Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/scT_LPKMG0DsjMShuRRaU5lC60g.roa
File:                     scT_LPKMG0DsjMShuRRaU5lC60g.roa (raw, json)
Hash identifier:          zPvdCq5B1dHZRRXgPxL+SbMVd+J6W2pJnhkvOFJTbYk=
Subject key identifier:   B1:C4:FF:2C:F2:8C:1B:40:EC:8C:C4:A1:B9:14:5A:53:99:42:EB:48
Certificate issuer:       /CN=98901c7cffd19a4fea78f79b1004999266dcc224
Certificate serial:       018CC348BDC81EB618E6A9F3CC8BCBD46FEC
Authority key identifier: 98:90:1C:7C:FF:D1:9A:4F:EA:78:F7:9B:10:04:99:92:66:DC:C2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/scT_LPKMG0DsjMShuRRaU5lC60g.roa
Signing time:             Mon 01 Jan 2024 04:29:33 +0000
ROA not before:           Mon 01 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39122
IP address blocks:        193.36.43.0/24 maxlen: 24
                          91.210.232.0/22 maxlen: 22
                          185.43.232.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:bd:c8:1e:b6:18:e6:a9:f3:cc:8b:cb:d4:6f:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98901c7cffd19a4fea78f79b1004999266dcc224
        Validity
            Not Before: Jan  1 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1c4ff2cf28c1b40ec8cc4a1b9145a539942eb48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bb:30:43:48:35:cb:b8:f7:46:68:58:22:95:
                    23:3a:8c:23:72:18:98:0d:22:6f:de:7b:c5:10:84:
                    66:2b:2d:9f:65:b8:5c:f9:7c:13:68:3f:83:23:11:
                    54:4d:fb:3d:3c:8e:63:e1:9c:c7:b8:76:f7:2e:1a:
                    36:a7:80:67:51:91:75:da:48:fd:60:bf:ba:2d:b7:
                    f3:7a:5b:13:3e:7a:4f:c6:43:68:f8:bb:eb:e2:d6:
                    09:d1:ca:0b:b4:b7:5a:3f:00:85:d3:9d:e1:6d:a3:
                    f4:36:02:03:23:f6:0b:d2:40:39:0e:e5:78:3a:2a:
                    75:8b:98:45:2d:15:9f:87:38:22:a7:e5:ea:91:69:
                    7c:bc:cb:a9:b4:95:d6:eb:97:96:ae:17:43:51:9f:
                    0b:93:6f:c2:9e:80:81:99:ad:c4:57:b7:e5:4d:9c:
                    8c:eb:1f:c7:4c:76:d1:48:e2:52:fa:07:04:91:3d:
                    e6:41:d5:34:f3:75:10:2f:cf:09:09:60:ba:49:34:
                    e9:67:01:be:db:dc:47:62:f1:ad:f0:e3:83:b2:76:
                    23:c2:71:d2:38:99:ff:36:87:d9:c7:fc:f2:f9:0b:
                    c5:bc:e1:81:63:40:27:de:30:b6:8a:32:82:05:13:
                    38:7c:f7:30:a1:7e:a7:3d:9e:99:18:07:0a:09:2d:
                    eb:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:C4:FF:2C:F2:8C:1B:40:EC:8C:C4:A1:B9:14:5A:53:99:42:EB:48
            X509v3 Authority Key Identifier:
                keyid:98:90:1C:7C:FF:D1:9A:4F:EA:78:F7:9B:10:04:99:92:66:DC:C2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/scT_LPKMG0DsjMShuRRaU5lC60g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.232.0/22
                  185.43.232.0/22
                  193.36.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:33:6e:f8:a7:3b:59:19:8e:81:c1:46:50:2c:12:57:47:76:
         3c:57:5c:1c:cb:1e:01:6c:59:64:07:51:8b:7f:31:37:73:85:
         a4:22:b4:9a:f2:11:3a:fd:09:ed:6d:c5:66:30:5f:69:f6:7c:
         8c:b8:f6:20:74:32:04:d8:1a:b9:d9:e5:9d:bf:40:4f:5e:08:
         a0:9d:87:ef:44:04:ab:a3:24:cc:b5:6b:5e:c2:53:3d:5f:39:
         9e:b2:a4:3b:4e:25:78:ef:09:29:b3:5e:c5:75:e9:63:fc:2c:
         62:58:cf:2f:26:ab:bc:b8:cf:30:0a:54:3b:f6:88:0f:b1:1b:
         88:9b:a2:e8:0c:c3:9f:fd:38:f6:77:79:a1:9c:ed:94:66:77:
         1b:68:52:be:a5:95:dc:d4:53:2e:82:dd:12:7d:8b:30:3a:d8:
         7e:a3:e8:b0:96:38:e5:55:a4:33:41:7c:fe:5a:ab:db:d7:ee:
         14:82:fa:50:4d:a7:0a:23:11:2d:25:3b:36:73:b5:66:09:16:
         eb:f8:57:33:d1:de:31:fe:82:ae:9e:77:e2:2c:bb:fc:e2:4a:
         82:6a:56:56:7b:b1:11:e0:4d:66:83:d7:7b:d6:11:73:71:f7:
         00:09:c5:8b:e1:80:47:4f:73:0c:b6:50:59:16:47:e6:9d:49:
         2a:98:40:4d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSL3IHrYY5qnzzIvL1G/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OTAxYzdjZmZkMTlhNGZlYTc4Zjc5YjEwMDQ5OTkyNjZk
Y2MyMjQwHhcNMjQwMTAxMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWM0ZmYyY2YyOGMxYjQwZWM4Y2M0YTFiOTE0NWE1Mzk5NDJlYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbswQ0g1y7j3RmhYIpUjOowjchiY
DSJv3nvFEIRmKy2fZbhc+XwTaD+DIxFUTfs9PI5j4ZzHuHb3Lho2p4BnUZF12kj9
YL+6LbfzelsTPnpPxkNo+Lvr4tYJ0coLtLdaPwCF053hbaP0NgIDI/YL0kA5DuV4
Oip1i5hFLRWfhzgip+XqkWl8vMuptJXW65eWrhdDUZ8Lk2/CnoCBma3EV7flTZyM
6x/HTHbRSOJS+gcEkT3mQdU083UQL88JCWC6STTpZwG+29xHYvGt8OODsnYjwnHS
OJn/NofZx/zy+QvFvOGBY0An3jC2ijKCBRM4fPcwoX6nPZ6ZGAcKCS3rvQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLHE/yzyjBtA7IzEobkUWlOZQutIMB8GA1UdIwQY
MBaAFJiQHHz/0ZpP6nj3mxAEmZJm3MIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUpBY2ZQX1Jta19xZVBlYkVBU1prbWJjd2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9lMjBjOTUtMGY5Mi00NTk4LTk2ZGYt
Y2JjMjc5N2MxZDBhLzEvc2NUX0xQS01HMERzak1TaHVSUmFVNWxDNjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9lMjBjOTUtMGY5Mi00NTk4LTk2ZGYtY2JjMjc5N2MxZDBh
LzEvbUpBY2ZQX1Jta19xZVBlYkVBU1prbWJjd2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW9LoAwQC
uSvoAwQAwSQrMA0GCSqGSIb3DQEBCwUAA4IBAQALM274pztZGY6BwUZQLBJXR3Y8
V1wcyx4BbFlkB1GLfzE3c4WkIrSa8hE6/QntbcVmMF9p9nyMuPYgdDIE2Bq52eWd
v0BPXgignYfvRASroyTMtWtewlM9XzmesqQ7TiV47wkps17Fdelj/CxiWM8vJqu8
uM8wClQ79ogPsRuIm6LoDMOf/Tj2d3mhnO2UZncbaFK+pZXc1FMugt0SfYswOth+
o+iwljjlVaQzQXz+Wqvb1+4UgvpQTacKIxEtJTs2c7VmCRbr+Fcz0d4x/oKunnfi
LLv84kqCalZWe7ER4E1mg9d71hFzcfcACcWL4YBHT3MMtlBZFkfmnUkqmEBN
-----END CERTIFICATE-----