Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/JkVxT7rc0_ZfLC2z23EVFM4FBhw.roa
File:                     JkVxT7rc0_ZfLC2z23EVFM4FBhw.roa (raw, json)
Hash identifier:          YFJO2y7UHoXA0w1BHc+abQ9nMbHgPZWA7Ax5GKuxYHU=
Subject key identifier:   26:45:71:4F:BA:DC:D3:F6:5F:2C:2D:B3:DB:71:15:14:CE:05:06:1C
Certificate issuer:       /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial:       018CC727316E1527A0FFB16B68E532AEDE41
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/JkVxT7rc0_ZfLC2z23EVFM4FBhw.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202673
IP address blocks:        185.81.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:31:6e:15:27:a0:ff:b1:6b:68:e5:32:ae:de:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2645714fbadcd3f65f2c2db3db711514ce05061c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d2:f6:c2:58:a4:07:9d:b5:52:2c:3a:f8:85:
                    13:c4:10:0f:4b:f6:ed:81:15:ce:1c:cd:5f:77:c0:
                    75:d8:fc:f9:2c:ee:44:2d:3b:fe:dc:8a:d3:6a:18:
                    8e:02:87:98:4b:63:81:4c:cc:5a:fe:f6:b1:ed:a5:
                    e1:67:3c:0f:ff:8a:b9:2b:fb:dd:1b:22:98:27:ab:
                    28:d5:54:8e:9e:65:21:ed:ba:6f:a2:ec:ba:3d:69:
                    be:23:16:92:f9:3d:7f:97:d0:91:4f:55:f7:d0:3a:
                    7c:57:46:a8:b8:d3:06:16:3b:90:ad:d4:20:34:5f:
                    43:c7:61:90:d0:f8:55:08:52:6c:cc:35:68:00:f9:
                    02:65:8d:f3:0d:8d:6a:4b:af:70:d7:2c:22:5f:f1:
                    34:6e:0d:0d:0b:50:5c:aa:03:22:d3:33:80:b5:95:
                    15:c0:3d:da:71:8b:86:4c:12:f4:19:17:f6:b3:0a:
                    47:b4:41:e9:ad:c6:ea:2c:b0:47:ae:6d:cd:57:82:
                    1f:6b:06:16:c2:19:06:2e:e1:d8:52:b9:20:a5:7b:
                    4e:a8:0f:8c:22:05:c2:66:a1:a5:db:e2:45:cd:28:
                    e4:db:45:03:f2:6e:d2:ad:58:71:5f:51:b2:5f:96:
                    49:3e:0c:d2:ac:82:14:8a:15:ec:8e:16:b8:1f:90:
                    5e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:45:71:4F:BA:DC:D3:F6:5F:2C:2D:B3:DB:71:15:14:CE:05:06:1C
            X509v3 Authority Key Identifier:
                keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/JkVxT7rc0_ZfLC2z23EVFM4FBhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:49:7a:d5:9d:20:97:0e:e1:b3:84:3c:08:f9:b6:c0:a1:fd:
         3b:a7:a5:c2:ee:09:31:3d:ef:ca:d6:7f:92:79:59:e8:b8:4c:
         ba:4d:45:b7:16:e8:c7:32:ff:c5:6d:03:40:a1:cf:a8:d5:e2:
         62:8a:ca:70:f2:27:d2:05:f7:87:65:84:95:91:97:81:d5:ea:
         93:10:8f:f7:23:c8:c6:a8:e3:0e:32:6b:3f:66:0f:a8:79:57:
         c6:fa:6a:a4:5b:49:24:1e:8f:b7:71:a0:34:03:ce:03:6f:c3:
         df:33:46:1e:b2:c6:13:f0:51:bb:94:93:53:0c:e0:68:0c:de:
         ff:0c:55:f9:6e:b9:51:b5:a0:90:68:f3:97:c6:5b:ac:06:34:
         2b:aa:61:a6:1c:5d:ec:33:4b:4b:ba:d1:ea:3e:2a:73:aa:f6:
         21:61:6c:74:0d:04:6e:05:87:e6:e4:5c:33:ff:60:63:2b:12:
         da:17:5e:92:ae:92:fa:96:cf:40:ed:2a:8b:55:95:13:66:75:
         9a:f7:72:83:f4:13:43:b5:da:1e:ff:08:0f:b5:c2:46:22:67:
         d8:4f:22:74:97:5a:c7:9e:77:f5:68:ca:1d:9a:a1:a6:75:1a:
         78:6d:42:3e:5e:d0:85:96:88:89:39:3d:51:f4:3d:0c:bd:70:
         c7:73:df:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzFuFSeg/7FraOUyrt5BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjQ1NzE0ZmJhZGNkM2Y2NWYyYzJkYjNkYjcxMTUxNGNlMDUwNjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktL2wlikB521Uiw6+IUTxBAPS/bt
gRXOHM1fd8B12Pz5LO5ELTv+3IrTahiOAoeYS2OBTMxa/vax7aXhZzwP/4q5K/vd
GyKYJ6so1VSOnmUh7bpvouy6PWm+IxaS+T1/l9CRT1X30Dp8V0aouNMGFjuQrdQg
NF9Dx2GQ0PhVCFJszDVoAPkCZY3zDY1qS69w1ywiX/E0bg0NC1BcqgMi0zOAtZUV
wD3acYuGTBL0GRf2swpHtEHprcbqLLBHrm3NV4IfawYWwhkGLuHYUrkgpXtOqA+M
IgXCZqGl2+JFzSjk20UD8m7SrVhxX1GyX5ZJPgzSrIIUihXsjha4H5BeRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZFcU+63NP2Xywts9txFRTOBQYcMB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvSmtWeFQ3cmMwX1pmTEMyejIzRVZGTTRGQmh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVF+MA0G
CSqGSIb3DQEBCwUAA4IBAQA4SXrVnSCXDuGzhDwI+bbAof07p6XC7gkxPe/K1n+S
eVnouEy6TUW3FujHMv/FbQNAoc+o1eJiispw8ifSBfeHZYSVkZeB1eqTEI/3I8jG
qOMOMms/Zg+oeVfG+mqkW0kkHo+3caA0A84Db8PfM0YessYT8FG7lJNTDOBoDN7/
DFX5brlRtaCQaPOXxlusBjQrqmGmHF3sM0tLutHqPipzqvYhYWx0DQRuBYfm5Fwz
/2BjKxLaF16SrpL6ls9A7SqLVZUTZnWa93KD9BNDtdoe/wgPtcJGImfYTyJ0l1rH
nnf1aModmqGmdRp4bUI+XtCFloiJOT1R9D0MvXDHc9+9
-----END CERTIFICATE-----