Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/8bjqwqDpxRvB3-FavUFytURJoJQ.roa
File:                     8bjqwqDpxRvB3-FavUFytURJoJQ.roa (raw, json)
Hash identifier:          xIeGi8GWb7TEXIssByYdA0KoR/uQIkmb9ztEHO6zgOc=
Subject key identifier:   F1:B8:EA:C2:A0:E9:C5:1B:C1:DF:E1:5A:BD:41:72:B5:44:49:A0:94
Certificate issuer:       /CN=0ff8e93f3472ea6be58f3feb74495470095a177d
Certificate serial:       018CC7937A2D36F4326DACE7396886FA3595
Authority key identifier: 0F:F8:E9:3F:34:72:EA:6B:E5:8F:3F:EB:74:49:54:70:09:5A:17:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_jpPzRy6mvljz_rdElUcAlaF30.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/8bjqwqDpxRvB3-FavUFytURJoJQ.roa
Signing time:             Tue 02 Jan 2024 00:29:40 +0000
ROA not before:           Tue 02 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212341
IP address blocks:        139.28.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/D_jpPzRy6mvljz_rdElUcAlaF30.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/D_jpPzRy6mvljz_rdElUcAlaF30.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_jpPzRy6mvljz_rdElUcAlaF30.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:7a:2d:36:f4:32:6d:ac:e7:39:68:86:fa:35:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff8e93f3472ea6be58f3feb74495470095a177d
        Validity
            Not Before: Jan  2 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1b8eac2a0e9c51bc1dfe15abd4172b54449a094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:9e:59:18:f9:48:62:92:8e:e2:94:a4:37:99:
                    46:fe:bb:b9:a3:67:fd:66:9f:91:81:50:6b:a2:af:
                    6e:47:ee:04:c5:9e:9a:37:8e:a6:1a:3e:c9:0b:7b:
                    ca:52:e3:bc:54:79:42:73:da:80:b5:2c:cf:bc:63:
                    1f:34:17:22:64:a0:09:9a:8c:23:7e:bf:7d:b1:2a:
                    e0:11:72:53:51:0d:e9:a7:a6:9b:9d:b0:ac:ce:98:
                    a5:ee:ac:64:ff:96:6f:d8:e1:52:13:aa:bd:22:39:
                    ac:17:4b:25:ae:2e:c3:5b:70:26:80:db:e4:25:8d:
                    9c:20:11:da:15:9d:49:a8:b0:0c:57:f7:2e:7e:e0:
                    bf:9c:6c:4d:ee:d8:8b:aa:71:ea:72:bf:a9:3d:9d:
                    e1:34:4f:9d:d6:3b:cc:a2:b2:5b:33:72:da:96:db:
                    51:50:4e:3a:74:b4:79:c6:22:b3:66:8c:0c:04:75:
                    5c:a2:8e:4d:19:a6:68:36:c0:6f:7d:fa:f8:45:14:
                    00:1b:df:48:1d:3c:e3:9c:79:39:b0:8b:6a:e4:da:
                    75:c8:8d:56:55:0c:38:27:a6:ef:cf:59:c8:06:69:
                    7e:a7:14:b6:33:2a:82:ba:26:71:b7:80:f2:c0:9c:
                    6d:f0:c0:5c:10:40:01:c6:00:0b:3c:80:ff:32:be:
                    f9:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:B8:EA:C2:A0:E9:C5:1B:C1:DF:E1:5A:BD:41:72:B5:44:49:A0:94
            X509v3 Authority Key Identifier:
                keyid:0F:F8:E9:3F:34:72:EA:6B:E5:8F:3F:EB:74:49:54:70:09:5A:17:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_jpPzRy6mvljz_rdElUcAlaF30.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/8bjqwqDpxRvB3-FavUFytURJoJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/D_jpPzRy6mvljz_rdElUcAlaF30.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:50:97:cc:47:4c:76:5d:a8:94:f1:6b:57:04:ca:70:05:54:
         d5:48:20:eb:5b:0d:5d:5e:91:aa:88:7b:7f:97:bf:cb:c0:e4:
         59:e2:66:a2:cb:8b:b9:fc:56:a6:a1:52:37:6f:42:eb:43:72:
         2d:2e:e7:17:ed:e1:04:af:39:38:aa:f0:01:ed:fa:18:67:1b:
         d3:6b:ba:d4:b2:57:47:b4:4f:5f:53:ef:1b:fa:d0:1d:9b:5b:
         10:8a:22:8c:e6:28:9e:fd:3e:4a:c5:8c:af:b3:a6:09:83:73:
         98:f7:31:ed:45:f4:46:79:05:ca:4e:17:65:63:1d:66:47:b5:
         67:d5:8a:c3:21:51:d6:39:87:e5:91:28:b4:db:49:b3:72:9f:
         b3:a8:4e:0b:e9:06:3e:99:06:92:f3:15:6c:11:c0:40:31:dd:
         51:d9:8d:f5:68:8e:20:ca:ea:6d:e3:44:47:3f:ed:b4:88:ad:
         0a:97:c1:51:b7:5b:e3:bc:17:38:a7:92:50:3b:8c:39:9e:54:
         fd:6c:d4:fb:7a:2f:99:4f:e7:2a:f2:f9:bd:fd:67:c3:0f:8d:
         77:4d:ac:2a:56:de:a4:20:c8:c6:41:7e:c2:3c:a5:1b:0d:59:
         87:2c:17:b8:2d:1e:ef:fa:1b:2b:ff:f2:18:62:be:3f:7c:36:
         5f:53:ea:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk3otNvQybaznOWiG+jWVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjhlOTNmMzQ3MmVhNmJlNThmM2ZlYjc0NDk1NDcwMDk1
YTE3N2QwHhcNMjQwMTAyMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWI4ZWFjMmEwZTljNTFiYzFkZmUxNWFiZDQxNzJiNTQ0NDlhMDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzp5ZGPlIYpKO4pSkN5lG/ru5o2f9
Zp+RgVBroq9uR+4ExZ6aN46mGj7JC3vKUuO8VHlCc9qAtSzPvGMfNBciZKAJmowj
fr99sSrgEXJTUQ3pp6abnbCszpil7qxk/5Zv2OFSE6q9IjmsF0slri7DW3AmgNvk
JY2cIBHaFZ1JqLAMV/cufuC/nGxN7tiLqnHqcr+pPZ3hNE+d1jvMorJbM3LalttR
UE46dLR5xiKzZowMBHVcoo5NGaZoNsBvffr4RRQAG99IHTzjnHk5sItq5Np1yI1W
VQw4J6bvz1nIBml+pxS2MyqCuiZxt4DywJxt8MBcEEABxgALPID/Mr75VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPG46sKg6cUbwd/hWr1BcrVESaCUMB8GA1UdIwQY
MBaAFA/46T80cupr5Y8/63RJVHAJWhd9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9qcFB6Unk2bXZsanpfcmRFbFVjQWxhRjMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84YjkzYTQtODY4ZC00ZjMwLWI0NGYt
ZmNlM2Q1OTBjNmRiLzEvOGJqcXdxRHB4UnZCMy1GYXZVRnl0VVJKb0pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84YjkzYTQtODY4ZC00ZjMwLWI0NGYtZmNlM2Q1OTBjNmRi
LzEvRF9qcFB6Unk2bXZsanpfcmRFbFVjQWxhRjMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixyYMA0G
CSqGSIb3DQEBCwUAA4IBAQCHUJfMR0x2XaiU8WtXBMpwBVTVSCDrWw1dXpGqiHt/
l7/LwORZ4maiy4u5/FamoVI3b0LrQ3ItLucX7eEErzk4qvAB7foYZxvTa7rUsldH
tE9fU+8b+tAdm1sQiiKM5iie/T5KxYyvs6YJg3OY9zHtRfRGeQXKThdlYx1mR7Vn
1YrDIVHWOYflkSi020mzcp+zqE4L6QY+mQaS8xVsEcBAMd1R2Y31aI4gyupt40RH
P+20iK0Kl8FRt1vjvBc4p5JQO4w5nlT9bNT7ei+ZT+cq8vm9/WfDD413TawqVt6k
IMjGQX7CPKUbDVmHLBe4LR7v+hsr//IYYr4/fDZfU+rB
-----END CERTIFICATE-----