Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jxz9bz7mzgukbNYsCep5kWm5tsQ.roa
File:                     jxz9bz7mzgukbNYsCep5kWm5tsQ.roa (raw, json)
Hash identifier:          5LOmad7NAXZCKE8660q1qc/NmIYXj1YQH6vmLu0WDIs=
Subject key identifier:   8F:1C:FD:6F:3E:E6:CE:0B:A4:6C:D6:2C:09:EA:79:91:69:B9:B6:C4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824ACD1B6256564CCFD396A3A42722B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jxz9bz7mzgukbNYsCep5kWm5tsQ.roa
Signing time:             Thu 02 Jan 2025 17:51:19 +0000
ROA not before:           Thu 02 Jan 2025 17:51:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203217
IP address blocks:        45.8.72.0/23 maxlen: 24
                          81.161.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:ac:d1:b6:25:65:64:cc:fd:39:6a:3a:42:72:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f1cfd6f3ee6ce0ba46cd62c09ea799169b9b6c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f8:06:a4:73:6b:ad:af:d3:e8:29:6d:40:04:
                    fd:e6:ad:32:c9:64:f1:ea:38:68:1d:51:d0:b8:20:
                    e1:20:42:0e:d5:fd:38:90:dc:4e:9a:62:a9:dc:f6:
                    7c:b6:b5:3b:1c:ad:86:38:0f:2c:6f:4f:4f:19:d2:
                    a3:3e:95:41:6f:18:ff:11:01:a2:74:c8:12:d5:b1:
                    b1:f2:0d:74:7d:9d:14:a4:38:62:39:f4:f6:47:ac:
                    79:2c:66:50:bc:84:d4:25:07:58:57:5d:fa:cc:27:
                    d1:31:35:bf:e4:5e:e6:76:17:c9:e4:0a:05:00:b0:
                    36:d3:64:d0:07:53:ba:33:93:fb:ea:2c:72:7f:0e:
                    1f:48:32:f1:8e:2f:4f:ca:4d:8f:da:8b:62:d1:b7:
                    3d:e0:b5:4c:5d:46:8d:0e:e5:06:ae:51:e6:12:48:
                    a3:a3:da:36:76:02:d2:a3:d3:27:ca:c6:38:bf:0a:
                    9c:94:28:4d:b0:2a:8a:ff:ea:11:e5:49:e0:48:55:
                    7a:a1:1c:df:06:60:b1:6b:12:46:e9:6d:46:e8:52:
                    6a:ec:2a:74:a9:2f:11:82:8b:16:c3:57:0b:6b:a9:
                    85:12:81:d5:d0:37:1f:ea:00:83:b1:84:a8:fc:86:
                    9d:e2:e2:90:f4:38:3f:b3:d6:a6:32:ba:7a:a9:54:
                    40:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:1C:FD:6F:3E:E6:CE:0B:A4:6C:D6:2C:09:EA:79:91:69:B9:B6:C4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/jxz9bz7mzgukbNYsCep5kWm5tsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.72.0/23
                  81.161.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:41:7a:93:7f:39:c4:c4:bd:20:50:3d:3c:28:d1:8f:be:17:
         0d:83:e1:49:6c:14:ff:12:0e:52:18:61:74:54:f3:ab:bf:a9:
         bd:61:e5:62:c1:39:49:80:92:f2:30:48:60:c1:e7:5a:e6:a0:
         7b:3d:0d:47:30:ce:3d:75:5a:a9:6e:5c:5b:24:40:dd:42:7a:
         1d:d2:73:3d:d7:1f:64:44:1a:9c:26:9d:8f:22:e3:77:cc:f9:
         0d:ff:75:4f:56:5d:0a:64:6a:7e:97:59:16:0e:71:62:2e:f2:
         4f:c6:10:0b:1a:66:9f:d2:bc:9a:1c:84:b0:57:a4:c8:f2:a5:
         f9:74:ff:42:1e:27:ff:90:34:5d:3b:46:29:03:01:9c:cd:b1:
         7d:38:99:0d:eb:00:8d:3c:15:60:19:01:5c:39:4e:f8:5a:fb:
         c3:6d:86:62:bb:98:68:7d:49:ed:51:20:80:6b:bd:3c:4d:5e:
         20:93:47:d0:c5:c9:36:2e:ba:d9:3b:92:f0:c3:97:7a:ab:c3:
         e7:05:a9:d0:33:79:59:8b:12:8e:fe:b3:39:10:55:05:2d:83:
         78:32:d9:be:de:12:6b:f5:a0:e5:96:3b:87:b6:34:a8:d7:9a:
         38:f4:af:d4:96:3a:51:2a:d6:06:a1:8a:ec:2d:59:3d:98:36:
         26:3d:1e:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJKzRtiVlZMz9OWo6QnIrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjFjZmQ2ZjNlZTZjZTBiYTQ2Y2Q2MmMwOWVhNzk5MTY5YjliNmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfgGpHNrra/T6CltQAT95q0yyWTx
6jhoHVHQuCDhIEIO1f04kNxOmmKp3PZ8trU7HK2GOA8sb09PGdKjPpVBbxj/EQGi
dMgS1bGx8g10fZ0UpDhiOfT2R6x5LGZQvITUJQdYV136zCfRMTW/5F7mdhfJ5AoF
ALA202TQB1O6M5P76ixyfw4fSDLxji9Pyk2P2oti0bc94LVMXUaNDuUGrlHmEkij
o9o2dgLSo9MnysY4vwqclChNsCqK/+oR5UngSFV6oRzfBmCxaxJG6W1G6FJq7Cp0
qS8RgosWw1cLa6mFEoHV0Dcf6gCDsYSo/Iad4uKQ9Dg/s9amMrp6qVRAeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI8c/W8+5s4LpGzWLAnqeZFpubbEMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvanh6OWJ6N216Z3VrYk5Zc0NlcDVrV201dHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLQhIAwQA
UaHkMA0GCSqGSIb3DQEBCwUAA4IBAQBFQXqTfznExL0gUD08KNGPvhcNg+FJbBT/
Eg5SGGF0VPOrv6m9YeViwTlJgJLyMEhgweda5qB7PQ1HMM49dVqpblxbJEDdQnod
0nM91x9kRBqcJp2PIuN3zPkN/3VPVl0KZGp+l1kWDnFiLvJPxhALGmaf0ryaHISw
V6TI8qX5dP9CHif/kDRdO0YpAwGczbF9OJkN6wCNPBVgGQFcOU74WvvDbYZiu5ho
fUntUSCAa708TV4gk0fQxck2LrrZO5Lww5d6q8PnBanQM3lZixKO/rM5EFUFLYN4
Mtm+3hJr9aDlljuHtjSo15o49K/UljpRKtYGoYrsLVk9mDYmPR6p
-----END CERTIFICATE-----