Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/jP9XQVZjzOxxl-EeaR0033ojWms.roa
File:                     jP9XQVZjzOxxl-EeaR0033ojWms.roa (raw, json)
Hash identifier:          t6DOWLwMhwKz35SMrcLcwjsMb4axFNE0nyCPcGAq/PA=
Subject key identifier:   8C:FF:57:41:56:63:CC:EC:71:97:E1:1E:69:1D:34:DF:7A:23:5A:6B
Certificate issuer:       /CN=3f5bc44014285b6f3e2872aecf5d4f33e268ce8b
Certificate serial:       018CC56E9DA4112EE314D9F3F3E1C0F1D0A8
Authority key identifier: 3F:5B:C4:40:14:28:5B:6F:3E:28:72:AE:CF:5D:4F:33:E2:68:CE:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P1vEQBQoW28-KHKuz11PM-Jozos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/jP9XQVZjzOxxl-EeaR0033ojWms.roa
Signing time:             Mon 01 Jan 2024 14:30:10 +0000
ROA not before:           Mon 01 Jan 2024 14:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20546
IP address blocks:        195.170.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/P1vEQBQoW28-KHKuz11PM-Jozos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/P1vEQBQoW28-KHKuz11PM-Jozos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P1vEQBQoW28-KHKuz11PM-Jozos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:9d:a4:11:2e:e3:14:d9:f3:f3:e1:c0:f1:d0:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f5bc44014285b6f3e2872aecf5d4f33e268ce8b
        Validity
            Not Before: Jan  1 14:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cff57415663ccec7197e11e691d34df7a235a6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4a:24:e6:3a:93:f0:19:42:cc:a1:1b:01:ff:
                    56:4a:7b:1e:c7:cc:7d:74:05:e2:1f:03:4a:22:f3:
                    1f:7f:f2:71:94:46:0e:01:ff:c2:2f:21:36:2c:49:
                    a3:26:ec:e6:84:a3:5f:1e:bd:38:c6:26:01:43:91:
                    45:96:9e:58:40:e8:e0:ed:cc:60:56:57:80:69:d9:
                    92:b3:44:81:bf:ae:df:fa:c5:7c:49:ae:dd:a5:81:
                    0e:4c:ef:e4:68:cd:76:1c:b8:c8:51:af:14:10:59:
                    d1:77:f5:84:9b:7d:53:1a:e7:8b:77:16:d7:09:46:
                    60:e2:d1:83:c5:b4:ce:b7:b9:c7:6c:7a:24:cb:98:
                    25:43:a1:4e:9e:f0:c9:d3:1c:d1:6f:49:14:04:23:
                    5a:28:9f:31:7c:cc:1e:06:bb:d3:a6:cc:ef:37:7d:
                    15:db:46:57:d6:7c:4b:0d:3d:a1:f7:0f:09:0a:59:
                    2f:27:e6:3f:f3:06:89:25:67:eb:ad:27:02:81:e5:
                    02:9e:f1:7e:66:11:8b:1f:85:60:2e:82:3a:34:45:
                    4f:31:20:49:c6:cb:87:e1:ca:fb:3a:d0:31:af:f2:
                    6a:12:8e:9f:c3:fa:08:1f:80:2c:b3:8a:f5:59:af:
                    86:39:1a:db:8a:b9:25:26:00:69:e2:63:4c:aa:45:
                    59:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:FF:57:41:56:63:CC:EC:71:97:E1:1E:69:1D:34:DF:7A:23:5A:6B
            X509v3 Authority Key Identifier:
                keyid:3F:5B:C4:40:14:28:5B:6F:3E:28:72:AE:CF:5D:4F:33:E2:68:CE:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P1vEQBQoW28-KHKuz11PM-Jozos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/jP9XQVZjzOxxl-EeaR0033ojWms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/322693-e58b-48e2-bdd9-02953ce63843/1/P1vEQBQoW28-KHKuz11PM-Jozos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:b3:55:08:94:05:d4:e5:ff:d6:ac:f5:fa:21:79:c4:b2:5a:
         57:ef:ca:7a:08:49:db:2e:f7:e6:cb:d9:cc:2e:b8:bc:df:7d:
         54:c5:b4:c8:3c:c0:cc:51:b8:f2:a2:1c:6b:aa:f7:cf:61:65:
         0a:60:01:2c:b3:7d:48:5c:25:c7:41:7f:61:33:17:e7:00:ee:
         b7:8c:6a:46:fd:b1:e9:22:00:82:55:d6:e1:4e:f0:4a:3a:19:
         1f:ce:ec:3d:c3:90:6b:06:03:6d:ad:9e:ac:7d:a3:c0:74:1d:
         c6:fb:c2:ac:99:e9:fd:3a:fa:ad:9b:dd:a7:2d:2e:fc:e6:d7:
         1b:48:21:4e:ab:72:e2:be:eb:e6:15:c9:d8:3d:27:0d:76:05:
         52:48:83:45:08:ed:79:cc:09:6d:f2:b9:0c:72:cb:84:13:7e:
         ef:2f:5a:f6:04:a5:c2:a6:92:bd:c4:ff:f2:05:b7:13:cc:a3:
         2b:78:4e:3d:83:ac:90:ba:a6:c5:94:72:d5:51:6c:b6:c2:e9:
         86:81:46:28:e0:ff:85:10:04:ff:ac:22:e3:c9:b1:05:cb:69:
         69:8a:20:9d:87:6d:d0:d3:ad:82:bb:ed:e5:f5:f2:12:02:60:
         05:38:58:0f:c9:5f:31:65:6b:1f:83:17:aa:dc:25:01:3b:37:
         96:e5:af:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbp2kES7jFNnz8+HA8dCoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNWJjNDQwMTQyODViNmYzZTI4NzJhZWNmNWQ0ZjMzZTI2
OGNlOGIwHhcNMjQwMTAxMTQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2ZmNTc0MTU2NjNjY2VjNzE5N2UxMWU2OTFkMzRkZjdhMjM1YTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEok5jqT8BlCzKEbAf9WSnsex8x9
dAXiHwNKIvMff/JxlEYOAf/CLyE2LEmjJuzmhKNfHr04xiYBQ5FFlp5YQOjg7cxg
VleAadmSs0SBv67f+sV8Sa7dpYEOTO/kaM12HLjIUa8UEFnRd/WEm31TGueLdxbX
CUZg4tGDxbTOt7nHbHoky5glQ6FOnvDJ0xzRb0kUBCNaKJ8xfMweBrvTpszvN30V
20ZX1nxLDT2h9w8JClkvJ+Y/8waJJWfrrScCgeUCnvF+ZhGLH4VgLoI6NEVPMSBJ
xsuH4cr7OtAxr/JqEo6fw/oIH4Ass4r1Wa+GORrbirklJgBp4mNMqkVZuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIz/V0FWY8zscZfhHmkdNN96I1prMB8GA1UdIwQY
MBaAFD9bxEAUKFtvPihyrs9dTzPiaM6LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDF2RVFCUW9XMjgtS0hLdXoxMVBNLUpvem9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zMjI2OTMtZTU4Yi00OGUyLWJkZDkt
MDI5NTNjZTYzODQzLzEvalA5WFFWWmp6T3h4bC1FZWFSMDAzM29qV21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zMjI2OTMtZTU4Yi00OGUyLWJkZDktMDI5NTNjZTYzODQz
LzEvUDF2RVFCUW9XMjgtS0hLdXoxMVBNLUpvem9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6q5MA0G
CSqGSIb3DQEBCwUAA4IBAQB0s1UIlAXU5f/WrPX6IXnEslpX78p6CEnbLvfmy9nM
Lri8331UxbTIPMDMUbjyohxrqvfPYWUKYAEss31IXCXHQX9hMxfnAO63jGpG/bHp
IgCCVdbhTvBKOhkfzuw9w5BrBgNtrZ6sfaPAdB3G+8Ksmen9Ovqtm92nLS785tcb
SCFOq3LivuvmFcnYPScNdgVSSINFCO15zAlt8rkMcsuEE37vL1r2BKXCppK9xP/y
BbcTzKMreE49g6yQuqbFlHLVUWy2wumGgUYo4P+FEAT/rCLjybEFy2lpiiCdh23Q
062Cu+3l9fISAmAFOFgPyV8xZWsfgxeq3CUBOzeW5a//
-----END CERTIFICATE-----