Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/LvhaSUySt-g0tldoSyk5s0en2gM.roa
File:                     LvhaSUySt-g0tldoSyk5s0en2gM.roa (raw, json)
Hash identifier:          //seJFnYxR2t63sZFMdOsUIIK/jsMB685cJUF9cyhlk=
Subject key identifier:   2E:F8:5A:49:4C:92:B7:E8:34:B6:57:68:4B:29:39:B3:47:A7:DA:03
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       0192E7B6FADD5D9C3D44A0744B0E20661F79
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/LvhaSUySt-g0tldoSyk5s0en2gM.roa
Signing time:             Fri 01 Nov 2024 12:33:01 +0000
ROA not before:           Fri 01 Nov 2024 12:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12372
IP address blocks:        83.125.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e7:b6:fa:dd:5d:9c:3d:44:a0:74:4b:0e:20:66:1f:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Nov  1 12:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ef85a494c92b7e834b657684b2939b347a7da03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:db:fe:58:a9:2a:e1:b8:7f:cc:2f:3a:34:2a:
                    45:ba:25:ed:20:db:bd:0a:2d:d3:6d:89:7c:7f:81:
                    38:fc:ad:d1:fe:bb:1b:51:d1:00:77:d1:44:be:45:
                    96:32:0d:8d:f5:94:2c:ce:3d:f0:7f:03:12:d4:03:
                    29:f4:f0:17:21:00:5f:a3:02:2b:f1:27:23:da:e1:
                    d4:3e:27:be:9e:54:61:26:8b:0e:c5:8b:c9:44:7a:
                    8e:de:e3:ad:42:07:e7:45:f7:eb:1c:e4:83:c6:10:
                    ce:28:00:ce:db:e6:51:e7:22:7a:54:e6:00:99:c9:
                    37:cd:02:7a:ae:ea:9e:c0:35:00:bd:0e:12:a8:b4:
                    2a:25:f8:87:ae:3b:df:c5:81:50:2e:de:dd:9c:fc:
                    cd:26:05:9a:f7:67:8a:d4:49:85:00:69:fa:1a:1f:
                    37:a6:34:40:eb:20:4d:ef:c1:72:73:ad:ad:a8:d1:
                    d6:9e:eb:e0:c6:55:15:3e:35:ec:7d:3f:80:03:bf:
                    c6:be:8d:d9:44:60:9a:91:cf:f9:36:e5:ac:79:98:
                    04:ff:0d:19:83:a9:17:85:70:f1:85:10:d6:f2:99:
                    39:11:d5:54:30:60:37:0d:50:3c:51:69:cb:e3:85:
                    f9:44:02:38:f3:a5:39:71:9b:c2:3c:ed:ee:ec:f7:
                    2d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:F8:5A:49:4C:92:B7:E8:34:B6:57:68:4B:29:39:B3:47:A7:DA:03
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/LvhaSUySt-g0tldoSyk5s0en2gM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.125.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:60:7b:9a:a5:af:fa:07:83:2a:2f:31:a2:b6:33:c9:da:2d:
         e3:d1:84:84:ec:19:f0:72:a0:57:61:21:c9:1d:b4:a5:e0:eb:
         53:de:19:e9:02:f1:aa:6c:af:74:9b:93:6d:17:25:48:75:dd:
         32:44:d3:f7:ed:a1:43:47:93:ce:3f:63:db:10:92:46:f6:07:
         83:d2:1a:20:fb:c5:a3:91:7a:d6:5b:19:58:88:38:38:4a:9b:
         52:54:5f:ed:ed:9b:7f:28:24:0d:95:fc:fc:f7:38:0f:2d:12:
         6b:83:da:d9:bd:ad:de:69:c0:1c:83:20:58:1f:2a:3b:92:a0:
         dc:5d:db:39:d6:46:82:21:d4:3f:0e:23:db:92:1b:fa:ba:6a:
         c3:86:0f:43:2b:47:62:c1:96:27:6c:d1:d8:28:05:33:b8:b1:
         f5:76:47:9d:c0:84:80:61:2c:d6:b8:90:54:24:fd:ad:04:6b:
         d5:50:79:72:99:82:95:85:ff:2f:81:aa:d2:30:e6:36:91:f4:
         6f:cd:30:7b:da:6a:2d:10:08:dd:f9:56:5d:76:61:16:c2:64:
         4f:7c:f9:1f:4b:4e:7d:df:94:36:85:3d:da:85:f9:f0:8f:c4:
         33:7b:f5:37:6f:29:2c:87:c2:b0:be:f0:76:68:35:61:de:13:
         a3:14:95:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLntvrdXZw9RKB0Sw4gZh95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQxMTAxMTIzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWY4NWE0OTRjOTJiN2U4MzRiNjU3Njg0YjI5MzliMzQ3YTdkYTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstv+WKkq4bh/zC86NCpFuiXtINu9
Ci3TbYl8f4E4/K3R/rsbUdEAd9FEvkWWMg2N9ZQszj3wfwMS1AMp9PAXIQBfowIr
8Scj2uHUPie+nlRhJosOxYvJRHqO3uOtQgfnRffrHOSDxhDOKADO2+ZR5yJ6VOYA
mck3zQJ6ruqewDUAvQ4SqLQqJfiHrjvfxYFQLt7dnPzNJgWa92eK1EmFAGn6Gh83
pjRA6yBN78Fyc62tqNHWnuvgxlUVPjXsfT+AA7/Gvo3ZRGCakc/5NuWseZgE/w0Z
g6kXhXDxhRDW8pk5EdVUMGA3DVA8UWnL44X5RAI486U5cZvCPO3u7PctIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC74WklMkrfoNLZXaEspObNHp9oDMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvTHZoYVNVeVN0LWcwdGxkb1N5azVzMGVuMmdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU32LMA0G
CSqGSIb3DQEBCwUAA4IBAQBeYHuapa/6B4MqLzGitjPJ2i3j0YSE7BnwcqBXYSHJ
HbSl4OtT3hnpAvGqbK90m5NtFyVIdd0yRNP37aFDR5POP2PbEJJG9geD0hog+8Wj
kXrWWxlYiDg4SptSVF/t7Zt/KCQNlfz89zgPLRJrg9rZva3eacAcgyBYHyo7kqDc
Xds51kaCIdQ/DiPbkhv6umrDhg9DK0diwZYnbNHYKAUzuLH1dkedwISAYSzWuJBU
JP2tBGvVUHlymYKVhf8vgarSMOY2kfRvzTB72motEAjd+VZddmEWwmRPfPkfS059
35Q2hT3ahfnwj8Qze/U3byksh8KwvvB2aDVh3hOjFJW7
-----END CERTIFICATE-----