Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/e4e07e-15fc-4942-842a-538509f3a789/1/LnpOD7dP6ExFBX4MRMD3rgpbQJI.roa
File:                     LnpOD7dP6ExFBX4MRMD3rgpbQJI.roa (raw, json)
Hash identifier:          q/d1+8A9HcNX8j10AfLZgr8+lPkkjyUYFOV5YuGPEGA=
Subject key identifier:   2E:7A:4E:0F:B7:4F:E8:4C:45:05:7E:0C:44:C0:F7:AE:0A:5B:40:92
Certificate issuer:       /CN=4d23e2edb321e1a8a5ce9ee3e2d95aa40f0de8a0
Certificate serial:       018CC56E0BD1156763AFCB2D7F5EA7C1D307
Authority key identifier: 4D:23:E2:ED:B3:21:E1:A8:A5:CE:9E:E3:E2:D9:5A:A4:0F:0D:E8:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TSPi7bMh4ailzp7j4tlapA8N6KA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/e4e07e-15fc-4942-842a-538509f3a789/1/LnpOD7dP6ExFBX4MRMD3rgpbQJI.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39122
IP address blocks:        185.204.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/e4e07e-15fc-4942-842a-538509f3a789/1/TSPi7bMh4ailzp7j4tlapA8N6KA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/e4e07e-15fc-4942-842a-538509f3a789/1/TSPi7bMh4ailzp7j4tlapA8N6KA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TSPi7bMh4ailzp7j4tlapA8N6KA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0b:d1:15:67:63:af:cb:2d:7f:5e:a7:c1:d3:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d23e2edb321e1a8a5ce9ee3e2d95aa40f0de8a0
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e7a4e0fb74fe84c45057e0c44c0f7ae0a5b4092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bc:9a:9c:2a:c9:73:03:25:ad:ea:94:89:5f:
                    29:ce:92:a4:ed:2a:12:44:fb:bc:cb:4d:cd:c7:4d:
                    9e:d6:26:99:75:06:40:ae:20:12:53:60:ad:d6:c6:
                    97:6f:72:1d:ad:47:a2:f6:09:20:72:66:09:70:57:
                    fc:a5:9a:e5:da:54:67:fb:3f:e3:ef:c2:87:a6:5b:
                    81:f0:94:f7:27:20:d1:a2:80:72:69:49:bf:1e:c4:
                    34:d7:d3:93:65:8a:32:48:1e:52:c3:c8:ba:77:64:
                    5d:75:22:13:7a:fb:7a:6f:5d:9c:81:b2:2e:4a:3d:
                    03:97:99:ae:ac:64:52:58:48:63:ff:14:86:68:6c:
                    77:99:4e:db:18:e8:7c:99:98:d6:fc:0b:64:cf:14:
                    f3:ff:9e:98:1a:68:05:e5:74:68:4e:46:f8:a4:e7:
                    dd:4e:79:19:f5:de:a5:07:9c:c9:a8:d3:cd:a1:58:
                    63:bc:d5:c3:c5:36:ec:d1:13:1d:93:82:53:68:ac:
                    7f:63:84:e7:38:05:23:51:b1:70:22:ee:6c:77:42:
                    e3:db:9f:22:8c:2b:2f:05:f7:a1:24:de:1d:6a:60:
                    1d:74:fe:79:ac:30:51:00:d1:26:c0:09:b8:aa:75:
                    15:ef:03:dc:8a:1a:7a:16:1c:a4:79:2c:dc:35:f6:
                    95:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:7A:4E:0F:B7:4F:E8:4C:45:05:7E:0C:44:C0:F7:AE:0A:5B:40:92
            X509v3 Authority Key Identifier:
                keyid:4D:23:E2:ED:B3:21:E1:A8:A5:CE:9E:E3:E2:D9:5A:A4:0F:0D:E8:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TSPi7bMh4ailzp7j4tlapA8N6KA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/e4e07e-15fc-4942-842a-538509f3a789/1/LnpOD7dP6ExFBX4MRMD3rgpbQJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/e4e07e-15fc-4942-842a-538509f3a789/1/TSPi7bMh4ailzp7j4tlapA8N6KA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:8e:7f:72:43:c1:c5:0d:4e:d5:ae:64:84:07:e0:c1:eb:1c:
         00:c8:0e:83:11:4d:29:7a:4c:5b:f9:3b:a7:eb:a6:15:bc:4d:
         5d:98:c8:da:05:66:36:47:c1:25:e2:b6:15:51:9e:78:70:e2:
         f2:fa:78:32:57:71:29:f3:95:d2:71:13:20:6c:d1:34:85:25:
         62:74:d1:b6:1a:e6:bb:26:96:e0:88:ff:b1:28:b9:f3:75:ff:
         5e:e2:6a:64:d6:a1:ee:03:dc:dd:86:09:4b:df:f9:fc:34:2f:
         7d:32:a7:ad:9f:ff:63:37:79:59:54:73:88:86:b9:6f:64:dd:
         50:88:47:15:c5:4f:2d:d8:80:f6:8d:1e:c5:5e:11:f4:4e:10:
         4a:0f:6b:6f:13:3e:e6:14:f1:6a:37:d6:25:00:c2:f9:95:66:
         36:c4:47:c9:9d:5e:2c:45:49:5f:f7:41:10:e8:33:57:92:45:
         81:d3:c8:f0:1e:ee:da:2d:fe:33:16:04:85:45:d9:48:a6:09:
         02:66:1c:9d:c2:2e:70:c0:14:b6:77:6e:99:a7:e8:fd:ce:12:
         a7:b4:02:6c:69:4d:ed:c8:f2:dc:ce:8b:0e:bd:53:20:83:06:
         6a:15:89:e2:5d:10:84:81:0f:74:96:9f:3b:38:ee:68:14:75:
         95:f4:93:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgvRFWdjr8stf16nwdMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMjNlMmVkYjMyMWUxYThhNWNlOWVlM2UyZDk1YWE0MGYw
ZGU4YTAwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTdhNGUwZmI3NGZlODRjNDUwNTdlMGM0NGMwZjdhZTBhNWI0MDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7yanCrJcwMlreqUiV8pzpKk7SoS
RPu8y03Nx02e1iaZdQZAriASU2Ct1saXb3IdrUei9gkgcmYJcFf8pZrl2lRn+z/j
78KHpluB8JT3JyDRooByaUm/HsQ019OTZYoySB5Sw8i6d2RddSITevt6b12cgbIu
Sj0Dl5murGRSWEhj/xSGaGx3mU7bGOh8mZjW/AtkzxTz/56YGmgF5XRoTkb4pOfd
TnkZ9d6lB5zJqNPNoVhjvNXDxTbs0RMdk4JTaKx/Y4TnOAUjUbFwIu5sd0Lj258i
jCsvBfehJN4damAddP55rDBRANEmwAm4qnUV7wPcihp6FhykeSzcNfaVLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC56Tg+3T+hMRQV+DETA964KW0CSMB8GA1UdIwQY
MBaAFE0j4u2zIeGopc6e4+LZWqQPDeigMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFNQaTdiTWg0YWlsenA3ajR0bGFwQThONktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9lNGUwN2UtMTVmYy00OTQyLTg0MmEt
NTM4NTA5ZjNhNzg5LzEvTG5wT0Q3ZFA2RXhGQlg0TVJNRDNyZ3BiUUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9lNGUwN2UtMTVmYy00OTQyLTg0MmEtNTM4NTA5ZjNhNzg5
LzEvVFNQaTdiTWg0YWlsenA3ajR0bGFwQThONktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucyIMA0G
CSqGSIb3DQEBCwUAA4IBAQCSjn9yQ8HFDU7VrmSEB+DB6xwAyA6DEU0pekxb+Tun
66YVvE1dmMjaBWY2R8El4rYVUZ54cOLy+ngyV3Ep85XScRMgbNE0hSVidNG2Gua7
JpbgiP+xKLnzdf9e4mpk1qHuA9zdhglL3/n8NC99Mqetn/9jN3lZVHOIhrlvZN1Q
iEcVxU8t2ID2jR7FXhH0ThBKD2tvEz7mFPFqN9YlAML5lWY2xEfJnV4sRUlf90EQ
6DNXkkWB08jwHu7aLf4zFgSFRdlIpgkCZhydwi5wwBS2d26Zp+j9zhKntAJsaU3t
yPLczosOvVMggwZqFYniXRCEgQ90lp87OO5oFHWV9JOh
-----END CERTIFICATE-----