Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/e17fa2-7866-4fa1-972b-1776813e7224/1/jKWW8lM-7qWMZl51o-CojPJFkjs.roa
File:                     jKWW8lM-7qWMZl51o-CojPJFkjs.roa (raw, json)
Hash identifier:          qo4ws59Zs5PpOs3LLh3sz4ISOqKQfl11xb7AgRxxDws=
Subject key identifier:   8C:A5:96:F2:53:3E:EE:A5:8C:66:5E:75:A3:E0:A8:8C:F2:45:92:3B
Certificate issuer:       /CN=5e35ed043c8de151bebdc09dfcbffcc7dc7759c7
Certificate serial:       0194244571A2875442BCFF2A2B094CDA98E5
Authority key identifier: 5E:35:ED:04:3C:8D:E1:51:BE:BD:C0:9D:FC:BF:FC:C7:DC:77:59:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XjXtBDyN4VG-vcCd_L_8x9x3Wcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/e17fa2-7866-4fa1-972b-1776813e7224/1/jKWW8lM-7qWMZl51o-CojPJFkjs.roa
Signing time:             Wed 01 Jan 2025 23:48:38 +0000
ROA not before:           Wed 01 Jan 2025 23:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34942
IP address blocks:        185.100.36.0/22 maxlen: 24
                          193.189.139.0/24 maxlen: 24
                          2a06:340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/e17fa2-7866-4fa1-972b-1776813e7224/1/XjXtBDyN4VG-vcCd_L_8x9x3Wcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/e17fa2-7866-4fa1-972b-1776813e7224/1/XjXtBDyN4VG-vcCd_L_8x9x3Wcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XjXtBDyN4VG-vcCd_L_8x9x3Wcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:71:a2:87:54:42:bc:ff:2a:2b:09:4c:da:98:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e35ed043c8de151bebdc09dfcbffcc7dc7759c7
        Validity
            Not Before: Jan  1 23:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ca596f2533eeea58c665e75a3e0a88cf245923b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5c:1d:6b:5b:f0:49:74:bc:94:74:9f:99:6f:
                    28:56:69:47:e3:5c:37:a8:88:40:d0:df:28:72:7c:
                    30:7e:fa:a0:c3:d2:b5:a1:b2:be:79:6b:28:5a:87:
                    53:5d:00:10:a5:90:09:9a:2a:70:a0:ba:cf:6a:7e:
                    b4:5f:6a:df:d2:d4:2c:f4:3e:13:91:56:3b:c7:af:
                    20:a0:d1:44:60:f2:c4:1b:63:ba:95:88:fe:59:b4:
                    9d:69:56:8b:5e:de:d3:a1:12:6c:f9:e7:1a:c5:2c:
                    73:b2:ea:73:da:85:68:c6:f8:0c:a3:0f:96:ef:9f:
                    8e:09:22:ba:13:7e:fd:5f:ab:f5:c0:85:57:6b:01:
                    8e:d1:e9:6b:91:26:71:75:63:3c:35:4a:27:94:26:
                    73:92:9e:a3:ae:30:b7:22:c8:7b:96:18:69:17:bd:
                    9f:2d:2a:ac:6f:71:99:70:2b:20:5e:ba:e1:a0:78:
                    df:4f:38:97:e5:e3:ce:72:30:17:ca:5c:de:21:ca:
                    1a:a2:d8:e0:47:15:dd:9e:27:51:74:b8:c1:f9:07:
                    3f:10:8d:b2:b2:ab:80:11:2d:a5:f5:7c:dd:c8:82:
                    a3:26:c9:39:68:fe:14:86:02:dc:6d:df:06:7f:c0:
                    30:8a:10:a1:ef:fa:9c:55:c1:13:88:db:be:77:92:
                    fc:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A5:96:F2:53:3E:EE:A5:8C:66:5E:75:A3:E0:A8:8C:F2:45:92:3B
            X509v3 Authority Key Identifier:
                keyid:5E:35:ED:04:3C:8D:E1:51:BE:BD:C0:9D:FC:BF:FC:C7:DC:77:59:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XjXtBDyN4VG-vcCd_L_8x9x3Wcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/e17fa2-7866-4fa1-972b-1776813e7224/1/jKWW8lM-7qWMZl51o-CojPJFkjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/e17fa2-7866-4fa1-972b-1776813e7224/1/XjXtBDyN4VG-vcCd_L_8x9x3Wcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.36.0/22
                  193.189.139.0/24
                IPv6:
                  2a06:340::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:51:34:64:7e:64:2d:99:ee:d3:b0:8f:b6:b6:ec:88:1d:8f:
         80:98:6a:66:94:6c:f4:a4:f9:6c:25:8c:78:1e:c6:c6:3c:3b:
         46:b0:ab:ff:0a:19:28:98:37:25:3a:2d:a6:d7:a5:b7:d5:ed:
         4e:56:c7:92:1a:12:36:16:9d:2d:8a:51:ea:0f:a9:b9:fd:d6:
         c3:03:ed:19:37:2f:c9:73:75:d3:93:e0:cf:e4:69:90:00:bd:
         43:97:f3:db:c8:be:33:62:10:81:0e:dc:b1:75:b5:f2:05:95:
         12:0c:9b:71:ae:6c:82:b1:73:6b:f5:46:56:e7:6c:76:52:f4:
         6a:58:c3:3a:0f:13:b4:bd:85:47:50:85:4b:25:d9:c5:78:c5:
         e3:e3:c3:6d:47:09:60:36:02:b8:1c:7e:e6:9c:a9:c2:46:02:
         2a:4b:7a:15:9d:fe:cc:91:ee:33:b2:e1:bd:37:ef:6b:49:dc:
         df:4e:00:b7:8c:e7:da:dd:47:7b:77:20:97:22:c0:2a:36:d3:
         dd:cb:d4:d2:8a:7b:e3:48:57:53:e5:29:84:4d:90:c6:b7:24:
         7b:c6:ec:66:a2:83:75:c4:fd:0e:00:15:c5:22:a8:67:89:a9:
         29:ad:db:13:72:3d:b4:79:ad:27:52:a9:bc:ac:9b:95:7f:d5:
         53:71:30:d4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRXGih1RCvP8qKwlM2pjlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMzVlZDA0M2M4ZGUxNTFiZWJkYzA5ZGZjYmZmY2M3ZGM3
NzU5YzcwHhcNMjUwMTAxMjM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2E1OTZmMjUzM2VlZWE1OGM2NjVlNzVhM2UwYTg4Y2YyNDU5MjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1wda1vwSXS8lHSfmW8oVmlH41w3
qIhA0N8ocnwwfvqgw9K1obK+eWsoWodTXQAQpZAJmipwoLrPan60X2rf0tQs9D4T
kVY7x68goNFEYPLEG2O6lYj+WbSdaVaLXt7ToRJs+ecaxSxzsupz2oVoxvgMow+W
75+OCSK6E379X6v1wIVXawGO0elrkSZxdWM8NUonlCZzkp6jrjC3Ish7lhhpF72f
LSqsb3GZcCsgXrrhoHjfTziX5ePOcjAXylzeIcoaotjgRxXdnidRdLjB+Qc/EI2y
squAES2l9XzdyIKjJsk5aP4UhgLcbd8Gf8AwihCh7/qcVcETiNu+d5L8eQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIyllvJTPu6ljGZedaPgqIzyRZI7MB8GA1UdIwQY
MBaAFF417QQ8jeFRvr3Anfy//Mfcd1nHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGpYdEJEeU40VkctdmNDZF9MXzh4OXgzV2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9lMTdmYTItNzg2Ni00ZmExLTk3MmIt
MTc3NjgxM2U3MjI0LzEvaktXVzhsTS03cVdNWmw1MW8tQ29qUEpGa2pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9lMTdmYTItNzg2Ni00ZmExLTk3MmItMTc3NjgxM2U3MjI0
LzEvWGpYdEJEeU40VkctdmNDZF9MXzh4OXgzV2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuWQkAwQA
wb2LMA0EAgACMAcDBQMqBgNAMA0GCSqGSIb3DQEBCwUAA4IBAQAMUTRkfmQtme7T
sI+2tuyIHY+AmGpmlGz0pPlsJYx4HsbGPDtGsKv/ChkomDclOi2m16W31e1OVseS
GhI2Fp0tilHqD6m5/dbDA+0ZNy/Jc3XTk+DP5GmQAL1Dl/PbyL4zYhCBDtyxdbXy
BZUSDJtxrmyCsXNr9UZW52x2UvRqWMM6DxO0vYVHUIVLJdnFeMXj48NtRwlgNgK4
HH7mnKnCRgIqS3oVnf7Mke4zsuG9N+9rSdzfTgC3jOfa3Ud7dyCXIsAqNtPdy9TS
invjSFdT5SmETZDGtyR7xuxmooN1xP0OABXFIqhniakprdsTcj20ea0nUqm8rJuV
f9VTcTDU
-----END CERTIFICATE-----