Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/JoK8-2dNhHO8iSymI04tgCQAul8.roa
File:                     JoK8-2dNhHO8iSymI04tgCQAul8.roa (raw, json)
Hash identifier:          i1BCI4iwpKSc5N25CyevS7ZjL/sorpZ/bXCKM6onpYk=
Subject key identifier:   26:82:BC:FB:67:4D:84:73:BC:89:2C:A6:23:4E:2D:80:24:00:BA:5F
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       018CC9BC6E5C8B5C0C93F3C852FADFC490C0
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/JoK8-2dNhHO8iSymI04tgCQAul8.roa
Signing time:             Tue 02 Jan 2024 10:33:38 +0000
ROA not before:           Tue 02 Jan 2024 10:33:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203963
IP address blocks:        46.20.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 13:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:6e:5c:8b:5c:0c:93:f3:c8:52:fa:df:c4:90:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Jan  2 10:33:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2682bcfb674d8473bc892ca6234e2d802400ba5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:0e:81:9f:9e:09:89:98:0b:f4:e2:6b:94:31:
                    d0:90:64:ca:aa:3c:c7:45:71:7b:b8:40:53:28:89:
                    d4:62:2e:d1:9e:fa:cb:40:fd:85:57:f0:95:68:3b:
                    a5:a3:6d:9c:3d:2f:a9:57:9b:76:43:53:10:51:ec:
                    3d:dc:d1:f7:56:f5:c9:22:b8:b0:7e:2a:3a:e2:8a:
                    3e:09:02:01:a7:91:30:6f:c9:5d:b0:9c:96:27:8f:
                    21:27:c2:46:d8:86:10:4a:74:a3:5f:f8:c4:4b:79:
                    1b:b6:56:e6:34:d2:fa:89:d4:66:0f:e8:7c:77:db:
                    16:46:96:7f:65:bd:ad:a8:cf:4a:d0:87:c2:56:2e:
                    d2:08:42:6a:27:ac:8f:97:3b:f1:3b:ba:b4:c0:d4:
                    b2:ae:73:b6:d0:c2:71:df:a0:b6:95:8b:58:c1:24:
                    57:37:43:18:3a:a1:08:fc:ac:f2:a3:91:f1:5a:bc:
                    3a:5f:c3:9d:e2:f2:77:5e:34:5a:f0:b4:ec:e3:ae:
                    9f:05:13:62:88:dd:5a:0f:36:c5:6a:1b:60:87:1f:
                    dc:63:81:ad:07:c6:66:1a:c2:b5:99:f3:41:01:f6:
                    96:b1:36:4f:72:13:61:be:7d:cb:e1:52:6b:96:d1:
                    d8:ea:8f:a7:3f:f0:e5:89:f3:7e:93:ee:41:a9:14:
                    48:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:82:BC:FB:67:4D:84:73:BC:89:2C:A6:23:4E:2D:80:24:00:BA:5F
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/JoK8-2dNhHO8iSymI04tgCQAul8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:1c:f8:6c:5d:5c:d7:3f:ae:73:fa:2d:1a:40:e0:d0:0b:00:
         70:c2:3e:25:ef:38:dc:83:3c:77:68:a2:21:e6:09:ec:4f:2b:
         f2:cf:77:36:3d:d5:d1:0c:08:08:db:6f:51:47:e0:06:85:41:
         d7:7e:94:2f:fd:89:64:6c:0c:36:e1:61:86:3c:ea:c2:40:d9:
         7a:50:c0:9f:be:58:c5:64:0e:47:ee:ca:08:94:71:33:5a:30:
         03:aa:1f:10:dd:5e:63:7b:10:ee:bf:5b:ff:cc:ae:69:d1:a5:
         52:c1:9d:bf:59:01:39:b0:ed:77:92:3c:53:e1:a9:cf:6c:3b:
         00:2c:e7:7f:23:af:23:3d:d4:d8:11:ca:25:1c:24:14:7c:dd:
         62:e0:9e:cd:cb:d9:06:ae:c3:8c:18:ad:19:d5:36:22:01:40:
         ab:23:21:be:c6:5d:91:ec:d4:cb:7f:aa:4c:51:5b:6e:bc:74:
         ad:04:03:e3:39:b6:84:bb:b4:2b:cb:27:f2:45:66:89:93:17:
         07:07:eb:28:0a:7d:da:f6:47:98:de:68:6b:ca:0c:59:7e:5f:
         e2:be:db:d9:31:b4:49:5f:64:04:51:fd:28:4f:3c:8c:e8:3c:
         bf:ce:46:af:76:be:e5:1c:eb:c0:c6:e2:9e:69:05:e5:66:3e:
         65:5e:c7:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvG5ci1wMk/PIUvrfxJDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjQwMTAyMTAzMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjgyYmNmYjY3NGQ4NDczYmM4OTJjYTYyMzRlMmQ4MDI0MDBiYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2g6Bn54JiZgL9OJrlDHQkGTKqjzH
RXF7uEBTKInUYi7RnvrLQP2FV/CVaDulo22cPS+pV5t2Q1MQUew93NH3VvXJIriw
fio64oo+CQIBp5Ewb8ldsJyWJ48hJ8JG2IYQSnSjX/jES3kbtlbmNNL6idRmD+h8
d9sWRpZ/Zb2tqM9K0IfCVi7SCEJqJ6yPlzvxO7q0wNSyrnO20MJx36C2lYtYwSRX
N0MYOqEI/Kzyo5HxWrw6X8Od4vJ3XjRa8LTs466fBRNiiN1aDzbFahtghx/cY4Gt
B8ZmGsK1mfNBAfaWsTZPchNhvn3L4VJrltHY6o+nP/DlifN+k+5BqRRIiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCaCvPtnTYRzvIkspiNOLYAkALpfMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvSm9LOC0yZE5oSE84aVN5bUkwNHRnQ1FBdWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRrMA0G
CSqGSIb3DQEBCwUAA4IBAQBtHPhsXVzXP65z+i0aQODQCwBwwj4l7zjcgzx3aKIh
5gnsTyvyz3c2PdXRDAgI229RR+AGhUHXfpQv/YlkbAw24WGGPOrCQNl6UMCfvljF
ZA5H7soIlHEzWjADqh8Q3V5jexDuv1v/zK5p0aVSwZ2/WQE5sO13kjxT4anPbDsA
LOd/I68jPdTYEcolHCQUfN1i4J7Ny9kGrsOMGK0Z1TYiAUCrIyG+xl2R7NTLf6pM
UVtuvHStBAPjObaEu7QryyfyRWaJkxcHB+soCn3a9keY3mhrygxZfl/ivtvZMbRJ
X2QEUf0oTzyM6Dy/zkavdr7lHOvAxuKeaQXlZj5lXsfG
-----END CERTIFICATE-----