Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/j9lH8J7G3WobH4lsD15m-VsHfXA.roa
File:                     j9lH8J7G3WobH4lsD15m-VsHfXA.roa (raw, json)
Hash identifier:          qeHJX0Tapm1zxSb8XB+NF4p89KIeCYI5mpUGKGseBY0=
Subject key identifier:   8F:D9:47:F0:9E:C6:DD:6A:1B:1F:89:6C:0F:5E:66:F9:5B:07:7D:70
Certificate issuer:       /CN=9da4e95d2f4cc34a7376b73c0f039b3e158f5152
Certificate serial:       0194214420ED0A61A9D371FB57D1E5E8D2D4
Authority key identifier: 9D:A4:E9:5D:2F:4C:C3:4A:73:76:B7:3C:0F:03:9B:3E:15:8F:51:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/naTpXS9Mw0pzdrc8DwObPhWPUVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/j9lH8J7G3WobH4lsD15m-VsHfXA.roa
Signing time:             Wed 01 Jan 2025 09:48:20 +0000
ROA not before:           Wed 01 Jan 2025 09:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198504
IP address blocks:        185.19.80.0/23 maxlen: 23
                          185.19.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/naTpXS9Mw0pzdrc8DwObPhWPUVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/naTpXS9Mw0pzdrc8DwObPhWPUVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/naTpXS9Mw0pzdrc8DwObPhWPUVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:20:ed:0a:61:a9:d3:71:fb:57:d1:e5:e8:d2:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da4e95d2f4cc34a7376b73c0f039b3e158f5152
        Validity
            Not Before: Jan  1 09:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fd947f09ec6dd6a1b1f896c0f5e66f95b077d70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4f:34:cd:ed:ea:fc:77:21:58:0d:08:dd:58:
                    6f:bb:0e:3c:9b:e7:c4:78:ef:5e:e9:63:26:e9:2b:
                    68:35:ef:e2:b0:14:e2:9c:2b:21:9d:d3:de:f5:60:
                    9d:be:49:3f:bd:86:80:84:8e:4c:0a:33:40:e6:78:
                    2f:bd:d6:e9:52:80:47:0b:90:34:0f:67:d3:41:31:
                    08:0e:47:08:27:55:05:6e:04:37:c3:d3:df:54:27:
                    9c:b7:39:08:c3:2c:fb:7e:ad:41:a6:f0:0e:b6:4b:
                    54:dd:eb:7b:c3:7b:28:ef:c4:1c:08:a2:2b:c3:a8:
                    8f:6e:9f:51:22:d9:2b:99:56:03:f4:27:6d:88:39:
                    3f:06:c3:7a:4f:3b:f4:7d:21:90:1f:99:fb:d0:2d:
                    ca:ee:87:f8:c9:91:37:c5:6b:7c:b5:c3:41:fa:24:
                    10:ed:ac:f8:44:54:f5:9c:46:24:d6:48:16:f2:f4:
                    af:66:7b:6c:69:72:cd:db:29:9f:c9:ae:65:ae:ba:
                    90:70:57:c3:69:60:67:7d:df:ac:2c:15:d5:48:51:
                    b9:8a:00:89:10:ce:fe:2b:9e:b3:1d:73:48:43:f0:
                    b9:34:0d:ea:50:43:46:15:70:6b:d4:ed:5b:a2:08:
                    3d:f2:46:d7:17:ab:3f:d2:82:54:87:d5:f0:b8:70:
                    6d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D9:47:F0:9E:C6:DD:6A:1B:1F:89:6C:0F:5E:66:F9:5B:07:7D:70
            X509v3 Authority Key Identifier:
                keyid:9D:A4:E9:5D:2F:4C:C3:4A:73:76:B7:3C:0F:03:9B:3E:15:8F:51:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/naTpXS9Mw0pzdrc8DwObPhWPUVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/j9lH8J7G3WobH4lsD15m-VsHfXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/naTpXS9Mw0pzdrc8DwObPhWPUVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.80.0/23
                  185.19.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:4c:df:f7:5f:55:53:a2:5e:0d:f5:fa:39:7e:b5:03:d6:14:
         c8:0c:e0:7a:05:ae:47:27:10:2e:9f:f8:6f:f4:80:6e:57:bb:
         90:8d:66:10:12:9b:b7:37:61:1b:8f:20:a9:4d:7d:82:12:08:
         df:e1:27:36:55:fb:a6:99:cd:5d:ec:68:b8:d0:68:59:59:bd:
         2c:0b:45:9b:6f:51:ae:a2:db:8e:8a:18:70:ad:e9:1b:84:f7:
         6d:b0:de:9d:25:c4:50:ca:a5:20:80:d0:3a:4e:59:2b:b1:59:
         f9:6d:10:c9:19:dd:12:a7:ad:4e:b8:7d:66:12:d0:23:a4:17:
         ad:67:42:0b:30:9a:a8:fb:07:67:3a:65:dc:20:c7:61:00:a3:
         d0:c6:2f:dd:e1:f0:ad:8c:53:c4:74:35:09:49:8e:60:bb:c6:
         10:bd:f2:0d:e9:fd:67:10:20:1a:d4:e0:89:d3:60:44:7b:4d:
         33:3d:99:a3:b0:ef:90:db:28:94:e6:30:d5:cb:63:49:ea:79:
         a6:d1:0d:bf:7b:34:b0:e7:02:e4:06:f6:ad:c9:c7:8e:dd:43:
         86:f7:f5:2c:dd:2b:b1:ee:c1:6d:e9:29:b9:40:72:5e:7f:b0:
         38:f5:b2:d8:76:9b:83:23:90:b3:fa:70:cb:43:d5:25:02:0d:
         e2:d4:68:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRCDtCmGp03H7V9Hl6NLUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYTRlOTVkMmY0Y2MzNGE3Mzc2YjczYzBmMDM5YjNlMTU4
ZjUxNTIwHhcNMjUwMTAxMDk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQ5NDdmMDllYzZkZDZhMWIxZjg5NmMwZjVlNjZmOTViMDc3ZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k80ze3q/HchWA0I3Vhvuw48m+fE
eO9e6WMm6StoNe/isBTinCshndPe9WCdvkk/vYaAhI5MCjNA5ngvvdbpUoBHC5A0
D2fTQTEIDkcIJ1UFbgQ3w9PfVCectzkIwyz7fq1BpvAOtktU3et7w3so78QcCKIr
w6iPbp9RItkrmVYD9CdtiDk/BsN6Tzv0fSGQH5n70C3K7of4yZE3xWt8tcNB+iQQ
7az4RFT1nEYk1kgW8vSvZntsaXLN2ymfya5lrrqQcFfDaWBnfd+sLBXVSFG5igCJ
EM7+K56zHXNIQ/C5NA3qUENGFXBr1O1bogg98kbXF6s/0oJUh9XwuHBtswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI/ZR/Cext1qGx+JbA9eZvlbB31wMB8GA1UdIwQY
MBaAFJ2k6V0vTMNKc3a3PA8Dmz4Vj1FSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmFUcFhTOU13MHB6ZHJjOER3T2JQaFdQVVZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9hY2YyYTItNGQ1Mi00MGNkLWE1Zjgt
NTk1OTEzODllMjQyLzEvajlsSDhKN0czV29iSDRsc0QxNW0tVnNIZlhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9hY2YyYTItNGQ1Mi00MGNkLWE1ZjgtNTk1OTEzODllMjQy
LzEvbmFUcFhTOU13MHB6ZHJjOER3T2JQaFdQVVZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuRNQAwQA
uRNTMA0GCSqGSIb3DQEBCwUAA4IBAQAgTN/3X1VTol4N9fo5frUD1hTIDOB6Ba5H
JxAun/hv9IBuV7uQjWYQEpu3N2EbjyCpTX2CEgjf4Sc2Vfummc1d7Gi40GhZWb0s
C0Wbb1GuotuOihhwrekbhPdtsN6dJcRQyqUggNA6TlkrsVn5bRDJGd0Sp61OuH1m
EtAjpBetZ0ILMJqo+wdnOmXcIMdhAKPQxi/d4fCtjFPEdDUJSY5gu8YQvfIN6f1n
ECAa1OCJ02BEe00zPZmjsO+Q2yiU5jDVy2NJ6nmm0Q2/ezSw5wLkBvatyceO3UOG
9/Us3Sux7sFt6Sm5QHJef7A49bLYdpuDI5Cz+nDLQ9UlAg3i1Ggz
-----END CERTIFICATE-----