Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/JLWXu9i8B1p8kGHEKvZ0jhX_jHE.roa
File:                     JLWXu9i8B1p8kGHEKvZ0jhX_jHE.roa (raw, json)
Hash identifier:          LXzP4O7lBEDLZjxdcQCLRRKpHO+GUpGSkO1s2HADRf8=
Subject key identifier:   24:B5:97:BB:D8:BC:07:5A:7C:90:61:C4:2A:F6:74:8E:15:FF:8C:71
Certificate issuer:       /CN=dca0441e5917f9c909f36d55ac2423e124814e2f
Certificate serial:       018CC79547307B8CAC228C1498C7523D89BC
Authority key identifier: DC:A0:44:1E:59:17:F9:C9:09:F3:6D:55:AC:24:23:E1:24:81:4E:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3KBEHlkX-ckJ821VrCQj4SSBTi8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/JLWXu9i8B1p8kGHEKvZ0jhX_jHE.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50214
IP address blocks:        88.151.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/3KBEHlkX-ckJ821VrCQj4SSBTi8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/3KBEHlkX-ckJ821VrCQj4SSBTi8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3KBEHlkX-ckJ821VrCQj4SSBTi8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:47:30:7b:8c:ac:22:8c:14:98:c7:52:3d:89:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dca0441e5917f9c909f36d55ac2423e124814e2f
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24b597bbd8bc075a7c9061c42af6748e15ff8c71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2b:f3:a7:99:9a:d2:38:b8:d1:06:fc:de:00:
                    37:93:c2:76:00:af:46:04:c1:87:6b:be:7c:da:f0:
                    c5:ac:fe:bd:7e:ba:30:69:79:52:2c:60:72:be:cb:
                    28:4c:1c:30:e0:47:83:f6:f0:56:bd:19:21:bc:fc:
                    cc:3c:96:ff:74:94:f0:35:3a:91:1c:0e:99:e7:4f:
                    ae:34:2d:47:36:5a:c0:6f:11:c3:af:98:88:23:cc:
                    34:93:69:f0:4f:7a:15:d1:95:cc:f5:71:a6:83:f6:
                    14:7e:c9:90:19:38:ad:fe:fe:61:33:de:0c:38:b5:
                    28:2c:90:c6:57:fb:19:a9:bd:41:f6:21:63:d3:bb:
                    69:05:95:0b:7e:23:71:2c:ee:25:1f:a7:bc:78:eb:
                    71:c8:85:cb:5a:e5:9a:16:7b:f7:4b:02:bd:c7:a5:
                    c0:62:74:6e:63:ff:ac:c4:10:4a:ff:c9:80:bb:d0:
                    06:8e:2b:25:b8:11:04:67:af:5d:e2:04:fe:ad:22:
                    a7:e4:03:40:c1:34:4d:02:cb:25:45:db:e6:d8:e9:
                    36:1a:b6:de:07:29:7c:42:a4:19:cf:35:f0:25:8c:
                    08:fe:83:4a:93:8f:02:be:d9:7e:7c:8c:44:d7:9d:
                    a5:43:09:ca:91:dc:f1:22:4f:a5:b3:9d:37:d3:d7:
                    3e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:B5:97:BB:D8:BC:07:5A:7C:90:61:C4:2A:F6:74:8E:15:FF:8C:71
            X509v3 Authority Key Identifier:
                keyid:DC:A0:44:1E:59:17:F9:C9:09:F3:6D:55:AC:24:23:E1:24:81:4E:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3KBEHlkX-ckJ821VrCQj4SSBTi8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/JLWXu9i8B1p8kGHEKvZ0jhX_jHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c2894c-a67d-4bac-b97f-1361e4aa91de/1/3KBEHlkX-ckJ821VrCQj4SSBTi8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:7b:63:73:f5:cc:42:f6:ef:eb:b9:4b:10:8e:a7:cc:35:98:
         9a:9b:47:87:65:4a:db:d3:34:c6:37:0d:f0:b8:70:ab:93:dc:
         59:a1:a3:69:07:f2:3e:22:4a:bb:04:ac:81:7a:26:0a:2d:46:
         da:7b:c7:28:f0:0c:6f:ef:a2:85:38:31:b5:d7:f3:f1:87:4f:
         cb:d2:ef:f4:fd:74:dc:85:4c:e9:36:a7:ba:a7:eb:54:af:77:
         ee:2c:0f:21:0a:a5:fd:1e:d2:f1:27:83:55:a0:26:8a:14:51:
         c1:27:e8:cb:82:d1:97:63:d9:90:e3:81:b6:0a:1f:76:82:69:
         3c:71:5f:75:77:c6:a7:14:b8:12:27:31:95:51:5f:7b:97:69:
         3f:f5:54:a8:aa:2f:f2:b4:f8:7b:c9:2c:cb:b6:c9:74:69:e3:
         37:5c:fa:a1:ad:39:73:c2:04:e3:1a:b8:5f:c5:1d:ac:96:8e:
         28:f7:d0:8c:30:7c:64:6b:48:2b:33:d1:51:ca:21:89:a7:80:
         f0:c6:e3:54:a5:3f:98:4c:0b:4c:cd:b4:83:bb:85:3f:57:35:
         2e:7b:41:94:f2:1e:2a:05:c4:34:f8:3d:af:c7:00:82:fd:c7:
         f1:c1:47:c2:a5:6c:25:96:5d:21:ff:00:95:51:3e:49:e7:1c:
         f2:08:79:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlUcwe4ysIowUmMdSPYm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYTA0NDFlNTkxN2Y5YzkwOWYzNmQ1NWFjMjQyM2UxMjQ4
MTRlMmYwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGI1OTdiYmQ4YmMwNzVhN2M5MDYxYzQyYWY2NzQ4ZTE1ZmY4YzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSvzp5ma0ji40Qb83gA3k8J2AK9G
BMGHa7582vDFrP69frowaXlSLGByvssoTBww4EeD9vBWvRkhvPzMPJb/dJTwNTqR
HA6Z50+uNC1HNlrAbxHDr5iII8w0k2nwT3oV0ZXM9XGmg/YUfsmQGTit/v5hM94M
OLUoLJDGV/sZqb1B9iFj07tpBZULfiNxLO4lH6e8eOtxyIXLWuWaFnv3SwK9x6XA
YnRuY/+sxBBK/8mAu9AGjisluBEEZ69d4gT+rSKn5ANAwTRNAsslRdvm2Ok2Grbe
Byl8QqQZzzXwJYwI/oNKk48Cvtl+fIxE152lQwnKkdzxIk+ls50309c+dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCS1l7vYvAdafJBhxCr2dI4V/4xxMB8GA1UdIwQY
MBaAFNygRB5ZF/nJCfNtVawkI+EkgU4vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0tCRUhsa1gtY2tKODIxVnJDUWo0U1NCVGk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jMjg5NGMtYTY3ZC00YmFjLWI5N2Yt
MTM2MWU0YWE5MWRlLzEvSkxXWHU5aThCMXA4a0dIRUt2WjBqaFhfakhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jMjg5NGMtYTY3ZC00YmFjLWI5N2YtMTM2MWU0YWE5MWRl
LzEvM0tCRUhsa1gtY2tKODIxVnJDUWo0U1NCVGk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJdyMA0G
CSqGSIb3DQEBCwUAA4IBAQAfe2Nz9cxC9u/ruUsQjqfMNZiam0eHZUrb0zTGNw3w
uHCrk9xZoaNpB/I+Ikq7BKyBeiYKLUbae8co8Axv76KFODG11/Pxh0/L0u/0/XTc
hUzpNqe6p+tUr3fuLA8hCqX9HtLxJ4NVoCaKFFHBJ+jLgtGXY9mQ44G2Ch92gmk8
cV91d8anFLgSJzGVUV97l2k/9VSoqi/ytPh7ySzLtsl0aeM3XPqhrTlzwgTjGrhf
xR2slo4o99CMMHxka0grM9FRyiGJp4DwxuNUpT+YTAtMzbSDu4U/VzUue0GU8h4q
BcQ0+D2vxwCC/cfxwUfCpWwlll0h/wCVUT5J5xzyCHnN
-----END CERTIFICATE-----