Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/jz-LNUFHVftrmoR6py2R7qi4dh4.roa
File:                     jz-LNUFHVftrmoR6py2R7qi4dh4.roa (raw, json)
Hash identifier:          8TXC11UH9Ul/V9BWjxb0WtfIqlLOZohcIkp8QQLA1l8=
Subject key identifier:   8F:3F:8B:35:41:47:55:FB:6B:9A:84:7A:A7:2D:91:EE:A8:B8:76:1E
Certificate issuer:       /CN=d3d4e0da68c1446689419d103711b191ded567f4
Certificate serial:       019176A30C1BE43CF689EB20B94E5EEFBE6A
Authority key identifier: D3:D4:E0:DA:68:C1:44:66:89:41:9D:10:37:11:B1:91:DE:D5:67:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/jz-LNUFHVftrmoR6py2R7qi4dh4.roa
Signing time:             Wed 21 Aug 2024 20:31:22 +0000
ROA not before:           Wed 21 Aug 2024 20:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31605
IP address blocks:        45.139.107.0/24 maxlen: 24
                          2a13:cec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:76:a3:0c:1b:e4:3c:f6:89:eb:20:b9:4e:5e:ef:be:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d4e0da68c1446689419d103711b191ded567f4
        Validity
            Not Before: Aug 21 20:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f3f8b35414755fb6b9a847aa72d91eea8b8761e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d9:35:f2:09:22:59:2b:e5:3a:7a:2a:c4:4b:
                    af:00:ac:cb:cc:5c:c0:d9:58:f4:2b:97:3a:47:5e:
                    55:ad:f7:f3:80:34:cb:c6:26:c2:ce:01:b7:c8:27:
                    e8:0e:81:74:cf:61:3f:68:75:61:ab:13:3c:5e:c4:
                    7a:76:eb:2b:78:e9:2e:a5:d6:b2:e3:95:5e:14:23:
                    e4:d2:00:5a:cb:58:1d:f6:a8:4f:cf:2a:72:67:53:
                    5d:f5:1f:58:ec:0c:7c:f5:69:f2:a3:7f:21:d3:9f:
                    c9:94:b9:01:49:45:0f:7e:aa:26:bf:51:ad:36:05:
                    05:49:a0:17:b8:4e:70:87:35:6d:18:0c:1f:78:cd:
                    01:95:6c:d8:d7:35:04:4a:8b:57:1a:01:01:63:90:
                    e9:74:da:35:7e:b8:30:b7:ea:42:4e:f7:80:16:86:
                    46:8a:4b:d0:e3:b6:29:01:93:1d:13:cf:6a:a2:72:
                    73:81:62:2a:81:8f:bd:79:45:a3:00:ef:9e:f4:b0:
                    2b:e3:c4:68:ab:6c:e5:5a:51:f1:c2:94:b2:5d:62:
                    f7:c0:25:6b:52:d6:92:27:d9:dc:9a:7d:d8:6a:39:
                    8b:61:b7:37:91:59:4a:58:60:1e:c4:56:08:31:30:
                    65:99:71:32:64:b2:7e:29:c7:f6:67:78:b1:f3:9d:
                    ea:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:3F:8B:35:41:47:55:FB:6B:9A:84:7A:A7:2D:91:EE:A8:B8:76:1E
            X509v3 Authority Key Identifier:
                keyid:D3:D4:E0:DA:68:C1:44:66:89:41:9D:10:37:11:B1:91:DE:D5:67:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/jz-LNUFHVftrmoR6py2R7qi4dh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.107.0/24
                IPv6:
                  2a13:cec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c8:00:bf:cc:67:92:2d:a8:3d:4b:f2:22:f0:2b:5c:fb:db:39:
         5c:89:5f:be:c3:86:51:63:90:a1:d6:8d:cd:ed:f1:55:3a:be:
         3c:35:e5:82:d8:ce:e0:be:41:7c:a3:d5:04:fa:1d:94:57:88:
         99:22:08:ff:8c:c0:eb:82:91:f4:30:ed:87:a3:53:e7:16:ec:
         ce:fe:9c:43:71:c5:9c:a3:ae:46:88:52:35:cd:27:af:f7:0f:
         83:23:fc:b4:60:6b:44:75:6a:bf:81:06:aa:05:cf:8d:1f:c7:
         4f:6a:6d:2f:a4:06:42:74:ad:0c:c1:75:64:f0:e5:25:fe:b9:
         ef:1e:9e:f4:3b:10:a7:07:e5:16:95:e9:88:55:34:14:1b:64:
         c3:2a:be:05:04:77:9f:3b:b3:93:9d:54:1b:9c:fd:53:f6:ae:
         6e:41:e7:5e:ba:b9:f7:4f:70:09:79:66:b7:1d:c5:54:c8:c2:
         9f:03:d5:10:1e:bf:96:c4:ff:1f:24:c7:98:c4:a8:ac:2f:d1:
         17:c5:e0:87:e3:74:a9:61:fa:5e:1f:84:82:0c:b5:39:44:54:
         8a:a4:9d:45:96:f8:fb:84:a0:7f:07:58:4f:84:4e:22:1a:2c:
         04:c3:23:d2:c4:23:3d:9c:d2:ae:a1:7e:f9:03:85:3f:1f:d3:
         40:0c:fe:89
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZF2owwb5Dz2iesguU5e775qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDRlMGRhNjhjMTQ0NjY4OTQxOWQxMDM3MTFiMTkxZGVk
NTY3ZjQwHhcNMjQwODIxMjAzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjNmOGIzNTQxNDc1NWZiNmI5YTg0N2FhNzJkOTFlZWE4Yjg3NjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudk18gkiWSvlOnoqxEuvAKzLzFzA
2Vj0K5c6R15VrffzgDTLxibCzgG3yCfoDoF0z2E/aHVhqxM8XsR6dusreOkupday
45VeFCPk0gBay1gd9qhPzypyZ1Nd9R9Y7Ax89Wnyo38h05/JlLkBSUUPfqomv1Gt
NgUFSaAXuE5whzVtGAwfeM0BlWzY1zUESotXGgEBY5DpdNo1frgwt+pCTveAFoZG
ikvQ47YpAZMdE89qonJzgWIqgY+9eUWjAO+e9LAr48Roq2zlWlHxwpSyXWL3wCVr
UtaSJ9ncmn3YajmLYbc3kVlKWGAexFYIMTBlmXEyZLJ+Kcf2Z3ix853qeQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI8/izVBR1X7a5qEeqctke6ouHYeMB8GA1UdIwQY
MBaAFNPU4NpowURmiUGdEDcRsZHe1Wf0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlUZzJtakJSR2FKUVowUU54R3hrZDdWWl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8zODE1ZTMtZDNhOC00YjNjLWE0YjIt
Y2IzNDRmMTgwMGVkLzEvanotTE5VRkhWZnRybW9SNnB5MlI3cWk0ZGg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8zODE1ZTMtZDNhOC00YjNjLWE0YjItY2IzNDRmMTgwMGVk
LzEvMDlUZzJtakJSR2FKUVowUU54R3hrZDdWWl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYtrMA0E
AgACMAcDBQMqE87AMA0GCSqGSIb3DQEBCwUAA4IBAQDIAL/MZ5ItqD1L8iLwK1z7
2zlciV++w4ZRY5Ch1o3N7fFVOr48NeWC2M7gvkF8o9UE+h2UV4iZIgj/jMDrgpH0
MO2Ho1PnFuzO/pxDccWco65GiFI1zSev9w+DI/y0YGtEdWq/gQaqBc+NH8dPam0v
pAZCdK0MwXVk8OUl/rnvHp70OxCnB+UWlemIVTQUG2TDKr4FBHefO7OTnVQbnP1T
9q5uQedeurn3T3AJeWa3HcVUyMKfA9UQHr+WxP8fJMeYxKisL9EXxeCH43SpYfpe
H4SCDLU5RFSKpJ1Flvj7hKB/B1hPhE4iGiwEwyPSxCM9nNKuoX75A4U/H9NADP6J
-----END CERTIFICATE-----