Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/1d34ab-508a-4233-8a6e-f5f8b1a3b428/1/LpTdp3zL-imhvr0a6-bW-0VuFr4.roa
File:                     LpTdp3zL-imhvr0a6-bW-0VuFr4.roa (raw, json)
Hash identifier:          YesSMVOGxt2TfDyUesCYLbCZL98GythDW+w361va3dY=
Subject key identifier:   2E:94:DD:A7:7C:CB:FA:29:A1:BE:BD:1A:EB:E6:D6:FB:45:6E:16:BE
Certificate issuer:       /CN=930496c1acba7789fdc0e06cf213eec01ed06098
Certificate serial:       018CC801AC5823792A85412746B83A0BA6FE
Authority key identifier: 93:04:96:C1:AC:BA:77:89:FD:C0:E0:6C:F2:13:EE:C0:1E:D0:60:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kwSWway6d4n9wOBs8hPuwB7QYJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/1d34ab-508a-4233-8a6e-f5f8b1a3b428/1/LpTdp3zL-imhvr0a6-bW-0VuFr4.roa
Signing time:             Tue 02 Jan 2024 02:30:01 +0000
ROA not before:           Tue 02 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        193.17.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/1d34ab-508a-4233-8a6e-f5f8b1a3b428/1/kwSWway6d4n9wOBs8hPuwB7QYJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/1d34ab-508a-4233-8a6e-f5f8b1a3b428/1/kwSWway6d4n9wOBs8hPuwB7QYJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kwSWway6d4n9wOBs8hPuwB7QYJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ac:58:23:79:2a:85:41:27:46:b8:3a:0b:a6:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=930496c1acba7789fdc0e06cf213eec01ed06098
        Validity
            Not Before: Jan  2 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e94dda77ccbfa29a1bebd1aebe6d6fb456e16be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4e:26:4b:cc:6e:e0:b3:54:4e:3c:a1:e5:d1:
                    29:ed:35:b7:fc:ac:7a:ad:49:1a:82:dc:61:78:f4:
                    e8:6e:ba:78:f1:6d:c7:2c:f6:1a:f3:5c:c3:f8:d5:
                    ad:9f:ae:ab:90:95:9f:f2:d9:7e:f6:16:f1:f4:cf:
                    6e:2e:93:38:d7:9a:a3:0f:27:16:be:1c:fa:aa:63:
                    6f:e6:1c:30:a9:df:b4:74:36:e8:4a:69:9e:df:a8:
                    cc:ab:0f:90:56:22:d5:20:23:5d:ae:03:bd:8a:9b:
                    52:2c:9e:bf:37:2b:b0:9c:13:f2:06:ed:93:45:0b:
                    c2:8b:79:12:f7:fa:ad:73:ce:81:9d:35:bf:77:71:
                    e5:5e:46:47:aa:d6:02:ce:11:58:20:32:66:b3:9b:
                    4b:27:16:06:ca:39:86:3f:41:54:af:2e:eb:7f:c2:
                    4a:2c:7f:d5:19:5e:e6:66:de:64:bc:41:87:fd:63:
                    16:56:e5:48:1c:bf:4a:d0:c3:8d:ad:b7:2f:6b:ec:
                    b3:e4:b3:34:b3:c5:bd:6b:bb:35:d4:2e:16:00:55:
                    dc:ee:c1:4e:b3:36:98:28:7b:9e:44:83:4a:11:6a:
                    dd:4c:98:f6:4b:5a:44:d1:fb:9c:2c:b5:fe:8d:59:
                    50:b9:f2:18:1e:ec:62:40:86:81:c9:26:ff:9a:72:
                    91:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:94:DD:A7:7C:CB:FA:29:A1:BE:BD:1A:EB:E6:D6:FB:45:6E:16:BE
            X509v3 Authority Key Identifier:
                keyid:93:04:96:C1:AC:BA:77:89:FD:C0:E0:6C:F2:13:EE:C0:1E:D0:60:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kwSWway6d4n9wOBs8hPuwB7QYJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/1d34ab-508a-4233-8a6e-f5f8b1a3b428/1/LpTdp3zL-imhvr0a6-bW-0VuFr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/1d34ab-508a-4233-8a6e-f5f8b1a3b428/1/kwSWway6d4n9wOBs8hPuwB7QYJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:e0:e7:16:62:bc:06:7e:cd:db:0b:3f:1a:67:60:b7:aa:be:
         11:ca:6d:b5:30:8a:f6:fe:f6:2a:c9:44:1e:1a:ec:11:7c:af:
         96:32:37:ab:cf:cb:ec:84:63:ad:e5:17:b6:9e:15:3a:58:10:
         f9:19:7f:1a:8f:79:d0:0c:3f:8f:a9:4f:c8:e6:ab:71:e3:1b:
         fd:9b:69:91:ec:a0:5f:fc:3d:71:46:4c:ab:9a:b2:8c:43:55:
         f9:b8:a3:6c:23:c8:84:d3:7e:ae:2e:7f:fc:d9:cf:a0:62:78:
         f0:53:84:72:50:d9:d7:ec:e5:03:7d:f7:78:98:6b:f0:69:f9:
         92:d8:ec:72:4c:09:ec:76:97:02:17:68:58:d8:8f:31:d1:92:
         03:7c:c9:18:5a:a9:2e:85:50:b0:32:61:c2:b0:53:e1:a3:8f:
         13:96:70:03:69:ae:c9:0c:e4:96:35:88:c5:1a:0a:67:ee:22:
         eb:4b:46:81:89:5c:1d:21:52:cc:3d:fa:b7:ee:f8:d0:4a:ac:
         52:e4:51:37:b5:2b:34:bb:08:45:4a:3b:09:5b:04:b9:27:8e:
         fb:a2:d3:ff:a8:bc:42:f9:f5:7c:6f:0d:c5:f8:f7:4e:84:30:
         c5:f8:25:89:19:b8:a0:8a:fe:01:73:38:f1:e6:bd:a5:58:66:
         5a:e8:72:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAaxYI3kqhUEnRrg6C6b+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMDQ5NmMxYWNiYTc3ODlmZGMwZTA2Y2YyMTNlZWMwMWVk
MDYwOTgwHhcNMjQwMTAyMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTk0ZGRhNzdjY2JmYTI5YTFiZWJkMWFlYmU2ZDZmYjQ1NmUxNmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArE4mS8xu4LNUTjyh5dEp7TW3/Kx6
rUkagtxhePTobrp48W3HLPYa81zD+NWtn66rkJWf8tl+9hbx9M9uLpM415qjDycW
vhz6qmNv5hwwqd+0dDboSmme36jMqw+QViLVICNdrgO9iptSLJ6/NyuwnBPyBu2T
RQvCi3kS9/qtc86BnTW/d3HlXkZHqtYCzhFYIDJms5tLJxYGyjmGP0FUry7rf8JK
LH/VGV7mZt5kvEGH/WMWVuVIHL9K0MONrbcva+yz5LM0s8W9a7s11C4WAFXc7sFO
szaYKHueRINKEWrdTJj2S1pE0fucLLX+jVlQufIYHuxiQIaBySb/mnKRHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6U3ad8y/opob69Guvm1vtFbha+MB8GA1UdIwQY
MBaAFJMElsGsuneJ/cDgbPIT7sAe0GCYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3dTV3dheTZkNG45d09CczhoUHV3QjdRWUpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8xZDM0YWItNTA4YS00MjMzLThhNmUt
ZjVmOGIxYTNiNDI4LzEvTHBUZHAzekwtaW1odnIwYTYtYlctMFZ1RnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8xZDM0YWItNTA4YS00MjMzLThhNmUtZjVmOGIxYTNiNDI4
LzEva3dTV3dheTZkNG45d09CczhoUHV3QjdRWUpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRFBMA0G
CSqGSIb3DQEBCwUAA4IBAQC24OcWYrwGfs3bCz8aZ2C3qr4Rym21MIr2/vYqyUQe
GuwRfK+WMjerz8vshGOt5Re2nhU6WBD5GX8aj3nQDD+PqU/I5qtx4xv9m2mR7KBf
/D1xRkyrmrKMQ1X5uKNsI8iE036uLn/82c+gYnjwU4RyUNnX7OUDffd4mGvwafmS
2OxyTAnsdpcCF2hY2I8x0ZIDfMkYWqkuhVCwMmHCsFPho48TlnADaa7JDOSWNYjF
Ggpn7iLrS0aBiVwdIVLMPfq37vjQSqxS5FE3tSs0uwhFSjsJWwS5J477otP/qLxC
+fV8bw3F+PdOhDDF+CWJGbigiv4Bczjx5r2lWGZa6HLc
-----END CERTIFICATE-----