Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/0bb33b-68f7-4748-84ac-004fe433c7c8/1/jimYl-y2nUcHGZx440TRGeUv6KA.roa
File:                     jimYl-y2nUcHGZx440TRGeUv6KA.roa (raw, json)
Hash identifier:          2UWHTOh5Q15HlVZ7S0xzfqQOG98YgtpBHNU8lDgke0M=
Subject key identifier:   8E:29:98:97:EC:B6:9D:47:07:19:9C:78:E3:44:D1:19:E5:2F:E8:A0
Certificate issuer:       /CN=0e43a0df059a5251a400b5a1f1321ba00d3120d2
Certificate serial:       018CC49374DDA8C75991FFB9909C30782AEF
Authority key identifier: 0E:43:A0:DF:05:9A:52:51:A4:00:B5:A1:F1:32:1B:A0:0D:31:20:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DkOg3wWaUlGkALWh8TIboA0xINI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/0bb33b-68f7-4748-84ac-004fe433c7c8/1/jimYl-y2nUcHGZx440TRGeUv6KA.roa
Signing time:             Mon 01 Jan 2024 10:30:47 +0000
ROA not before:           Mon 01 Jan 2024 10:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200356
IP address blocks:        185.159.106.0/23 maxlen: 23
                          2a07:b880:80::/41 maxlen: 41

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/0bb33b-68f7-4748-84ac-004fe433c7c8/1/DkOg3wWaUlGkALWh8TIboA0xINI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/0bb33b-68f7-4748-84ac-004fe433c7c8/1/DkOg3wWaUlGkALWh8TIboA0xINI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DkOg3wWaUlGkALWh8TIboA0xINI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:74:dd:a8:c7:59:91:ff:b9:90:9c:30:78:2a:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e43a0df059a5251a400b5a1f1321ba00d3120d2
        Validity
            Not Before: Jan  1 10:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e299897ecb69d4707199c78e344d119e52fe8a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b0:66:99:d6:97:b6:0f:c1:28:5f:af:6f:02:
                    85:06:98:d5:2c:f8:0f:31:00:d7:25:8d:94:67:86:
                    2f:ad:a9:5c:34:3d:9e:11:bb:f6:52:79:ac:f5:23:
                    f7:ea:e8:71:d8:d1:21:33:08:e9:ce:ea:a7:c3:53:
                    ca:fb:c7:9b:70:90:99:cb:c9:25:70:52:aa:35:40:
                    80:21:66:d6:ed:77:37:92:e9:96:1e:62:d0:d2:80:
                    d7:09:2a:a5:64:d5:02:48:57:eb:c0:e7:b1:60:59:
                    96:d4:39:95:8b:45:d3:2a:5b:59:8c:a1:ed:f7:6a:
                    25:7d:2c:59:e2:3e:89:0e:99:ff:b8:63:61:eb:5d:
                    e6:2b:ef:0e:ff:4e:d8:d6:c7:7c:f2:d7:b1:a0:d8:
                    38:d7:af:18:84:ed:82:9c:75:a2:b9:5c:b9:cd:c3:
                    43:74:b2:b8:17:c9:a0:5e:18:1c:d5:77:2f:3e:47:
                    0f:ee:88:fe:0d:ae:9f:a8:dd:d3:0a:c2:b4:6a:31:
                    7f:b8:d2:aa:c3:a6:63:07:62:2c:90:66:8a:3d:82:
                    fa:d2:df:b6:36:67:8e:61:ac:85:af:50:c6:3f:74:
                    1b:14:8c:3a:cd:07:27:e6:7d:20:1d:7e:2f:8a:3a:
                    17:69:04:7d:a2:a2:4e:5c:37:80:c1:50:b9:a1:e9:
                    90:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:29:98:97:EC:B6:9D:47:07:19:9C:78:E3:44:D1:19:E5:2F:E8:A0
            X509v3 Authority Key Identifier:
                keyid:0E:43:A0:DF:05:9A:52:51:A4:00:B5:A1:F1:32:1B:A0:0D:31:20:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DkOg3wWaUlGkALWh8TIboA0xINI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0bb33b-68f7-4748-84ac-004fe433c7c8/1/jimYl-y2nUcHGZx440TRGeUv6KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/0bb33b-68f7-4748-84ac-004fe433c7c8/1/DkOg3wWaUlGkALWh8TIboA0xINI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.106.0/23
                IPv6:
                  2a07:b880:80::/41

    Signature Algorithm: sha256WithRSAEncryption
         80:7e:07:3c:21:61:65:ba:cf:29:85:44:c9:9f:43:ed:4f:95:
         29:b6:47:32:6f:47:1d:bb:08:ff:b5:ae:bb:ef:8c:8b:dc:37:
         73:a6:86:b6:c6:ab:d6:7d:26:c0:fa:e2:25:06:ad:67:3a:e3:
         52:1a:cd:fe:70:29:73:3f:cb:db:3f:b5:a6:5a:e3:8f:a4:1f:
         92:74:41:2d:c0:c8:24:c0:7a:0c:4c:fa:d8:fa:b3:7e:3a:f2:
         85:6c:55:cb:67:24:e6:89:97:54:7c:4c:03:0a:cf:9a:8e:64:
         1d:49:46:4d:c5:20:e2:8e:6d:7e:56:4d:c1:3f:07:3a:53:34:
         b5:3b:56:3d:c7:2b:14:84:85:ce:f7:6e:4d:37:ee:12:4a:cf:
         e0:fe:0e:f7:af:09:f8:e9:ee:21:bd:7c:55:2c:95:fb:16:1a:
         ba:23:de:df:1e:be:26:e3:5b:14:5d:20:a0:29:b2:02:99:3d:
         3d:12:78:8a:b1:21:e7:d7:bd:46:3f:37:d4:10:75:a8:33:1c:
         e0:90:32:af:88:40:ec:3d:b9:ad:6a:93:74:6f:18:e7:6e:83:
         b2:55:f0:7a:6e:92:f2:93:92:6c:18:38:06:39:fb:96:c8:42:
         ee:7c:86:03:87:fc:12:e4:69:40:7c:4c:8e:ea:06:95:22:05:
         c9:b5:52:3f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk3TdqMdZkf+5kJwweCrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNDNhMGRmMDU5YTUyNTFhNDAwYjVhMWYxMzIxYmEwMGQz
MTIwZDIwHhcNMjQwMTAxMTAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTI5OTg5N2VjYjY5ZDQ3MDcxOTljNzhlMzQ0ZDExOWU1MmZlOGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7BmmdaXtg/BKF+vbwKFBpjVLPgP
MQDXJY2UZ4YvralcND2eEbv2Unms9SP36uhx2NEhMwjpzuqnw1PK+8ebcJCZy8kl
cFKqNUCAIWbW7Xc3kumWHmLQ0oDXCSqlZNUCSFfrwOexYFmW1DmVi0XTKltZjKHt
92olfSxZ4j6JDpn/uGNh613mK+8O/07Y1sd88texoNg4168YhO2CnHWiuVy5zcND
dLK4F8mgXhgc1XcvPkcP7oj+Da6fqN3TCsK0ajF/uNKqw6ZjB2IskGaKPYL60t+2
NmeOYayFr1DGP3QbFIw6zQcn5n0gHX4vijoXaQR9oqJOXDeAwVC5oemQQwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI4pmJfstp1HBxmceONE0RnlL+igMB8GA1UdIwQY
MBaAFA5DoN8FmlJRpAC1ofEyG6ANMSDSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGtPZzN3V2FVbEdrQUxXaDhUSWJvQTB4SU5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wYmIzM2ItNjhmNy00NzQ4LTg0YWMt
MDA0ZmU0MzNjN2M4LzEvamltWWwteTJuVWNIR1p4NDQwVFJHZVV2NktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wYmIzM2ItNjhmNy00NzQ4LTg0YWMtMDA0ZmU0MzNjN2M4
LzEvRGtPZzN3V2FVbEdrQUxXaDhUSWJvQTB4SU5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuZ9qMA8E
AgACMAkDBwcqB7iAAIAwDQYJKoZIhvcNAQELBQADggEBAIB+BzwhYWW6zymFRMmf
Q+1PlSm2RzJvRx27CP+1rrvvjIvcN3OmhrbGq9Z9JsD64iUGrWc641Iazf5wKXM/
y9s/taZa44+kH5J0QS3AyCTAegxM+tj6s3468oVsVctnJOaJl1R8TAMKz5qOZB1J
Rk3FIOKObX5WTcE/BzpTNLU7Vj3HKxSEhc73bk037hJKz+D+DvevCfjp7iG9fFUs
lfsWGroj3t8evibjWxRdIKApsgKZPT0SeIqxIefXvUY/N9QQdagzHOCQMq+IQOw9
ua1qk3RvGOdug7JV8HpukvKTkmwYOAY5+5bIQu58hgOH/BLkaUB8TI7qBpUiBcm1
Uj8=
-----END CERTIFICATE-----