Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/ac13e2-2a29-4e70-859b-6c30b8ef63b4/1/lCcGP0By4bIb2j9yw6HrKNh92kU.roa
File:                     lCcGP0By4bIb2j9yw6HrKNh92kU.roa (raw, json)
Hash identifier:          t9iVYIQlwyfQhFcfEUNBvyEmQUHPHIQDyPcnFJPqupY=
Subject key identifier:   94:27:06:3F:40:72:E1:B2:1B:DA:3F:72:C3:A1:EB:28:D8:7D:DA:45
Certificate issuer:       /CN=9097f97237ef366de5ab6d758eee543e08d57f5c
Certificate serial:       0190FDCDD9F0A447032AA2FDF609FE91CFC8
Authority key identifier: 90:97:F9:72:37:EF:36:6D:E5:AB:6D:75:8E:EE:54:3E:08:D5:7F:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kJf5cjfvNm3lq211ju5UPgjVf1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/ac13e2-2a29-4e70-859b-6c30b8ef63b4/1/lCcGP0By4bIb2j9yw6HrKNh92kU.roa
Signing time:             Mon 29 Jul 2024 09:24:04 +0000
ROA not before:           Mon 29 Jul 2024 09:24:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48846
IP address blocks:        185.228.96.0/24 maxlen: 24
                          185.228.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/ac13e2-2a29-4e70-859b-6c30b8ef63b4/1/kJf5cjfvNm3lq211ju5UPgjVf1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/ac13e2-2a29-4e70-859b-6c30b8ef63b4/1/kJf5cjfvNm3lq211ju5UPgjVf1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kJf5cjfvNm3lq211ju5UPgjVf1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fd:cd:d9:f0:a4:47:03:2a:a2:fd:f6:09:fe:91:cf:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9097f97237ef366de5ab6d758eee543e08d57f5c
        Validity
            Not Before: Jul 29 09:24:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9427063f4072e1b21bda3f72c3a1eb28d87dda45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:69:66:f0:49:3b:9f:a0:a8:e1:3a:8b:a1:22:
                    4e:bd:f5:fb:cf:58:40:fd:90:ff:da:c6:5d:ec:6b:
                    5b:69:76:4f:ee:d9:06:38:be:09:0b:d7:ad:ec:ae:
                    4f:a5:17:bc:54:97:41:b4:5b:ba:f3:ca:17:5e:bf:
                    6c:0f:0e:9f:4b:06:b8:8e:e9:dc:1d:23:ba:10:82:
                    10:4c:80:df:32:f3:4a:0c:9e:9c:c1:58:8f:1f:03:
                    3a:91:93:10:34:de:3a:0d:07:ae:07:7a:9f:b9:03:
                    9d:52:d9:a1:8f:d1:8e:01:2d:38:5d:31:60:92:e7:
                    16:ae:4a:95:f9:ed:77:c3:d0:04:14:40:1c:a0:d9:
                    6f:f4:4d:c3:02:4d:da:29:20:ff:88:b0:33:e1:bb:
                    e8:8c:e3:89:a8:67:58:02:33:74:0a:de:18:00:1d:
                    7a:07:ca:57:ca:ff:49:03:31:6e:4a:d2:b2:c8:66:
                    0a:15:20:90:81:e3:55:98:04:82:37:92:72:b2:c2:
                    63:06:93:4d:bb:48:54:be:88:97:df:7c:66:e1:aa:
                    4c:06:f3:24:c7:1e:f0:3e:54:e8:28:d3:e4:5d:54:
                    f0:0d:91:c9:e7:35:8e:df:fe:07:45:53:cc:39:81:
                    ee:e3:40:63:a9:8b:75:66:fa:c0:47:e8:4a:5c:5b:
                    36:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:27:06:3F:40:72:E1:B2:1B:DA:3F:72:C3:A1:EB:28:D8:7D:DA:45
            X509v3 Authority Key Identifier:
                keyid:90:97:F9:72:37:EF:36:6D:E5:AB:6D:75:8E:EE:54:3E:08:D5:7F:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kJf5cjfvNm3lq211ju5UPgjVf1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ac13e2-2a29-4e70-859b-6c30b8ef63b4/1/lCcGP0By4bIb2j9yw6HrKNh92kU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ac13e2-2a29-4e70-859b-6c30b8ef63b4/1/kJf5cjfvNm3lq211ju5UPgjVf1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:72:b9:0b:16:52:2a:37:14:e8:ef:34:f8:52:33:09:45:18:
         af:71:41:50:71:bf:63:1d:43:05:03:3c:6d:d9:ae:60:5b:60:
         49:3e:4f:3b:64:e3:33:5b:25:32:12:2a:f4:5d:5d:f2:10:4c:
         32:13:78:84:6e:6e:5d:2e:cb:75:55:99:ac:bb:0a:dc:76:41:
         aa:a6:fe:6c:4f:30:55:df:b2:4b:05:8b:a7:a3:2b:c1:d1:1a:
         4b:2b:49:47:e0:1f:13:7d:bb:9b:90:00:11:6e:0b:51:f1:87:
         ae:b1:8c:ef:9c:98:8e:7a:f2:b8:eb:0c:02:d0:25:19:5e:09:
         eb:fe:3a:7d:49:00:d1:8d:de:3e:85:d4:b0:e0:b9:70:29:40:
         04:8a:33:43:3f:5a:81:91:7d:6d:99:73:42:db:26:9a:1a:8d:
         ba:85:6a:08:18:02:62:4c:ed:43:36:e0:14:74:d9:54:68:77:
         e6:81:28:01:5e:00:98:43:67:14:f3:53:9d:3e:11:69:10:e2:
         6e:1e:0e:81:1b:fd:a9:29:17:a5:cf:00:31:80:62:75:23:ac:
         42:a9:3c:9b:fd:5d:24:a9:29:fe:81:8c:52:1b:ce:d3:23:c6:
         35:70:33:db:6e:02:32:ee:22:b7:d2:00:cb:12:cd:be:29:ad:
         8f:e7:1b:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD9zdnwpEcDKqL99gn+kc/IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwOTdmOTcyMzdlZjM2NmRlNWFiNmQ3NThlZWU1NDNlMDhk
NTdmNWMwHhcNMjQwNzI5MDkyNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDI3MDYzZjQwNzJlMWIyMWJkYTNmNzJjM2ExZWIyOGQ4N2RkYTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22lm8Ek7n6Co4TqLoSJOvfX7z1hA
/ZD/2sZd7GtbaXZP7tkGOL4JC9et7K5PpRe8VJdBtFu688oXXr9sDw6fSwa4junc
HSO6EIIQTIDfMvNKDJ6cwViPHwM6kZMQNN46DQeuB3qfuQOdUtmhj9GOAS04XTFg
kucWrkqV+e13w9AEFEAcoNlv9E3DAk3aKSD/iLAz4bvojOOJqGdYAjN0Ct4YAB16
B8pXyv9JAzFuStKyyGYKFSCQgeNVmASCN5JyssJjBpNNu0hUvoiX33xm4apMBvMk
xx7wPlToKNPkXVTwDZHJ5zWO3/4HRVPMOYHu40BjqYt1ZvrAR+hKXFs2eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQnBj9AcuGyG9o/csOh6yjYfdpFMB8GA1UdIwQY
MBaAFJCX+XI37zZt5attdY7uVD4I1X9cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0pmNWNqZnZObTNscTIxMWp1NVVQZ2pWZjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9hYzEzZTItMmEyOS00ZTcwLTg1OWIt
NmMzMGI4ZWY2M2I0LzEvbENjR1AwQnk0YkliMmo5eXc2SHJLTmg5MmtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9hYzEzZTItMmEyOS00ZTcwLTg1OWItNmMzMGI4ZWY2M2I0
LzEva0pmNWNqZnZObTNscTIxMWp1NVVQZ2pWZjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueRgMA0G
CSqGSIb3DQEBCwUAA4IBAQCAcrkLFlIqNxTo7zT4UjMJRRivcUFQcb9jHUMFAzxt
2a5gW2BJPk87ZOMzWyUyEir0XV3yEEwyE3iEbm5dLst1VZmsuwrcdkGqpv5sTzBV
37JLBYunoyvB0RpLK0lH4B8TfbubkAARbgtR8YeusYzvnJiOevK46wwC0CUZXgnr
/jp9SQDRjd4+hdSw4LlwKUAEijNDP1qBkX1tmXNC2yaaGo26hWoIGAJiTO1DNuAU
dNlUaHfmgSgBXgCYQ2cU81OdPhFpEOJuHg6BG/2pKRelzwAxgGJ1I6xCqTyb/V0k
qSn+gYxSG87TI8Y1cDPbbgIy7iK30gDLEs2+Ka2P5xuE
-----END CERTIFICATE-----