Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/e38fc3-ea13-4013-9284-3a8ac4dc3eef/1/lSPSdRUKnB9SmwdIqPiVCsssedM.roa
File:                     lSPSdRUKnB9SmwdIqPiVCsssedM.roa (raw, json)
Hash identifier:          mRHzo3nkdDAnWha+sWmxAV7uFUHE7DY3Ku0sHMrSSyw=
Subject key identifier:   95:23:D2:75:15:0A:9C:1F:52:9B:07:48:A8:F8:95:0A:CB:2C:79:D3
Certificate issuer:       /CN=dfabd142e894168883ce45227317f9fa5022194f
Certificate serial:       018CC5DCACBCD0154D8BC8FDF6E46127222D
Authority key identifier: DF:AB:D1:42:E8:94:16:88:83:CE:45:22:73:17:F9:FA:50:22:19:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/36vRQuiUFoiDzkUicxf5-lAiGU8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/e38fc3-ea13-4013-9284-3a8ac4dc3eef/1/lSPSdRUKnB9SmwdIqPiVCsssedM.roa
Signing time:             Mon 01 Jan 2024 16:30:22 +0000
ROA not before:           Mon 01 Jan 2024 16:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49853
IP address blocks:        91.212.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/e38fc3-ea13-4013-9284-3a8ac4dc3eef/1/36vRQuiUFoiDzkUicxf5-lAiGU8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/e38fc3-ea13-4013-9284-3a8ac4dc3eef/1/36vRQuiUFoiDzkUicxf5-lAiGU8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/36vRQuiUFoiDzkUicxf5-lAiGU8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 22:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:ac:bc:d0:15:4d:8b:c8:fd:f6:e4:61:27:22:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfabd142e894168883ce45227317f9fa5022194f
        Validity
            Not Before: Jan  1 16:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9523d275150a9c1f529b0748a8f8950acb2c79d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:90:69:18:15:61:7c:8d:23:ea:48:b5:95:ba:
                    31:db:be:63:a7:b8:e3:65:75:e0:e3:72:cb:b9:16:
                    ed:b5:59:59:63:f9:6e:fd:ca:d5:aa:b1:8c:20:74:
                    74:5a:38:0f:97:2e:8a:e7:0a:eb:fe:ec:d6:97:b9:
                    dc:87:76:d1:67:45:9a:60:25:67:63:62:cc:f7:50:
                    78:0d:5c:5b:da:26:ab:6e:4a:cd:8c:1e:b6:2b:be:
                    79:18:e0:31:97:5e:2a:7f:3f:24:5f:81:c9:7d:0d:
                    ac:ea:21:26:a1:99:1e:68:ff:72:34:f9:b2:52:c8:
                    d9:6a:c5:90:4a:3a:f0:46:52:18:87:d7:c5:ca:e3:
                    cf:67:d7:ea:95:00:29:0b:50:cb:8e:45:f7:be:ca:
                    14:c2:74:a8:39:56:01:c1:2b:85:12:b0:f5:ec:5d:
                    67:0f:b4:cd:ed:9b:55:78:2e:14:53:33:d8:83:fd:
                    fc:fa:5a:01:4a:40:ae:13:93:4f:b3:a7:91:10:27:
                    63:d8:7c:a7:57:ce:f0:b9:a5:b1:9b:9e:7f:97:69:
                    0d:98:0e:42:de:3b:0d:f7:d8:9c:76:28:5b:8e:e8:
                    cc:e0:15:19:1b:52:2c:30:f6:e5:19:20:97:59:5b:
                    e3:ed:60:9a:c8:58:c2:c3:90:14:ef:7f:10:e7:ec:
                    1d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:23:D2:75:15:0A:9C:1F:52:9B:07:48:A8:F8:95:0A:CB:2C:79:D3
            X509v3 Authority Key Identifier:
                keyid:DF:AB:D1:42:E8:94:16:88:83:CE:45:22:73:17:F9:FA:50:22:19:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/36vRQuiUFoiDzkUicxf5-lAiGU8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/e38fc3-ea13-4013-9284-3a8ac4dc3eef/1/lSPSdRUKnB9SmwdIqPiVCsssedM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/e38fc3-ea13-4013-9284-3a8ac4dc3eef/1/36vRQuiUFoiDzkUicxf5-lAiGU8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:aa:b1:b5:ee:68:fc:25:db:7f:37:1b:92:dc:26:b5:a3:32:
         2c:85:63:b1:1f:3b:2c:d7:3c:5b:aa:dd:b8:ed:b4:f7:18:18:
         6e:5d:48:6e:75:00:97:ba:53:c9:f7:1f:5b:3e:ab:a2:d1:80:
         5c:93:09:2e:ce:e9:4e:b1:a8:c6:97:a0:ce:b1:bb:40:f7:41:
         22:71:99:ef:50:ea:8c:e6:ee:d3:79:b0:0a:f8:b8:60:95:3e:
         a7:f9:10:a4:ef:a2:27:d8:53:b4:3e:41:99:b7:06:1c:ff:8d:
         77:aa:1f:b1:8c:ab:ef:3c:1a:48:71:a4:7e:8a:dd:3e:05:88:
         69:67:ea:4c:44:07:90:9f:58:ee:8c:1d:c3:1d:ae:04:5a:06:
         0e:ac:4e:27:f7:94:f1:4a:ad:5f:e7:3c:10:bf:b3:e1:47:8c:
         8d:de:ae:fb:85:c5:6d:60:c8:14:2b:dc:28:6f:43:47:97:5f:
         8c:0f:b9:d6:5a:37:73:f6:4c:1e:45:13:c6:5f:1a:ed:02:1f:
         72:4a:08:6a:ba:87:6b:20:4d:4a:69:d7:34:24:a1:fe:ae:f1:
         57:cb:86:95:e2:8a:0f:01:0c:63:32:16:81:cf:f4:67:05:90:
         09:f1:c9:86:74:ea:a8:50:8d:b1:e4:be:be:f7:f1:7e:6c:42:
         f0:97:03:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Ky80BVNi8j99uRhJyItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYWJkMTQyZTg5NDE2ODg4M2NlNDUyMjczMTdmOWZhNTAy
MjE5NGYwHhcNMjQwMTAxMTYzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTIzZDI3NTE1MGE5YzFmNTI5YjA3NDhhOGY4OTUwYWNiMmM3OWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJBpGBVhfI0j6ki1lbox275jp7jj
ZXXg43LLuRbttVlZY/lu/crVqrGMIHR0WjgPly6K5wrr/uzWl7nch3bRZ0WaYCVn
Y2LM91B4DVxb2iarbkrNjB62K755GOAxl14qfz8kX4HJfQ2s6iEmoZkeaP9yNPmy
UsjZasWQSjrwRlIYh9fFyuPPZ9fqlQApC1DLjkX3vsoUwnSoOVYBwSuFErD17F1n
D7TN7ZtVeC4UUzPYg/38+loBSkCuE5NPs6eRECdj2HynV87wuaWxm55/l2kNmA5C
3jsN99icdihbjujM4BUZG1IsMPblGSCXWVvj7WCayFjCw5AU738Q5+wdXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUj0nUVCpwfUpsHSKj4lQrLLHnTMB8GA1UdIwQY
MBaAFN+r0ULolBaIg85FInMX+fpQIhlPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzZ2UlF1aVVGb2lEemtVaWN4ZjUtbEFpR1U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9lMzhmYzMtZWExMy00MDEzLTkyODQt
M2E4YWM0ZGMzZWVmLzEvbFNQU2RSVUtuQjlTbXdkSXFQaVZDc3NzZWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9lMzhmYzMtZWExMy00MDEzLTkyODQtM2E4YWM0ZGMzZWVm
LzEvMzZ2UlF1aVVGb2lEemtVaWN4ZjUtbEFpR1U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9SGMA0G
CSqGSIb3DQEBCwUAA4IBAQBjqrG17mj8Jdt/NxuS3Ca1ozIshWOxHzss1zxbqt24
7bT3GBhuXUhudQCXulPJ9x9bPqui0YBckwkuzulOsajGl6DOsbtA90EicZnvUOqM
5u7TebAK+LhglT6n+RCk76In2FO0PkGZtwYc/413qh+xjKvvPBpIcaR+it0+BYhp
Z+pMRAeQn1jujB3DHa4EWgYOrE4n95TxSq1f5zwQv7PhR4yN3q77hcVtYMgUK9wo
b0NHl1+MD7nWWjdz9kweRRPGXxrtAh9ySghquodrIE1Kadc0JKH+rvFXy4aV4ooP
AQxjMhaBz/RnBZAJ8cmGdOqoUI2x5L6+9/F+bELwlwNA
-----END CERTIFICATE-----