Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/7a9004-e4d9-4f54-9928-b9c816965a04/1/LF1xLwuHMm2giTo-0D9bSAQNKt4.roa
File:                     LF1xLwuHMm2giTo-0D9bSAQNKt4.roa (raw, json)
Hash identifier:          g+X3JqiPNjDCxJupPxbJnybOpy9wkqQD6/uLbOSV32M=
Subject key identifier:   2C:5D:71:2F:0B:87:32:6D:A0:89:3A:3E:D0:3F:5B:48:04:0D:2A:DE
Certificate issuer:       /CN=36cc494c4a934bbb3cf46ba5824d6666c8947a2f
Certificate serial:       018D35F95F0A26E54616BB4085431F7CE0C4
Authority key identifier: 36:CC:49:4C:4A:93:4B:BB:3C:F4:6B:A5:82:4D:66:66:C8:94:7A:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsxJTEqTS7s89Gulgk1mZsiUei8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/7a9004-e4d9-4f54-9928-b9c816965a04/1/LF1xLwuHMm2giTo-0D9bSAQNKt4.roa
Signing time:             Tue 23 Jan 2024 10:59:11 +0000
ROA not before:           Tue 23 Jan 2024 10:59:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206615
IP address blocks:        77.247.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/7a9004-e4d9-4f54-9928-b9c816965a04/1/NsxJTEqTS7s89Gulgk1mZsiUei8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/7a9004-e4d9-4f54-9928-b9c816965a04/1/NsxJTEqTS7s89Gulgk1mZsiUei8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsxJTEqTS7s89Gulgk1mZsiUei8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:35:f9:5f:0a:26:e5:46:16:bb:40:85:43:1f:7c:e0:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36cc494c4a934bbb3cf46ba5824d6666c8947a2f
        Validity
            Not Before: Jan 23 10:59:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c5d712f0b87326da0893a3ed03f5b48040d2ade
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:fa:4f:84:a9:35:fc:52:3b:0f:f5:e4:7e:03:
                    39:7c:19:d1:7f:f7:5f:70:4f:1a:54:5d:63:af:26:
                    84:92:35:db:30:e5:95:b6:1f:c3:57:97:64:77:24:
                    6d:da:35:55:2d:91:c6:4d:59:95:7c:83:5c:4c:bd:
                    7d:dd:6c:7b:8b:8e:27:12:7b:02:d5:60:46:52:09:
                    60:d1:2b:3d:84:b7:8e:a0:18:99:56:f5:e4:97:c9:
                    36:0d:ee:bd:d0:36:d4:1b:95:f3:3e:88:95:05:65:
                    55:dc:3a:fa:0d:ca:4c:7a:f8:46:85:11:a2:1a:6a:
                    c3:9b:5e:57:7c:75:02:d0:2d:44:1d:ac:d0:5f:e4:
                    5b:1f:06:da:8a:0c:e4:77:20:2b:12:51:f1:d6:85:
                    51:e7:ed:b0:c6:1b:ec:93:a9:50:7a:7d:15:b9:8b:
                    86:3e:5a:2b:a2:35:32:d6:6c:7f:42:6d:36:bf:f6:
                    57:23:2f:07:74:4d:8a:13:5f:d4:de:44:5e:42:f8:
                    e1:b6:e0:86:a0:83:fa:e5:96:2c:f2:f1:ae:aa:fa:
                    9a:f5:c3:c4:c6:1a:5e:3d:a6:2f:ea:41:e0:86:20:
                    5f:f8:93:a2:97:6a:a8:63:d0:cf:84:1e:0a:2b:7d:
                    6a:df:a7:3f:7f:37:31:90:ea:2e:ef:da:72:b1:7d:
                    44:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:5D:71:2F:0B:87:32:6D:A0:89:3A:3E:D0:3F:5B:48:04:0D:2A:DE
            X509v3 Authority Key Identifier:
                keyid:36:CC:49:4C:4A:93:4B:BB:3C:F4:6B:A5:82:4D:66:66:C8:94:7A:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsxJTEqTS7s89Gulgk1mZsiUei8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7a9004-e4d9-4f54-9928-b9c816965a04/1/LF1xLwuHMm2giTo-0D9bSAQNKt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7a9004-e4d9-4f54-9928-b9c816965a04/1/NsxJTEqTS7s89Gulgk1mZsiUei8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.247.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:99:8d:db:07:3b:23:26:74:18:5a:bc:fe:73:ca:75:73:37:
         c0:eb:d6:55:0d:51:19:16:7f:87:f8:b6:83:19:e8:55:3b:f3:
         38:36:ec:05:2b:12:fc:69:96:62:3b:3c:2f:ba:f6:d6:98:e1:
         f5:14:5b:16:3a:26:b8:de:30:8e:e2:71:8f:c3:9a:69:75:c7:
         45:f6:02:c7:77:60:dd:51:ed:7a:b8:78:eb:a5:7f:49:c1:39:
         b1:5b:d9:44:2d:f0:39:c6:6e:4e:24:ac:7e:97:3f:f3:0d:2c:
         3a:6b:87:3c:7e:b4:a6:db:60:54:ef:b4:82:c9:3c:74:57:90:
         19:d5:24:9c:a0:66:d7:6b:fd:74:46:2c:ef:7e:9d:c7:92:96:
         bc:f9:b5:2a:71:2b:dd:3b:af:12:6a:d4:b6:a7:7e:1e:c6:17:
         97:a9:5b:bc:15:e6:d3:b6:a7:5e:35:eb:76:fa:ee:f6:9e:12:
         0e:bf:7d:38:bd:ba:ee:d6:b2:63:70:40:20:c8:04:ae:7c:c3:
         bf:34:43:07:53:d4:3e:ff:01:db:c3:dc:d2:26:0a:bb:b4:63:
         9a:66:82:4d:0a:3c:5e:50:f6:a4:49:2c:51:57:d8:bc:15:55:
         0e:a9:64:b0:6f:9e:7d:14:fa:6f:76:d8:04:2c:f8:14:9d:fa:
         00:d8:81:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY01+V8KJuVGFrtAhUMffODEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Y2M0OTRjNGE5MzRiYmIzY2Y0NmJhNTgyNGQ2NjY2Yzg5
NDdhMmYwHhcNMjQwMTIzMTA1OTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzVkNzEyZjBiODczMjZkYTA4OTNhM2VkMDNmNWI0ODA0MGQyYWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPpPhKk1/FI7D/XkfgM5fBnRf/df
cE8aVF1jryaEkjXbMOWVth/DV5dkdyRt2jVVLZHGTVmVfINcTL193Wx7i44nEnsC
1WBGUglg0Ss9hLeOoBiZVvXkl8k2De690DbUG5XzPoiVBWVV3Dr6DcpMevhGhRGi
GmrDm15XfHUC0C1EHazQX+RbHwbaigzkdyArElHx1oVR5+2wxhvsk6lQen0VuYuG
PlorojUy1mx/Qm02v/ZXIy8HdE2KE1/U3kReQvjhtuCGoIP65ZYs8vGuqvqa9cPE
xhpePaYv6kHghiBf+JOil2qoY9DPhB4KK31q36c/fzcxkOou79pysX1EoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxdcS8LhzJtoIk6PtA/W0gEDSreMB8GA1UdIwQY
MBaAFDbMSUxKk0u7PPRrpYJNZmbIlHovMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnN4SlRFcVRTN3M4OUd1bGdrMW1ac2lVZWk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83YTkwMDQtZTRkOS00ZjU0LTk5Mjgt
YjljODE2OTY1YTA0LzEvTEYxeEx3dUhNbTJnaVRvLTBEOWJTQVFOS3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83YTkwMDQtZTRkOS00ZjU0LTk5MjgtYjljODE2OTY1YTA0
LzEvTnN4SlRFcVRTN3M4OUd1bGdrMW1ac2lVZWk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATffHMA0G
CSqGSIb3DQEBCwUAA4IBAQCcmY3bBzsjJnQYWrz+c8p1czfA69ZVDVEZFn+H+LaD
GehVO/M4NuwFKxL8aZZiOzwvuvbWmOH1FFsWOia43jCO4nGPw5ppdcdF9gLHd2Dd
Ue16uHjrpX9JwTmxW9lELfA5xm5OJKx+lz/zDSw6a4c8frSm22BU77SCyTx0V5AZ
1SScoGbXa/10Rizvfp3Hkpa8+bUqcSvdO68SatS2p34exheXqVu8FebTtqdeNet2
+u72nhIOv304vbru1rJjcEAgyASufMO/NEMHU9Q+/wHbw9zSJgq7tGOaZoJNCjxe
UPakSSxRV9i8FVUOqWSwb559FPpvdtgELPgUnfoA2IG8
-----END CERTIFICATE-----