Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/lbXvHGuuf5tHaUvQC0M_oaodxu8.roa
File:                     lbXvHGuuf5tHaUvQC0M_oaodxu8.roa (raw, json)
Hash identifier:          AdtoWymLCm9EZ6Ctdix2FcjwkjcW7XDcfwgZQUQQxpY=
Subject key identifier:   95:B5:EF:1C:6B:AE:7F:9B:47:69:4B:D0:0B:43:3F:A1:AA:1D:C6:EF
Certificate issuer:       /CN=08af091858bb99651764399c6565df7a0834dbad
Certificate serial:       018CC86F874DEFFE82271B4D7A3320241D54
Authority key identifier: 08:AF:09:18:58:BB:99:65:17:64:39:9C:65:65:DF:7A:08:34:DB:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/lbXvHGuuf5tHaUvQC0M_oaodxu8.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212761
IP address blocks:        185.41.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:87:4d:ef:fe:82:27:1b:4d:7a:33:20:24:1d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08af091858bb99651764399c6565df7a0834dbad
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95b5ef1c6bae7f9b47694bd00b433fa1aa1dc6ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ce:d7:cb:8d:7c:65:89:94:dd:c9:a3:73:c3:
                    09:2d:98:00:00:95:a3:65:97:5f:f3:fe:d7:8a:e6:
                    30:74:34:b2:2c:a0:a5:20:63:77:3c:ae:57:02:29:
                    d0:a9:b9:f7:8f:f4:0f:b9:ee:f8:43:8e:7b:88:fd:
                    a2:ea:c9:fd:8e:0b:5a:c2:c2:70:df:7b:c8:ad:c7:
                    57:bc:5c:fe:50:5a:5a:b2:a6:29:44:6e:6e:58:c3:
                    9f:23:e8:ec:c2:3c:f5:9e:c3:4a:34:fd:43:e8:2f:
                    5f:29:d8:b7:d1:41:5c:f1:f0:76:03:bc:b4:66:3c:
                    f9:35:c1:50:2e:da:c4:bd:63:f9:51:3c:bc:1f:96:
                    9c:b2:9b:62:32:00:57:3b:1c:fc:e4:4c:9c:21:f9:
                    5e:c5:70:a7:fe:f8:14:71:f9:8c:9b:e7:fe:6d:43:
                    2c:51:6a:db:3b:20:38:52:a3:c0:44:fb:4e:43:00:
                    88:e5:ff:29:4a:83:bb:7a:d5:d3:d4:f8:c1:c3:8a:
                    dc:4a:ae:c1:05:f3:90:9f:9d:de:20:c8:b6:b8:7b:
                    d3:8b:33:e5:bc:78:b0:75:3c:f2:73:f2:83:43:0e:
                    78:9d:ee:81:4b:7b:25:42:e9:ed:cd:87:af:d0:20:
                    60:a3:b7:b8:de:c0:62:94:60:b5:3e:c3:c4:39:70:
                    1c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B5:EF:1C:6B:AE:7F:9B:47:69:4B:D0:0B:43:3F:A1:AA:1D:C6:EF
            X509v3 Authority Key Identifier:
                keyid:08:AF:09:18:58:BB:99:65:17:64:39:9C:65:65:DF:7A:08:34:DB:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/lbXvHGuuf5tHaUvQC0M_oaodxu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:cd:07:e9:7b:53:05:26:a4:d1:35:7e:74:e2:e6:58:5d:9c:
         69:bf:a4:ad:86:3c:29:b1:a9:a7:4a:fd:c3:62:cb:03:d4:88:
         19:1f:d1:e5:0d:c1:5e:cd:67:bb:a5:97:c3:42:79:4c:10:c9:
         8d:e9:8a:19:f8:e0:b1:a5:ac:ba:c2:f6:cf:a0:56:40:8b:a3:
         f8:61:66:b9:89:2e:a2:1d:f7:68:4e:97:ec:29:38:ce:0d:87:
         0f:1b:cf:ea:7e:aa:12:77:d0:96:d8:51:e6:16:06:74:14:67:
         83:91:ee:ee:74:7f:64:9d:6a:fd:36:11:f0:29:e9:2e:67:f4:
         b6:39:ba:02:ce:38:4e:f0:bb:22:41:7f:01:c9:df:d3:7b:5e:
         8d:a6:1a:65:cc:aa:ca:30:47:1a:23:aa:97:34:25:8c:65:f2:
         3e:bb:98:eb:44:a3:21:0b:6f:58:c4:da:47:23:c6:58:a1:4e:
         41:c2:54:28:c6:92:2b:77:0f:b7:4d:7a:2f:2b:6e:6f:0a:66:
         4f:a8:44:f0:81:cf:c9:e2:78:05:7e:ad:52:31:98:21:5b:c7:
         33:2b:14:b1:22:aa:75:33:7e:e1:83:25:7e:38:30:55:41:73:
         15:1f:e8:8b:be:ac:cb:db:7d:77:9a:3e:7c:ad:76:0b:1e:e5:
         16:79:0f:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4dN7/6CJxtNejMgJB1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YWYwOTE4NThiYjk5NjUxNzY0Mzk5YzY1NjVkZjdhMDgz
NGRiYWQwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWI1ZWYxYzZiYWU3ZjliNDc2OTRiZDAwYjQzM2ZhMWFhMWRjNmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmM7Xy418ZYmU3cmjc8MJLZgAAJWj
ZZdf8/7XiuYwdDSyLKClIGN3PK5XAinQqbn3j/QPue74Q457iP2i6sn9jgtawsJw
33vIrcdXvFz+UFpasqYpRG5uWMOfI+jswjz1nsNKNP1D6C9fKdi30UFc8fB2A7y0
Zjz5NcFQLtrEvWP5UTy8H5acsptiMgBXOxz85EycIflexXCn/vgUcfmMm+f+bUMs
UWrbOyA4UqPARPtOQwCI5f8pSoO7etXT1PjBw4rcSq7BBfOQn53eIMi2uHvTizPl
vHiwdTzyc/KDQw54ne6BS3slQuntzYev0CBgo7e43sBilGC1PsPEOXAcmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJW17xxrrn+bR2lL0AtDP6GqHcbvMB8GA1UdIwQY
MBaAFAivCRhYu5llF2Q5nGVl33oINNutMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0s4SkdGaTdtV1VYWkRtY1pXWGZlZ2cwMjYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS83MDBmZDMtYzM2MC00OGFiLThhMDYt
NTYxMjliN2RjMDE4LzEvbGJYdkhHdXVmNXRIYVV2UUMwTV9vYW9keHU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS83MDBmZDMtYzM2MC00OGFiLThhMDYtNTYxMjliN2RjMDE4
LzEvQ0s4SkdGaTdtV1VYWkRtY1pXWGZlZ2cwMjYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSkXMA0G
CSqGSIb3DQEBCwUAA4IBAQCnzQfpe1MFJqTRNX504uZYXZxpv6SthjwpsamnSv3D
YssD1IgZH9HlDcFezWe7pZfDQnlMEMmN6YoZ+OCxpay6wvbPoFZAi6P4YWa5iS6i
HfdoTpfsKTjODYcPG8/qfqoSd9CW2FHmFgZ0FGeDke7udH9knWr9NhHwKekuZ/S2
OboCzjhO8LsiQX8Byd/Te16NphplzKrKMEcaI6qXNCWMZfI+u5jrRKMhC29YxNpH
I8ZYoU5BwlQoxpIrdw+3TXovK25vCmZPqETwgc/J4ngFfq1SMZghW8czKxSxIqp1
M37hgyV+ODBVQXMVH+iLvqzL2313mj58rXYLHuUWeQ8F
-----END CERTIFICATE-----