Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/LkTqrX-gLhYnY0FM4j-55fwqgos.roa
File:                     LkTqrX-gLhYnY0FM4j-55fwqgos.roa (raw, json)
Hash identifier:          jXYfZoM24RQNITaE0PPtt+ZgP8NzC6W28rCy2jTqL7k=
Subject key identifier:   2E:44:EA:AD:7F:A0:2E:16:27:63:41:4C:E2:3F:B9:E5:FC:2A:82:8B
Certificate issuer:       /CN=69507f066f2bb0389dd88436074e1426114f2d92
Certificate serial:       018CC649F4361497A5D35870E5FE9103E4B0
Authority key identifier: 69:50:7F:06:6F:2B:B0:38:9D:D8:84:36:07:4E:14:26:11:4F:2D:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aVB_Bm8rsDid2IQ2B04UJhFPLZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/LkTqrX-gLhYnY0FM4j-55fwqgos.roa
Signing time:             Mon 01 Jan 2024 18:29:44 +0000
ROA not before:           Mon 01 Jan 2024 18:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142113
IP address blocks:        2.56.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/aVB_Bm8rsDid2IQ2B04UJhFPLZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/aVB_Bm8rsDid2IQ2B04UJhFPLZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aVB_Bm8rsDid2IQ2B04UJhFPLZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:f4:36:14:97:a5:d3:58:70:e5:fe:91:03:e4:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69507f066f2bb0389dd88436074e1426114f2d92
        Validity
            Not Before: Jan  1 18:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e44eaad7fa02e162763414ce23fb9e5fc2a828b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d9:6a:e8:56:8a:88:ab:8b:1a:66:fe:86:05:
                    02:c4:b3:41:28:7c:dc:3c:98:20:e2:37:45:9b:b8:
                    49:ca:a6:79:d5:b5:89:43:d5:8d:6c:f7:9a:ee:45:
                    7c:b1:e7:c7:e0:f8:9b:b5:61:76:06:89:ac:54:13:
                    1a:91:7f:9e:7b:49:7b:5a:f6:1d:ed:b2:91:a7:76:
                    5f:b9:b2:21:a2:15:9b:e0:15:d2:d9:f2:c9:d6:16:
                    87:97:c2:73:83:90:e6:85:8a:54:1b:71:58:e9:79:
                    9e:fd:a9:df:bd:97:99:05:89:ac:71:2a:8b:a8:55:
                    5e:a1:bf:27:28:df:79:ce:f1:b6:2b:3b:7b:49:6a:
                    85:b2:12:cc:c0:96:40:ec:6b:b8:e1:82:a2:a0:b7:
                    59:b7:d0:99:a2:2c:00:e7:f6:8b:5a:c7:da:c7:e7:
                    5e:fc:a4:07:ed:68:f2:a4:51:a2:27:d2:b3:6f:a9:
                    e0:a1:80:d2:6f:26:28:5d:81:96:e8:3b:c3:67:29:
                    da:c8:49:2e:d6:9c:91:45:bd:cf:16:93:38:6a:d0:
                    3a:6b:7f:60:8c:41:ff:04:ae:66:aa:ec:91:94:59:
                    7e:06:6f:f6:89:bd:0d:e4:7b:7d:aa:ec:66:e0:d1:
                    c7:8c:65:bf:89:aa:b0:7f:5a:a8:65:3c:9a:3b:0d:
                    52:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:44:EA:AD:7F:A0:2E:16:27:63:41:4C:E2:3F:B9:E5:FC:2A:82:8B
            X509v3 Authority Key Identifier:
                keyid:69:50:7F:06:6F:2B:B0:38:9D:D8:84:36:07:4E:14:26:11:4F:2D:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aVB_Bm8rsDid2IQ2B04UJhFPLZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/LkTqrX-gLhYnY0FM4j-55fwqgos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/aVB_Bm8rsDid2IQ2B04UJhFPLZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:63:c7:f2:d1:ce:2e:1a:95:a1:aa:e3:ba:89:b3:1e:1d:bd:
         3d:a4:74:0d:e4:24:40:46:63:72:30:f9:92:ef:a9:3f:54:c7:
         36:92:3f:8f:ba:c6:4b:4f:b5:b7:b7:cb:c9:1c:cf:31:43:02:
         58:4e:cd:2b:01:67:05:9b:b1:77:7b:23:ed:15:ce:0f:ec:e1:
         f9:0e:09:93:09:1b:9d:96:18:01:87:d3:4a:ad:2d:fe:3b:ac:
         1b:e9:10:af:b9:d1:91:dc:2e:c1:e8:c0:21:e1:c9:d7:de:48:
         5e:e5:94:31:bd:6b:1c:12:ac:c8:d7:c1:89:79:8f:35:9c:a0:
         d6:61:c5:d0:19:a3:14:35:31:59:e2:05:a4:d6:19:bb:96:bd:
         7a:4b:a5:b3:25:62:77:ad:af:18:3c:4d:06:96:94:06:d2:d5:
         9b:92:00:df:c2:c5:71:d9:ff:7d:ee:c0:dc:d9:16:d7:aa:b2:
         da:94:35:0f:df:8d:38:b8:92:f3:e5:bc:72:c9:84:13:6a:ae:
         40:fa:46:3c:79:f8:5a:fb:76:8d:c9:25:f4:3d:63:a7:93:41:
         d2:b2:2a:99:ad:42:c3:e4:f4:f4:80:6d:bb:3f:3b:bd:a4:c7:
         96:64:06:3a:1d:57:87:35:6b:76:60:27:08:32:b4:17:79:4e:
         1b:1e:05:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSfQ2FJel01hw5f6RA+SwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NTA3ZjA2NmYyYmIwMzg5ZGQ4ODQzNjA3NGUxNDI2MTE0
ZjJkOTIwHhcNMjQwMTAxMTgyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTQ0ZWFhZDdmYTAyZTE2Mjc2MzQxNGNlMjNmYjllNWZjMmE4MjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9lq6FaKiKuLGmb+hgUCxLNBKHzc
PJgg4jdFm7hJyqZ51bWJQ9WNbPea7kV8sefH4PibtWF2BomsVBMakX+ee0l7WvYd
7bKRp3ZfubIhohWb4BXS2fLJ1haHl8Jzg5DmhYpUG3FY6Xme/anfvZeZBYmscSqL
qFVeob8nKN95zvG2Kzt7SWqFshLMwJZA7Gu44YKioLdZt9CZoiwA5/aLWsfax+de
/KQH7WjypFGiJ9Kzb6ngoYDSbyYoXYGW6DvDZynayEku1pyRRb3PFpM4atA6a39g
jEH/BK5mquyRlFl+Bm/2ib0N5Ht9quxm4NHHjGW/iaqwf1qoZTyaOw1SOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5E6q1/oC4WJ2NBTOI/ueX8KoKLMB8GA1UdIwQY
MBaAFGlQfwZvK7A4ndiENgdOFCYRTy2SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVZCX0JtOHJzRGlkMklRMkIwNFVKaEZQTFpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9iZjgzMzgtODc1Mi00ZDU1LTljMzEt
MGUxYjhmZWE4OTEzLzEvTGtUcXJYLWdMaFluWTBGTTRqLTU1ZndxZ29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9iZjgzMzgtODc1Mi00ZDU1LTljMzEtMGUxYjhmZWE4OTEz
LzEvYVZCX0JtOHJzRGlkMklRMkIwNFVKaEZQTFpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjhbMA0G
CSqGSIb3DQEBCwUAA4IBAQBGY8fy0c4uGpWhquO6ibMeHb09pHQN5CRARmNyMPmS
76k/VMc2kj+PusZLT7W3t8vJHM8xQwJYTs0rAWcFm7F3eyPtFc4P7OH5DgmTCRud
lhgBh9NKrS3+O6wb6RCvudGR3C7B6MAh4cnX3khe5ZQxvWscEqzI18GJeY81nKDW
YcXQGaMUNTFZ4gWk1hm7lr16S6WzJWJ3ra8YPE0GlpQG0tWbkgDfwsVx2f997sDc
2RbXqrLalDUP3404uJLz5bxyyYQTaq5A+kY8efha+3aNySX0PWOnk0HSsiqZrULD
5PT0gG27Pzu9pMeWZAY6HVeHNWt2YCcIMrQXeU4bHgXT
-----END CERTIFICATE-----