Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/L4jYRnpRtJcm5mRiDBT3ITP8HQE.roa
File:                     L4jYRnpRtJcm5mRiDBT3ITP8HQE.roa (raw, json)
Hash identifier:          1bI1+53dspEvzHKY6fmGSQSgBbY9oWsPwmFd2QHchIk=
Subject key identifier:   2F:88:D8:46:7A:51:B4:97:26:E6:64:62:0C:14:F7:21:33:FC:1D:01
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       018CC726A4181FFA6F60534E6F7F47CBD8D2
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/L4jYRnpRtJcm5mRiDBT3ITP8HQE.roa
Signing time:             Mon 01 Jan 2024 22:30:47 +0000
ROA not before:           Mon 01 Jan 2024 22:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        87.254.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:a4:18:1f:fa:6f:60:53:4e:6f:7f:47:cb:d8:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jan  1 22:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f88d8467a51b49726e664620c14f72133fc1d01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:31:2c:d1:43:7c:7b:ea:50:77:80:77:00:83:
                    6c:b3:87:3c:26:1a:eb:cb:6d:30:75:75:7e:95:ab:
                    3a:b3:4d:59:e4:be:34:56:0c:0e:d2:52:83:d3:aa:
                    85:65:31:08:df:4d:90:c2:27:f8:ec:b3:c1:ae:7c:
                    5a:be:9e:97:f3:47:1d:8d:68:1b:a4:4c:93:15:4a:
                    57:01:fe:8f:bd:a6:b4:22:96:9c:a6:1a:01:42:41:
                    d5:69:ee:0f:cb:77:ab:de:46:a9:69:08:61:d9:0a:
                    7c:90:0e:c1:a3:39:d3:ce:8a:86:8b:19:eb:e3:7c:
                    1b:ad:18:72:ab:b0:ad:21:11:a0:11:4f:78:03:f0:
                    57:a6:f6:ed:93:62:46:f8:6e:66:e7:12:43:10:01:
                    e8:87:3a:1e:cb:6a:bf:13:81:0e:df:18:58:51:1c:
                    be:64:41:97:da:5f:56:a0:cd:d3:c6:fc:e7:63:cd:
                    eb:cb:1e:d0:2a:d2:b6:ad:b4:11:b3:52:b0:36:b6:
                    80:47:56:a1:3b:aa:75:e6:99:ae:96:78:e1:cc:b2:
                    a7:d0:37:bb:b9:45:5c:fd:9a:92:2c:94:5b:97:78:
                    38:11:a6:18:ae:71:8a:48:cc:be:93:28:74:d1:02:
                    f1:8f:1a:76:70:33:52:c6:36:cf:fe:b5:f1:c9:54:
                    7d:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:88:D8:46:7A:51:B4:97:26:E6:64:62:0C:14:F7:21:33:FC:1D:01
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/L4jYRnpRtJcm5mRiDBT3ITP8HQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:f6:7a:3f:05:31:06:40:fa:52:31:26:6b:2f:83:5e:bf:41:
         1d:8a:3b:bb:5b:6b:d5:bc:3c:07:4a:c5:64:36:73:5c:c3:5d:
         88:71:35:20:bc:c8:ba:31:1d:4e:91:3a:3b:d7:ec:7d:eb:c9:
         06:6a:b7:8b:0b:60:f7:f3:f1:a9:25:f7:a6:08:35:a7:95:2e:
         4e:b7:2c:34:8a:fa:4c:bd:18:cf:5b:70:e3:56:8a:5e:c8:f9:
         3a:90:a3:12:ea:59:51:98:8b:eb:16:55:24:ce:ff:dd:62:4a:
         c2:83:da:f8:92:cc:78:f8:41:ca:aa:70:44:1f:ce:82:81:c9:
         86:60:0f:2e:19:00:8d:d7:af:b9:ce:de:34:5b:f4:f4:d7:72:
         ce:26:9f:e5:d2:44:47:92:fe:9b:99:87:38:e5:a9:26:0a:d0:
         23:8f:e6:61:03:4d:b4:5c:20:6d:a1:97:60:ae:11:1f:02:ae:
         f7:ed:5b:81:71:07:66:0c:da:df:16:2f:3b:6c:c1:9a:5e:89:
         76:52:a9:2e:21:8b:d7:01:a9:07:a2:3b:a1:ad:57:92:7d:25:
         d4:b8:a6:ec:3e:fe:86:18:5a:7b:86:ef:e2:1d:46:2a:1c:e7:
         f1:bc:6d:83:65:78:27:82:01:f6:bd:b2:e8:21:38:30:51:4b:
         60:db:cb:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJqQYH/pvYFNOb39Hy9jSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQwMTAxMjIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjg4ZDg0NjdhNTFiNDk3MjZlNjY0NjIwYzE0ZjcyMTMzZmMxZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjEs0UN8e+pQd4B3AINss4c8Jhrr
y20wdXV+las6s01Z5L40VgwO0lKD06qFZTEI302Qwif47LPBrnxavp6X80cdjWgb
pEyTFUpXAf6Pvaa0IpacphoBQkHVae4Py3er3kapaQhh2Qp8kA7BoznTzoqGixnr
43wbrRhyq7CtIRGgEU94A/BXpvbtk2JG+G5m5xJDEAHohzoey2q/E4EO3xhYURy+
ZEGX2l9WoM3TxvznY83ryx7QKtK2rbQRs1KwNraAR1ahO6p15pmulnjhzLKn0De7
uUVc/ZqSLJRbl3g4EaYYrnGKSMy+kyh00QLxjxp2cDNSxjbP/rXxyVR9WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+I2EZ6UbSXJuZkYgwU9yEz/B0BMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvTDRqWVJucFJ0SmNtNW1SaURCVDNJVFA4SFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4DMA0G
CSqGSIb3DQEBCwUAA4IBAQBw9no/BTEGQPpSMSZrL4Nev0Ediju7W2vVvDwHSsVk
NnNcw12IcTUgvMi6MR1OkTo71+x968kGareLC2D38/GpJfemCDWnlS5Otyw0ivpM
vRjPW3DjVopeyPk6kKMS6llRmIvrFlUkzv/dYkrCg9r4ksx4+EHKqnBEH86CgcmG
YA8uGQCN16+5zt40W/T013LOJp/l0kRHkv6bmYc45akmCtAjj+ZhA020XCBtoZdg
rhEfAq737VuBcQdmDNrfFi87bMGaXol2UqkuIYvXAakHojuhrVeSfSXUuKbsPv6G
GFp7hu/iHUYqHOfxvG2DZXgnggH2vbLoITgwUUtg28sk
-----END CERTIFICATE-----