Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/jfTd-w-WiIazPCSLCHhtko6hMDI.roa
File:                     jfTd-w-WiIazPCSLCHhtko6hMDI.roa (raw, json)
Hash identifier:          chXM+gibHR7EplNSiZMiPgnUrLEKnaXwcA2lNHc77+0=
Subject key identifier:   8D:F4:DD:FB:0F:96:88:86:B3:3C:24:8B:08:78:6D:92:8E:A1:30:32
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       0192988CB81112984E4366F4529FBDA4DC59
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/jfTd-w-WiIazPCSLCHhtko6hMDI.roa
Signing time:             Thu 17 Oct 2024 03:36:51 +0000
ROA not before:           Thu 17 Oct 2024 03:36:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214785
IP address blocks:        185.202.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:98:8c:b8:11:12:98:4e:43:66:f4:52:9f:bd:a4:dc:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Oct 17 03:36:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8df4ddfb0f968886b33c248b08786d928ea13032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:2f:58:86:af:33:26:09:95:0c:f2:3d:25:86:
                    a5:e1:b0:7f:18:68:f9:1f:ed:87:83:3c:27:7d:de:
                    0c:37:1e:66:0d:67:25:72:53:4f:58:0b:cb:65:32:
                    d1:7f:07:aa:f8:19:8c:e9:8c:9a:b6:79:47:a0:52:
                    e7:13:51:af:66:15:ce:2b:80:63:a8:30:ff:9d:a0:
                    28:93:c5:fe:f4:fe:fa:a9:14:e3:79:9d:7d:1b:33:
                    db:b6:c1:60:19:ad:f3:40:0c:09:31:69:c9:a5:dc:
                    7e:60:51:90:3c:29:9f:a8:38:ce:86:62:d1:3f:c9:
                    47:30:49:9c:db:6a:5b:7f:5b:0f:45:e1:97:91:93:
                    65:40:bf:f8:e9:0a:9c:32:07:f2:da:98:ba:25:41:
                    ed:ed:c3:5d:ea:aa:95:f9:6d:03:2a:82:4b:87:4f:
                    22:0b:5a:12:4d:01:4e:62:43:6c:ce:9c:a8:cc:fa:
                    dc:d9:a2:7e:9f:77:07:81:c1:5f:49:22:b0:74:52:
                    ee:54:c8:7a:77:50:85:e3:de:ad:34:51:7d:58:88:
                    28:bb:0a:2c:13:d7:a6:53:9f:4a:7e:73:ef:f8:65:
                    8a:6f:84:ca:d2:f8:55:15:4c:cd:00:3e:b6:bc:34:
                    c4:fc:81:68:ff:3d:de:c9:15:6f:8c:d4:a1:90:a8:
                    c6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:F4:DD:FB:0F:96:88:86:B3:3C:24:8B:08:78:6D:92:8E:A1:30:32
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/jfTd-w-WiIazPCSLCHhtko6hMDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:72:2d:ab:b0:55:db:d0:50:2e:d7:2b:5a:72:bf:2d:5c:4a:
         88:89:37:1b:a3:5f:2b:a4:68:a4:17:c2:3e:e1:e9:3d:7a:ed:
         da:0b:1c:60:e6:39:e8:47:1d:30:ea:17:08:80:7f:73:cb:f3:
         a7:5a:25:4b:70:a3:6c:0b:61:67:dd:cf:f8:da:d2:a3:d3:07:
         8a:88:f3:3e:39:39:9e:ef:da:fc:0f:69:b1:ef:28:ea:f9:95:
         b6:7a:c3:81:80:6c:63:49:a6:23:7a:8b:99:0f:6c:bd:5e:25:
         86:80:e8:a0:1f:5b:2c:87:55:a5:04:7f:c3:63:5a:5a:e1:2b:
         21:5f:06:b6:b0:86:c5:73:d1:07:7a:96:3d:5f:1e:bf:e0:3e:
         a5:fa:01:70:6d:a2:dd:cc:20:e3:72:1f:06:eb:09:86:f7:3d:
         13:67:6e:b6:ec:f4:54:e1:59:26:18:52:1a:c8:d6:4d:fc:44:
         10:97:34:60:17:bc:cf:66:9b:66:7e:f9:d4:12:f8:c6:33:ad:
         08:fc:2e:4d:a2:61:dc:4e:d4:51:51:07:ed:5a:de:1a:5b:6a:
         aa:0b:3d:6e:c9:ad:96:3d:ad:9f:7f:c1:22:a8:9e:32:fc:f2:
         c5:50:b6:6a:5a:ec:08:fc:c2:3a:05:f9:a9:e7:f7:21:5d:ad:
         f9:9d:a2:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKYjLgREphOQ2b0Up+9pNxZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQxMDE3MDMzNjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGY0ZGRmYjBmOTY4ODg2YjMzYzI0OGIwODc4NmQ5MjhlYTEzMDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvC9Yhq8zJgmVDPI9JYal4bB/GGj5
H+2Hgzwnfd4MNx5mDWclclNPWAvLZTLRfweq+BmM6YyatnlHoFLnE1GvZhXOK4Bj
qDD/naAok8X+9P76qRTjeZ19GzPbtsFgGa3zQAwJMWnJpdx+YFGQPCmfqDjOhmLR
P8lHMEmc22pbf1sPReGXkZNlQL/46QqcMgfy2pi6JUHt7cNd6qqV+W0DKoJLh08i
C1oSTQFOYkNszpyozPrc2aJ+n3cHgcFfSSKwdFLuVMh6d1CF496tNFF9WIgouwos
E9emU59KfnPv+GWKb4TK0vhVFUzNAD62vDTE/IFo/z3eyRVvjNShkKjGbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI303fsPloiGszwkiwh4bZKOoTAyMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvamZUZC13LVdpSWF6UENTTENIaHRrbzZoTURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucpkMA0G
CSqGSIb3DQEBCwUAA4IBAQAWci2rsFXb0FAu1ytacr8tXEqIiTcbo18rpGikF8I+
4ek9eu3aCxxg5jnoRx0w6hcIgH9zy/OnWiVLcKNsC2Fn3c/42tKj0weKiPM+OTme
79r8D2mx7yjq+ZW2esOBgGxjSaYjeouZD2y9XiWGgOigH1ssh1WlBH/DY1pa4Ssh
Xwa2sIbFc9EHepY9Xx6/4D6l+gFwbaLdzCDjch8G6wmG9z0TZ2627PRU4VkmGFIa
yNZN/EQQlzRgF7zPZptmfvnUEvjGM60I/C5NomHcTtRRUQftWt4aW2qqCz1uya2W
Pa2ff8EiqJ4y/PLFULZqWuwI/MI6Bfmp5/chXa35naKR
-----END CERTIFICATE-----