Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/jLmCJD9MwXJK1y3iBAz9-epsfvM.roa
File:                     jLmCJD9MwXJK1y3iBAz9-epsfvM.roa (raw, json)
Hash identifier:          LtNT9EqDXPKC4Fq6wRxTjjVrS4ZN4s989ZuqhJyFcVA=
Subject key identifier:   8C:B9:82:24:3F:4C:C1:72:4A:D7:2D:E2:04:0C:FD:F9:EA:6C:7E:F3
Certificate issuer:       /CN=8aad9c0ce5ba3905b41970a04e51976076c67e00
Certificate serial:       01909E6987376CC985854CD767F4C79B33BE
Authority key identifier: 8A:AD:9C:0C:E5:BA:39:05:B4:19:70:A0:4E:51:97:60:76:C6:7E:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iq2cDOW6OQW0GXCgTlGXYHbGfgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/jLmCJD9MwXJK1y3iBAz9-epsfvM.roa
Signing time:             Wed 10 Jul 2024 20:50:34 +0000
ROA not before:           Wed 10 Jul 2024 20:50:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        193.135.40.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/iq2cDOW6OQW0GXCgTlGXYHbGfgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/iq2cDOW6OQW0GXCgTlGXYHbGfgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iq2cDOW6OQW0GXCgTlGXYHbGfgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9e:69:87:37:6c:c9:85:85:4c:d7:67:f4:c7:9b:33:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aad9c0ce5ba3905b41970a04e51976076c67e00
        Validity
            Not Before: Jul 10 20:50:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cb982243f4cc1724ad72de2040cfdf9ea6c7ef3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:81:9a:a7:86:f0:88:4b:8b:f1:e1:12:4c:ea:
                    8e:93:64:ac:e4:f0:e2:92:b9:9e:bb:7d:5b:6d:06:
                    4a:c7:20:57:15:6e:84:e9:b7:97:11:08:dd:2b:7f:
                    1d:08:c6:75:ac:35:90:0f:c9:93:7b:31:b5:f5:87:
                    2b:d5:a0:47:4f:1f:d7:e4:fb:41:23:09:e5:1e:0c:
                    61:9a:53:c0:ea:66:a0:9e:47:58:28:3d:dc:c9:be:
                    51:e1:32:4f:6d:c8:c2:da:4b:b3:70:cb:ad:81:15:
                    8f:2a:fa:0a:33:63:72:9e:fb:e0:55:ad:a4:f8:ed:
                    0d:e5:1d:33:bd:7d:88:ab:a5:09:36:0a:68:62:46:
                    31:90:98:42:29:a2:96:f7:ab:fc:12:32:c9:21:8b:
                    8f:8a:ab:68:03:ca:97:ac:bd:29:19:dc:57:85:86:
                    7f:33:3c:4e:4e:c2:08:01:f3:e1:50:19:ef:0c:e2:
                    9e:0e:21:80:3f:2f:95:50:fc:47:f2:04:7f:58:ea:
                    18:35:0a:ec:31:cc:af:1a:bc:b3:fa:ee:dd:28:2c:
                    9d:5d:2a:36:22:98:aa:29:61:62:16:d7:68:a5:24:
                    c6:3c:ec:d6:f7:71:48:79:50:2a:d2:01:d5:3d:01:
                    ed:37:69:16:ad:fe:13:cb:ec:ec:cd:99:f5:2b:c0:
                    ae:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:B9:82:24:3F:4C:C1:72:4A:D7:2D:E2:04:0C:FD:F9:EA:6C:7E:F3
            X509v3 Authority Key Identifier:
                keyid:8A:AD:9C:0C:E5:BA:39:05:B4:19:70:A0:4E:51:97:60:76:C6:7E:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iq2cDOW6OQW0GXCgTlGXYHbGfgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/jLmCJD9MwXJK1y3iBAz9-epsfvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/iq2cDOW6OQW0GXCgTlGXYHbGfgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4e:22:d4:ce:34:39:5b:6e:12:59:ca:07:50:43:be:4c:a9:80:
         c9:5b:ac:01:87:c3:a9:33:08:f0:0c:6d:49:31:f7:b2:af:af:
         d4:1e:37:0f:36:8a:18:73:38:a7:66:50:b9:b4:e4:66:df:f4:
         4e:0a:a2:17:30:11:39:a6:95:ba:df:62:86:22:21:c1:89:75:
         92:e4:fe:ec:33:10:9a:06:e9:84:f5:d0:9f:e3:96:6b:fd:00:
         77:31:39:04:09:27:14:7f:fe:56:06:cd:e0:f6:ad:57:a8:f5:
         a2:2c:c3:ca:16:c9:10:a8:89:38:45:c3:71:1b:95:2b:dc:8b:
         db:cf:94:80:ca:ca:fa:7d:ba:c5:28:92:c6:a7:42:08:f4:a6:
         e3:5d:a2:82:f5:83:4f:88:b1:c4:36:a2:85:90:53:65:ca:05:
         64:a9:34:61:0f:6c:53:3d:6e:97:60:c7:b4:e0:2a:73:2c:5c:
         44:88:cf:90:ce:0e:e4:0b:08:9e:c7:ab:ab:e0:f0:68:5a:52:
         00:b8:8f:dd:0b:77:44:49:7e:d4:6f:26:09:79:7c:ff:be:40:
         9a:3f:6c:63:78:4d:6f:3d:7a:ca:36:c4:31:bf:20:96:24:98:
         9c:91:44:dc:86:41:a7:9f:06:76:08:6c:5c:5d:2d:fa:a0:0b:
         af:e5:bb:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCeaYc3bMmFhUzXZ/THmzO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYWQ5YzBjZTViYTM5MDViNDE5NzBhMDRlNTE5NzYwNzZj
NjdlMDAwHhcNMjQwNzEwMjA1MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2I5ODIyNDNmNGNjMTcyNGFkNzJkZTIwNDBjZmRmOWVhNmM3ZWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoGap4bwiEuL8eESTOqOk2Ss5PDi
krmeu31bbQZKxyBXFW6E6beXEQjdK38dCMZ1rDWQD8mTezG19Ycr1aBHTx/X5PtB
IwnlHgxhmlPA6magnkdYKD3cyb5R4TJPbcjC2kuzcMutgRWPKvoKM2NynvvgVa2k
+O0N5R0zvX2Iq6UJNgpoYkYxkJhCKaKW96v8EjLJIYuPiqtoA8qXrL0pGdxXhYZ/
MzxOTsIIAfPhUBnvDOKeDiGAPy+VUPxH8gR/WOoYNQrsMcyvGryz+u7dKCydXSo2
IpiqKWFiFtdopSTGPOzW93FIeVAq0gHVPQHtN2kWrf4Ty+zszZn1K8Cu/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIy5giQ/TMFyStct4gQM/fnqbH7zMB8GA1UdIwQY
MBaAFIqtnAzlujkFtBlwoE5Rl2B2xn4AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXEyY0RPVzZPUVcwR1hDZ1RsR1hZSGJHZmdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9lNDQ1ZTQtMjZiZC00OGM5LTgzZGIt
N2EwZWNlOWMwYWY4LzEvakxtQ0pEOU13WEpLMXkzaUJBejktZXBzZnZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9lNDQ1ZTQtMjZiZC00OGM5LTgzZGItN2EwZWNlOWMwYWY4
LzEvaXEyY0RPVzZPUVcwR1hDZ1RsR1hZSGJHZmdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwYcoMA0G
CSqGSIb3DQEBCwUAA4IBAQBOItTONDlbbhJZygdQQ75MqYDJW6wBh8OpMwjwDG1J
Mfeyr6/UHjcPNooYczinZlC5tORm3/ROCqIXMBE5ppW632KGIiHBiXWS5P7sMxCa
BumE9dCf45Zr/QB3MTkECScUf/5WBs3g9q1XqPWiLMPKFskQqIk4RcNxG5Ur3Ivb
z5SAysr6fbrFKJLGp0II9KbjXaKC9YNPiLHENqKFkFNlygVkqTRhD2xTPW6XYMe0
4CpzLFxEiM+Qzg7kCwiex6ur4PBoWlIAuI/dC3dESX7UbyYJeXz/vkCaP2xjeE1v
PXrKNsQxvyCWJJickUTchkGnnwZ2CGxcXS36oAuv5bse
-----END CERTIFICATE-----