Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/lbLFz5bLnAiigiFU-u5qQh4P9qM.roa
File:                     lbLFz5bLnAiigiFU-u5qQh4P9qM.roa (raw, json)
Hash identifier:          jpLxxQAu2pVJnOvS2foqJzzuC7pctzwlaPMj5WyTepA=
Subject key identifier:   95:B2:C5:CF:96:CB:9C:08:A2:82:21:54:FA:EE:6A:42:1E:0F:F6:A3
Certificate issuer:       /CN=999df7dc0ed518f1ec69974cf98cecaada1a8680
Certificate serial:       018D11CA82DD7A47711A2FAAA00C3DB31704
Authority key identifier: 99:9D:F7:DC:0E:D5:18:F1:EC:69:97:4C:F9:8C:EC:AA:DA:1A:86:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/lbLFz5bLnAiigiFU-u5qQh4P9qM.roa
Signing time:             Tue 16 Jan 2024 10:21:40 +0000
ROA not before:           Tue 16 Jan 2024 10:21:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206562
IP address blocks:        185.152.56.0/24 maxlen: 24
                          185.152.57.0/24 maxlen: 24
                          185.152.58.0/24 maxlen: 24
                          185.152.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mZ333A7VGPHsaZdM-YzsqtoahoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mZ333A7VGPHsaZdM-YzsqtoahoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:11:ca:82:dd:7a:47:71:1a:2f:aa:a0:0c:3d:b3:17:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=999df7dc0ed518f1ec69974cf98cecaada1a8680
        Validity
            Not Before: Jan 16 10:21:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95b2c5cf96cb9c08a2822154faee6a421e0ff6a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:4b:10:49:7a:41:83:67:db:2f:42:71:34:eb:
                    b5:a7:b1:55:9a:b4:c9:98:84:c9:3f:b6:38:96:9a:
                    9c:33:d8:da:57:67:94:99:7e:36:54:bc:fd:ec:44:
                    c2:1f:73:48:42:80:8a:34:c1:81:5e:2d:55:39:82:
                    3c:61:03:89:1e:1b:3a:0f:c9:af:16:f3:6a:ab:fe:
                    eb:d5:61:7b:3f:2f:d1:3d:77:bd:53:5e:c3:2b:42:
                    e4:6b:5a:10:93:bf:c6:50:7b:c6:ac:1d:51:9d:29:
                    ab:b9:21:fb:a9:8b:f7:3b:7d:ea:6d:1e:86:b4:eb:
                    4e:32:96:61:af:13:6c:6e:6b:c0:a2:a4:c6:19:10:
                    ee:d0:fe:7e:ff:30:1e:d1:ee:8e:7c:4f:8c:db:2d:
                    b5:a3:6f:37:4c:9a:de:82:7f:84:71:f2:4d:6f:db:
                    34:24:97:a9:fe:e0:4f:09:2a:71:cf:3c:d6:43:28:
                    2e:ee:56:cb:70:b0:0b:a3:83:df:cf:83:7c:0d:5e:
                    8c:ce:e8:90:67:98:89:97:33:a0:01:63:06:94:0d:
                    de:54:fd:e5:1b:e6:90:30:c5:1b:08:84:02:bc:82:
                    05:9e:5d:05:10:80:81:3b:fa:4f:91:b2:00:89:bd:
                    25:3d:9f:3d:5a:84:5d:37:85:63:f7:a5:57:be:64:
                    ce:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B2:C5:CF:96:CB:9C:08:A2:82:21:54:FA:EE:6A:42:1E:0F:F6:A3
            X509v3 Authority Key Identifier:
                keyid:99:9D:F7:DC:0E:D5:18:F1:EC:69:97:4C:F9:8C:EC:AA:DA:1A:86:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/lbLFz5bLnAiigiFU-u5qQh4P9qM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mZ333A7VGPHsaZdM-YzsqtoahoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:a3:c2:63:e8:fe:96:06:76:c0:01:db:40:61:97:05:c4:b4:
         11:ed:01:97:e4:30:88:2c:70:19:23:af:02:93:de:11:05:95:
         36:7b:b4:e8:bc:11:38:5e:dd:d6:00:5a:ca:04:2f:ec:15:38:
         19:6e:49:c0:f7:60:eb:8d:bd:1d:3f:59:98:33:66:c7:8d:1f:
         d4:4f:d8:66:31:8f:e2:82:51:65:3b:f6:a2:1b:82:aa:05:b8:
         20:9a:b8:fd:31:0e:36:77:20:65:0a:07:43:fb:11:d1:15:d0:
         32:a2:59:93:ba:1b:8d:bf:08:7b:e1:df:25:3b:92:60:6f:cc:
         e2:b8:5f:1b:cd:66:eb:b2:96:ba:5e:73:d7:4f:7d:e8:01:de:
         ee:63:d7:c4:d1:cb:6f:3b:22:14:27:29:f8:7c:51:83:f0:b8:
         ba:be:30:0c:e6:d6:d1:b4:d7:69:e0:45:69:ab:c7:47:ac:8a:
         e0:51:d5:85:d6:83:dc:26:ec:50:f0:f4:50:f1:8f:af:72:62:
         e9:93:04:b6:78:d4:9b:63:2b:0d:5b:12:0e:c1:4d:54:4a:ed:
         cb:10:9a:2f:5e:f6:39:2e:07:54:e3:d8:15:b1:30:25:a9:c5:
         8f:5f:23:74:6b:76:90:12:c3:bb:1d:24:73:02:77:19:64:6a:
         80:b2:e9:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0RyoLdekdxGi+qoAw9sxcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5OWRmN2RjMGVkNTE4ZjFlYzY5OTc0Y2Y5OGNlY2FhZGEx
YTg2ODAwHhcNMjQwMTE2MTAyMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWIyYzVjZjk2Y2I5YzA4YTI4MjIxNTRmYWVlNmE0MjFlMGZmNmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEsQSXpBg2fbL0JxNOu1p7FVmrTJ
mITJP7Y4lpqcM9jaV2eUmX42VLz97ETCH3NIQoCKNMGBXi1VOYI8YQOJHhs6D8mv
FvNqq/7r1WF7Py/RPXe9U17DK0Lka1oQk7/GUHvGrB1RnSmruSH7qYv3O33qbR6G
tOtOMpZhrxNsbmvAoqTGGRDu0P5+/zAe0e6OfE+M2y21o283TJregn+EcfJNb9s0
JJep/uBPCSpxzzzWQygu7lbLcLALo4Pfz4N8DV6MzuiQZ5iJlzOgAWMGlA3eVP3l
G+aQMMUbCIQCvIIFnl0FEICBO/pPkbIAib0lPZ89WoRdN4Vj96VXvmTOrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWyxc+Wy5wIooIhVPruakIeD/ajMB8GA1UdIwQY
MBaAFJmd99wO1Rjx7GmXTPmM7KraGoaAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVozMzNBN1ZHUEhzYVpkTS1ZenNxdG9haG9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9iYTg4ZjItMjE1Zi00Zjg5LWEzYWYt
MTM4Yjc4N2RlM2UzLzEvbGJMRno1YkxuQWlpZ2lGVS11NXFRaDRQOXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9iYTg4ZjItMjE1Zi00Zjg5LWEzYWYtMTM4Yjc4N2RlM2Uz
LzEvbVozMzNBN1ZHUEhzYVpkTS1ZenNxdG9haG9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZg4MA0G
CSqGSIb3DQEBCwUAA4IBAQBto8Jj6P6WBnbAAdtAYZcFxLQR7QGX5DCILHAZI68C
k94RBZU2e7TovBE4Xt3WAFrKBC/sFTgZbknA92Drjb0dP1mYM2bHjR/UT9hmMY/i
glFlO/aiG4KqBbggmrj9MQ42dyBlCgdD+xHRFdAyolmTuhuNvwh74d8lO5Jgb8zi
uF8bzWbrspa6XnPXT33oAd7uY9fE0ctvOyIUJyn4fFGD8Li6vjAM5tbRtNdp4EVp
q8dHrIrgUdWF1oPcJuxQ8PRQ8Y+vcmLpkwS2eNSbYysNWxIOwU1USu3LEJovXvY5
LgdU49gVsTAlqcWPXyN0a3aQEsO7HSRzAncZZGqAsunf
-----END CERTIFICATE-----