Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/xJZQnrdHNTWVE91P1mY6FIfOGcc.roa
File:                     xJZQnrdHNTWVE91P1mY6FIfOGcc.roa (raw, json)
Hash identifier:          +URJ77/QUxB/0DBE0F3//BrPYg/F7Lzgfu1TKcYyC6g=
Subject key identifier:   C4:96:50:9E:B7:47:35:35:95:13:DD:4F:D6:66:3A:14:87:CE:19:C7
Certificate issuer:       /CN=8cd52439cac2719b64e85b26ff0ea8468d57960e
Certificate serial:       018CC86F2BB4889C62BF3ECE091D2A4890BA
Authority key identifier: 8C:D5:24:39:CA:C2:71:9B:64:E8:5B:26:FF:0E:A8:46:8D:57:96:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/xJZQnrdHNTWVE91P1mY6FIfOGcc.roa
Signing time:             Tue 02 Jan 2024 04:29:37 +0000
ROA not before:           Tue 02 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206356
IP address blocks:        194.48.228.0/22 maxlen: 24
                          2a0c:efc0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2b:b4:88:9c:62:bf:3e:ce:09:1d:2a:48:90:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd52439cac2719b64e85b26ff0ea8468d57960e
        Validity
            Not Before: Jan  2 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c496509eb74735359513dd4fd6663a1487ce19c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:78:ed:00:bc:12:b3:d8:d1:78:79:8e:9e:d7:
                    29:b6:26:e7:9d:c6:a3:c9:9b:e4:44:8d:9d:53:8a:
                    e3:1b:df:51:8f:87:47:1e:ec:d4:25:f5:d3:16:1d:
                    33:8d:a7:f5:1d:a7:b7:a6:ff:be:fa:1d:0b:99:31:
                    b8:e5:a1:99:fe:f0:e0:4c:8d:f6:4f:56:91:bd:d3:
                    9b:f0:42:37:10:6b:ac:89:7a:00:37:66:f0:f7:5e:
                    49:b3:08:d9:46:8b:ec:38:37:cb:38:b1:a8:40:1d:
                    d5:05:ea:d9:98:41:66:d9:12:7d:22:b2:5e:7d:b7:
                    ed:2b:84:ce:57:ad:5c:0f:ae:ca:a1:b6:42:5b:bb:
                    a4:fb:95:98:6a:eb:f1:87:b6:bd:84:a6:2f:ee:76:
                    86:c6:56:75:00:6a:c1:0c:06:c3:c0:07:c0:4c:09:
                    01:85:11:d0:1f:0d:76:46:35:27:bc:5d:bf:67:f7:
                    12:ba:73:1d:69:0c:46:5c:85:b5:b5:ea:ba:50:70:
                    20:b8:5c:2d:3e:2d:b5:62:e9:14:9a:67:90:22:98:
                    7d:4c:20:1a:c5:61:37:a3:f7:55:25:3b:b1:e7:d6:
                    22:2b:42:06:09:54:18:86:ee:cd:2f:de:01:e6:7a:
                    17:c1:95:ec:53:15:d2:7d:d4:d4:cd:b9:0b:2d:aa:
                    83:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:96:50:9E:B7:47:35:35:95:13:DD:4F:D6:66:3A:14:87:CE:19:C7
            X509v3 Authority Key Identifier:
                keyid:8C:D5:24:39:CA:C2:71:9B:64:E8:5B:26:FF:0E:A8:46:8D:57:96:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/xJZQnrdHNTWVE91P1mY6FIfOGcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.228.0/22
                IPv6:
                  2a0c:efc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:7f:05:54:cf:4d:7b:12:44:0d:6e:3e:71:5e:02:20:c1:27:
         9d:fe:c3:85:a8:9a:3b:d1:6b:e2:03:ec:7b:5e:d5:3f:0e:3e:
         70:a7:1b:c1:d2:81:fd:4e:33:0b:1b:db:88:cc:01:2b:bf:55:
         f8:60:7a:cd:f5:da:09:32:43:58:e7:4b:0b:66:f9:5d:4d:db:
         80:f3:2f:0c:96:19:1d:08:0a:d7:f8:2e:bf:35:7b:ad:16:a0:
         c6:6a:f4:03:4b:3d:5f:f4:eb:d6:44:01:b6:60:bb:3d:b6:81:
         d0:fb:29:df:1a:01:6d:f5:b1:8a:d8:4f:c4:9b:3f:80:ea:9b:
         c0:05:b1:1a:35:21:a7:48:8f:07:1f:c2:8b:46:c2:aa:d7:62:
         82:ac:50:e3:b0:4e:f9:ff:4a:d4:35:2c:de:5a:c1:c9:47:28:
         6e:26:fd:c4:aa:ea:dd:bb:29:46:9e:6c:63:d1:92:43:64:71:
         1f:56:39:43:36:94:a1:de:1d:3e:e5:ad:3c:69:0f:91:ed:22:
         92:11:03:2d:a5:f2:11:17:9f:80:a9:29:8c:ad:4b:17:35:d3:
         bf:2f:51:eb:62:67:a6:4b:fc:55:dc:b6:b2:61:de:c2:40:a6:
         2f:e3:8e:c7:64:95:7e:c4:1d:ac:c4:4f:31:3a:10:1d:66:93:
         13:4f:06:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbyu0iJxivz7OCR0qSJC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDUyNDM5Y2FjMjcxOWI2NGU4NWIyNmZmMGVhODQ2OGQ1
Nzk2MGUwHhcNMjQwMTAyMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDk2NTA5ZWI3NDczNTM1OTUxM2RkNGZkNjY2M2ExNDg3Y2UxOWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHjtALwSs9jReHmOntcptibnncaj
yZvkRI2dU4rjG99Rj4dHHuzUJfXTFh0zjaf1Hae3pv+++h0LmTG45aGZ/vDgTI32
T1aRvdOb8EI3EGusiXoAN2bw915JswjZRovsODfLOLGoQB3VBerZmEFm2RJ9IrJe
fbftK4TOV61cD67KobZCW7uk+5WYauvxh7a9hKYv7naGxlZ1AGrBDAbDwAfATAkB
hRHQHw12RjUnvF2/Z/cSunMdaQxGXIW1teq6UHAguFwtPi21YukUmmeQIph9TCAa
xWE3o/dVJTux59YiK0IGCVQYhu7NL94B5noXwZXsUxXSfdTUzbkLLaqDAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMSWUJ63RzU1lRPdT9ZmOhSHzhnHMB8GA1UdIwQY
MBaAFIzVJDnKwnGbZOhbJv8OqEaNV5YOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5Va09jckNjWnRrNkZzbV93Nm9SbzFYbGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jZDM3MTEtNzA4NC00YjE1LWJjMjUt
M2U0YTAyNmRmMDAwLzEveEpaUW5yZEhOVFdWRTkxUDFtWTZGSWZPR2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jZDM3MTEtNzA4NC00YjE1LWJjMjUtM2U0YTAyNmRmMDAw
LzEvak5Va09jckNjWnRrNkZzbV93Nm9SbzFYbGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwjDkMA0E
AgACMAcDBQMqDO/AMA0GCSqGSIb3DQEBCwUAA4IBAQB6fwVUz017EkQNbj5xXgIg
wSed/sOFqJo70WviA+x7XtU/Dj5wpxvB0oH9TjMLG9uIzAErv1X4YHrN9doJMkNY
50sLZvldTduA8y8MlhkdCArX+C6/NXutFqDGavQDSz1f9OvWRAG2YLs9toHQ+ynf
GgFt9bGK2E/Emz+A6pvABbEaNSGnSI8HH8KLRsKq12KCrFDjsE75/0rUNSzeWsHJ
RyhuJv3EqurduylGnmxj0ZJDZHEfVjlDNpSh3h0+5a08aQ+R7SKSEQMtpfIRF5+A
qSmMrUsXNdO/L1HrYmemS/xV3LayYd7CQKYv447HZJV+xB2sxE8xOhAdZpMTTwZc
-----END CERTIFICATE-----