Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/cLMX8bBVVSajj0J2R8-8rTZhcTA.roa
File:                     cLMX8bBVVSajj0J2R8-8rTZhcTA.roa (raw, json)
Hash identifier:          eabZie9qSeiStaJfe1O1VLj2A1alZfffr0TTP2mIDSk=
Subject key identifier:   70:B3:17:F1:B0:55:55:26:A3:8F:42:76:47:CF:BC:AD:36:61:71:30
Certificate issuer:       /CN=5d644b902caa17a99d65c46cb3a6f8d939cd98b5
Certificate serial:       0191BCE001007AA394E6252603B75CAA4A85
Authority key identifier: 5D:64:4B:90:2C:AA:17:A9:9D:65:C4:6C:B3:A6:F8:D9:39:CD:98:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XWRLkCyqF6mdZcRss6b42TnNmLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/cLMX8bBVVSajj0J2R8-8rTZhcTA.roa
Signing time:             Wed 04 Sep 2024 11:51:22 +0000
ROA not before:           Wed 04 Sep 2024 11:51:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58323
IP address blocks:        62.3.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/XWRLkCyqF6mdZcRss6b42TnNmLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/XWRLkCyqF6mdZcRss6b42TnNmLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XWRLkCyqF6mdZcRss6b42TnNmLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:e0:01:00:7a:a3:94:e6:25:26:03:b7:5c:aa:4a:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d644b902caa17a99d65c46cb3a6f8d939cd98b5
        Validity
            Not Before: Sep  4 11:51:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70b317f1b0555526a38f427647cfbcad36617130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ff:e3:c5:fe:17:aa:4b:c1:2c:57:04:2d:9a:
                    b6:17:01:c4:9c:a8:0f:9c:48:bb:b0:4c:9c:42:d1:
                    e3:48:f0:38:9a:8f:ec:97:10:8a:e7:6c:38:63:bd:
                    ef:dc:eb:7b:ee:ca:ff:50:01:a3:96:32:48:40:fc:
                    bf:ea:86:de:46:90:f5:ca:84:38:0e:4d:4b:e3:5c:
                    90:66:55:80:98:5a:24:06:35:36:47:40:57:00:70:
                    06:5a:90:62:71:bd:5d:2d:6d:60:53:a2:77:74:78:
                    d0:ee:ac:8d:e7:c3:bc:b8:a2:c3:9d:e1:bf:25:8f:
                    50:54:3d:ad:04:69:dd:91:63:01:30:4d:47:3e:44:
                    06:b2:50:e4:24:3d:e5:13:ba:c7:5b:14:65:c6:fd:
                    ca:6d:40:f4:35:40:19:46:57:41:fa:c3:1e:74:c3:
                    fe:92:32:2c:a9:13:ee:ac:bf:d3:7a:1a:27:d5:25:
                    34:38:d6:d7:a2:2f:7b:a9:01:e3:9f:bf:85:f3:ce:
                    d0:c6:95:e2:26:24:4a:7a:48:15:6d:e2:ab:3a:c6:
                    1c:de:e2:ca:ad:df:38:2f:56:9b:31:4d:c6:7c:36:
                    25:26:64:c3:b5:67:67:c0:86:54:07:4d:1e:30:a4:
                    82:8f:d0:e9:0e:e7:3d:90:d9:34:bf:fd:d0:94:a9:
                    dd:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:B3:17:F1:B0:55:55:26:A3:8F:42:76:47:CF:BC:AD:36:61:71:30
            X509v3 Authority Key Identifier:
                keyid:5D:64:4B:90:2C:AA:17:A9:9D:65:C4:6C:B3:A6:F8:D9:39:CD:98:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XWRLkCyqF6mdZcRss6b42TnNmLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/cLMX8bBVVSajj0J2R8-8rTZhcTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/XWRLkCyqF6mdZcRss6b42TnNmLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:39:32:2e:a6:c9:fb:b0:22:19:90:27:2b:40:d7:17:cb:8c:
         6a:cc:74:96:81:f9:fb:27:93:dc:af:1c:f9:de:6c:11:0b:c8:
         36:68:49:01:e0:79:48:0f:5c:74:99:b5:78:fa:a6:cb:ba:35:
         32:98:48:8f:2d:24:0e:06:61:05:7a:f2:87:92:aa:9e:55:16:
         a5:c5:93:70:56:c7:b0:91:99:f6:4b:89:b7:46:b6:d1:6e:3b:
         8b:50:e2:6b:02:2c:59:2a:38:e2:92:e6:a3:59:74:51:c4:24:
         3e:b3:25:91:05:1a:17:f6:07:56:83:5a:2b:09:ae:ff:ba:ac:
         0b:31:f6:2d:28:a5:55:13:e9:79:f7:c0:ba:08:5a:a3:5a:06:
         d0:97:22:18:33:5c:27:87:ae:7c:13:0c:9f:e5:60:33:46:76:
         e3:c3:b7:94:fc:51:25:bc:6b:81:bc:fb:d9:10:40:1f:cf:a9:
         ba:84:30:36:c7:65:7f:22:fe:2c:55:8f:08:f4:12:8b:32:d0:
         13:ea:a5:a3:03:30:ed:49:40:af:a5:45:f8:0d:c0:ad:ff:7d:
         d8:42:9a:66:40:bc:c3:13:26:c5:a1:8d:13:62:73:26:7b:42:
         ac:4d:e9:c9:55:5a:10:bb:02:5b:ac:73:2e:ec:57:23:5d:0b:
         0b:14:16:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG84AEAeqOU5iUmA7dcqkqFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNjQ0YjkwMmNhYTE3YTk5ZDY1YzQ2Y2IzYTZmOGQ5Mzlj
ZDk4YjUwHhcNMjQwOTA0MTE1MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGIzMTdmMWIwNTU1NTI2YTM4ZjQyNzY0N2NmYmNhZDM2NjE3MTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt//jxf4XqkvBLFcELZq2FwHEnKgP
nEi7sEycQtHjSPA4mo/slxCK52w4Y73v3Ot77sr/UAGjljJIQPy/6obeRpD1yoQ4
Dk1L41yQZlWAmFokBjU2R0BXAHAGWpBicb1dLW1gU6J3dHjQ7qyN58O8uKLDneG/
JY9QVD2tBGndkWMBME1HPkQGslDkJD3lE7rHWxRlxv3KbUD0NUAZRldB+sMedMP+
kjIsqRPurL/Tehon1SU0ONbXoi97qQHjn7+F887QxpXiJiRKekgVbeKrOsYc3uLK
rd84L1abMU3GfDYlJmTDtWdnwIZUB00eMKSCj9DpDuc9kNk0v/3QlKndAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCzF/GwVVUmo49CdkfPvK02YXEwMB8GA1UdIwQY
MBaAFF1kS5AsqhepnWXEbLOm+Nk5zZi1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFdSTGtDeXFGNm1kWmNSc3M2YjQyVG5ObUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZDM5YTctZWQxYS00YmYzLWI1YTYt
NDBkODM2YzYyODI5LzEvY0xNWDhiQlZWU2FqajBKMlI4LThyVFpoY1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZDM5YTctZWQxYS00YmYzLWI1YTYtNDBkODM2YzYyODI5
LzEvWFdSTGtDeXFGNm1kWmNSc3M2YjQyVG5ObUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMrMA0G
CSqGSIb3DQEBCwUAA4IBAQBoOTIupsn7sCIZkCcrQNcXy4xqzHSWgfn7J5Pcrxz5
3mwRC8g2aEkB4HlID1x0mbV4+qbLujUymEiPLSQOBmEFevKHkqqeVRalxZNwVsew
kZn2S4m3RrbRbjuLUOJrAixZKjjikuajWXRRxCQ+syWRBRoX9gdWg1orCa7/uqwL
MfYtKKVVE+l598C6CFqjWgbQlyIYM1wnh658Ewyf5WAzRnbjw7eU/FElvGuBvPvZ
EEAfz6m6hDA2x2V/Iv4sVY8I9BKLMtAT6qWjAzDtSUCvpUX4DcCt/33YQppmQLzD
EybFoY0TYnMme0KsTenJVVoQuwJbrHMu7FcjXQsLFBb5
-----END CERTIFICATE-----