Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/jb-zD-QZseypOhoYrz7-lEkthR4.roa
File:                     jb-zD-QZseypOhoYrz7-lEkthR4.roa (raw, json)
Hash identifier:          NVATDU2rQowVsA5kxCOsDlRv1YWlJaECqpg6RYlVt8g=
Subject key identifier:   8D:BF:B3:0F:E4:19:B1:EC:A9:3A:1A:18:AF:3E:FE:94:49:2D:85:1E
Certificate issuer:       /CN=c340909aec320a8c2ee1cabce1302cbb7d4e0486
Certificate serial:       019422FBEDF5D9616D49FFEF1FCCACF5127C
Authority key identifier: C3:40:90:9A:EC:32:0A:8C:2E:E1:CA:BC:E1:30:2C:BB:7D:4E:04:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w0CQmuwyCowu4cq84TAsu31OBIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/jb-zD-QZseypOhoYrz7-lEkthR4.roa
Signing time:             Wed 01 Jan 2025 17:48:43 +0000
ROA not before:           Wed 01 Jan 2025 17:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        194.0.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/w0CQmuwyCowu4cq84TAsu31OBIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/w0CQmuwyCowu4cq84TAsu31OBIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w0CQmuwyCowu4cq84TAsu31OBIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ed:f5:d9:61:6d:49:ff:ef:1f:cc:ac:f5:12:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c340909aec320a8c2ee1cabce1302cbb7d4e0486
        Validity
            Not Before: Jan  1 17:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8dbfb30fe419b1eca93a1a18af3efe94492d851e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c5:1d:53:05:14:c2:86:a3:7a:6b:a4:e4:95:
                    eb:8a:1d:d7:41:4d:23:ad:e4:04:8b:11:5c:e5:6e:
                    92:2a:68:c3:5f:56:06:9c:aa:ba:73:53:38:6e:75:
                    1e:30:9a:f2:95:6c:21:74:aa:d6:b0:60:9d:4a:d4:
                    58:53:d0:33:62:37:b2:84:77:03:8a:d3:47:1d:be:
                    29:40:e7:00:d2:03:e0:fd:17:f6:16:0e:2e:20:eb:
                    6a:6e:59:62:71:7e:ce:12:81:c9:cd:9b:04:2e:fe:
                    68:94:58:e7:8e:60:1f:b0:74:97:fd:86:42:b2:74:
                    e8:c5:56:8a:f9:9e:21:59:f0:02:31:61:a8:28:25:
                    e9:38:32:89:8c:09:7a:48:3e:a1:7e:93:1c:f1:14:
                    a1:71:5b:04:24:aa:a8:e6:25:1b:20:63:33:19:c0:
                    70:58:ad:da:8e:b2:d0:aa:37:f9:de:aa:13:03:55:
                    18:d5:5a:c4:7c:17:f9:1a:95:13:14:3e:01:a1:1e:
                    01:1e:18:dc:77:52:0b:b2:21:13:18:96:fe:ed:30:
                    93:22:53:9e:7e:e9:6d:3f:28:36:e2:76:2b:86:da:
                    c4:02:fa:1f:fd:f6:58:63:3d:6d:0f:2b:19:85:aa:
                    20:7a:d3:34:3b:56:ef:de:16:89:81:14:2e:37:9a:
                    0b:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:BF:B3:0F:E4:19:B1:EC:A9:3A:1A:18:AF:3E:FE:94:49:2D:85:1E
            X509v3 Authority Key Identifier:
                keyid:C3:40:90:9A:EC:32:0A:8C:2E:E1:CA:BC:E1:30:2C:BB:7D:4E:04:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w0CQmuwyCowu4cq84TAsu31OBIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/jb-zD-QZseypOhoYrz7-lEkthR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/w0CQmuwyCowu4cq84TAsu31OBIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:0c:9a:43:0b:f3:e5:ae:ac:f0:ef:7d:fe:60:a8:2a:bc:9f:
         72:72:0c:bd:c6:4f:2e:5d:47:a0:0b:84:46:be:27:26:c5:ee:
         98:d5:df:8b:99:ca:71:b2:dd:ec:60:e3:99:bd:47:63:da:3e:
         b6:4c:65:7b:2e:92:14:36:84:9e:82:c3:a1:55:25:cd:04:59:
         f2:53:da:ba:ab:d7:e4:24:ef:1d:d1:29:fd:3c:e9:e2:95:2a:
         b1:38:54:57:4d:83:fe:87:c1:da:1d:3d:ab:48:e5:52:9f:65:
         cc:29:b5:be:4d:ef:7f:dd:f7:ed:e1:5f:03:c4:a1:2a:3b:fd:
         70:7d:08:c1:ab:2c:58:d8:c5:fb:cc:c1:92:a9:12:a3:01:e3:
         b0:56:b0:6b:53:5c:89:a4:31:98:de:76:f8:3e:bb:b2:cc:29:
         90:2e:89:ad:6e:da:27:aa:f2:96:e9:5a:fe:38:fc:9d:5d:6e:
         bd:bc:b5:f9:97:72:67:e4:5d:bc:c8:11:ad:c5:8e:16:66:ac:
         6b:00:7e:7b:21:ee:7c:9b:52:40:0f:f5:0b:26:10:07:a1:ae:
         a6:1e:9b:af:44:c6:57:d0:77:ce:66:7f:c9:ab:15:e7:55:82:
         92:db:7e:4c:72:a2:c1:7e:40:3f:93:1d:9e:73:e2:a2:69:c3:
         eb:70:8f:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi++312WFtSf/vH8ys9RJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNDA5MDlhZWMzMjBhOGMyZWUxY2FiY2UxMzAyY2JiN2Q0
ZTA0ODYwHhcNMjUwMTAxMTc0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGJmYjMwZmU0MTliMWVjYTkzYTFhMThhZjNlZmU5NDQ5MmQ4NTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsUdUwUUwoajemuk5JXrih3XQU0j
reQEixFc5W6SKmjDX1YGnKq6c1M4bnUeMJrylWwhdKrWsGCdStRYU9AzYjeyhHcD
itNHHb4pQOcA0gPg/Rf2Fg4uIOtqbllicX7OEoHJzZsELv5olFjnjmAfsHSX/YZC
snToxVaK+Z4hWfACMWGoKCXpODKJjAl6SD6hfpMc8RShcVsEJKqo5iUbIGMzGcBw
WK3ajrLQqjf53qoTA1UY1VrEfBf5GpUTFD4BoR4BHhjcd1ILsiETGJb+7TCTIlOe
fultPyg24nYrhtrEAvof/fZYYz1tDysZhaogetM0O1bv3haJgRQuN5oLxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2/sw/kGbHsqToaGK8+/pRJLYUeMB8GA1UdIwQY
MBaAFMNAkJrsMgqMLuHKvOEwLLt9TgSGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzBDUW11d3lDb3d1NGNxODRUQXN1MzFPQklZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MGIyMDUtOGYyMS00NmY1LWEzZjYt
YmNhMGE4ZjJmNzhjLzEvamItekQtUVpzZXlwT2hvWXJ6Ny1sRWt0aFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MGIyMDUtOGYyMS00NmY1LWEzZjYtYmNhMGE4ZjJmNzhj
LzEvdzBDUW11d3lDb3d1NGNxODRUQXN1MzFPQklZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgDDMA0G
CSqGSIb3DQEBCwUAA4IBAQAfDJpDC/Plrqzw733+YKgqvJ9ycgy9xk8uXUegC4RG
vicmxe6Y1d+Lmcpxst3sYOOZvUdj2j62TGV7LpIUNoSegsOhVSXNBFnyU9q6q9fk
JO8d0Sn9POnilSqxOFRXTYP+h8HaHT2rSOVSn2XMKbW+Te9/3fft4V8DxKEqO/1w
fQjBqyxY2MX7zMGSqRKjAeOwVrBrU1yJpDGY3nb4PruyzCmQLomtbtonqvKW6Vr+
OPydXW69vLX5l3Jn5F28yBGtxY4WZqxrAH57Ie58m1JAD/ULJhAHoa6mHpuvRMZX
0HfOZn/JqxXnVYKS235McqLBfkA/kx2ec+KiacPrcI/r
-----END CERTIFICATE-----