Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/9df811-07dc-4fdf-9118-77fd4d1e5b26/1/sJQhejzANXmhjfA0SwICil3Vbvw.roa
File:                     sJQhejzANXmhjfA0SwICil3Vbvw.roa (raw, json)
Hash identifier:          d9LT9p9rNWyYY2+R6D4n46INz03lFIXneCFJpTKkKbI=
Subject key identifier:   B0:94:21:7A:3C:C0:35:79:A1:8D:F0:34:4B:02:02:8A:5D:D5:6E:FC
Certificate issuer:       /CN=ff7276c4d8cfafc04c26f85fb34fd9ece4769695
Certificate serial:       018CC6B79344709A820DD91C16D0C4252133
Authority key identifier: FF:72:76:C4:D8:CF:AF:C0:4C:26:F8:5F:B3:4F:D9:EC:E4:76:96:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_3J2xNjPr8BMJvhfs0_Z7OR2lpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/9df811-07dc-4fdf-9118-77fd4d1e5b26/1/sJQhejzANXmhjfA0SwICil3Vbvw.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42876
IP address blocks:        194.60.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/9df811-07dc-4fdf-9118-77fd4d1e5b26/1/_3J2xNjPr8BMJvhfs0_Z7OR2lpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/9df811-07dc-4fdf-9118-77fd4d1e5b26/1/_3J2xNjPr8BMJvhfs0_Z7OR2lpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_3J2xNjPr8BMJvhfs0_Z7OR2lpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:93:44:70:9a:82:0d:d9:1c:16:d0:c4:25:21:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff7276c4d8cfafc04c26f85fb34fd9ece4769695
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b094217a3cc03579a18df0344b02028a5dd56efc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:52:ae:fa:77:02:07:c9:73:21:0b:2f:de:3e:
                    30:db:ea:36:23:42:a9:4a:3f:2f:9d:80:91:2a:f5:
                    b6:aa:1c:c5:81:55:4a:ca:f9:55:50:36:ba:b2:1e:
                    7b:d3:1b:80:aa:4c:6e:5f:80:e5:25:8d:4f:95:a8:
                    2c:dc:39:0b:40:ae:4b:4d:98:31:7d:fb:00:6d:57:
                    dd:50:0a:e9:b3:0a:55:85:34:92:5f:1e:26:da:5f:
                    ae:f5:be:51:80:3b:38:26:8d:05:a4:e4:b5:86:0f:
                    af:09:70:c0:67:26:ef:2c:c3:60:66:a4:55:be:e0:
                    bd:4e:ad:d3:61:2b:34:10:9f:0c:e9:68:6c:a2:23:
                    bf:31:e7:93:6f:88:1b:a0:8d:85:74:88:38:d5:cd:
                    f4:6b:0c:cb:f0:e3:e3:a9:63:6a:74:41:a1:ec:3b:
                    cf:16:bd:1b:3f:b6:2d:1b:a7:b9:5b:4f:82:a4:cc:
                    ec:86:46:19:c9:e2:a5:db:04:ac:71:50:42:d7:70:
                    cd:40:ab:98:9c:02:db:48:72:1c:a7:c5:eb:bf:d2:
                    82:43:fc:f6:bd:59:df:e9:48:20:a1:aa:0d:dc:04:
                    ab:ab:82:23:32:b2:dc:31:69:5c:ea:3a:6b:75:88:
                    bb:8a:77:b3:b5:4c:7f:d3:b2:12:3b:c3:c1:8a:63:
                    2b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:94:21:7A:3C:C0:35:79:A1:8D:F0:34:4B:02:02:8A:5D:D5:6E:FC
            X509v3 Authority Key Identifier:
                keyid:FF:72:76:C4:D8:CF:AF:C0:4C:26:F8:5F:B3:4F:D9:EC:E4:76:96:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_3J2xNjPr8BMJvhfs0_Z7OR2lpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/9df811-07dc-4fdf-9118-77fd4d1e5b26/1/sJQhejzANXmhjfA0SwICil3Vbvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/9df811-07dc-4fdf-9118-77fd4d1e5b26/1/_3J2xNjPr8BMJvhfs0_Z7OR2lpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:5d:92:ea:e0:08:d2:7a:54:a6:42:fb:bb:7d:1b:f3:22:42:
         5f:20:98:27:b5:91:49:6e:53:c4:58:28:c9:cc:b3:fe:bf:1a:
         e9:19:72:44:c6:24:65:48:1a:ab:2e:25:54:6c:5d:6e:83:3d:
         d3:c3:73:80:dd:d2:51:47:05:87:a6:1a:a9:75:d4:f0:ac:f4:
         e1:67:24:3f:2c:67:bb:a4:14:aa:89:ad:38:52:b4:cf:66:33:
         0b:63:7a:ff:d8:69:2c:e1:0e:7b:20:88:a4:b6:20:3a:ab:ca:
         5e:c1:1c:2b:a8:ad:98:b5:8d:a8:6b:81:2b:cb:d3:63:c6:53:
         06:21:87:00:e3:68:73:77:db:a1:c0:ee:e7:8d:8c:b2:7f:b4:
         0c:d7:56:d6:29:21:5e:14:b5:b4:61:b1:d3:3d:d4:14:e0:df:
         ba:57:ab:ca:d9:68:4c:ad:5f:ea:93:d6:05:c3:04:dd:71:12:
         e2:cf:4e:4a:33:cb:24:2e:c1:56:1b:19:ba:42:22:d7:4c:62:
         e3:7d:85:04:e9:4a:f4:a3:ab:4d:6f:a1:cc:b4:46:4c:20:c0:
         98:c4:ce:65:27:ca:8b:a2:fb:4b:81:b7:98:ca:98:ae:f6:d3:
         81:b5:20:fa:57:40:7a:75:fd:8b:96:46:19:c6:35:1f:ae:f1:
         c1:57:fa:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5NEcJqCDdkcFtDEJSEzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNzI3NmM0ZDhjZmFmYzA0YzI2Zjg1ZmIzNGZkOWVjZTQ3
Njk2OTUwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDk0MjE3YTNjYzAzNTc5YTE4ZGYwMzQ0YjAyMDI4YTVkZDU2ZWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFKu+ncCB8lzIQsv3j4w2+o2I0Kp
Sj8vnYCRKvW2qhzFgVVKyvlVUDa6sh570xuAqkxuX4DlJY1Plags3DkLQK5LTZgx
ffsAbVfdUArpswpVhTSSXx4m2l+u9b5RgDs4Jo0FpOS1hg+vCXDAZybvLMNgZqRV
vuC9Tq3TYSs0EJ8M6WhsoiO/MeeTb4gboI2FdIg41c30awzL8OPjqWNqdEGh7DvP
Fr0bP7YtG6e5W0+CpMzshkYZyeKl2wSscVBC13DNQKuYnALbSHIcp8Xrv9KCQ/z2
vVnf6UggoaoN3ASrq4IjMrLcMWlc6jprdYi7ineztUx/07ISO8PBimMr/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCUIXo8wDV5oY3wNEsCAopd1W78MB8GA1UdIwQY
MBaAFP9ydsTYz6/ATCb4X7NP2ezkdpaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzNKMnhOalByOEJNSnZoZnMwX1o3T1IybHBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC85ZGY4MTEtMDdkYy00ZmRmLTkxMTgt
NzdmZDRkMWU1YjI2LzEvc0pRaGVqekFOWG1oamZBMFN3SUNpbDNWYnZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC85ZGY4MTEtMDdkYy00ZmRmLTkxMTgtNzdmZDRkMWU1YjI2
LzEvXzNKMnhOalByOEJNSnZoZnMwX1o3T1IybHBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjzzMA0G
CSqGSIb3DQEBCwUAA4IBAQBcXZLq4AjSelSmQvu7fRvzIkJfIJgntZFJblPEWCjJ
zLP+vxrpGXJExiRlSBqrLiVUbF1ugz3Tw3OA3dJRRwWHphqpddTwrPThZyQ/LGe7
pBSqia04UrTPZjMLY3r/2Gks4Q57IIiktiA6q8pewRwrqK2YtY2oa4Ery9NjxlMG
IYcA42hzd9uhwO7njYyyf7QM11bWKSFeFLW0YbHTPdQU4N+6V6vK2WhMrV/qk9YF
wwTdcRLiz05KM8skLsFWGxm6QiLXTGLjfYUE6Ur0o6tNb6HMtEZMIMCYxM5lJ8qL
ovtLgbeYypiu9tOBtSD6V0B6df2LlkYZxjUfrvHBV/om
-----END CERTIFICATE-----