Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/JirZq3gRNEpNhbmf5wCTPR99kvc.roa
File:                     JirZq3gRNEpNhbmf5wCTPR99kvc.roa (raw, json)
Hash identifier:          NC3Irlp9Z/HLVuNQ4YPjnB32iAEcJS7A46haf1gT3Rc=
Subject key identifier:   26:2A:D9:AB:78:11:34:4A:4D:85:B9:9F:E7:00:93:3D:1F:7D:92:F7
Certificate issuer:       /CN=374c2617a372e466e98d42532dd0bd8e5cdd993d
Certificate serial:       018CC64A9B17DF7587A44EFBA5B05C0299E3
Authority key identifier: 37:4C:26:17:A3:72:E4:66:E9:8D:42:53:2D:D0:BD:8E:5C:DD:99:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/JirZq3gRNEpNhbmf5wCTPR99kvc.roa
Signing time:             Mon 01 Jan 2024 18:30:27 +0000
ROA not before:           Mon 01 Jan 2024 18:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202120
IP address blocks:        185.73.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:9b:17:df:75:87:a4:4e:fb:a5:b0:5c:02:99:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374c2617a372e466e98d42532dd0bd8e5cdd993d
        Validity
            Not Before: Jan  1 18:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=262ad9ab7811344a4d85b99fe700933d1f7d92f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:51:e5:b7:19:bb:55:b1:04:fe:aa:d3:04:5e:
                    e6:08:86:7a:bf:c4:2b:5d:28:9b:2c:72:1d:dd:1c:
                    ef:c9:02:c0:b7:2b:4a:5f:0a:72:9c:b4:e6:3a:84:
                    c8:ff:d5:52:48:d0:0e:91:b4:46:b5:ce:d3:37:b7:
                    82:1c:ad:1c:11:b9:f0:dd:80:13:eb:4e:f4:23:b1:
                    cf:66:5b:50:e0:a8:82:56:44:f0:ca:91:6c:e3:84:
                    bc:4b:5d:80:7d:97:94:51:fc:5a:5b:c5:d5:1c:89:
                    bb:85:6a:42:f6:87:7b:0f:f3:cf:b7:63:33:b3:c1:
                    de:6e:c0:c4:e9:c0:03:77:35:fa:b3:6f:ac:4c:75:
                    b4:f0:d2:d2:a6:dc:54:63:e5:a2:97:a1:27:c7:b1:
                    db:9d:d4:28:c8:22:76:c4:32:fa:de:5d:7f:33:82:
                    12:70:c4:d0:f8:91:2c:cd:23:67:10:7e:5a:01:c6:
                    b0:01:3a:51:67:17:fc:3f:f7:ba:b4:42:2a:34:cb:
                    48:69:d1:8c:68:c6:8b:7c:1b:e0:0a:b0:fa:ba:09:
                    2c:87:68:b3:f5:1e:34:b2:81:d2:a7:c3:3d:ab:27:
                    0a:6c:40:fe:8b:36:f5:94:9c:f0:70:31:e7:d7:0d:
                    0a:ab:29:80:03:d9:80:91:88:ba:4f:85:23:54:15:
                    b7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:2A:D9:AB:78:11:34:4A:4D:85:B9:9F:E7:00:93:3D:1F:7D:92:F7
            X509v3 Authority Key Identifier:
                keyid:37:4C:26:17:A3:72:E4:66:E9:8D:42:53:2D:D0:BD:8E:5C:DD:99:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/JirZq3gRNEpNhbmf5wCTPR99kvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/381125-0248-4ebc-a74d-b8dad6e5c3bf/1/N0wmF6Ny5GbpjUJTLdC9jlzdmT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:2d:d4:95:3c:7d:03:e5:a8:77:98:4d:56:08:85:37:7d:65:
         20:da:84:b8:4f:01:fe:25:be:46:1b:86:80:33:ef:aa:c6:53:
         34:f1:12:f7:e4:53:96:33:75:48:c0:a7:5a:c0:d2:04:e9:65:
         89:1b:96:09:e7:01:2c:d1:de:21:f3:03:15:a9:23:23:07:68:
         20:5c:81:8f:92:d5:29:89:93:75:aa:ef:74:d8:2e:3e:7b:30:
         ee:85:ba:6a:1a:f4:cc:1e:fd:8c:45:50:b8:46:b5:af:37:1d:
         a3:de:4c:9c:17:96:e8:69:fe:2e:2f:90:77:59:da:85:4b:79:
         bb:98:7a:03:9f:c1:f8:52:ea:92:fe:00:b2:52:b9:2b:c8:85:
         b7:50:f8:5a:16:3d:f7:ba:2a:03:ca:cd:2a:0e:fa:d4:c5:a4:
         7c:98:55:64:cd:34:ea:73:bd:00:38:a1:d9:f0:c7:29:30:30:
         b4:18:8b:6c:74:ea:8b:a7:0c:79:96:10:c9:0a:c4:e6:48:2b:
         3c:47:02:23:b0:15:29:e5:14:b6:78:01:5e:5b:46:6b:4a:99:
         5b:f8:9b:d4:f5:44:34:07:90:ab:1a:71:2b:d2:96:8c:83:e7:
         6e:ac:bd:4e:80:01:58:1b:ba:62:18:24:3a:2d:95:9c:ad:9b:
         54:3b:72:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSpsX33WHpE77pbBcApnjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGMyNjE3YTM3MmU0NjZlOThkNDI1MzJkZDBiZDhlNWNk
ZDk5M2QwHhcNMjQwMTAxMTgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjJhZDlhYjc4MTEzNDRhNGQ4NWI5OWZlNzAwOTMzZDFmN2Q5MmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylHltxm7VbEE/qrTBF7mCIZ6v8Qr
XSibLHId3RzvyQLAtytKXwpynLTmOoTI/9VSSNAOkbRGtc7TN7eCHK0cEbnw3YAT
6070I7HPZltQ4KiCVkTwypFs44S8S12AfZeUUfxaW8XVHIm7hWpC9od7D/PPt2Mz
s8HebsDE6cADdzX6s2+sTHW08NLSptxUY+Wil6Enx7HbndQoyCJ2xDL63l1/M4IS
cMTQ+JEszSNnEH5aAcawATpRZxf8P/e6tEIqNMtIadGMaMaLfBvgCrD6ugksh2iz
9R40soHSp8M9qycKbED+izb1lJzwcDHn1w0KqymAA9mAkYi6T4UjVBW3UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYq2at4ETRKTYW5n+cAkz0ffZL3MB8GA1UdIwQY
MBaAFDdMJhejcuRm6Y1CUy3QvY5c3Zk9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjB3bUY2Tnk1R2JwalVKVExkQzlqbHpkbVQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8zODExMjUtMDI0OC00ZWJjLWE3NGQt
YjhkYWQ2ZTVjM2JmLzEvSmlyWnEzZ1JORXBOaGJtZjV3Q1RQUjk5a3ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8zODExMjUtMDI0OC00ZWJjLWE3NGQtYjhkYWQ2ZTVjM2Jm
LzEvTjB3bUY2Tnk1R2JwalVKVExkQzlqbHpkbVQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUlfMA0G
CSqGSIb3DQEBCwUAA4IBAQA1LdSVPH0D5ah3mE1WCIU3fWUg2oS4TwH+Jb5GG4aA
M++qxlM08RL35FOWM3VIwKdawNIE6WWJG5YJ5wEs0d4h8wMVqSMjB2ggXIGPktUp
iZN1qu902C4+ezDuhbpqGvTMHv2MRVC4RrWvNx2j3kycF5boaf4uL5B3WdqFS3m7
mHoDn8H4UuqS/gCyUrkryIW3UPhaFj33uioDys0qDvrUxaR8mFVkzTTqc70AOKHZ
8McpMDC0GItsdOqLpwx5lhDJCsTmSCs8RwIjsBUp5RS2eAFeW0ZrSplb+JvU9UQ0
B5CrGnEr0paMg+durL1OgAFYG7piGCQ6LZWcrZtUO3K9
-----END CERTIFICATE-----