Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/JQJw1ffTXSRN2iqvCn4Yknoc-bo.roa
File:                     JQJw1ffTXSRN2iqvCn4Yknoc-bo.roa (raw, json)
Hash identifier:          wm9vcmbbn/+RaUyfcmD3EuxM5vaT5sTASTR9IHqEhMU=
Subject key identifier:   25:02:70:D5:F7:D3:5D:24:4D:DA:2A:AF:0A:7E:18:92:7A:1C:F9:BA
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0194206844C2D776AA654F6DD5FFBDEA0D40
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/JQJw1ffTXSRN2iqvCn4Yknoc-bo.roa
Signing time:             Wed 01 Jan 2025 05:48:11 +0000
ROA not before:           Wed 01 Jan 2025 05:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        193.233.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 10:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:44:c2:d7:76:aa:65:4f:6d:d5:ff:bd:ea:0d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=250270d5f7d35d244dda2aaf0a7e18927a1cf9ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:3d:21:f8:66:c6:a9:1b:84:1f:9e:b7:36:9f:
                    a2:c4:90:bb:3d:d6:b6:9e:78:ac:72:27:9d:90:84:
                    58:84:29:fa:69:2b:9e:5c:1f:91:c4:5d:13:66:23:
                    84:86:10:0f:77:02:92:dd:9b:0e:c2:d3:bd:89:49:
                    e5:e8:7e:52:2c:5a:d8:2b:f4:a6:6d:f0:79:0d:00:
                    13:3b:2d:de:7a:bb:ae:f9:81:c1:40:b2:a3:05:6c:
                    5c:6f:e5:d6:19:c8:29:ee:50:80:91:e0:5d:94:e5:
                    67:1d:ed:33:7b:e6:73:83:64:c7:7f:ff:16:0f:6a:
                    50:f4:81:4b:c3:1a:9f:cc:1e:00:65:d0:28:a9:fc:
                    ef:ec:96:da:1c:3d:e9:fa:64:e5:d4:61:dc:a5:3e:
                    d5:0f:9f:1b:0e:c3:c8:b7:95:7e:73:d4:09:f8:07:
                    c1:c9:c9:7e:fb:a5:bb:61:db:80:60:00:db:fe:8a:
                    1d:8b:ee:69:23:9a:f2:db:c2:2b:cd:ae:0e:e4:4f:
                    c7:a4:25:ce:16:53:65:02:5d:47:f8:75:e3:bf:13:
                    8d:06:21:41:8c:30:8c:41:aa:0c:06:b3:d9:d4:f1:
                    db:c8:0a:70:24:ac:fc:b7:6d:c3:67:72:5b:35:9e:
                    07:f1:cf:ab:19:b1:50:58:29:40:5e:30:57:05:0c:
                    82:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:02:70:D5:F7:D3:5D:24:4D:DA:2A:AF:0A:7E:18:92:7A:1C:F9:BA
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/JQJw1ffTXSRN2iqvCn4Yknoc-bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:a1:5b:cd:20:2a:1c:7c:61:e4:4b:7e:0f:df:aa:83:1d:6d:
         24:95:6d:ca:c4:51:74:3f:74:20:b7:18:68:da:f2:09:7c:6c:
         d8:4a:e6:44:e8:00:90:71:26:42:68:85:8c:32:16:77:ad:65:
         ba:39:88:5b:9b:18:5d:9c:52:f4:fb:0c:48:d9:ae:c2:54:7a:
         d7:6f:d6:ca:4c:e0:8a:91:a7:11:ff:63:f6:3e:58:85:be:51:
         cc:5c:e2:de:0b:ad:32:40:de:ad:c7:94:6a:41:2d:87:1a:e6:
         ba:e2:fc:ab:66:fc:49:4f:46:8d:ea:3f:4f:00:b5:a3:fa:75:
         f0:31:59:68:b6:ac:bf:f1:cc:43:9a:1a:39:a9:03:bd:27:20:
         16:66:22:95:22:38:86:22:f5:8b:9e:82:79:96:2b:00:04:f3:
         54:5a:7e:ec:cf:b9:77:2b:18:5b:e7:c6:24:ec:2d:56:43:4a:
         ba:6f:c5:7e:e4:a8:30:63:89:55:8b:5d:67:ab:74:81:1f:b7:
         ef:29:51:9a:61:ea:72:44:be:e1:dc:12:8d:0c:47:5e:40:30:
         58:dc:f3:fd:dd:6b:c5:1f:cf:80:6a:bb:5b:f3:b9:d3:5e:e5:
         ab:b6:33:8b:1a:83:41:8c:3a:22:0b:73:b1:8f:d1:2f:d4:f4:
         52:3b:65:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaETC13aqZU9t1f+96g1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTAyNzBkNWY3ZDM1ZDI0NGRkYTJhYWYwYTdlMTg5MjdhMWNmOWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzD0h+GbGqRuEH563Np+ixJC7Pda2
nnisciedkIRYhCn6aSueXB+RxF0TZiOEhhAPdwKS3ZsOwtO9iUnl6H5SLFrYK/Sm
bfB5DQATOy3eeruu+YHBQLKjBWxcb+XWGcgp7lCAkeBdlOVnHe0ze+Zzg2THf/8W
D2pQ9IFLwxqfzB4AZdAoqfzv7JbaHD3p+mTl1GHcpT7VD58bDsPIt5V+c9QJ+AfB
ycl++6W7YduAYADb/oodi+5pI5ry28Irza4O5E/HpCXOFlNlAl1H+HXjvxONBiFB
jDCMQaoMBrPZ1PHbyApwJKz8t23DZ3JbNZ4H8c+rGbFQWClAXjBXBQyCqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUCcNX3010kTdoqrwp+GJJ6HPm6MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvSlFKdzFmZlRYU1JOMmlxdkNuNFlrbm9jLWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwelYMA0G
CSqGSIb3DQEBCwUAA4IBAQALoVvNICocfGHkS34P36qDHW0klW3KxFF0P3Qgtxho
2vIJfGzYSuZE6ACQcSZCaIWMMhZ3rWW6OYhbmxhdnFL0+wxI2a7CVHrXb9bKTOCK
kacR/2P2PliFvlHMXOLeC60yQN6tx5RqQS2HGua64vyrZvxJT0aN6j9PALWj+nXw
MVlotqy/8cxDmho5qQO9JyAWZiKVIjiGIvWLnoJ5lisABPNUWn7sz7l3Kxhb58Yk
7C1WQ0q6b8V+5KgwY4lVi11nq3SBH7fvKVGaYepyRL7h3BKNDEdeQDBY3PP93WvF
H8+Aartb87nTXuWrtjOLGoNBjDoiC3Oxj9Ev1PRSO2Xr
-----END CERTIFICATE-----