Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/jPXAyTxRg6IHrumUsMVZCICaKwI.roa
File:                     jPXAyTxRg6IHrumUsMVZCICaKwI.roa (raw, json)
Hash identifier:          yu/3MPqNqBbwh5Kh6v8tYgtrr60bnzQOIu7M1/9ZqhU=
Subject key identifier:   8C:F5:C0:C9:3C:51:83:A2:07:AE:E9:94:B0:C5:59:08:80:9A:2B:02
Certificate issuer:       /CN=28164a5757fdd5725a60844f2ae7ef73b107a4c0
Certificate serial:       0194266BD37AD2DBD657D1243AB2FD2881B7
Authority key identifier: 28:16:4A:57:57:FD:D5:72:5A:60:84:4F:2A:E7:EF:73:B1:07:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBZKV1f91XJaYIRPKufvc7EHpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/jPXAyTxRg6IHrumUsMVZCICaKwI.roa
Signing time:             Thu 02 Jan 2025 09:49:48 +0000
ROA not before:           Thu 02 Jan 2025 09:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206377
IP address blocks:        185.178.180.0/22 maxlen: 22
                          2a0a:6780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/KBZKV1f91XJaYIRPKufvc7EHpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/KBZKV1f91XJaYIRPKufvc7EHpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBZKV1f91XJaYIRPKufvc7EHpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d3:7a:d2:db:d6:57:d1:24:3a:b2:fd:28:81:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28164a5757fdd5725a60844f2ae7ef73b107a4c0
        Validity
            Not Before: Jan  2 09:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cf5c0c93c5183a207aee994b0c55908809a2b02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:94:e4:76:0e:b7:9d:3d:31:0c:61:a3:a9:61:
                    1b:e5:e2:de:e6:08:ea:9f:fe:23:f4:6c:25:5f:27:
                    4a:7e:69:fe:91:50:63:bf:42:a8:e1:91:7a:5b:8a:
                    4e:c0:fe:8c:d9:7e:95:ac:12:17:d9:1f:2b:4d:79:
                    4a:c8:44:b6:0f:8b:c2:f2:5c:0e:d0:16:b4:16:b8:
                    75:ed:71:dc:16:80:4a:11:eb:36:46:fa:89:41:eb:
                    9b:d0:84:c3:d3:a1:4c:34:6c:7b:77:fa:ba:8f:88:
                    47:a3:f9:c3:8b:bc:ac:b8:50:4e:0b:a5:d7:15:65:
                    dc:4e:6e:18:5f:bd:bf:c2:16:09:7c:01:b1:5b:47:
                    85:00:ca:5e:0a:a3:1d:2c:43:fb:2f:dc:bd:b6:32:
                    95:b3:60:f1:3e:83:2b:f7:78:48:6e:17:f3:a2:a1:
                    43:87:98:7d:9c:b4:aa:87:cd:11:84:66:0b:ff:04:
                    12:3c:fc:43:f8:74:74:d7:98:fb:b6:8b:e9:63:77:
                    97:1e:79:b2:6a:66:55:ee:52:8d:4a:45:da:9a:bb:
                    d7:5f:b4:62:82:78:56:01:4c:c8:90:40:8e:7a:77:
                    98:0d:f2:bf:24:9d:15:8f:8a:5a:f5:26:d7:cb:94:
                    44:aa:f1:30:ed:fe:2a:68:e4:88:17:d5:ae:a9:30:
                    00:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:F5:C0:C9:3C:51:83:A2:07:AE:E9:94:B0:C5:59:08:80:9A:2B:02
            X509v3 Authority Key Identifier:
                keyid:28:16:4A:57:57:FD:D5:72:5A:60:84:4F:2A:E7:EF:73:B1:07:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBZKV1f91XJaYIRPKufvc7EHpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/jPXAyTxRg6IHrumUsMVZCICaKwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/95535b-e630-457f-8a01-aeae5bbc3920/1/KBZKV1f91XJaYIRPKufvc7EHpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.180.0/22
                IPv6:
                  2a0a:6780::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:27:80:7d:3c:22:6c:63:c4:4d:38:56:f4:ab:b3:bd:bd:d9:
         1a:49:e1:4e:3e:36:ba:f0:b7:ea:bd:be:29:e8:1e:da:18:4e:
         6d:b0:71:bf:90:02:da:c6:00:97:f2:33:48:d7:14:f1:66:c2:
         09:77:2f:7c:03:41:5e:5b:df:d9:1d:e5:ee:22:21:87:04:95:
         9a:f6:21:6d:97:fc:89:57:97:75:24:bd:69:35:22:b6:1e:8b:
         ea:ef:9a:81:fa:00:09:c7:69:01:5d:24:86:05:c5:4c:fb:04:
         f2:32:90:03:de:e5:db:0c:ef:b5:87:65:71:4f:3c:9d:5e:ea:
         ec:34:cc:98:de:17:ea:fc:b1:af:27:b3:35:99:dd:1c:bb:2f:
         31:62:4b:59:92:6d:2b:b2:35:82:6f:b9:29:d3:56:ec:d4:bf:
         b6:da:57:b7:ad:c3:bc:16:f0:86:67:49:44:21:9c:5b:93:cb:
         52:19:da:a6:01:21:95:e1:82:23:79:4f:2a:1b:2d:8a:67:1f:
         4d:ee:64:eb:62:f8:af:30:ab:ad:30:e6:e8:d1:a9:29:34:29:
         0b:42:83:f5:94:1e:8c:95:95:d6:47:e0:f7:81:09:2b:02:a7:
         ee:72:af:66:c0:f3:40:1e:92:4b:e3:1a:e2:89:d3:b8:a5:76:
         da:9b:5a:14
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQma9N60tvWV9EkOrL9KIG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTY0YTU3NTdmZGQ1NzI1YTYwODQ0ZjJhZTdlZjczYjEw
N2E0YzAwHhcNMjUwMTAyMDk0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2Y1YzBjOTNjNTE4M2EyMDdhZWU5OTRiMGM1NTkwODgwOWEyYjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJTkdg63nT0xDGGjqWEb5eLe5gjq
n/4j9GwlXydKfmn+kVBjv0Ko4ZF6W4pOwP6M2X6VrBIX2R8rTXlKyES2D4vC8lwO
0Ba0Frh17XHcFoBKEes2RvqJQeub0ITD06FMNGx7d/q6j4hHo/nDi7ysuFBOC6XX
FWXcTm4YX72/whYJfAGxW0eFAMpeCqMdLEP7L9y9tjKVs2DxPoMr93hIbhfzoqFD
h5h9nLSqh80RhGYL/wQSPPxD+HR015j7tovpY3eXHnmyamZV7lKNSkXamrvXX7Ri
gnhWAUzIkECOeneYDfK/JJ0Vj4pa9SbXy5REqvEw7f4qaOSIF9WuqTAAJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIz1wMk8UYOiB67plLDFWQiAmisCMB8GA1UdIwQY
MBaAFCgWSldX/dVyWmCETyrn73OxB6TAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JaS1YxZjkxWEphWUlSUEt1ZnZjN0VIcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85NTUzNWItZTYzMC00NTdmLThhMDEt
YWVhZTViYmMzOTIwLzEvalBYQXlUeFJnNklIcnVtVXNNVlpDSUNhS3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85NTUzNWItZTYzMC00NTdmLThhMDEtYWVhZTViYmMzOTIw
LzEvS0JaS1YxZjkxWEphWUlSUEt1ZnZjN0VIcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubK0MA0E
AgACMAcDBQMqCmeAMA0GCSqGSIb3DQEBCwUAA4IBAQAIJ4B9PCJsY8RNOFb0q7O9
vdkaSeFOPja68Lfqvb4p6B7aGE5tsHG/kALaxgCX8jNI1xTxZsIJdy98A0FeW9/Z
HeXuIiGHBJWa9iFtl/yJV5d1JL1pNSK2Hovq75qB+gAJx2kBXSSGBcVM+wTyMpAD
3uXbDO+1h2VxTzydXursNMyY3hfq/LGvJ7M1md0cuy8xYktZkm0rsjWCb7kp01bs
1L+22le3rcO8FvCGZ0lEIZxbk8tSGdqmASGV4YIjeU8qGy2KZx9N7mTrYvivMKut
MObo0akpNCkLQoP1lB6MlZXWR+D3gQkrAqfucq9mwPNAHpJL4xriidO4pXbam1oU
-----END CERTIFICATE-----