Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/14f2a8-d3b7-443d-ac3b-4ba44377bd86/1/LzCaoVwJCRxldKi4eL6i8tNyo88.roa
File:                     LzCaoVwJCRxldKi4eL6i8tNyo88.roa (raw, json)
Hash identifier:          3QdjZuTmrS4T2Z847EMr7gOkuZi8yjucaxielSSUztc=
Subject key identifier:   2F:30:9A:A1:5C:09:09:1C:65:74:A8:B8:78:BE:A2:F2:D3:72:A3:CF
Certificate issuer:       /CN=ce3847667510f4f2e59bb1b394ae27e8dad0dc97
Certificate serial:       018D56A08FB67235E0D571730659C0D81809
Authority key identifier: CE:38:47:66:75:10:F4:F2:E5:9B:B1:B3:94:AE:27:E8:DA:D0:DC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zjhHZnUQ9PLlm7GzlK4n6NrQ3Jc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/14f2a8-d3b7-443d-ac3b-4ba44377bd86/1/LzCaoVwJCRxldKi4eL6i8tNyo88.roa
Signing time:             Mon 29 Jan 2024 19:09:39 +0000
ROA not before:           Mon 29 Jan 2024 19:09:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15943
IP address blocks:        193.141.96.0/23 maxlen: 24
                          194.39.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/14f2a8-d3b7-443d-ac3b-4ba44377bd86/1/zjhHZnUQ9PLlm7GzlK4n6NrQ3Jc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/14f2a8-d3b7-443d-ac3b-4ba44377bd86/1/zjhHZnUQ9PLlm7GzlK4n6NrQ3Jc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zjhHZnUQ9PLlm7GzlK4n6NrQ3Jc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:56:a0:8f:b6:72:35:e0:d5:71:73:06:59:c0:d8:18:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce3847667510f4f2e59bb1b394ae27e8dad0dc97
        Validity
            Not Before: Jan 29 19:09:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f309aa15c09091c6574a8b878bea2f2d372a3cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b8:a4:0a:89:2c:9b:99:96:49:9b:95:d5:75:
                    b1:74:68:41:f4:dc:1f:87:7b:aa:d2:4e:8f:15:82:
                    84:12:e5:3d:15:f1:9b:a7:d7:13:7e:c4:9f:5c:8b:
                    c5:0b:38:ff:c2:a7:88:39:6f:15:9d:99:3e:cf:67:
                    cd:b4:f9:9c:31:19:a4:db:9c:59:e3:0d:16:be:54:
                    47:16:91:08:4d:4a:9a:d8:8f:61:7f:9a:e7:be:50:
                    90:2e:0d:7d:0a:c1:8c:63:ea:38:36:a6:72:fa:6c:
                    fa:b2:fa:43:b2:85:52:f9:a7:db:b8:6f:a0:66:c3:
                    2a:44:91:80:24:cb:db:dd:f3:ac:e4:52:34:69:9e:
                    39:72:43:d5:5d:ed:ce:7c:72:6a:49:ac:06:d9:53:
                    04:12:ab:ec:99:cf:f9:61:e4:60:71:98:00:a1:23:
                    17:50:15:40:e8:81:88:ff:c0:ea:a4:2b:38:77:41:
                    b3:ba:f0:49:32:7d:34:70:95:71:6a:dc:4e:b0:d2:
                    4f:19:f7:5a:70:7f:a6:ec:8e:ae:db:8d:03:91:af:
                    a5:c6:2c:83:fb:38:b2:99:21:ab:b4:4f:d8:33:e5:
                    fa:69:6c:c9:32:df:25:8d:ae:c6:23:95:cd:23:96:
                    00:6a:d2:36:23:19:9e:54:f6:5c:90:72:37:a7:de:
                    7f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:30:9A:A1:5C:09:09:1C:65:74:A8:B8:78:BE:A2:F2:D3:72:A3:CF
            X509v3 Authority Key Identifier:
                keyid:CE:38:47:66:75:10:F4:F2:E5:9B:B1:B3:94:AE:27:E8:DA:D0:DC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zjhHZnUQ9PLlm7GzlK4n6NrQ3Jc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14f2a8-d3b7-443d-ac3b-4ba44377bd86/1/LzCaoVwJCRxldKi4eL6i8tNyo88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14f2a8-d3b7-443d-ac3b-4ba44377bd86/1/zjhHZnUQ9PLlm7GzlK4n6NrQ3Jc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.141.96.0/23
                  194.39.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:6f:34:11:5e:81:ec:23:56:65:c3:f4:d1:4a:19:03:ff:49:
         c9:37:a6:9b:74:46:1c:ba:11:5b:65:e3:e2:6c:5f:2f:6c:38:
         9c:bb:12:5d:b1:df:f5:b0:f2:4a:cb:2e:0b:0d:2b:a5:31:90:
         73:5f:c1:f9:16:46:43:3b:1c:b3:b1:f1:da:90:3f:1d:00:f6:
         ae:43:ce:b7:f8:1b:86:8f:ff:31:ab:7c:e6:e7:d5:32:44:6d:
         63:08:32:cd:f8:46:f1:19:b4:ff:49:3e:58:37:0c:c0:a0:ac:
         a0:1d:b8:44:22:02:7b:c9:a9:c4:f9:c6:0b:e8:87:53:fe:10:
         96:b7:36:30:60:62:01:e8:4f:2d:0c:c0:37:de:2e:d9:31:7f:
         f4:35:b1:aa:96:11:f9:c5:e4:28:e6:98:b1:fa:f7:be:a7:6f:
         f3:01:41:04:ef:dd:13:b8:4b:28:a1:be:5c:ce:dc:6e:90:2d:
         df:b0:5a:81:06:4c:c6:50:f5:13:aa:31:37:34:24:0b:23:3e:
         9e:7c:d3:b5:97:a4:9a:d8:e9:08:3d:a8:72:54:5c:eb:d4:c3:
         2b:38:6d:c3:6c:04:43:32:8a:c7:97:7c:6a:2e:92:0d:c4:37:
         28:bf:e1:06:aa:ee:f8:35:22:aa:87:37:89:e4:c2:b1:5d:84:
         0d:c4:8c:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1WoI+2cjXg1XFzBlnA2BgJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMzg0NzY2NzUxMGY0ZjJlNTliYjFiMzk0YWUyN2U4ZGFk
MGRjOTcwHhcNMjQwMTI5MTkwOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjMwOWFhMTVjMDkwOTFjNjU3NGE4Yjg3OGJlYTJmMmQzNzJhM2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7ikCoksm5mWSZuV1XWxdGhB9Nwf
h3uq0k6PFYKEEuU9FfGbp9cTfsSfXIvFCzj/wqeIOW8VnZk+z2fNtPmcMRmk25xZ
4w0WvlRHFpEITUqa2I9hf5rnvlCQLg19CsGMY+o4NqZy+mz6svpDsoVS+afbuG+g
ZsMqRJGAJMvb3fOs5FI0aZ45ckPVXe3OfHJqSawG2VMEEqvsmc/5YeRgcZgAoSMX
UBVA6IGI/8DqpCs4d0GzuvBJMn00cJVxatxOsNJPGfdacH+m7I6u240Dka+lxiyD
+ziymSGrtE/YM+X6aWzJMt8lja7GI5XNI5YAatI2IxmeVPZckHI3p95/VwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC8wmqFcCQkcZXSouHi+ovLTcqPPMB8GA1UdIwQY
MBaAFM44R2Z1EPTy5Zuxs5SuJ+ja0NyXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvempoSFpuVVE5UExsbTdHemxLNG42TnJRM0pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNGYyYTgtZDNiNy00NDNkLWFjM2It
NGJhNDQzNzdiZDg2LzEvTHpDYW9Wd0pDUnhsZEtpNGVMNmk4dE55bzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNGYyYTgtZDNiNy00NDNkLWFjM2ItNGJhNDQzNzdiZDg2
LzEvempoSFpuVVE5UExsbTdHemxLNG42TnJRM0pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwY1gAwQA
wifWMA0GCSqGSIb3DQEBCwUAA4IBAQCHbzQRXoHsI1Zlw/TRShkD/0nJN6abdEYc
uhFbZePibF8vbDicuxJdsd/1sPJKyy4LDSulMZBzX8H5FkZDOxyzsfHakD8dAPau
Q863+BuGj/8xq3zm59UyRG1jCDLN+EbxGbT/ST5YNwzAoKygHbhEIgJ7yanE+cYL
6IdT/hCWtzYwYGIB6E8tDMA33i7ZMX/0NbGqlhH5xeQo5pix+ve+p2/zAUEE790T
uEsoob5cztxukC3fsFqBBkzGUPUTqjE3NCQLIz6efNO1l6Sa2OkIPahyVFzr1MMr
OG3DbARDMorHl3xqLpINxDcov+EGqu74NSKqhzeJ5MKxXYQNxIxI
-----END CERTIFICATE-----