Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/JDgoSG4Gm5mRrsOW6a5reMjHods.roa
File:                     JDgoSG4Gm5mRrsOW6a5reMjHods.roa (raw, json)
Hash identifier:          iIVy15KZVm+4APma0pRDWPbbYPKLU+oi2nxsDe2h62Q=
Subject key identifier:   24:38:28:48:6E:06:9B:99:91:AE:C3:96:E9:AE:6B:78:C8:C7:A1:DB
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93F9F37F71E120B2C2F5176E10F89
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/JDgoSG4Gm5mRrsOW6a5reMjHods.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200940
IP address blocks:        213.16.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3f:9f:37:f7:1e:12:0b:2c:2f:51:76:e1:0f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=243828486e069b9991aec396e9ae6b78c8c7a1db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a1:46:5c:78:f3:a2:e0:45:f4:2f:a6:eb:a5:
                    33:6f:36:1e:e9:4f:e5:52:d2:99:91:37:cf:35:45:
                    c8:46:56:50:ad:d5:b9:01:13:d9:cf:45:f2:38:a5:
                    03:5e:00:3d:ea:93:0c:be:1a:eb:d6:4f:f5:69:41:
                    a2:66:95:42:16:50:97:52:1b:7e:91:f8:2c:6e:90:
                    8b:33:14:d7:c8:9b:6d:fa:47:1d:61:17:aa:a1:88:
                    9a:f3:b9:6d:b9:53:40:94:54:eb:c2:51:74:03:f1:
                    a8:6c:39:b1:4d:aa:35:b3:34:a1:a5:03:fc:45:9a:
                    b3:2b:73:51:6d:e9:6e:f0:4a:c8:c3:b3:99:8d:9f:
                    11:3b:e3:05:0f:74:5b:41:b4:c5:53:d3:2c:80:2a:
                    c7:86:3e:01:3b:31:a7:61:17:de:a9:8c:79:2b:03:
                    b2:a3:0b:ec:d7:8e:0f:42:ad:9d:04:00:9d:40:cf:
                    06:e0:86:5f:dd:05:8d:dc:d2:91:30:a1:ee:08:7a:
                    d6:a5:5f:05:8f:41:b4:8f:96:1f:96:a1:b9:cf:77:
                    3d:60:6e:57:51:e7:9c:43:98:4b:4e:d3:6c:ee:d6:
                    e3:ee:dd:1f:9a:9a:73:a9:81:0b:be:92:3c:ce:da:
                    26:0d:94:f2:c6:2d:62:46:06:63:85:85:fa:49:69:
                    f3:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:38:28:48:6E:06:9B:99:91:AE:C3:96:E9:AE:6B:78:C8:C7:A1:DB
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/JDgoSG4Gm5mRrsOW6a5reMjHods.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.16.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:f8:12:01:c0:13:79:21:8c:0b:c9:61:40:38:47:13:e9:7e:
         83:ee:5f:2b:c4:0b:57:05:13:57:9f:1e:2e:6c:e6:22:bf:0d:
         43:f4:ba:9e:5f:56:f4:29:0a:dc:91:5f:20:e1:01:93:d6:b1:
         3a:d0:dc:c7:31:a5:05:ea:4a:a3:80:74:e1:08:fa:e5:49:2d:
         9a:20:4f:cb:e0:ed:cd:a6:95:c5:91:a7:af:36:55:9e:0d:4f:
         79:69:82:6d:16:12:20:de:e0:a9:2d:0a:e3:ad:25:0e:7f:3d:
         a4:86:12:8c:b6:e3:00:f4:75:3a:22:dc:21:be:76:d0:8f:be:
         01:0e:00:cf:b7:70:a9:ca:36:7e:e0:fd:73:ac:20:04:c5:1b:
         31:fb:ff:80:01:41:93:fd:a0:b8:06:cd:c8:c8:d0:d2:24:53:
         76:42:c7:5b:cf:10:a0:db:40:4e:36:e9:c6:f7:81:17:64:95:
         f2:38:d7:76:56:52:c5:ba:3e:28:a4:e4:1d:77:bf:87:94:cf:
         61:68:61:b8:1c:ac:86:57:a9:17:26:ed:6b:ba:08:5f:ea:25:
         a0:b2:fa:b6:b4:0f:75:f0:1c:a1:db:98:11:19:4b:a1:6b:ab:
         54:5c:c6:3e:44:78:3e:f6:9d:71:8d:a9:88:eb:a7:07:d6:29:
         ac:8f:4e:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuT+fN/ceEgssL1F24Q+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDM4Mjg0ODZlMDY5Yjk5OTFhZWMzOTZlOWFlNmI3OGM4YzdhMWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6FGXHjzouBF9C+m66UzbzYe6U/l
UtKZkTfPNUXIRlZQrdW5ARPZz0XyOKUDXgA96pMMvhrr1k/1aUGiZpVCFlCXUht+
kfgsbpCLMxTXyJtt+kcdYReqoYia87ltuVNAlFTrwlF0A/GobDmxTao1szShpQP8
RZqzK3NRbelu8ErIw7OZjZ8RO+MFD3RbQbTFU9MsgCrHhj4BOzGnYRfeqYx5KwOy
owvs144PQq2dBACdQM8G4IZf3QWN3NKRMKHuCHrWpV8Fj0G0j5YflqG5z3c9YG5X
UeecQ5hLTtNs7tbj7t0fmppzqYELvpI8ztomDZTyxi1iRgZjhYX6SWnzHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQ4KEhuBpuZka7Dlumua3jIx6HbMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvSkRnb1NHNEdtNW1ScnNPVzZhNXJlTWpIb2RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1RBcMA0G
CSqGSIb3DQEBCwUAA4IBAQAg+BIBwBN5IYwLyWFAOEcT6X6D7l8rxAtXBRNXnx4u
bOYivw1D9LqeX1b0KQrckV8g4QGT1rE60NzHMaUF6kqjgHThCPrlSS2aIE/L4O3N
ppXFkaevNlWeDU95aYJtFhIg3uCpLQrjrSUOfz2khhKMtuMA9HU6ItwhvnbQj74B
DgDPt3CpyjZ+4P1zrCAExRsx+/+AAUGT/aC4Bs3IyNDSJFN2QsdbzxCg20BONunG
94EXZJXyONd2VlLFuj4opOQdd7+HlM9haGG4HKyGV6kXJu1rughf6iWgsvq2tA91
8Byh25gRGUuha6tUXMY+RHg+9p1xjamI66cH1imsj07X
-----END CERTIFICATE-----