Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/LVk7hG48sk46K00LuYi2l0zesCQ.roa
File:                     LVk7hG48sk46K00LuYi2l0zesCQ.roa (raw, json)
Hash identifier:          4/K7NoKJWxPRQnyD1Kmi3zoEdsSSGN2ymYUOA8ljamI=
Subject key identifier:   2D:59:3B:84:6E:3C:B2:4E:3A:2B:4D:0B:B9:88:B6:97:4C:DE:B0:24
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       018CC56F058964DDC3B2F353BEDFA679D3F5
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/LVk7hG48sk46K00LuYi2l0zesCQ.roa
Signing time:             Mon 01 Jan 2024 14:30:36 +0000
ROA not before:           Mon 01 Jan 2024 14:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198388
IP address blocks:        85.14.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:05:89:64:dd:c3:b2:f3:53:be:df:a6:79:d3:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 14:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d593b846e3cb24e3a2b4d0bb988b6974cdeb024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e6:86:21:ee:f2:85:18:7e:7a:2a:50:48:1a:
                    bd:d1:b7:6f:87:82:9f:5b:e7:5b:d2:fd:3d:e6:be:
                    28:34:f3:e4:bd:47:c7:20:bc:b7:f7:74:3a:52:14:
                    f1:4d:4a:ed:74:62:b6:47:8f:bd:7c:0f:21:92:20:
                    ac:7a:d6:fe:82:88:35:99:a1:ef:47:40:89:e2:96:
                    fe:c5:b8:5f:e6:d8:66:8e:42:88:e4:e8:5e:1b:6a:
                    0e:cd:2e:02:f7:88:2d:c5:d1:b8:f2:f4:1d:5e:41:
                    df:0f:00:0f:a9:a7:c8:83:31:70:b8:fe:f8:77:6e:
                    50:68:cc:3b:79:31:53:bb:b1:94:94:d8:90:9b:26:
                    04:1f:f3:a9:6b:ef:1f:03:79:ae:fd:ca:0f:2a:f3:
                    79:5c:9a:c8:48:df:1b:d3:64:e8:33:97:5f:51:68:
                    9c:c3:40:62:88:ac:c9:16:36:bb:d5:44:36:bb:1e:
                    c7:14:59:26:ff:38:47:e8:7a:d1:b1:83:47:53:ee:
                    2a:78:72:1a:40:08:9b:86:0c:b9:38:75:41:b4:f8:
                    f2:23:3b:9d:df:e8:93:a5:dd:b4:54:b9:de:ac:56:
                    52:ac:3f:44:cd:8e:f1:e5:d9:f9:11:b3:45:54:34:
                    75:9d:ae:54:c1:40:4c:f2:ff:e3:86:1c:d9:16:ac:
                    ec:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:59:3B:84:6E:3C:B2:4E:3A:2B:4D:0B:B9:88:B6:97:4C:DE:B0:24
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/LVk7hG48sk46K00LuYi2l0zesCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.14.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         de:17:d6:b6:0d:f9:28:39:90:81:72:e7:47:d9:4a:29:77:69:
         d5:ee:a7:ae:85:19:83:bb:04:f1:bc:9a:54:bf:a4:8c:8d:0c:
         e5:5e:41:c8:35:d4:66:ff:26:21:90:30:be:1d:13:45:57:29:
         ad:c0:69:aa:ad:d9:99:19:6f:1e:30:b8:ee:26:d9:ac:67:e8:
         76:2f:bd:66:7f:24:2a:89:a3:41:87:a2:95:16:eb:2b:b5:eb:
         e4:41:92:41:fb:1b:c9:84:ae:2c:48:6e:8f:df:3d:75:5f:c6:
         94:e4:64:2c:0e:2e:ee:af:f6:03:45:a6:ca:aa:3d:8b:85:43:
         c7:d2:98:c7:6a:d6:09:25:0e:d9:72:f0:6a:80:90:dc:25:5e:
         cc:a7:ae:52:10:32:18:6d:60:1d:b3:f5:17:e8:56:d2:99:f0:
         f3:88:54:bb:bb:45:ce:d4:2c:29:e8:6a:de:4d:ae:6e:e8:ec:
         ed:8b:41:f5:b9:af:33:9b:55:ff:c6:5d:4e:20:36:8a:29:b0:
         32:0f:b0:b4:83:68:d3:1b:e6:50:87:18:af:86:37:71:71:b7:
         e7:80:ba:68:f2:62:00:a6:09:b4:ce:b5:ae:68:c9:79:9a:15:
         16:5c:02:2c:6f:f3:27:4f:39:fb:6f:16:ea:39:1d:25:7b:bc:
         ca:01:d2:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwWJZN3DsvNTvt+medP1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjQwMTAxMTQzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDU5M2I4NDZlM2NiMjRlM2EyYjRkMGJiOTg4YjY5NzRjZGViMDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuaGIe7yhRh+eipQSBq90bdvh4Kf
W+db0v095r4oNPPkvUfHILy393Q6UhTxTUrtdGK2R4+9fA8hkiCsetb+gog1maHv
R0CJ4pb+xbhf5thmjkKI5OheG2oOzS4C94gtxdG48vQdXkHfDwAPqafIgzFwuP74
d25QaMw7eTFTu7GUlNiQmyYEH/Opa+8fA3mu/coPKvN5XJrISN8b02ToM5dfUWic
w0BiiKzJFja71UQ2ux7HFFkm/zhH6HrRsYNHU+4qeHIaQAibhgy5OHVBtPjyIzud
3+iTpd20VLnerFZSrD9EzY7x5dn5EbNFVDR1na5UwUBM8v/jhhzZFqzsqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1ZO4RuPLJOOitNC7mItpdM3rAkMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvTFZrN2hHNDhzazQ2SzAwTHVZaTJsMHplc0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQ4dMA0G
CSqGSIb3DQEBCwUAA4IBAQDeF9a2DfkoOZCBcudH2Uopd2nV7qeuhRmDuwTxvJpU
v6SMjQzlXkHINdRm/yYhkDC+HRNFVymtwGmqrdmZGW8eMLjuJtmsZ+h2L71mfyQq
iaNBh6KVFusrtevkQZJB+xvJhK4sSG6P3z11X8aU5GQsDi7ur/YDRabKqj2LhUPH
0pjHatYJJQ7ZcvBqgJDcJV7Mp65SEDIYbWAds/UX6FbSmfDziFS7u0XO1Cwp6Gre
Ta5u6Ozti0H1ua8zm1X/xl1OIDaKKbAyD7C0g2jTG+ZQhxivhjdxcbfngLpo8mIA
pgm0zrWuaMl5mhUWXAIsb/MnTzn7bxbqOR0le7zKAdIB
-----END CERTIFICATE-----