Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/J_jzGSySK8aS6FGsCSDcT1cQ5LQ.roa
File:                     J_jzGSySK8aS6FGsCSDcT1cQ5LQ.roa (raw, json)
Hash identifier:          ahfCFXuRZ/viN/2jW9AJUrvRhbplDhJRkg7fCnT/2Rg=
Subject key identifier:   27:F8:F3:19:2C:92:2B:C6:92:E8:51:AC:09:20:DC:4F:57:10:E4:B4
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5013E934319D07CE9B59AB884C930A6
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/J_jzGSySK8aS6FGsCSDcT1cQ5LQ.roa
Signing time:             Mon 01 Jan 2024 12:30:42 +0000
ROA not before:           Mon 01 Jan 2024 12:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41095
IP address blocks:        88.216.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3e:93:43:19:d0:7c:e9:b5:9a:b8:84:c9:30:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27f8f3192c922bc692e851ac0920dc4f5710e4b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:8f:ff:02:fa:99:c2:47:12:1d:20:28:e9:ff:
                    66:6d:3e:35:24:c6:19:a5:a6:73:5f:67:72:de:65:
                    cd:c2:ac:2c:5b:3a:84:35:75:9c:7f:5d:92:c6:eb:
                    8c:93:3d:e0:e5:9b:8a:ab:5b:83:38:39:3d:70:3b:
                    f6:06:80:bd:99:dd:dd:ed:62:1f:cd:80:c5:db:4c:
                    3b:84:6b:ab:12:17:02:42:25:28:40:11:32:2d:5c:
                    47:84:a1:91:44:14:bf:04:88:9e:39:52:5c:11:e5:
                    51:79:e5:7e:f7:9b:c7:41:0d:7b:23:90:c8:13:e2:
                    e7:84:b7:b8:90:f1:af:2f:cf:7d:42:94:a8:b6:96:
                    c5:64:ee:c9:6e:6b:3c:26:77:c3:77:59:fc:52:4f:
                    dd:a7:14:64:ef:64:e7:34:f6:4c:a7:90:e6:60:95:
                    66:84:d9:ed:9f:80:df:f2:14:db:f7:ed:2a:54:b2:
                    ca:57:b8:b5:80:ec:73:db:ef:e5:a5:d4:61:45:cd:
                    43:03:cb:d7:e0:2f:74:6d:98:9a:6f:91:4a:b5:1c:
                    d4:3f:55:e4:d7:97:68:b6:79:e9:e7:ff:f6:d1:73:
                    ab:7d:89:c1:4b:49:65:ad:73:76:ae:e1:6d:4a:fd:
                    d4:dc:92:40:87:41:92:76:eb:83:c5:37:e6:52:d8:
                    9e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:F8:F3:19:2C:92:2B:C6:92:E8:51:AC:09:20:DC:4F:57:10:E4:B4
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/J_jzGSySK8aS6FGsCSDcT1cQ5LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.216.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:10:36:83:6a:a5:69:93:3f:03:4b:e1:f8:02:b9:bd:91:9e:
         0a:e3:22:a3:4a:75:8d:93:f0:bc:18:00:e5:8d:fd:32:47:2b:
         b3:61:d9:62:52:7d:6d:20:f4:91:17:41:61:f4:4b:8b:a0:76:
         0e:63:ff:1a:18:16:bf:a2:30:45:5c:91:04:50:2c:d0:5a:dc:
         36:0d:23:0e:1d:45:40:a4:a8:89:19:da:df:01:d6:69:19:a7:
         5d:59:47:e6:67:a2:87:0f:d9:f0:da:9b:50:72:2f:ce:16:38:
         1e:bf:32:58:48:12:b5:b5:fa:88:7f:c2:26:a3:3d:0b:69:64:
         69:bd:71:bb:61:8c:b1:84:5a:26:7e:0d:01:ae:47:f1:31:af:
         48:42:a9:d3:2e:f8:1c:99:44:56:bf:c3:f7:74:d4:46:97:09:
         b3:b6:a9:65:e8:00:71:68:68:bf:d5:99:e4:95:fe:b6:64:b6:
         01:ba:dc:3d:ce:70:b5:86:fb:06:52:0e:8f:10:e3:81:c4:20:
         a7:13:50:59:ea:90:d1:3a:6e:9f:51:8a:42:3e:3c:6d:50:29:
         c2:6e:32:ab:aa:f0:fa:ab:48:ae:f7:48:dc:9a:d5:c7:76:59:
         0f:01:42:7c:b4:7a:14:63:74:27:44:d0:8e:d9:02:68:6d:8b:
         03:bd:4c:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAT6TQxnQfOm1mriEyTCmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2Y4ZjMxOTJjOTIyYmM2OTJlODUxYWMwOTIwZGM0ZjU3MTBlNGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmI//AvqZwkcSHSAo6f9mbT41JMYZ
paZzX2dy3mXNwqwsWzqENXWcf12SxuuMkz3g5ZuKq1uDODk9cDv2BoC9md3d7WIf
zYDF20w7hGurEhcCQiUoQBEyLVxHhKGRRBS/BIieOVJcEeVReeV+95vHQQ17I5DI
E+LnhLe4kPGvL899QpSotpbFZO7Jbms8JnfDd1n8Uk/dpxRk72TnNPZMp5DmYJVm
hNntn4Df8hTb9+0qVLLKV7i1gOxz2+/lpdRhRc1DA8vX4C90bZiab5FKtRzUP1Xk
15dotnnp5//20XOrfYnBS0llrXN2ruFtSv3U3JJAh0GSduuDxTfmUtieXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCf48xkskivGkuhRrAkg3E9XEOS0MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvSl9qekdTeVNLOGFTNkZHc0NTRGNUMWNRNUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNjHMA0G
CSqGSIb3DQEBCwUAA4IBAQAtEDaDaqVpkz8DS+H4Arm9kZ4K4yKjSnWNk/C8GADl
jf0yRyuzYdliUn1tIPSRF0Fh9EuLoHYOY/8aGBa/ojBFXJEEUCzQWtw2DSMOHUVA
pKiJGdrfAdZpGaddWUfmZ6KHD9nw2ptQci/OFjgevzJYSBK1tfqIf8Imoz0LaWRp
vXG7YYyxhFomfg0BrkfxMa9IQqnTLvgcmURWv8P3dNRGlwmztqll6ABxaGi/1Znk
lf62ZLYButw9znC1hvsGUg6PEOOBxCCnE1BZ6pDROm6fUYpCPjxtUCnCbjKrqvD6
q0iu90jcmtXHdlkPAUJ8tHoUY3QnRNCO2QJobYsDvUxw
-----END CERTIFICATE-----