Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/5LCXLciJTIOeGBe2lfSh303G1ms.roa
File:                     5LCXLciJTIOeGBe2lfSh303G1ms.roa (raw, json)
Hash identifier:          fHXvOJ+uDwg3sDNE4e+/nhiJ4gsatgtbcikma2Kn9d8=
Subject key identifier:   E4:B0:97:2D:C8:89:4C:83:9E:18:17:B6:95:F4:A1:DF:4D:C6:D6:6B
Certificate issuer:       /CN=632e3d037bf0507571b2a068cb90308374ce53ed
Certificate serial:       018CC2DAFE455146AD03A53A3320BC01678E
Authority key identifier: 63:2E:3D:03:7B:F0:50:75:71:B2:A0:68:CB:90:30:83:74:CE:53:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/5LCXLciJTIOeGBe2lfSh303G1ms.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3949
IP address blocks:        171.22.145.0/24 maxlen: 24
                          185.243.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fe:45:51:46:ad:03:a5:3a:33:20:bc:01:67:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632e3d037bf0507571b2a068cb90308374ce53ed
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4b0972dc8894c839e1817b695f4a1df4dc6d66b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e5:b7:85:aa:45:1a:06:9f:9a:4e:11:0f:00:
                    85:bb:1a:5b:9c:f2:80:8f:d4:24:0b:7a:e2:89:8d:
                    98:a4:50:c8:31:2f:40:9b:05:df:c7:17:67:0a:61:
                    95:4d:67:ac:cc:91:14:e2:98:aa:17:76:4f:46:02:
                    00:89:0c:ec:3c:97:89:24:eb:15:85:62:fc:2f:3f:
                    6c:9f:dc:f6:71:11:65:02:35:18:8e:08:f6:07:22:
                    56:85:a7:e1:1f:f3:db:5c:35:81:16:9c:cb:99:52:
                    d7:f7:58:60:14:e8:49:e0:91:f1:64:c0:b6:70:8a:
                    2f:fb:ec:02:3c:f5:fa:9c:49:81:ff:a9:47:2a:b1:
                    3f:a3:a4:4f:cf:6b:11:27:d6:59:e7:fa:57:68:f9:
                    7a:01:6f:63:4a:1e:c4:ea:ca:14:aa:ef:ac:0c:fc:
                    ef:41:f4:e6:57:90:73:be:21:4a:3b:fc:ec:c7:50:
                    5b:c9:38:15:41:17:9f:60:ff:fb:1b:f8:3b:83:39:
                    86:30:78:02:35:78:5a:d9:3b:38:19:97:b1:e7:2f:
                    33:49:c4:1e:57:61:b8:f5:0d:b8:2d:6a:a0:8f:59:
                    5a:6f:9e:ee:28:58:bc:16:a5:3d:93:cc:9d:bb:25:
                    56:f1:f4:38:0c:08:b2:af:4b:a2:98:e5:1f:b3:83:
                    a0:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:B0:97:2D:C8:89:4C:83:9E:18:17:B6:95:F4:A1:DF:4D:C6:D6:6B
            X509v3 Authority Key Identifier:
                keyid:63:2E:3D:03:7B:F0:50:75:71:B2:A0:68:CB:90:30:83:74:CE:53:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/5LCXLciJTIOeGBe2lfSh303G1ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.145.0/24
                  185.243.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:cf:67:17:f2:55:49:53:4f:0e:ef:83:74:83:b2:bd:2a:d7:
         2a:71:46:6f:68:db:0c:fb:0d:ec:de:95:b2:1b:bf:37:bf:b0:
         8b:d0:c6:1b:ad:71:4a:a0:8c:0c:11:69:14:bb:3f:a6:ba:e9:
         10:1b:71:3f:b0:04:de:6e:d8:cc:ff:30:9b:14:4c:99:07:69:
         6a:da:c9:7f:8c:28:94:00:cd:59:d5:10:3f:dc:6f:5b:f0:d5:
         7a:39:7d:ec:e3:76:ec:35:33:77:a5:e2:92:a6:85:72:76:6c:
         1b:90:1d:1d:b0:df:d2:37:5e:fe:10:6f:a2:56:90:a9:cf:d5:
         c3:08:1b:db:1b:8b:3e:40:fa:7f:80:37:eb:29:43:d0:88:61:
         bf:ad:6b:05:01:ff:74:df:dd:03:a2:24:dd:0d:fb:16:a6:7d:
         d5:31:dc:f7:1e:c6:4d:b7:17:d6:f5:a6:bb:93:22:6c:00:b5:
         48:e6:d2:23:6e:9a:c2:f8:00:17:9f:76:8b:f7:03:42:2d:b0:
         f7:1d:55:6f:9f:a9:d0:4c:f3:cd:c0:57:26:63:3c:9b:53:30:
         b6:0a:68:89:6d:93:22:21:66:77:a8:38:41:13:34:47:81:58:
         b5:f5:b8:d4:f1:4a:bc:1f:fc:20:6e:52:2b:bc:e8:dc:65:81:
         01:e4:3e:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2v5FUUatA6U6MyC8AWeOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmUzZDAzN2JmMDUwNzU3MWIyYTA2OGNiOTAzMDgzNzRj
ZTUzZWQwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGIwOTcyZGM4ODk0YzgzOWUxODE3YjY5NWY0YTFkZjRkYzZkNjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeW3hapFGgafmk4RDwCFuxpbnPKA
j9QkC3riiY2YpFDIMS9AmwXfxxdnCmGVTWeszJEU4piqF3ZPRgIAiQzsPJeJJOsV
hWL8Lz9sn9z2cRFlAjUYjgj2ByJWhafhH/PbXDWBFpzLmVLX91hgFOhJ4JHxZMC2
cIov++wCPPX6nEmB/6lHKrE/o6RPz2sRJ9ZZ5/pXaPl6AW9jSh7E6soUqu+sDPzv
QfTmV5BzviFKO/zsx1BbyTgVQRefYP/7G/g7gzmGMHgCNXha2Ts4GZex5y8zScQe
V2G49Q24LWqgj1lab57uKFi8FqU9k8yduyVW8fQ4DAiyr0uimOUfs4OgOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOSwly3IiUyDnhgXtpX0od9NxtZrMB8GA1UdIwQY
MBaAFGMuPQN78FB1cbKgaMuQMIN0zlPtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXk0OUEzdndVSFZ4c3FCb3k1QXdnM1RPVS0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9mOWY0YTktYTBjZC00MTA3LWFhNDEt
ZDUyYTE4OTg1OTk5LzEvNUxDWExjaUpUSU9lR0JlMmxmU2gzMDNHMW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9mOWY0YTktYTBjZC00MTA3LWFhNDEtZDUyYTE4OTg1OTk5
LzEvWXk0OUEzdndVSFZ4c3FCb3k1QXdnM1RPVS0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqxaRAwQA
ufOBMA0GCSqGSIb3DQEBCwUAA4IBAQBtz2cX8lVJU08O74N0g7K9KtcqcUZvaNsM
+w3s3pWyG783v7CL0MYbrXFKoIwMEWkUuz+muukQG3E/sATebtjM/zCbFEyZB2lq
2sl/jCiUAM1Z1RA/3G9b8NV6OX3s43bsNTN3peKSpoVydmwbkB0dsN/SN17+EG+i
VpCpz9XDCBvbG4s+QPp/gDfrKUPQiGG/rWsFAf90390DoiTdDfsWpn3VMdz3HsZN
txfW9aa7kyJsALVI5tIjbprC+AAXn3aL9wNCLbD3HVVvn6nQTPPNwFcmYzybUzC2
CmiJbZMiIWZ3qDhBEzRHgVi19bjU8Uq8H/wgblIrvOjcZYEB5D7E
-----END CERTIFICATE-----