Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/LgFG4nODBuEfMap_0EB0I6AzIf0.roa
File:                     LgFG4nODBuEfMap_0EB0I6AzIf0.roa (raw, json)
Hash identifier:          B1An4w+sAzqzQenFANWrQdGmOyYJaC6movEK2Yx+y7s=
Subject key identifier:   2E:01:46:E2:73:83:06:E1:1F:31:AA:7F:D0:40:74:23:A0:33:21:FD
Certificate issuer:       /CN=a9cc44d7f1d0dc0a5abf2776495b61de4819925f
Certificate serial:       018CC3B6A43B1FEDE9AE9B4A53FB46785AA8
Authority key identifier: A9:CC:44:D7:F1:D0:DC:0A:5A:BF:27:76:49:5B:61:DE:48:19:92:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qcxE1_HQ3Apavyd2SVth3kgZkl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/LgFG4nODBuEfMap_0EB0I6AzIf0.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.253.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/qcxE1_HQ3Apavyd2SVth3kgZkl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/qcxE1_HQ3Apavyd2SVth3kgZkl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qcxE1_HQ3Apavyd2SVth3kgZkl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a4:3b:1f:ed:e9:ae:9b:4a:53:fb:46:78:5a:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9cc44d7f1d0dc0a5abf2776495b61de4819925f
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e0146e2738306e11f31aa7fd0407423a03321fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4b:da:39:ba:e3:c0:d4:53:b0:12:53:e1:33:
                    89:65:b0:1a:13:e1:41:6a:42:7d:a6:d2:f5:17:12:
                    43:29:cd:6e:fb:54:7a:11:0c:5f:b4:1b:99:21:51:
                    93:0d:5b:87:ac:7c:01:75:43:99:c9:56:20:c7:b0:
                    bf:a0:4f:e6:d9:ae:19:ad:a6:f6:b0:a4:d5:27:05:
                    8d:5f:9e:b6:c8:fb:c0:14:83:bd:96:80:ea:de:88:
                    c0:46:9a:d3:0a:5e:81:fc:06:9e:f2:ea:c0:74:55:
                    a7:fd:bc:0b:08:96:5c:cd:a7:06:87:69:59:9b:98:
                    cf:38:e4:fa:e8:05:f5:34:c5:2e:c7:ba:25:39:1d:
                    e5:16:2d:c7:e8:ea:7b:e4:ec:c3:56:14:dc:ff:d5:
                    44:1f:0f:0f:aa:93:c2:1e:8d:7d:ef:33:fb:40:c8:
                    3e:2e:20:60:9f:73:8c:2f:50:0b:40:2f:f1:4b:e1:
                    90:6c:d3:ab:20:5c:e3:6c:97:0f:98:85:5f:15:d2:
                    cc:fb:11:d9:e4:39:4f:7c:91:90:56:8c:0b:84:0a:
                    13:bb:45:9a:48:bd:97:bb:ef:5b:03:74:2d:84:d8:
                    a2:c4:f3:21:ba:59:68:5f:9b:cc:1f:89:88:2c:4a:
                    82:ce:dd:41:d2:4f:a7:05:86:45:bd:d3:c3:d9:86:
                    57:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:01:46:E2:73:83:06:E1:1F:31:AA:7F:D0:40:74:23:A0:33:21:FD
            X509v3 Authority Key Identifier:
                keyid:A9:CC:44:D7:F1:D0:DC:0A:5A:BF:27:76:49:5B:61:DE:48:19:92:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qcxE1_HQ3Apavyd2SVth3kgZkl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/LgFG4nODBuEfMap_0EB0I6AzIf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/qcxE1_HQ3Apavyd2SVth3kgZkl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:85:05:60:9b:6c:81:67:12:c9:7c:91:50:89:b3:b9:7c:77:
         d5:f3:70:05:9f:ef:c1:af:04:1c:a2:35:44:a3:44:ee:9e:b0:
         7e:81:60:6a:c5:9c:72:47:56:90:a2:b6:2a:14:35:54:e3:e5:
         5d:8d:50:53:65:56:d9:56:87:35:8d:ca:71:96:c1:5c:b5:0a:
         9c:88:47:97:84:66:cd:5f:08:33:e0:9f:96:c8:e3:90:46:dc:
         fd:47:89:c2:fb:63:30:87:ca:e6:93:24:ba:5b:97:01:ef:bc:
         26:fa:fe:97:3b:83:60:57:3d:7e:8f:f1:ac:1e:98:80:b3:e4:
         ba:b4:dc:41:f7:64:d4:81:c7:88:8f:94:77:e5:a1:c8:6d:a7:
         59:54:d0:ef:a8:42:e7:a6:fb:de:c4:c4:4d:11:91:52:8b:07:
         8b:19:74:e5:ff:fe:e3:f0:89:3f:b1:02:12:fc:c3:8f:6a:9f:
         02:63:b5:0d:d5:7e:8e:37:f4:d9:50:73:23:13:63:02:25:ff:
         ca:a6:3c:3b:07:83:46:4e:cf:75:72:6a:89:67:a6:b5:fa:7e:
         af:49:52:09:d8:f9:f6:eb:b5:9b:24:25:89:74:50:7a:14:cb:
         67:aa:60:87:f3:15:5e:06:52:f5:8e:1f:41:81:03:58:56:f8:
         85:df:58:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqQ7H+3prptKU/tGeFqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Y2M0NGQ3ZjFkMGRjMGE1YWJmMjc3NjQ5NWI2MWRlNDgx
OTkyNWYwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTAxNDZlMjczODMwNmUxMWYzMWFhN2ZkMDQwNzQyM2EwMzMyMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEvaObrjwNRTsBJT4TOJZbAaE+FB
akJ9ptL1FxJDKc1u+1R6EQxftBuZIVGTDVuHrHwBdUOZyVYgx7C/oE/m2a4Zrab2
sKTVJwWNX562yPvAFIO9loDq3ojARprTCl6B/Aae8urAdFWn/bwLCJZczacGh2lZ
m5jPOOT66AX1NMUux7olOR3lFi3H6Op75OzDVhTc/9VEHw8PqpPCHo197zP7QMg+
LiBgn3OML1ALQC/xS+GQbNOrIFzjbJcPmIVfFdLM+xHZ5DlPfJGQVowLhAoTu0Wa
SL2Xu+9bA3QthNiixPMhulloX5vMH4mILEqCzt1B0k+nBYZFvdPD2YZXFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4BRuJzgwbhHzGqf9BAdCOgMyH9MB8GA1UdIwQY
MBaAFKnMRNfx0NwKWr8ndklbYd5IGZJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWN4RTFfSFEzQXBhdnlkMlNWdGgza2daa2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9kYWI4NjctYTU3OS00YTk1LWFlZjct
MTYxN2YzOGE2ZGZjLzEvTGdGRzRuT0RCdUVmTWFwXzBFQjBJNkF6SWYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9kYWI4NjctYTU3OS00YTk1LWFlZjctMTYxN2YzOGE2ZGZj
LzEvcWN4RTFfSFEzQXBhdnlkMlNWdGgza2daa2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf0JMA0G
CSqGSIb3DQEBCwUAA4IBAQC+hQVgm2yBZxLJfJFQibO5fHfV83AFn+/BrwQcojVE
o0TunrB+gWBqxZxyR1aQorYqFDVU4+VdjVBTZVbZVoc1jcpxlsFctQqciEeXhGbN
Xwgz4J+WyOOQRtz9R4nC+2Mwh8rmkyS6W5cB77wm+v6XO4NgVz1+j/GsHpiAs+S6
tNxB92TUgceIj5R35aHIbadZVNDvqELnpvvexMRNEZFSiweLGXTl//7j8Ik/sQIS
/MOPap8CY7UN1X6ON/TZUHMjE2MCJf/Kpjw7B4NGTs91cmqJZ6a1+n6vSVIJ2Pn2
67WbJCWJdFB6FMtnqmCH8xVeBlL1jh9BgQNYVviF31gE
-----END CERTIFICATE-----