Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/726298-0279-4b93-a985-a04ad22e33f3/1/LYSdWEpG1pJ1UCe9MBmxu5qaEoE.roa
File:                     LYSdWEpG1pJ1UCe9MBmxu5qaEoE.roa (raw, json)
Hash identifier:          5SHmDvGXrtjSLp3RHZqp3Uj31CEiWlUOwDUOgQWDEu8=
Subject key identifier:   2D:84:9D:58:4A:46:D6:92:75:50:27:BD:30:19:B1:BB:9A:9A:12:81
Certificate issuer:       /CN=f59cb923e4069bfe362e2d96ffab2ff31078317a
Certificate serial:       018CC8015BA6963E7F82B7779319722F5522
Authority key identifier: F5:9C:B9:23:E4:06:9B:FE:36:2E:2D:96:FF:AB:2F:F3:10:78:31:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Zy5I-QGm_42Li2W_6sv8xB4MXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/726298-0279-4b93-a985-a04ad22e33f3/1/LYSdWEpG1pJ1UCe9MBmxu5qaEoE.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39632
IP address blocks:        91.208.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/726298-0279-4b93-a985-a04ad22e33f3/1/9Zy5I-QGm_42Li2W_6sv8xB4MXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/726298-0279-4b93-a985-a04ad22e33f3/1/9Zy5I-QGm_42Li2W_6sv8xB4MXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Zy5I-QGm_42Li2W_6sv8xB4MXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5b:a6:96:3e:7f:82:b7:77:93:19:72:2f:55:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f59cb923e4069bfe362e2d96ffab2ff31078317a
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d849d584a46d692755027bd3019b1bb9a9a1281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5b:63:49:18:d6:59:ec:6e:e3:63:fb:6a:fd:
                    2a:c8:08:b4:09:e8:29:f9:d2:fa:9f:c0:7f:8d:fd:
                    3a:ad:65:91:64:95:8b:2d:f6:3a:fc:8d:5b:5e:56:
                    b5:85:45:c1:4f:89:16:41:19:68:2c:59:b5:76:36:
                    43:fe:b8:ae:a3:6f:3c:c3:42:89:36:49:d8:f6:13:
                    4c:44:86:32:52:91:fe:86:4d:50:7e:c4:22:59:e9:
                    90:87:a6:3b:dc:45:6f:8a:e1:0e:19:39:8b:77:4f:
                    de:0e:32:32:fa:2f:3e:86:c3:4e:bf:cf:bd:a0:46:
                    bb:1c:21:8f:a6:4d:a0:9d:67:c0:c8:8a:d4:cd:9d:
                    18:e9:18:e7:fb:85:62:b9:d4:b8:4f:c1:69:84:49:
                    bc:aa:cc:96:4a:0a:6a:23:24:5c:d0:ef:15:35:ab:
                    0f:62:e8:a6:cf:12:85:33:b3:b8:19:39:72:92:02:
                    79:f2:6a:e8:a7:79:1b:2a:ad:45:79:78:e9:26:ed:
                    88:96:c4:a2:76:0d:3d:94:55:0c:e4:f3:81:c2:75:
                    6a:a9:0d:f5:29:15:1f:42:09:ab:57:f0:f8:46:c1:
                    1c:60:43:dc:7c:f1:05:d3:39:33:02:c5:2e:fd:44:
                    36:1a:37:df:f2:d4:85:e0:76:49:8b:48:40:06:af:
                    50:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:84:9D:58:4A:46:D6:92:75:50:27:BD:30:19:B1:BB:9A:9A:12:81
            X509v3 Authority Key Identifier:
                keyid:F5:9C:B9:23:E4:06:9B:FE:36:2E:2D:96:FF:AB:2F:F3:10:78:31:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Zy5I-QGm_42Li2W_6sv8xB4MXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/726298-0279-4b93-a985-a04ad22e33f3/1/LYSdWEpG1pJ1UCe9MBmxu5qaEoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/726298-0279-4b93-a985-a04ad22e33f3/1/9Zy5I-QGm_42Li2W_6sv8xB4MXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:c9:94:d2:dc:e1:ff:76:fc:7c:83:91:0b:f9:1c:6d:34:e8:
         25:94:9f:dd:14:2f:ea:c5:42:65:e5:4f:0f:16:c7:41:c4:d7:
         20:d8:3d:f5:ee:70:d7:ba:fb:81:83:e7:43:68:92:f8:76:9d:
         53:93:eb:15:95:39:ea:30:2b:4d:07:15:ec:94:ec:56:56:11:
         65:13:bb:0f:5e:ed:16:be:61:75:09:8d:1e:3b:cd:79:59:36:
         32:3b:dd:5c:ec:67:6b:4c:74:42:cc:6e:31:c5:4a:b5:f9:10:
         cc:06:aa:10:8b:84:41:88:e9:93:bf:90:a1:00:36:fe:f9:33:
         39:f0:af:43:11:7d:85:89:0b:ad:1f:d2:7d:10:ed:b2:6d:f1:
         8d:24:79:58:12:d9:a3:9c:c8:ce:d2:86:d9:c2:85:2c:ae:b8:
         c0:95:55:39:53:88:8e:8e:ff:03:9d:a1:b7:a8:f8:8d:d5:38:
         f1:71:d1:7a:67:72:d7:e3:e1:95:81:9b:3d:1e:77:8a:70:40:
         b6:e9:a9:a9:25:9b:14:fe:9b:fe:f6:54:3b:ff:fb:93:89:05:
         dd:ec:f6:22:7f:b9:24:fa:94:31:4e:a7:92:01:f8:f7:54:10:
         14:dc:30:12:14:2e:eb:f0:d3:af:f1:c3:9b:b7:36:d3:3e:ae:
         d0:a5:41:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVumlj5/grd3kxlyL1UiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OWNiOTIzZTQwNjliZmUzNjJlMmQ5NmZmYWIyZmYzMTA3
ODMxN2EwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDg0OWQ1ODRhNDZkNjkyNzU1MDI3YmQzMDE5YjFiYjlhOWExMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVtjSRjWWexu42P7av0qyAi0Cegp
+dL6n8B/jf06rWWRZJWLLfY6/I1bXla1hUXBT4kWQRloLFm1djZD/riuo288w0KJ
NknY9hNMRIYyUpH+hk1QfsQiWemQh6Y73EVviuEOGTmLd0/eDjIy+i8+hsNOv8+9
oEa7HCGPpk2gnWfAyIrUzZ0Y6Rjn+4ViudS4T8FphEm8qsyWSgpqIyRc0O8VNasP
YuimzxKFM7O4GTlykgJ58mrop3kbKq1FeXjpJu2IlsSidg09lFUM5POBwnVqqQ31
KRUfQgmrV/D4RsEcYEPcfPEF0zkzAsUu/UQ2Gjff8tSF4HZJi0hABq9QZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2EnVhKRtaSdVAnvTAZsbuamhKBMB8GA1UdIwQY
MBaAFPWcuSPkBpv+Ni4tlv+rL/MQeDF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVp5NUktUUdtXzQyTGkyV182c3Y4eEI0TVhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MjYyOTgtMDI3OS00YjkzLWE5ODUt
YTA0YWQyMmUzM2YzLzEvTFlTZFdFcEcxcEoxVUNlOU1CbXh1NXFhRW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MjYyOTgtMDI3OS00YjkzLWE5ODUtYTA0YWQyMmUzM2Yz
LzEvOVp5NUktUUdtXzQyTGkyV182c3Y4eEI0TVhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AaMA0G
CSqGSIb3DQEBCwUAA4IBAQDOyZTS3OH/dvx8g5EL+RxtNOgllJ/dFC/qxUJl5U8P
FsdBxNcg2D317nDXuvuBg+dDaJL4dp1Tk+sVlTnqMCtNBxXslOxWVhFlE7sPXu0W
vmF1CY0eO815WTYyO91c7GdrTHRCzG4xxUq1+RDMBqoQi4RBiOmTv5ChADb++TM5
8K9DEX2FiQutH9J9EO2ybfGNJHlYEtmjnMjO0obZwoUsrrjAlVU5U4iOjv8DnaG3
qPiN1TjxcdF6Z3LX4+GVgZs9HneKcEC26ampJZsU/pv+9lQ7//uTiQXd7PYif7kk
+pQxTqeSAfj3VBAU3DASFC7r8NOv8cObtzbTPq7QpUEa
-----END CERTIFICATE-----