Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/ab2b10-5e87-4624-9776-59a0c5ff6505/1/LiewAAUvicFJKCrP4WH8UxAjm1c.roa
File:                     LiewAAUvicFJKCrP4WH8UxAjm1c.roa (raw, json)
Hash identifier:          3cbka5Qm2gmTAxMAX2EOyHj7CkanPOhD1+Uf0osW7cE=
Subject key identifier:   2E:27:B0:00:05:2F:89:C1:49:28:2A:CF:E1:61:FC:53:10:23:9B:57
Certificate issuer:       /CN=878eca3bccd4e5c2efb3608ee83a57f9ae821be6
Certificate serial:       018CC49395167486D5AF68DD3F2AB272DCC3
Authority key identifier: 87:8E:CA:3B:CC:D4:E5:C2:EF:B3:60:8E:E8:3A:57:F9:AE:82:1B:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h47KO8zU5cLvs2CO6DpX-a6CG-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/ab2b10-5e87-4624-9776-59a0c5ff6505/1/LiewAAUvicFJKCrP4WH8UxAjm1c.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201333
IP address blocks:        185.196.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/ab2b10-5e87-4624-9776-59a0c5ff6505/1/h47KO8zU5cLvs2CO6DpX-a6CG-Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/ab2b10-5e87-4624-9776-59a0c5ff6505/1/h47KO8zU5cLvs2CO6DpX-a6CG-Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h47KO8zU5cLvs2CO6DpX-a6CG-Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 01:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:95:16:74:86:d5:af:68:dd:3f:2a:b2:72:dc:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=878eca3bccd4e5c2efb3608ee83a57f9ae821be6
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e27b000052f89c149282acfe161fc5310239b57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:bc:fe:a2:78:17:8a:ac:46:60:26:49:db:d9:
                    b6:95:aa:cc:49:e3:e9:3c:62:25:b1:fb:52:5d:0d:
                    fb:a6:4a:1c:0c:94:0c:ab:12:55:42:e3:c6:66:a0:
                    5e:1d:8e:f6:83:ed:b1:c7:e7:05:cd:68:bd:50:43:
                    ba:bf:43:3a:f8:7f:7c:40:c4:65:27:76:77:c1:a3:
                    1c:b9:56:e8:e8:f0:ac:5b:42:f7:5d:71:fd:07:49:
                    14:b6:8b:bd:ad:ab:36:35:91:66:77:9c:d6:30:b7:
                    b0:a5:36:a1:62:3a:19:4e:85:da:d6:72:9b:6d:d1:
                    1c:88:f4:50:1f:bd:74:6c:97:0c:74:b4:42:85:89:
                    85:3c:ec:31:6a:09:a3:93:8e:f6:0c:69:3c:06:f8:
                    72:2d:3a:80:cc:88:69:e3:25:f1:4f:98:5b:fd:03:
                    39:9d:48:59:c3:c3:ed:d4:a1:4d:c4:46:fe:b9:e3:
                    d2:16:4d:e5:e9:75:ef:d1:37:89:45:02:c5:49:17:
                    75:2b:b9:a0:d3:9e:2c:3b:ac:f4:cb:bd:22:8b:eb:
                    8b:cc:bc:18:da:ef:e2:94:9b:e4:b4:b2:df:bf:46:
                    ac:62:e4:e8:80:55:90:b1:45:39:55:5b:6f:5f:39:
                    78:19:29:4b:54:d6:f8:19:b3:2d:7c:dd:16:77:a7:
                    b3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:27:B0:00:05:2F:89:C1:49:28:2A:CF:E1:61:FC:53:10:23:9B:57
            X509v3 Authority Key Identifier:
                keyid:87:8E:CA:3B:CC:D4:E5:C2:EF:B3:60:8E:E8:3A:57:F9:AE:82:1B:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h47KO8zU5cLvs2CO6DpX-a6CG-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/ab2b10-5e87-4624-9776-59a0c5ff6505/1/LiewAAUvicFJKCrP4WH8UxAjm1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/ab2b10-5e87-4624-9776-59a0c5ff6505/1/h47KO8zU5cLvs2CO6DpX-a6CG-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:4c:ae:82:cd:73:91:91:0a:70:50:46:f7:cb:e6:6e:ed:a6:
         6b:2b:65:c8:f8:41:8f:62:3d:0d:70:b9:5a:f3:37:05:09:bb:
         0f:61:7c:f5:3b:13:dc:22:0f:93:77:f3:28:73:60:69:df:b5:
         3d:2b:95:88:5c:44:e2:15:8d:2f:e9:f7:e7:64:5a:e7:ee:72:
         73:2a:17:ce:74:9c:84:f5:16:3e:9d:ef:4b:83:8f:a2:e8:5f:
         86:9c:1b:20:3b:46:8b:26:41:98:00:51:c5:ce:79:a1:7e:33:
         6f:17:fa:39:89:f6:a0:0f:d8:ff:4e:3e:26:2d:7c:7e:bc:5b:
         1d:2a:50:ee:8a:a6:bc:33:36:ef:a4:c7:67:e1:2d:56:5f:e1:
         24:82:ed:a2:ed:ce:fd:ae:02:1b:2e:c6:19:5d:31:71:f8:1d:
         c2:d6:f5:2c:f4:1e:be:97:32:c1:f8:77:ac:c1:bb:db:e8:4a:
         2a:ef:6a:f7:81:83:ef:67:ae:fb:b5:b9:47:6d:f1:b9:66:92:
         3a:de:d3:7a:55:05:68:f0:25:93:47:eb:72:0a:6d:57:27:e5:
         26:04:95:3e:b6:47:97:da:c1:ff:6b:1b:c5:24:94:ca:07:75:
         2d:bb:c6:6b:3f:dd:b6:31:9b:6a:76:b7:c8:de:47:94:c0:63:
         89:3e:f0:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5UWdIbVr2jdPyqyctzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OGVjYTNiY2NkNGU1YzJlZmIzNjA4ZWU4M2E1N2Y5YWU4
MjFiZTYwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTI3YjAwMDA1MmY4OWMxNDkyODJhY2ZlMTYxZmM1MzEwMjM5YjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbz+ongXiqxGYCZJ29m2larMSePp
PGIlsftSXQ37pkocDJQMqxJVQuPGZqBeHY72g+2xx+cFzWi9UEO6v0M6+H98QMRl
J3Z3waMcuVbo6PCsW0L3XXH9B0kUtou9ras2NZFmd5zWMLewpTahYjoZToXa1nKb
bdEciPRQH710bJcMdLRChYmFPOwxagmjk472DGk8BvhyLTqAzIhp4yXxT5hb/QM5
nUhZw8Pt1KFNxEb+uePSFk3l6XXv0TeJRQLFSRd1K7mg054sO6z0y70ii+uLzLwY
2u/ilJvktLLfv0asYuTogFWQsUU5VVtvXzl4GSlLVNb4GbMtfN0Wd6ez/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4nsAAFL4nBSSgqz+Fh/FMQI5tXMB8GA1UdIwQY
MBaAFIeOyjvM1OXC77Ngjug6V/mughvmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDQ3S084elU1Y0x2czJDTzZEcFgtYTZDRy1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9hYjJiMTAtNWU4Ny00NjI0LTk3NzYt
NTlhMGM1ZmY2NTA1LzEvTGlld0FBVXZpY0ZKS0NyUDRXSDhVeEFqbTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9hYjJiMTAtNWU4Ny00NjI0LTk3NzYtNTlhMGM1ZmY2NTA1
LzEvaDQ3S084elU1Y0x2czJDTzZEcFgtYTZDRy1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucSkMA0G
CSqGSIb3DQEBCwUAA4IBAQB/TK6CzXORkQpwUEb3y+Zu7aZrK2XI+EGPYj0NcLla
8zcFCbsPYXz1OxPcIg+Td/Moc2Bp37U9K5WIXETiFY0v6ffnZFrn7nJzKhfOdJyE
9RY+ne9Lg4+i6F+GnBsgO0aLJkGYAFHFznmhfjNvF/o5ifagD9j/Tj4mLXx+vFsd
KlDuiqa8MzbvpMdn4S1WX+Ekgu2i7c79rgIbLsYZXTFx+B3C1vUs9B6+lzLB+Hes
wbvb6Eoq72r3gYPvZ677tblHbfG5ZpI63tN6VQVo8CWTR+tyCm1XJ+UmBJU+tkeX
2sH/axvFJJTKB3Utu8ZrP922MZtqdrfI3keUwGOJPvBk
-----END CERTIFICATE-----