Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/jPLzP_YwBLLTizyYE5ecVv9I3C0.roa
File:                     jPLzP_YwBLLTizyYE5ecVv9I3C0.roa (raw, json)
Hash identifier:          nNwFUimJP4vHI76Dw3jkVQrvCeByK1x9ctHLW+LlcXg=
Subject key identifier:   8C:F2:F3:3F:F6:30:04:B2:D3:8B:3C:98:13:97:9C:56:FF:48:DC:2D
Certificate issuer:       /CN=ae93cc8cca81fa00dc53e7b8078e91b5c11ba2ef
Certificate serial:       018CC3B7380BEF17304EC2076325953ACA96
Authority key identifier: AE:93:CC:8C:CA:81:FA:00:DC:53:E7:B8:07:8E:91:B5:C1:1B:A2:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rpPMjMqB-gDcU-e4B46RtcEbou8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/jPLzP_YwBLLTizyYE5ecVv9I3C0.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212426
IP address blocks:        80.249.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/rpPMjMqB-gDcU-e4B46RtcEbou8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/rpPMjMqB-gDcU-e4B46RtcEbou8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rpPMjMqB-gDcU-e4B46RtcEbou8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:38:0b:ef:17:30:4e:c2:07:63:25:95:3a:ca:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae93cc8cca81fa00dc53e7b8078e91b5c11ba2ef
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cf2f33ff63004b2d38b3c9813979c56ff48dc2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5a:fc:11:24:0f:cf:6a:8a:b5:fb:16:32:1d:
                    08:d8:c9:34:8c:a1:54:93:fb:9a:b8:04:79:cf:00:
                    8f:1d:d5:0d:65:61:32:b8:5b:a0:22:a3:79:b8:b2:
                    ca:36:39:38:dc:bb:d9:7c:ac:04:c8:e5:5a:ca:5a:
                    09:0b:79:ab:7d:0c:f7:76:dc:f1:b3:e5:e1:74:16:
                    d8:91:7b:ae:29:03:4a:89:fa:ad:9d:37:75:b8:a3:
                    d3:92:a1:49:66:b9:17:02:cf:62:df:c4:b3:18:11:
                    86:23:eb:1a:c9:2c:f8:04:6a:cc:2b:2a:e2:01:c8:
                    83:37:30:bf:1a:08:fb:cf:2e:f9:dc:1b:cb:68:b3:
                    89:4e:c6:8e:24:65:80:4e:3a:00:b8:6e:ad:29:b9:
                    26:8d:91:6d:86:e2:95:bf:fd:1a:38:76:aa:20:b6:
                    ab:61:b1:24:1d:e3:26:62:45:7f:2a:fb:7a:ef:98:
                    04:a0:fe:ff:1b:dd:59:a5:31:99:05:43:61:d9:3b:
                    ca:08:e6:23:b6:6d:7b:88:7c:ad:15:c7:82:3f:0d:
                    24:54:79:b1:88:d0:59:fc:0f:b5:bf:a2:b1:f3:a2:
                    14:f7:cf:d7:9c:2b:96:b8:74:73:7d:93:f5:46:20:
                    d3:bf:ef:25:83:68:e1:91:ab:cd:79:85:28:e0:33:
                    26:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:F2:F3:3F:F6:30:04:B2:D3:8B:3C:98:13:97:9C:56:FF:48:DC:2D
            X509v3 Authority Key Identifier:
                keyid:AE:93:CC:8C:CA:81:FA:00:DC:53:E7:B8:07:8E:91:B5:C1:1B:A2:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rpPMjMqB-gDcU-e4B46RtcEbou8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/jPLzP_YwBLLTizyYE5ecVv9I3C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/179891-41cc-4aa0-ab68-f406c83b3fba/1/rpPMjMqB-gDcU-e4B46RtcEbou8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.249.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:4e:df:d0:b5:dd:96:b2:0b:19:a2:3e:0d:da:b5:67:42:25:
         f9:ad:21:94:4e:67:64:cd:d2:32:30:ce:93:ee:12:3d:c0:27:
         1b:4d:ab:7e:8c:2c:03:8e:4b:24:be:4b:ee:44:e0:49:19:f3:
         12:29:01:70:7d:b8:87:64:6a:f7:8d:c4:0f:90:96:24:26:ed:
         7d:cc:c8:a3:b9:6a:43:f3:2e:53:e3:46:da:0c:e7:d0:be:d6:
         31:95:35:90:68:8d:36:40:c5:e8:c3:82:47:12:79:a4:e6:17:
         2b:65:1c:a1:06:c7:e9:b1:d9:12:08:49:ab:9c:86:fe:34:7c:
         7d:c9:5e:37:7f:e1:3b:48:f6:63:7e:9e:dd:b1:58:29:3d:14:
         6a:57:11:9b:f7:bf:3d:6d:98:c7:b1:b2:23:60:98:e3:ac:c4:
         0f:7c:ba:86:1a:3c:2b:e6:37:2a:c2:d7:9b:56:fe:2d:17:a3:
         a0:05:d6:e9:d5:4a:7e:11:b1:bd:ef:b6:26:66:e9:b9:49:b1:
         2e:31:0a:18:09:1e:7f:c6:95:c3:ea:1f:97:c4:ec:8f:50:9a:
         51:ec:2a:82:dd:53:88:c5:ad:eb:8c:e8:a7:84:9c:f1:94:ea:
         95:8b:54:fd:14:bf:1b:ab:70:bd:41:80:f9:95:8b:78:d7:e0:
         0c:a9:89:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzgL7xcwTsIHYyWVOsqWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlOTNjYzhjY2E4MWZhMDBkYzUzZTdiODA3OGU5MWI1YzEx
YmEyZWYwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2YyZjMzZmY2MzAwNGIyZDM4YjNjOTgxMzk3OWM1NmZmNDhkYzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVr8ESQPz2qKtfsWMh0I2Mk0jKFU
k/uauAR5zwCPHdUNZWEyuFugIqN5uLLKNjk43LvZfKwEyOVayloJC3mrfQz3dtzx
s+XhdBbYkXuuKQNKifqtnTd1uKPTkqFJZrkXAs9i38SzGBGGI+saySz4BGrMKyri
AciDNzC/Ggj7zy753BvLaLOJTsaOJGWATjoAuG6tKbkmjZFthuKVv/0aOHaqILar
YbEkHeMmYkV/Kvt675gEoP7/G91ZpTGZBUNh2TvKCOYjtm17iHytFceCPw0kVHmx
iNBZ/A+1v6Kx86IU98/XnCuWuHRzfZP1RiDTv+8lg2jhkavNeYUo4DMmXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzy8z/2MASy04s8mBOXnFb/SNwtMB8GA1UdIwQY
MBaAFK6TzIzKgfoA3FPnuAeOkbXBG6LvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnBQTWpNcUItZ0RjVS1lNEI0NlJ0Y0Vib3U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8xNzk4OTEtNDFjYy00YWEwLWFiNjgt
ZjQwNmM4M2IzZmJhLzEvalBMelBfWXdCTExUaXp5WUU1ZWNWdjlJM0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8xNzk4OTEtNDFjYy00YWEwLWFiNjgtZjQwNmM4M2IzZmJh
LzEvcnBQTWpNcUItZ0RjVS1lNEI0NlJ0Y0Vib3U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPmAMA0G
CSqGSIb3DQEBCwUAA4IBAQBsTt/Qtd2WsgsZoj4N2rVnQiX5rSGUTmdkzdIyMM6T
7hI9wCcbTat+jCwDjkskvkvuROBJGfMSKQFwfbiHZGr3jcQPkJYkJu19zMijuWpD
8y5T40baDOfQvtYxlTWQaI02QMXow4JHEnmk5hcrZRyhBsfpsdkSCEmrnIb+NHx9
yV43f+E7SPZjfp7dsVgpPRRqVxGb9789bZjHsbIjYJjjrMQPfLqGGjwr5jcqwteb
Vv4tF6OgBdbp1Up+EbG977YmZum5SbEuMQoYCR5/xpXD6h+XxOyPUJpR7CqC3VOI
xa3rjOinhJzxlOqVi1T9FL8bq3C9QYD5lYt41+AMqYnF
-----END CERTIFICATE-----