Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/jirxpa6aVNQds6hw95oiEfaXkIw.roa
File:                     jirxpa6aVNQds6hw95oiEfaXkIw.roa (raw, json)
Hash identifier:          zmTpXCvhBKr2ty7lsYkCEyNurPrE7EqM6ckyPnmydRM=
Subject key identifier:   8E:2A:F1:A5:AE:9A:54:D4:1D:B3:A8:70:F7:9A:22:11:F6:97:90:8C
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCDD187BA723569705B951B858093C
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/jirxpa6aVNQds6hw95oiEfaXkIw.roa
Signing time:             Tue 02 Jan 2024 10:34:06 +0000
ROA not before:           Tue 02 Jan 2024 10:34:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51178
IP address blocks:        93.88.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:dd:18:7b:a7:23:56:97:05:b9:51:b8:58:09:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e2af1a5ae9a54d41db3a870f79a2211f697908c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:96:36:b9:8d:ae:cd:20:0b:50:af:7d:fa:b7:
                    ee:78:7f:d3:01:f7:0f:29:21:b7:1f:52:bb:f2:1f:
                    c4:3d:79:b2:75:59:a6:8e:c9:a9:c5:64:57:65:d8:
                    a0:6e:60:5d:76:d3:b7:c5:9f:24:38:43:6f:c6:03:
                    8e:60:69:9d:8d:e8:77:40:38:1d:90:70:eb:23:43:
                    45:12:2f:a1:d2:fa:48:f7:0a:38:24:ea:de:14:5c:
                    b5:c9:c0:29:1c:fa:a8:62:d4:59:b0:bf:e3:24:85:
                    8a:30:30:f9:61:66:8c:59:ed:10:42:ad:7e:d3:b7:
                    5f:9a:a4:48:17:1b:ac:41:de:93:36:ed:ab:da:ca:
                    1d:11:90:3a:eb:ce:ec:9e:b1:81:19:8a:60:30:0a:
                    c8:b7:18:90:56:38:61:0f:22:e8:3f:48:b6:f1:e6:
                    fd:d0:23:40:a9:a9:8c:e6:18:13:64:1e:c3:d0:80:
                    6c:5d:83:e2:e4:16:47:7c:82:46:38:b4:ce:24:2b:
                    97:28:cc:77:ee:79:e7:17:02:f9:b0:1b:49:dd:f5:
                    cf:48:56:5a:85:bc:85:c1:98:59:72:43:83:19:a8:
                    fb:53:4b:39:6b:41:af:60:2e:82:f0:b7:b8:5b:3c:
                    38:d9:f1:5d:3f:74:74:79:24:15:23:54:fa:74:09:
                    e5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:2A:F1:A5:AE:9A:54:D4:1D:B3:A8:70:F7:9A:22:11:F6:97:90:8C
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/jirxpa6aVNQds6hw95oiEfaXkIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.88.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:2a:ca:06:76:a0:b6:bd:89:c9:c7:28:9d:4d:a1:b3:36:9c:
         06:27:df:6a:63:54:eb:e7:86:78:4e:ef:11:bf:2c:78:06:3a:
         07:2a:7b:fd:e9:c6:69:43:f9:bb:61:d4:be:e8:9c:d8:7b:f6:
         28:e5:6a:fd:21:73:e4:36:df:fb:b0:48:8f:91:0b:75:2e:b1:
         45:51:3e:05:d1:ff:db:91:bb:49:18:c9:7e:9d:81:b1:a5:d3:
         e3:7c:b3:dc:69:a1:50:e5:89:f1:29:d7:22:33:d4:18:0f:18:
         c4:8d:50:bb:07:6b:a5:5a:13:8e:7d:df:3e:9a:12:8b:de:64:
         d4:f9:87:6b:26:03:ee:c5:7e:56:d8:24:43:98:dc:80:0b:fd:
         c2:e1:c4:6a:61:af:ea:d9:59:44:15:31:4b:32:e4:b2:6b:98:
         c7:0c:5d:34:29:ce:b0:22:74:a2:f1:93:78:1e:a0:a4:88:53:
         f2:8e:dc:10:46:37:02:1a:77:f4:ca:8a:58:21:eb:eb:7f:f1:
         b4:5d:c7:8d:d8:8b:12:b8:3f:07:70:ae:7f:df:f3:44:88:a6:
         24:d1:bc:ef:15:05:4a:4f:49:c7:ae:4c:22:63:e8:b8:c3:69:
         e7:59:ee:78:98:d8:52:a3:20:00:cd:c4:05:2e:25:8d:6c:77:
         50:49:1a:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvN0Ye6cjVpcFuVG4WAk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTJhZjFhNWFlOWE1NGQ0MWRiM2E4NzBmNzlhMjIxMWY2OTc5MDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJY2uY2uzSALUK99+rfueH/TAfcP
KSG3H1K78h/EPXmydVmmjsmpxWRXZdigbmBddtO3xZ8kOENvxgOOYGmdjeh3QDgd
kHDrI0NFEi+h0vpI9wo4JOreFFy1ycApHPqoYtRZsL/jJIWKMDD5YWaMWe0QQq1+
07dfmqRIFxusQd6TNu2r2sodEZA6687snrGBGYpgMArItxiQVjhhDyLoP0i28eb9
0CNAqamM5hgTZB7D0IBsXYPi5BZHfIJGOLTOJCuXKMx37nnnFwL5sBtJ3fXPSFZa
hbyFwZhZckODGaj7U0s5a0GvYC6C8Le4Wzw42fFdP3R0eSQVI1T6dAnlMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4q8aWumlTUHbOocPeaIhH2l5CMMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvamlyeHBhNmFWTlFkczZodzk1b2lFZmFYa0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXVisMA0G
CSqGSIb3DQEBCwUAA4IBAQA7KsoGdqC2vYnJxyidTaGzNpwGJ99qY1Tr54Z4Tu8R
vyx4BjoHKnv96cZpQ/m7YdS+6JzYe/Yo5Wr9IXPkNt/7sEiPkQt1LrFFUT4F0f/b
kbtJGMl+nYGxpdPjfLPcaaFQ5YnxKdciM9QYDxjEjVC7B2ulWhOOfd8+mhKL3mTU
+YdrJgPuxX5W2CRDmNyAC/3C4cRqYa/q2VlEFTFLMuSya5jHDF00Kc6wInSi8ZN4
HqCkiFPyjtwQRjcCGnf0yopYIevrf/G0XceN2IsSuD8HcK5/3/NEiKYk0bzvFQVK
T0nHrkwiY+i4w2nnWe54mNhSoyAAzcQFLiWNbHdQSRrn
-----END CERTIFICATE-----