Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/4LizlSqCzVZtZSnNSqMUmsHGBWA.roa
File:                     4LizlSqCzVZtZSnNSqMUmsHGBWA.roa (raw, json)
Hash identifier:          hsxx4wKmgg3BVy8Aiv2rzGSm6YdEgYTf3bmuj9EPFwM=
Subject key identifier:   E0:B8:B3:95:2A:82:CD:56:6D:65:29:CD:4A:A3:14:9A:C1:C6:05:60
Certificate issuer:       /CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
Certificate serial:       018F063244E47609D7135F4C205E85778B16
Authority key identifier: BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/4LizlSqCzVZtZSnNSqMUmsHGBWA.roa
Signing time:             Mon 22 Apr 2024 14:25:08 +0000
ROA not before:           Mon 22 Apr 2024 14:25:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        212.96.152.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:32:44:e4:76:09:d7:13:5f:4c:20:5e:85:77:8b:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
        Validity
            Not Before: Apr 22 14:25:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0b8b3952a82cd566d6529cd4aa3149ac1c60560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b2:d1:1d:b5:89:c2:23:6e:6e:50:2d:c3:12:
                    58:58:b8:a2:de:66:1d:54:1f:21:59:d2:c6:31:3a:
                    7a:74:54:c3:e3:8f:46:0b:ba:fc:03:32:a9:de:c1:
                    82:d3:36:b3:d1:74:ea:3b:b3:37:e0:65:04:32:17:
                    cf:84:2e:01:be:27:64:5b:e1:e2:09:7a:29:49:1c:
                    2e:55:c8:48:53:9e:2e:4f:25:12:94:5c:c9:09:f8:
                    4d:af:3f:34:60:08:36:f2:1e:54:19:7d:50:12:fb:
                    1d:20:c7:a3:d0:80:e4:86:f8:7e:a3:ba:1b:26:1b:
                    ae:cf:c8:31:46:49:e8:e9:e4:6c:3b:25:a1:06:e8:
                    ce:a6:2a:5c:b6:e9:21:c4:fc:fe:b7:c0:7f:33:6d:
                    ee:2e:df:0b:17:c3:98:65:47:b6:31:a4:7a:60:34:
                    f6:68:f3:00:35:a3:c0:26:f2:8c:fd:51:a2:41:0f:
                    3c:d2:92:9f:66:59:9a:c2:c7:31:1b:c5:f8:70:30:
                    56:94:e8:a8:5a:52:39:52:75:c1:39:f0:d7:18:54:
                    2d:53:72:5a:79:1a:7f:39:03:e9:a3:1a:e6:86:ee:
                    4e:e4:af:71:e5:94:b2:09:97:ff:a8:47:36:62:20:
                    c8:c4:e9:ac:1e:79:92:35:5e:7d:d8:37:6f:ad:32:
                    cf:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:B8:B3:95:2A:82:CD:56:6D:65:29:CD:4A:A3:14:9A:C1:C6:05:60
            X509v3 Authority Key Identifier:
                keyid:BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/4LizlSqCzVZtZSnNSqMUmsHGBWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.96.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e7:a2:ce:a4:78:d4:a3:b4:6e:ed:6c:da:68:7e:02:89:ef:f2:
         e1:b7:06:43:6a:f3:42:a3:86:7d:83:0c:c9:26:d5:e5:68:18:
         9d:b2:34:f6:9a:fb:89:2f:35:2a:01:2c:fa:c8:cb:ad:25:07:
         3d:45:9d:4e:41:bc:ae:ce:14:ca:c5:f7:01:29:a6:4e:1a:4f:
         ed:c1:e3:b3:3a:cc:91:0c:23:54:f9:a6:10:ae:a1:4c:70:14:
         9a:a5:29:4c:60:e2:c4:5c:cb:13:fb:63:d7:12:09:c3:bb:b0:
         c9:0c:71:52:e6:42:b7:b0:c9:24:6a:4e:0d:a1:7b:56:95:b9:
         67:e0:8e:62:71:c3:56:09:4a:5c:66:4f:d1:db:c8:f1:e0:92:
         45:15:a9:69:cf:0c:80:ad:93:7d:1a:e1:09:37:98:c8:3e:c9:
         5d:33:ae:d7:36:30:1c:73:10:aa:5c:11:02:96:f1:08:b1:e7:
         86:46:22:cf:7b:e6:15:dc:91:c3:ba:5e:66:75:7b:da:67:f9:
         0e:fc:f1:fa:18:c1:8d:12:1a:08:fd:b1:6c:7a:b3:5a:09:a2:
         73:45:85:02:4d:e7:9a:9f:63:1c:bc:36:bd:20:b1:9b:c8:9c:
         6e:a2:b8:32:96:4d:95:b6:d4:27:87:f3:5d:3a:06:1e:69:d7:
         0b:9b:51:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8GMkTkdgnXE19MIF6Fd4sWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjM2EyNTJhOGZjY2EwMzYxZGEyMzRhNGYzZGRiOTU3Nzg5
ZDBlNTUwHhcNMjQwNDIyMTQyNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGI4YjM5NTJhODJjZDU2NmQ2NTI5Y2Q0YWEzMTQ5YWMxYzYwNTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7LRHbWJwiNublAtwxJYWLii3mYd
VB8hWdLGMTp6dFTD449GC7r8AzKp3sGC0zaz0XTqO7M34GUEMhfPhC4BvidkW+Hi
CXopSRwuVchIU54uTyUSlFzJCfhNrz80YAg28h5UGX1QEvsdIMej0IDkhvh+o7ob
Jhuuz8gxRkno6eRsOyWhBujOpipctukhxPz+t8B/M23uLt8LF8OYZUe2MaR6YDT2
aPMANaPAJvKM/VGiQQ880pKfZlmawscxG8X4cDBWlOioWlI5UnXBOfDXGFQtU3Ja
eRp/OQPpoxrmhu5O5K9x5ZSyCZf/qEc2YiDIxOmsHnmSNV592DdvrTLPGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOC4s5Uqgs1WbWUpzUqjFJrBxgVgMB8GA1UdIwQY
MBaAFLw6JSqPzKA2HaI0pPPduVd4nQ5VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDkt
MGExOTUxOGY3MzU4LzEvNExpemxTcUN6Vlp0WlNuTlNxTVVtc0hHQldBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDktMGExOTUxOGY3MzU4
LzEvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1GCYMA0G
CSqGSIb3DQEBCwUAA4IBAQDnos6keNSjtG7tbNpofgKJ7/LhtwZDavNCo4Z9gwzJ
JtXlaBidsjT2mvuJLzUqASz6yMutJQc9RZ1OQbyuzhTKxfcBKaZOGk/tweOzOsyR
DCNU+aYQrqFMcBSapSlMYOLEXMsT+2PXEgnDu7DJDHFS5kK3sMkkak4NoXtWlbln
4I5iccNWCUpcZk/R28jx4JJFFalpzwyArZN9GuEJN5jIPsldM67XNjAccxCqXBEC
lvEIseeGRiLPe+YV3JHDul5mdXvaZ/kO/PH6GMGNEhoI/bFserNaCaJzRYUCTeea
n2McvDa9ILGbyJxuorgylk2VttQnh/NdOgYeadcLm1Gr
-----END CERTIFICATE-----