKNjhOSvGrGoPm7nVyZp2uY8KJtUACAYNUG+Gv8QwW
aD9lmTd+7udbzKA9WuxStuoblNYCEt8MBxVWJL39MPZ561Y=
-----END CERTIFICATE-----