Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lwH5EK7Wtlxgk9oGKRVjmM4ln2s.roa
File:                     lwH5EK7Wtlxgk9oGKRVjmM4ln2s.roa (raw, json)
Hash identifier:          3EViSm9TFXOVQmoym7/2fz6sSWn1m5dYJVdgt7uV8tI=
Subject key identifier:   97:01:F9:10:AE:D6:B6:5C:60:93:DA:06:29:15:63:98:CE:25:9F:6B
Certificate issuer:       /CN=954a2aee086174b01272fae779ad431eb092aeb7
Certificate serial:       018CC8DE2BEE13D9C1B7632D537CD4F2CA16
Authority key identifier: 95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lwH5EK7Wtlxgk9oGKRVjmM4ln2s.roa
Signing time:             Tue 02 Jan 2024 06:30:52 +0000
ROA not before:           Tue 02 Jan 2024 06:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33182
IP address blocks:        185.7.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 14:36:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2b:ee:13:d9:c1:b7:63:2d:53:7c:d4:f2:ca:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=954a2aee086174b01272fae779ad431eb092aeb7
        Validity
            Not Before: Jan  2 06:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9701f910aed6b65c6093da0629156398ce259f6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:92:3c:34:04:16:00:c6:f6:2f:5c:4f:ab:cd:
                    e5:07:20:5d:98:66:ad:2e:3a:de:29:62:64:81:b6:
                    2c:81:ed:70:60:08:c3:fe:09:fc:3c:d8:07:19:07:
                    27:ac:df:2f:c9:4f:e7:c4:c7:3d:04:49:31:46:c6:
                    82:05:56:31:90:aa:42:0d:da:3b:5e:28:3b:6d:34:
                    76:e1:4e:66:d5:5c:d8:58:fd:bf:5f:76:e8:30:79:
                    de:6d:9c:2f:bf:f4:70:dd:5f:3e:b8:73:41:4e:ca:
                    56:05:19:18:63:0e:17:ee:6f:78:54:26:6e:01:49:
                    26:53:17:ec:d4:c1:2c:8d:b3:1f:e7:c5:d0:0b:95:
                    79:71:9c:01:00:4c:ee:1f:ab:60:14:a9:57:c0:cf:
                    e7:34:de:f1:ea:c7:58:c8:25:07:bc:40:70:61:6b:
                    6c:5b:3b:ce:ee:51:bb:34:2c:b6:30:ae:66:33:0c:
                    b7:65:87:56:7a:43:f1:14:1f:3c:65:5b:73:2f:ff:
                    ea:e2:cc:77:20:c7:5f:1a:f0:c2:02:67:d2:fa:f6:
                    2a:89:bb:b7:02:bb:33:50:fd:f8:e9:0a:c3:df:ab:
                    5f:33:7a:2b:c4:eb:b6:8f:e0:44:3b:2b:9b:a1:72:
                    a5:29:be:35:1b:1e:61:3c:9a:eb:e0:ed:44:ff:a2:
                    bd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:01:F9:10:AE:D6:B6:5C:60:93:DA:06:29:15:63:98:CE:25:9F:6B
            X509v3 Authority Key Identifier:
                keyid:95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lwH5EK7Wtlxgk9oGKRVjmM4ln2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:d5:e3:e8:14:02:4b:7b:52:04:a5:84:ed:02:3a:61:7b:97:
         61:de:7f:e1:db:94:03:24:45:da:76:27:73:b9:cb:a9:4b:b0:
         62:91:23:ed:85:14:ad:d8:bb:01:b8:24:91:ef:52:83:0e:af:
         c8:f9:39:1a:e8:6a:85:9a:b5:27:18:ac:c0:5d:67:13:8e:50:
         01:1b:d5:21:ee:70:37:5e:27:3a:6f:1b:8d:05:57:0b:2e:44:
         81:94:43:99:7d:83:58:67:7d:46:c8:1b:81:d8:ac:be:bc:97:
         c7:b7:00:14:41:c2:f8:70:b9:2b:29:da:98:0f:9c:01:a3:53:
         20:b3:6a:6d:0f:13:98:f0:11:18:c0:7c:8d:e3:b1:3d:be:c7:
         95:3d:7d:ac:0b:ec:43:7a:54:a7:0b:4c:fb:82:e1:c9:d1:44:
         0a:c0:0d:a5:89:c2:d9:53:22:32:16:aa:a2:2c:88:af:ff:95:
         2e:33:a9:73:b2:da:d2:6c:ea:4d:06:e3:36:d1:fc:bb:70:06:
         c0:6d:7f:d1:b7:94:5e:5a:41:45:16:07:b1:cb:f0:be:f9:ac:
         0e:d2:86:01:9b:6f:a0:a2:83:88:43:7a:4c:12:bd:03:0e:53:
         3a:58:5d:f2:20:72:89:f9:3f:22:88:8a:71:07:c3:85:2a:59:
         41:17:50:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ivuE9nBt2MtU3zU8soWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGEyYWVlMDg2MTc0YjAxMjcyZmFlNzc5YWQ0MzFlYjA5
MmFlYjcwHhcNMjQwMTAyMDYzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzAxZjkxMGFlZDZiNjVjNjA5M2RhMDYyOTE1NjM5OGNlMjU5ZjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9JI8NAQWAMb2L1xPq83lByBdmGat
LjreKWJkgbYsge1wYAjD/gn8PNgHGQcnrN8vyU/nxMc9BEkxRsaCBVYxkKpCDdo7
Xig7bTR24U5m1VzYWP2/X3boMHnebZwvv/Rw3V8+uHNBTspWBRkYYw4X7m94VCZu
AUkmUxfs1MEsjbMf58XQC5V5cZwBAEzuH6tgFKlXwM/nNN7x6sdYyCUHvEBwYWts
WzvO7lG7NCy2MK5mMwy3ZYdWekPxFB88ZVtzL//q4sx3IMdfGvDCAmfS+vYqibu3
ArszUP346QrD36tfM3orxOu2j+BEOyuboXKlKb41Gx5hPJrr4O1E/6K94wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcB+RCu1rZcYJPaBikVY5jOJZ9rMB8GA1UdIwQY
MBaAFJVKKu4IYXSwEnL653mtQx6wkq63MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEt
NDU2NWYwNGY4ZDg1LzEvbHdINUVLN1d0bHhnazlvR0tSVmptTTRsbjJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEtNDU2NWYwNGY4ZDg1
LzEvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQdQMA0G
CSqGSIb3DQEBCwUAA4IBAQAz1ePoFAJLe1IEpYTtAjphe5dh3n/h25QDJEXadidz
ucupS7BikSPthRSt2LsBuCSR71KDDq/I+Tka6GqFmrUnGKzAXWcTjlABG9Uh7nA3
Xic6bxuNBVcLLkSBlEOZfYNYZ31GyBuB2Ky+vJfHtwAUQcL4cLkrKdqYD5wBo1Mg
s2ptDxOY8BEYwHyN47E9vseVPX2sC+xDelSnC0z7guHJ0UQKwA2licLZUyIyFqqi
LIiv/5UuM6lzstrSbOpNBuM20fy7cAbAbX/Rt5ReWkFFFgexy/C++awO0oYBm2+g
ooOIQ3pMEr0DDlM6WF3yIHKJ+T8iiIpxB8OFKllBF1Dm
-----END CERTIFICATE-----