Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/jjYT0ual1nIv5rmaeDjlNg2jdtU.roa
File:                     jjYT0ual1nIv5rmaeDjlNg2jdtU.roa (raw, json)
Hash identifier:          OjHVmf3z6fImr8f0+RF/L2hzt0WZmr2JT7HoyHilItc=
Subject key identifier:   8E:36:13:D2:E6:A5:D6:72:2F:E6:B9:9A:78:38:E5:36:0D:A3:76:D5
Certificate issuer:       /CN=cc215f58159ec576a2022776ea64f61c5bb00194
Certificate serial:       019424B3ABDECADE6F92EA33E0EB40F54688
Authority key identifier: CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/jjYT0ual1nIv5rmaeDjlNg2jdtU.roa
Signing time:             Thu 02 Jan 2025 01:49:02 +0000
ROA not before:           Thu 02 Jan 2025 01:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25554
IP address blocks:        212.122.164.0/24 maxlen: 24
                          212.122.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ab:de:ca:de:6f:92:ea:33:e0:eb:40:f5:46:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc215f58159ec576a2022776ea64f61c5bb00194
        Validity
            Not Before: Jan  2 01:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e3613d2e6a5d6722fe6b99a7838e5360da376d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e0:a6:14:c4:6f:a9:bc:e0:62:29:00:22:b2:
                    ed:c4:3b:d6:6b:89:b7:e0:34:a4:5f:ca:d3:7a:8e:
                    5f:02:fe:cd:48:70:6c:21:5f:78:f3:10:b9:df:7f:
                    57:27:05:08:08:d1:81:56:60:91:58:f9:8b:29:9e:
                    78:1a:ac:d5:76:49:40:4d:62:de:00:5c:11:59:bf:
                    be:b6:8e:44:25:4a:71:ef:14:6d:8e:bd:f2:8f:90:
                    3a:a5:a9:eb:ce:5c:94:e1:bb:1b:ee:97:b5:99:3f:
                    39:8c:e7:6e:5c:db:e3:31:33:6e:0f:cc:dd:05:74:
                    57:aa:32:84:71:40:3e:e4:15:92:67:9e:b1:73:2f:
                    31:e6:54:05:ca:0e:ee:7c:7a:c3:61:5f:a9:2f:e4:
                    a5:ab:21:ab:22:f5:a1:8a:af:27:8e:43:2a:ca:2c:
                    e3:ba:67:4a:ff:3a:2f:c5:b3:d3:3c:40:9e:64:0f:
                    a0:d7:68:1a:d7:59:cd:0c:5e:14:d1:be:91:58:28:
                    57:bb:84:d0:df:7c:aa:35:be:fc:7c:23:70:4b:8c:
                    12:93:87:d9:f6:96:6d:d5:7f:4c:f1:c5:58:14:ea:
                    03:f6:78:2d:4e:c3:d2:b7:e9:51:35:a1:9c:98:01:
                    fe:f3:40:b1:b3:49:fb:2a:72:d3:61:e4:32:73:11:
                    dd:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:36:13:D2:E6:A5:D6:72:2F:E6:B9:9A:78:38:E5:36:0D:A3:76:D5
            X509v3 Authority Key Identifier:
                keyid:CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/jjYT0ual1nIv5rmaeDjlNg2jdtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.122.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:fc:78:22:df:82:ef:47:f3:49:b4:ba:e2:ee:62:10:3f:72:
         af:a3:a0:7d:b1:e2:e9:91:7f:01:6b:72:e8:b1:6c:16:c6:79:
         b0:6e:8f:89:ac:4a:6a:4a:2c:c7:05:45:75:bb:c4:b9:2a:19:
         29:f6:5d:d7:79:1b:06:bb:79:c0:cf:b9:43:a9:9f:de:8b:60:
         27:21:b4:f6:e1:db:fc:96:9e:aa:6d:c5:ef:12:12:a8:7d:9a:
         56:93:2c:9a:ed:78:d0:1e:e8:c2:2f:87:f9:a1:45:c4:b4:4b:
         4c:bb:78:e7:0d:60:a8:1b:16:ea:14:6c:7a:0d:5c:68:8e:39:
         c6:8f:40:e6:f0:0d:b0:d0:13:1d:52:e3:e9:5e:68:c8:81:9c:
         86:7c:38:a7:00:59:57:ec:8a:92:ac:84:c2:f9:25:8c:a4:2a:
         aa:ee:07:80:dd:c7:d8:97:45:42:f0:a2:43:05:f5:e9:1b:18:
         0f:9e:d9:5f:3d:4f:02:a9:90:a3:04:e7:2a:53:a3:c3:de:ae:
         e8:4b:75:b6:e9:f0:72:62:c7:cf:01:cf:13:12:8a:9f:62:63:
         ca:2d:ef:4b:9f:0e:1e:9a:1c:1c:5d:cc:02:3d:f0:59:cf:94:
         90:d4:9a:45:83:a7:37:f8:a2:14:0e:c3:64:c9:6b:ac:2e:47:
         16:8a:b9:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks6veyt5vkuoz4OtA9UaIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMjE1ZjU4MTU5ZWM1NzZhMjAyMjc3NmVhNjRmNjFjNWJi
MDAxOTQwHhcNMjUwMTAyMDE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTM2MTNkMmU2YTVkNjcyMmZlNmI5OWE3ODM4ZTUzNjBkYTM3NmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuCmFMRvqbzgYikAIrLtxDvWa4m3
4DSkX8rTeo5fAv7NSHBsIV948xC5339XJwUICNGBVmCRWPmLKZ54GqzVdklATWLe
AFwRWb++to5EJUpx7xRtjr3yj5A6panrzlyU4bsb7pe1mT85jOduXNvjMTNuD8zd
BXRXqjKEcUA+5BWSZ56xcy8x5lQFyg7ufHrDYV+pL+SlqyGrIvWhiq8njkMqyizj
umdK/zovxbPTPECeZA+g12ga11nNDF4U0b6RWChXu4TQ33yqNb78fCNwS4wSk4fZ
9pZt1X9M8cVYFOoD9ngtTsPSt+lRNaGcmAH+80Cxs0n7KnLTYeQycxHdQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI42E9LmpdZyL+a5mng45TYNo3bVMB8GA1UdIwQY
MBaAFMwhX1gVnsV2ogIndupk9hxbsAGUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekNGZldCV2V4WGFpQWlkMjZtVDJIRnV3QVpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9lYmM3NDgtNjgyNi00MTQwLWE4ZTAt
ODQzZWVlZTBhMjYwLzEvampZVDB1YWwxbkl2NXJtYWVEamxOZzJqZHRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9lYmM3NDgtNjgyNi00MTQwLWE4ZTAtODQzZWVlZTBhMjYw
LzEvekNGZldCV2V4WGFpQWlkMjZtVDJIRnV3QVpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1HqkMA0G
CSqGSIb3DQEBCwUAA4IBAQCq/Hgi34LvR/NJtLri7mIQP3Kvo6B9seLpkX8Ba3Lo
sWwWxnmwbo+JrEpqSizHBUV1u8S5Khkp9l3XeRsGu3nAz7lDqZ/ei2AnIbT24dv8
lp6qbcXvEhKofZpWkyya7XjQHujCL4f5oUXEtEtMu3jnDWCoGxbqFGx6DVxojjnG
j0Dm8A2w0BMdUuPpXmjIgZyGfDinAFlX7IqSrITC+SWMpCqq7geA3cfYl0VC8KJD
BfXpGxgPntlfPU8CqZCjBOcqU6PD3q7oS3W26fByYsfPAc8TEoqfYmPKLe9Lnw4e
mhwcXcwCPfBZz5SQ1JpFg6c3+KIUDsNkyWusLkcWirn6
-----END CERTIFICATE-----