Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LK4MoqpOkSh7uvlnYvf6facKVjQ.roa
File:                     LK4MoqpOkSh7uvlnYvf6facKVjQ.roa (raw, json)
Hash identifier:          kXAyqvuLzR+9XcThXrLfAPEJCxc2FiMbaVC1u+fR1bE=
Subject key identifier:   2C:AE:0C:A2:AA:4E:91:28:7B:BA:F9:67:62:F7:FA:7D:A7:0A:56:34
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F614ECE1CC115C9D464BAB9285400E1D7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LK4MoqpOkSh7uvlnYvf6facKVjQ.roa
Signing time:             Fri 10 May 2024 07:01:45 +0000
ROA not before:           Fri 10 May 2024 07:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13649
IP address blocks:        82.153.68.0/24 maxlen: 24
                          82.153.71.0/24 maxlen: 24
                          89.213.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:61:4e:ce:1c:c1:15:c9:d4:64:ba:b9:28:54:00:e1:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 10 07:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2cae0ca2aa4e91287bbaf96762f7fa7da70a5634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:b1:1c:f5:a7:75:1d:e7:bd:df:74:f9:7b:d5:
                    ec:7b:59:67:4d:41:a2:a3:57:e0:82:6a:94:a6:a1:
                    7c:fb:7b:46:d0:15:ae:07:61:00:b6:83:a0:de:c8:
                    bc:8a:41:e4:b7:88:b9:20:90:f8:89:c6:af:6d:24:
                    2c:16:e8:09:98:4b:67:7b:4c:7a:57:1d:5b:db:bc:
                    ee:15:20:6a:59:94:e2:36:7c:5e:66:97:40:fe:e0:
                    78:d2:81:e4:d6:ae:b5:04:7e:a8:44:f3:cf:3e:63:
                    c5:c3:03:2e:0f:e1:cf:d0:8f:aa:74:dd:96:d6:47:
                    66:63:26:88:d5:7a:90:d7:d7:22:45:13:d7:e8:3f:
                    70:78:69:79:51:57:23:d5:2e:19:d7:73:65:43:d9:
                    0f:96:7d:7d:14:3b:74:c8:f5:ba:d3:dd:bb:32:91:
                    37:ba:25:97:de:c6:63:25:db:58:a1:f7:92:ac:4a:
                    e0:76:d5:c6:6f:9e:8f:0b:c7:cd:87:93:f8:ee:91:
                    af:10:6d:01:b3:fc:9e:53:88:9c:b0:b4:5e:c1:db:
                    2b:68:dc:cd:1d:b8:04:b8:b3:20:2e:30:57:bc:24:
                    52:cd:8b:b7:b1:07:29:c0:e6:1f:89:30:87:d0:38:
                    99:a0:49:16:63:13:a2:ca:26:10:3c:d9:ae:17:98:
                    2f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:AE:0C:A2:AA:4E:91:28:7B:BA:F9:67:62:F7:FA:7D:A7:0A:56:34
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LK4MoqpOkSh7uvlnYvf6facKVjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.68.0/24
                  82.153.71.0/24
                  89.213.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:82:d6:04:85:41:7e:13:e4:67:74:a4:41:37:c8:d8:7c:08:
         8f:ed:8a:bf:85:d5:e5:15:99:ba:cd:a7:97:be:d0:70:09:9d:
         26:59:a9:ac:f7:14:f0:ad:22:85:8c:69:5b:85:29:45:fa:e9:
         79:06:46:c7:6a:ac:73:52:da:80:f1:24:ff:a4:10:83:fd:bc:
         de:16:a8:48:be:ad:59:f2:0c:f8:ae:84:35:a5:44:8b:55:34:
         53:0b:72:60:28:7d:cb:b7:c0:11:65:51:2a:81:10:c9:a6:ee:
         17:5d:a7:04:6b:fa:6a:38:c1:2c:38:d3:37:c2:23:3d:24:b2:
         46:2c:26:42:33:0f:01:be:d7:c8:fe:63:0e:1f:a1:f4:79:f3:
         80:e2:c6:56:b5:6e:4b:06:5c:04:5f:4a:30:9f:fc:ea:2c:8f:
         f0:29:de:67:78:72:b2:0b:49:04:bf:8d:85:aa:30:56:35:29:
         46:89:b2:4f:c4:98:51:31:3d:ae:94:54:94:f1:76:3e:d9:ae:
         62:ff:56:3f:91:a3:39:fe:c3:e0:2b:11:1c:0b:8d:27:9d:f0:
         0f:22:5e:08:9b:a8:02:18:5b:f2:71:20:e9:a6:63:c1:39:e8:
         ee:0f:22:f8:d2:8a:3f:cb:b9:0b:48:00:c4:ef:a0:fe:8b:63:
         fd:e9:47:97
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY9hTs4cwRXJ1GS6uShUAOHXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTEwMDcwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2FlMGNhMmFhNGU5MTI4N2JiYWY5Njc2MmY3ZmE3ZGE3MGE1NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhbEc9ad1Hee933T5e9Xse1lnTUGi
o1fggmqUpqF8+3tG0BWuB2EAtoOg3si8ikHkt4i5IJD4icavbSQsFugJmEtne0x6
Vx1b27zuFSBqWZTiNnxeZpdA/uB40oHk1q61BH6oRPPPPmPFwwMuD+HP0I+qdN2W
1kdmYyaI1XqQ19ciRRPX6D9weGl5UVcj1S4Z13NlQ9kPln19FDt0yPW60927MpE3
uiWX3sZjJdtYofeSrErgdtXGb56PC8fNh5P47pGvEG0Bs/yeU4icsLRewdsraNzN
HbgEuLMgLjBXvCRSzYu3sQcpwOYfiTCH0DiZoEkWYxOiyiYQPNmuF5gvyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCyuDKKqTpEoe7r5Z2L3+n2nClY0MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTEs0TW9xcE9rU2g3dXZsbll2ZjZmYWNLVmpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUplEAwQA
UplHAwQAWdW0MA0GCSqGSIb3DQEBCwUAA4IBAQBPgtYEhUF+E+RndKRBN8jYfAiP
7Yq/hdXlFZm6zaeXvtBwCZ0mWams9xTwrSKFjGlbhSlF+ul5BkbHaqxzUtqA8ST/
pBCD/bzeFqhIvq1Z8gz4roQ1pUSLVTRTC3JgKH3Lt8ARZVEqgRDJpu4XXacEa/pq
OMEsONM3wiM9JLJGLCZCMw8BvtfI/mMOH6H0efOA4sZWtW5LBlwEX0own/zqLI/w
Kd5neHKyC0kEv42FqjBWNSlGibJPxJhRMT2ulFSU8XY+2a5i/1Y/kaM5/sPgKxEc
C40nnfAPIl4Im6gCGFvycSDppmPBOejuDyL40oo/y7kLSADE76D+i2P96UeX
-----END CERTIFICATE-----