Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/2LxCXwcdBvnOAshJGnPWvVFHma0.roa
File:                     2LxCXwcdBvnOAshJGnPWvVFHma0.roa (raw, json)
Hash identifier:          sJcMIIVWJakaN7to4ADKrt8Ln9TEBgGy4sCYmtLKqPY=
Subject key identifier:   D8:BC:42:5F:07:1D:06:F9:CE:02:C8:49:1A:73:D6:BD:51:47:99:AD
Certificate issuer:       /CN=5ad8a44dad315f21ea992fc6e10482c41ecdfcf5
Certificate serial:       018CC64A6540961F716CE3E38ED462EFC582
Authority key identifier: 5A:D8:A4:4D:AD:31:5F:21:EA:99:2F:C6:E1:04:82:C4:1E:CD:FC:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WtikTa0xXyHqmS_G4QSCxB7N_PU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/2LxCXwcdBvnOAshJGnPWvVFHma0.roa
Signing time:             Mon 01 Jan 2024 18:30:13 +0000
ROA not before:           Mon 01 Jan 2024 18:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62313
IP address blocks:        91.233.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/WtikTa0xXyHqmS_G4QSCxB7N_PU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/WtikTa0xXyHqmS_G4QSCxB7N_PU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WtikTa0xXyHqmS_G4QSCxB7N_PU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:65:40:96:1f:71:6c:e3:e3:8e:d4:62:ef:c5:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ad8a44dad315f21ea992fc6e10482c41ecdfcf5
        Validity
            Not Before: Jan  1 18:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8bc425f071d06f9ce02c8491a73d6bd514799ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ad:50:f6:74:46:a6:54:ce:93:e1:67:07:33:
                    de:9a:1b:57:31:45:94:09:b0:d6:fd:d8:5d:00:15:
                    56:26:6d:a8:69:be:d5:9f:4f:fa:19:1b:d4:1b:ae:
                    46:80:83:5f:ab:2a:30:a0:83:eb:92:44:f0:9e:52:
                    bb:70:a4:a6:8d:46:cb:06:cb:e2:0d:54:9e:db:72:
                    82:a1:b9:ba:6b:68:32:5f:a5:2f:84:9b:73:ff:99:
                    82:71:5f:88:ff:67:64:8e:ac:d9:24:47:8b:95:78:
                    7e:ca:c3:b4:f1:1a:2e:9d:b4:db:b5:58:b5:7d:89:
                    20:10:0f:54:dc:86:a8:c3:4f:14:f2:9c:b5:02:1a:
                    22:1b:47:ce:2e:b2:64:87:69:b8:b4:b5:90:42:21:
                    e4:3a:68:36:47:7f:05:f5:2d:46:be:e2:59:f9:f7:
                    f5:36:47:38:de:51:86:36:db:6d:6b:fd:13:e9:77:
                    d5:56:03:5d:c6:dc:ff:2d:8b:0a:f9:87:fb:2b:d5:
                    20:7d:b1:c9:32:f2:08:0c:34:8c:69:12:ec:1f:54:
                    f0:52:6f:9b:95:ab:61:ca:2f:86:27:eb:03:65:59:
                    0d:00:a9:b6:eb:f0:27:79:a1:8b:8d:7e:6b:6e:3d:
                    a4:df:81:5b:44:e6:46:a1:65:f1:3d:de:c3:ee:d1:
                    9a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:BC:42:5F:07:1D:06:F9:CE:02:C8:49:1A:73:D6:BD:51:47:99:AD
            X509v3 Authority Key Identifier:
                keyid:5A:D8:A4:4D:AD:31:5F:21:EA:99:2F:C6:E1:04:82:C4:1E:CD:FC:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WtikTa0xXyHqmS_G4QSCxB7N_PU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/2LxCXwcdBvnOAshJGnPWvVFHma0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/83f818-19c0-4702-83e5-d95636a7a664/1/WtikTa0xXyHqmS_G4QSCxB7N_PU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:fb:63:6e:ae:d4:63:00:9f:f3:d9:84:1f:ee:3b:88:f6:29:
         77:39:0f:c3:20:39:4d:d0:cd:43:33:ab:00:85:6e:b6:82:3b:
         8d:43:ac:50:92:55:c6:c6:f2:7d:9b:d8:9b:24:fc:07:33:d1:
         aa:79:48:ff:e6:c5:f9:1e:f7:c0:57:74:9f:41:b4:24:52:83:
         87:d7:88:0f:f2:98:3e:82:0a:f5:dc:91:0c:bc:f4:b0:b3:2e:
         92:5b:50:9f:39:75:36:c6:58:d1:e7:27:4e:56:d8:d5:91:9e:
         c7:37:74:08:f1:8e:0c:a2:75:47:af:f4:a7:ed:dc:82:92:50:
         60:40:75:3c:4c:60:87:1a:fd:21:23:b7:7c:b7:c2:eb:cf:24:
         d0:4a:d8:31:f4:4b:e9:a0:48:85:8b:c1:00:8b:a5:e7:b0:10:
         53:41:98:14:e2:8f:0d:51:00:83:18:b8:bc:e5:df:b8:59:8e:
         ba:bc:ce:fa:61:1f:f9:b6:0c:63:1c:16:5c:bf:26:7f:79:6e:
         1d:d1:46:bd:ee:21:6a:8f:ff:23:d2:4b:d1:1c:bd:3e:20:2c:
         b7:07:8e:af:41:1a:f3:2d:97:ff:88:d7:5c:cc:55:cc:4e:8e:
         40:e0:3e:95:b2:6e:12:b7:71:2e:2b:c6:46:51:0b:c5:3b:a4:
         b4:0a:0e:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSmVAlh9xbOPjjtRi78WCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZDhhNDRkYWQzMTVmMjFlYTk5MmZjNmUxMDQ4MmM0MWVj
ZGZjZjUwHhcNMjQwMTAxMTgzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGJjNDI1ZjA3MWQwNmY5Y2UwMmM4NDkxYTczZDZiZDUxNDc5OWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgq1Q9nRGplTOk+FnBzPemhtXMUWU
CbDW/dhdABVWJm2oab7Vn0/6GRvUG65GgINfqyowoIPrkkTwnlK7cKSmjUbLBsvi
DVSe23KCobm6a2gyX6UvhJtz/5mCcV+I/2dkjqzZJEeLlXh+ysO08RounbTbtVi1
fYkgEA9U3Iaow08U8py1AhoiG0fOLrJkh2m4tLWQQiHkOmg2R38F9S1GvuJZ+ff1
Nkc43lGGNttta/0T6XfVVgNdxtz/LYsK+Yf7K9UgfbHJMvIIDDSMaRLsH1TwUm+b
lathyi+GJ+sDZVkNAKm26/AneaGLjX5rbj2k34FbROZGoWXxPd7D7tGaewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNi8Ql8HHQb5zgLISRpz1r1RR5mtMB8GA1UdIwQY
MBaAFFrYpE2tMV8h6pkvxuEEgsQezfz1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3Rpa1RhMHhYeUhxbVNfRzRRU0N4QjdOX1BVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi84M2Y4MTgtMTljMC00NzAyLTgzZTUt
ZDk1NjM2YTdhNjY0LzEvMkx4Q1h3Y2RCdm5PQXNoSkduUFd2VkZIbWEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi84M2Y4MTgtMTljMC00NzAyLTgzZTUtZDk1NjM2YTdhNjY0
LzEvV3Rpa1RhMHhYeUhxbVNfRzRRU0N4QjdOX1BVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+kjMA0G
CSqGSIb3DQEBCwUAA4IBAQCV+2NurtRjAJ/z2YQf7juI9il3OQ/DIDlN0M1DM6sA
hW62gjuNQ6xQklXGxvJ9m9ibJPwHM9GqeUj/5sX5HvfAV3SfQbQkUoOH14gP8pg+
ggr13JEMvPSwsy6SW1CfOXU2xljR5ydOVtjVkZ7HN3QI8Y4MonVHr/Sn7dyCklBg
QHU8TGCHGv0hI7d8t8LrzyTQStgx9EvpoEiFi8EAi6XnsBBTQZgU4o8NUQCDGLi8
5d+4WY66vM76YR/5tgxjHBZcvyZ/eW4d0Ua97iFqj/8j0kvRHL0+ICy3B46vQRrz
LZf/iNdczFXMTo5A4D6Vsm4St3EuK8ZGUQvFO6S0Cg4h
-----END CERTIFICATE-----