Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/LmihitQQrdtCcAgMkqmYopIVVbs.roa
File:                     LmihitQQrdtCcAgMkqmYopIVVbs.roa (raw, json)
Hash identifier:          tPdIiakJ1IDzwEGz7b3/5N2fG6aZ3NU/wXWE5jHxWF8=
Subject key identifier:   2E:68:A1:8A:D4:10:AD:DB:42:70:08:0C:92:A9:98:A2:92:15:55:BB
Certificate issuer:       /CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
Certificate serial:       018CC2DB47160F1AE66A04EAC627AB1105CA
Authority key identifier: DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/LmihitQQrdtCcAgMkqmYopIVVbs.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398781
IP address blocks:        2a09:77c4::/30 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 01:04:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:47:16:0f:1a:e6:6a:04:ea:c6:27:ab:11:05:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e68a18ad410addb4270080c92a998a2921555bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:61:29:30:1f:8e:54:c0:03:46:ca:b8:eb:b0:
                    cc:cf:66:50:44:93:ca:94:74:90:dd:94:e5:49:f7:
                    43:ed:34:fa:f5:24:e2:c0:8e:80:37:de:c6:a9:b0:
                    99:28:31:b6:7e:5a:db:ba:88:9f:33:a2:26:0e:2f:
                    42:b0:b9:4d:a9:67:13:b9:c5:6a:ed:e3:17:38:16:
                    77:46:69:5f:ea:94:88:13:ff:e1:04:7e:17:48:fa:
                    c7:5e:7a:25:ab:49:aa:2a:7e:d0:91:18:2d:24:ca:
                    3c:23:61:a3:ad:b4:98:6f:7c:1b:22:0f:0e:08:3d:
                    78:d0:38:6c:92:0a:ce:b1:35:a8:3c:ee:94:03:31:
                    cf:3f:59:82:11:d6:2f:73:21:04:9a:65:08:7f:41:
                    53:7b:c6:aa:0c:2a:e6:6a:c6:d3:83:4c:df:50:6b:
                    ec:fe:4f:ae:92:ec:b6:7b:ca:f1:10:1f:b6:8c:69:
                    2b:7a:30:ed:e6:d3:16:44:70:ae:f2:7e:27:6b:fb:
                    38:c3:da:da:28:d0:d6:95:d1:a0:a4:dc:f2:ba:38:
                    52:63:19:11:cb:da:2e:14:ab:32:99:62:ea:54:54:
                    40:c2:25:9e:80:f7:80:d4:b5:66:a2:7c:e5:65:ba:
                    86:e0:70:71:21:0b:33:bd:09:86:dd:8c:ac:54:cc:
                    04:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:68:A1:8A:D4:10:AD:DB:42:70:08:0C:92:A9:98:A2:92:15:55:BB
            X509v3 Authority Key Identifier:
                keyid:DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/LmihitQQrdtCcAgMkqmYopIVVbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:77c4::/30

    Signature Algorithm: sha256WithRSAEncryption
         c8:33:02:0c:50:46:8b:7b:c4:86:fd:f6:4f:58:64:2b:1c:57:
         94:98:cf:e8:6a:cb:a5:20:19:12:2a:93:4a:e3:82:39:54:cb:
         89:17:20:a4:4a:b7:86:33:ec:69:72:69:43:a8:e2:1b:ba:7e:
         ae:32:03:44:71:6f:f7:ed:f8:06:39:fa:a1:cd:c9:c4:a3:bf:
         e4:7a:df:d5:1c:ce:7b:9e:16:97:dd:61:04:13:92:a5:c4:1e:
         79:ea:d6:43:5a:f7:b1:f7:a7:cd:e8:8b:37:34:49:78:e2:8d:
         5b:35:12:65:a3:81:8c:f7:13:ac:a0:04:ed:95:21:8d:fa:d2:
         eb:9e:b6:31:0a:ce:65:56:77:fe:02:6b:de:c4:d0:24:99:49:
         87:bb:f3:50:a3:26:a5:10:50:ae:2f:20:5c:2a:ab:25:80:d2:
         ae:9a:47:b0:67:31:2d:3a:8a:92:4f:c1:2f:87:59:2e:8e:13:
         3a:e1:5a:a8:8b:fa:ec:8d:e2:b3:40:70:be:54:d0:cc:59:7e:
         64:ea:4f:02:95:2a:47:94:c7:71:5d:62:44:bf:37:d3:ab:0c:
         4f:35:f8:18:fa:11:75:a1:43:77:34:48:68:00:3d:9b:8a:52:
         a4:4b:51:27:6d:aa:d7:dc:ab:2d:9c:8d:47:5f:a2:7b:a0:52:
         64:0d:c9:35
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC20cWDxrmagTqxierEQXKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOGY5NjFjNmVmYmI3ZjljZTc0MjE3YjFkNWRiYjU0ZTk4
MWM2ZjIwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTY4YTE4YWQ0MTBhZGRiNDI3MDA4MGM5MmE5OThhMjkyMTU1NWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2EpMB+OVMADRsq467DMz2ZQRJPK
lHSQ3ZTlSfdD7TT69STiwI6AN97GqbCZKDG2flrbuoifM6ImDi9CsLlNqWcTucVq
7eMXOBZ3Rmlf6pSIE//hBH4XSPrHXnolq0mqKn7QkRgtJMo8I2GjrbSYb3wbIg8O
CD140DhskgrOsTWoPO6UAzHPP1mCEdYvcyEEmmUIf0FTe8aqDCrmasbTg0zfUGvs
/k+ukuy2e8rxEB+2jGkrejDt5tMWRHCu8n4na/s4w9raKNDWldGgpNzyujhSYxkR
y9ouFKsymWLqVFRAwiWegPeA1LVmonzlZbqG4HBxIQszvQmG3YysVMwEXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFC5ooYrUEK3bQnAIDJKpmKKSFVW7MB8GA1UdIwQY
MBaAFN+Plhxu+7f5znQhex1du1TpgcbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMt
MjdmMmJjMTYyYTA3LzEvTG1paGl0UVFyZHRDY0FnTWtxbVlvcElWVmJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMtMjdmMmJjMTYyYTA3
LzEvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKgl3xDAN
BgkqhkiG9w0BAQsFAAOCAQEAyDMCDFBGi3vEhv32T1hkKxxXlJjP6GrLpSAZEiqT
SuOCOVTLiRcgpEq3hjPsaXJpQ6jiG7p+rjIDRHFv9+34Bjn6oc3JxKO/5Hrf1RzO
e54Wl91hBBOSpcQeeerWQ1r3sfenzeiLNzRJeOKNWzUSZaOBjPcTrKAE7ZUhjfrS
6562MQrOZVZ3/gJr3sTQJJlJh7vzUKMmpRBQri8gXCqrJYDSrppHsGcxLTqKkk/B
L4dZLo4TOuFaqIv67I3is0BwvlTQzFl+ZOpPApUqR5THcV1iRL8306sMTzX4GPoR
daFDdzRIaAA9m4pSpEtRJ22q19yrLZyNR1+ie6BSZA3JNQ==
-----END CERTIFICATE-----