Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/jST4G8U5T2nuYRuh7a87izWqaHk.roa
File:                     jST4G8U5T2nuYRuh7a87izWqaHk.roa (raw, json)
Hash identifier:          JGboW1aHV2Dgx/IXrSluk7A/dTvPu3DBgLskG8KPAjQ=
Subject key identifier:   8D:24:F8:1B:C5:39:4F:69:EE:61:1B:A1:ED:AF:3B:8B:35:AA:68:79
Certificate issuer:       /CN=1e65ede3b6aae7475c354b1e9b84d6a7832b077b
Certificate serial:       018CC727327D77411F8D4CEE1080A0FFCD54
Authority key identifier: 1E:65:ED:E3:B6:AA:E7:47:5C:35:4B:1E:9B:84:D6:A7:83:2B:07:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HmXt47aq50dcNUsem4TWp4MrB3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/jST4G8U5T2nuYRuh7a87izWqaHk.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        193.53.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/HmXt47aq50dcNUsem4TWp4MrB3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/HmXt47aq50dcNUsem4TWp4MrB3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HmXt47aq50dcNUsem4TWp4MrB3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 07:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:32:7d:77:41:1f:8d:4c:ee:10:80:a0:ff:cd:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e65ede3b6aae7475c354b1e9b84d6a7832b077b
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d24f81bc5394f69ee611ba1edaf3b8b35aa6879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d0:03:d2:c7:54:f7:c2:a4:43:7b:c7:90:ab:
                    39:fe:ac:f9:9f:57:13:08:64:4b:05:88:93:9c:9a:
                    d5:bf:67:73:c2:48:0b:67:23:11:56:b3:84:a8:a2:
                    f2:5a:f1:fb:61:c9:de:d0:4d:b9:b8:ee:43:45:d7:
                    43:a8:e0:27:0e:c3:a1:b6:1f:99:f7:9d:dd:35:0c:
                    bb:e6:17:3c:78:ad:58:eb:56:42:5b:11:be:4c:70:
                    1e:67:dd:e7:c6:2c:0d:a1:61:c1:a2:c7:de:08:00:
                    0e:84:78:d4:e4:78:ee:8a:a1:1a:2d:57:ce:67:ee:
                    02:59:d5:11:9b:90:1e:68:75:2e:73:83:37:37:75:
                    ad:eb:b1:d2:d3:eb:a0:a5:b2:38:28:57:79:85:7e:
                    29:75:3b:15:c1:99:2c:e1:36:dc:5f:bc:3c:a9:10:
                    e6:2c:ab:e4:a6:bc:06:1e:6d:dd:2d:72:5b:6c:1a:
                    66:0b:2b:9f:7c:79:3a:f9:0c:cd:d8:d5:ad:77:5f:
                    57:2b:c9:b4:9f:bc:df:b2:20:c9:37:fc:9d:c4:aa:
                    1f:0c:e5:c0:3e:30:70:50:df:41:15:da:31:e7:61:
                    9b:15:fa:27:b9:f5:28:22:72:9b:85:83:f2:a8:5f:
                    c2:db:89:23:53:70:a3:1c:e5:f5:27:7b:78:12:94:
                    09:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:24:F8:1B:C5:39:4F:69:EE:61:1B:A1:ED:AF:3B:8B:35:AA:68:79
            X509v3 Authority Key Identifier:
                keyid:1E:65:ED:E3:B6:AA:E7:47:5C:35:4B:1E:9B:84:D6:A7:83:2B:07:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HmXt47aq50dcNUsem4TWp4MrB3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/jST4G8U5T2nuYRuh7a87izWqaHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/HmXt47aq50dcNUsem4TWp4MrB3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:35:71:7f:e2:11:72:67:5b:aa:a2:84:3a:47:96:27:1e:cd:
         e9:d7:91:ae:1d:34:a8:9b:c6:ed:0f:e2:26:2e:6b:8f:3b:ca:
         b8:55:cc:0a:66:16:9f:96:c8:44:54:7f:22:a2:11:b4:e0:f7:
         4f:6d:86:f2:d9:a2:6b:1e:35:c3:32:4c:94:d1:64:58:a9:3e:
         2d:4f:cd:7d:70:ae:0e:3f:5c:ab:ff:dd:cd:93:ed:31:4b:db:
         2b:2a:30:6e:41:84:53:a2:84:c3:a5:3b:58:9e:fd:e4:ef:c9:
         4b:68:7a:58:6e:a1:a3:5f:fa:46:db:33:bd:ba:56:ef:2d:5e:
         f6:d4:37:66:35:97:6f:25:63:db:52:75:7d:41:46:ca:66:ca:
         c1:66:dd:9d:e3:0d:2b:e5:83:3d:20:71:7c:a3:3b:11:2f:9d:
         99:93:fa:58:6f:d2:3e:83:ae:77:3b:6e:05:02:90:0b:ea:da:
         c0:37:f2:a4:ad:68:df:db:6a:2a:f0:58:ee:08:d9:64:2f:99:
         7d:79:76:8f:a5:c7:99:7b:83:39:be:0d:a0:6b:34:a3:e7:47:
         d5:cf:72:9a:e8:96:4d:e7:e1:03:e1:57:83:b9:0a:c5:8c:6d:
         b3:dd:40:ba:cb:8d:ca:cb:8a:cb:25:6f:6b:5f:8d:df:e2:ab:
         a3:00:05:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzJ9d0EfjUzuEICg/81UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNjVlZGUzYjZhYWU3NDc1YzM1NGIxZTliODRkNmE3ODMy
YjA3N2IwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDI0ZjgxYmM1Mzk0ZjY5ZWU2MTFiYTFlZGFmM2I4YjM1YWE2ODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstAD0sdU98KkQ3vHkKs5/qz5n1cT
CGRLBYiTnJrVv2dzwkgLZyMRVrOEqKLyWvH7Ycne0E25uO5DRddDqOAnDsOhth+Z
953dNQy75hc8eK1Y61ZCWxG+THAeZ93nxiwNoWHBosfeCAAOhHjU5HjuiqEaLVfO
Z+4CWdURm5AeaHUuc4M3N3Wt67HS0+ugpbI4KFd5hX4pdTsVwZks4TbcX7w8qRDm
LKvkprwGHm3dLXJbbBpmCyuffHk6+QzN2NWtd19XK8m0n7zfsiDJN/ydxKofDOXA
PjBwUN9BFdox52GbFfonufUoInKbhYPyqF/C24kjU3CjHOX1J3t4EpQJhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0k+BvFOU9p7mEboe2vO4s1qmh5MB8GA1UdIwQY
MBaAFB5l7eO2qudHXDVLHpuE1qeDKwd7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG1YdDQ3YXE1MGRjTlVzZW00VFdwNE1yQjNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9jOTkxZWYtODRiNC00OTZmLWE4NTYt
NWNlNGQ4ZGJkMTU5LzEvalNUNEc4VTVUMm51WVJ1aDdhODdpeldxYUhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9jOTkxZWYtODRiNC00OTZmLWE4NTYtNWNlNGQ4ZGJkMTU5
LzEvSG1YdDQ3YXE1MGRjTlVzZW00VFdwNE1yQjNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTX5MA0G
CSqGSIb3DQEBCwUAA4IBAQCNNXF/4hFyZ1uqooQ6R5YnHs3p15GuHTSom8btD+Im
LmuPO8q4VcwKZhaflshEVH8iohG04PdPbYby2aJrHjXDMkyU0WRYqT4tT819cK4O
P1yr/93Nk+0xS9srKjBuQYRTooTDpTtYnv3k78lLaHpYbqGjX/pG2zO9ulbvLV72
1DdmNZdvJWPbUnV9QUbKZsrBZt2d4w0r5YM9IHF8ozsRL52Zk/pYb9I+g653O24F
ApAL6trAN/KkrWjf22oq8FjuCNlkL5l9eXaPpceZe4M5vg2gazSj50fVz3Ka6JZN
5+ED4VeDuQrFjG2z3UC6y43Ky4rLJW9rX43f4qujAAXV
-----END CERTIFICATE-----