Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/LeLpc6dgtZHGeNO0yqAt0uj6fTI.roa
File:                     LeLpc6dgtZHGeNO0yqAt0uj6fTI.roa (raw, json)
Hash identifier:          b7rtoZDgwrWnHrFrTCaqrpeLOk5J8VXu02VgBrCWYEQ=
Subject key identifier:   2D:E2:E9:73:A7:60:B5:91:C6:78:D3:B4:CA:A0:2D:D2:E8:FA:7D:32
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E72BA239B06EBE8C4C5281B5351AF
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/LeLpc6dgtZHGeNO0yqAt0uj6fTI.roa
Signing time:             Tue 02 Jan 2024 08:33:30 +0000
ROA not before:           Tue 02 Jan 2024 08:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209371
IP address blocks:        188.241.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 00:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:72:ba:23:9b:06:eb:e8:c4:c5:28:1b:53:51:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2de2e973a760b591c678d3b4caa02dd2e8fa7d32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:cc:44:dd:05:08:08:ea:a6:f3:eb:d1:e7:d6:
                    97:54:9e:f5:3f:b2:5f:06:7c:6e:9d:46:1a:6b:dc:
                    b1:db:f7:38:2a:18:1f:13:19:7d:2d:fd:04:62:21:
                    de:7b:24:a3:35:3e:48:7b:d8:a5:46:6a:87:82:88:
                    a8:bb:1a:91:cf:73:62:9d:58:6b:e1:1e:05:7f:0d:
                    79:97:03:1b:fb:0f:51:b6:b8:a2:34:8a:79:71:4f:
                    1d:b6:57:bc:f9:82:b9:47:6e:ec:ee:82:54:95:d9:
                    5d:4e:5e:3a:07:11:24:45:f5:9e:42:91:e1:74:5b:
                    8f:30:79:3d:c0:a2:2c:87:86:03:67:17:94:f6:9f:
                    28:36:81:4f:fe:8a:b2:bd:b0:76:5a:92:07:a8:af:
                    d7:e4:f9:16:74:03:69:b6:9e:e0:b0:3c:4e:ad:28:
                    b0:ff:15:60:b2:ed:fb:96:93:56:f1:63:31:14:46:
                    a0:ed:07:86:a2:45:82:b3:44:39:12:c9:df:af:46:
                    80:86:d1:5b:17:a9:f8:c8:54:7c:b0:a1:02:1f:47:
                    73:f5:f6:af:5d:8a:0f:25:04:ed:ca:3c:54:44:25:
                    6e:3c:e3:68:71:f9:61:c3:90:de:80:9c:20:3c:3d:
                    8d:86:dc:c2:4f:76:1e:e6:b3:7a:b1:20:00:0f:ba:
                    4d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:E2:E9:73:A7:60:B5:91:C6:78:D3:B4:CA:A0:2D:D2:E8:FA:7D:32
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/LeLpc6dgtZHGeNO0yqAt0uj6fTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:b3:94:6e:60:1e:b4:b0:00:d9:67:9f:42:c8:ad:bf:e4:10:
         2d:52:f6:23:12:2a:15:9c:4f:9e:c4:35:24:d5:0e:bd:c2:20:
         eb:1b:e2:f9:18:74:62:15:16:37:88:32:96:70:d8:80:8a:68:
         ff:94:d4:14:1b:fa:c4:4e:c9:0c:4f:b5:37:e4:a2:d0:19:61:
         1a:8e:85:70:4a:d4:af:53:db:e1:86:cc:b3:f7:25:f3:14:b1:
         60:24:25:97:38:a9:11:b9:f4:73:db:3b:c0:bf:1c:da:6b:7f:
         7a:5e:52:2b:2a:33:56:da:21:23:15:ec:97:81:f9:ae:0a:54:
         a1:3f:f3:c3:be:5f:24:43:f3:0e:4f:a7:d9:dc:e5:5b:92:0a:
         ed:df:c3:a6:88:bb:18:50:7b:ee:39:23:15:1a:fb:5e:47:82:
         c4:61:7b:2d:a1:70:d0:01:b7:c2:9a:f4:53:fc:96:ed:07:1d:
         20:94:37:d6:0e:9d:37:f6:a8:bc:8d:4a:e2:2c:5c:09:65:a5:
         82:05:5b:78:2e:05:c1:30:c3:af:45:42:18:9a:8e:32:3e:05:
         53:00:7b:31:b5:f7:3a:e3:cc:cc:41:6f:de:91:fd:96:d0:13:
         b1:92:29:3f:a7:0d:d5:7e:6e:6c:0e:ee:02:41:81:a7:c0:f9:
         6a:19:bc:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTnK6I5sG6+jExSgbU1GvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGUyZTk3M2E3NjBiNTkxYzY3OGQzYjRjYWEwMmRkMmU4ZmE3ZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8xE3QUICOqm8+vR59aXVJ71P7Jf
BnxunUYaa9yx2/c4KhgfExl9Lf0EYiHeeySjNT5Ie9ilRmqHgoiouxqRz3NinVhr
4R4Ffw15lwMb+w9RtriiNIp5cU8dtle8+YK5R27s7oJUldldTl46BxEkRfWeQpHh
dFuPMHk9wKIsh4YDZxeU9p8oNoFP/oqyvbB2WpIHqK/X5PkWdANptp7gsDxOrSiw
/xVgsu37lpNW8WMxFEag7QeGokWCs0Q5Esnfr0aAhtFbF6n4yFR8sKECH0dz9fav
XYoPJQTtyjxURCVuPONocflhw5DegJwgPD2NhtzCT3Ye5rN6sSAAD7pNoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3i6XOnYLWRxnjTtMqgLdLo+n0yMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvTGVMcGM2ZGd0WkhHZU5PMHlxQXQwdWo2ZlRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPFKMA0G
CSqGSIb3DQEBCwUAA4IBAQALs5RuYB60sADZZ59CyK2/5BAtUvYjEioVnE+exDUk
1Q69wiDrG+L5GHRiFRY3iDKWcNiAimj/lNQUG/rETskMT7U35KLQGWEajoVwStSv
U9vhhsyz9yXzFLFgJCWXOKkRufRz2zvAvxzaa396XlIrKjNW2iEjFeyXgfmuClSh
P/PDvl8kQ/MOT6fZ3OVbkgrt38OmiLsYUHvuOSMVGvteR4LEYXstoXDQAbfCmvRT
/JbtBx0glDfWDp039qi8jUriLFwJZaWCBVt4LgXBMMOvRUIYmo4yPgVTAHsxtfc6
48zMQW/ekf2W0BOxkik/pw3Vfm5sDu4CQYGnwPlqGbzQ
-----END CERTIFICATE-----