Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/kjpSG_7RYTF6msZSN-XV_e7FTZU.roa
File:                     kjpSG_7RYTF6msZSN-XV_e7FTZU.roa (raw, json)
Hash identifier:          yvuYpUHd1sBluPa9kkR3NxmnQI+Lo9Oi74rKyxjribY=
Subject key identifier:   92:3A:52:1B:FE:D1:61:31:7A:9A:C6:52:37:E5:D5:FD:EE:C5:4D:95
Certificate issuer:       /CN=807709e7b0efba127025c83e5d3194c71ba428c3
Certificate serial:       018F62EEA00E1F63756280EE8C39F0EDCC80
Authority key identifier: 80:77:09:E7:B0:EF:BA:12:70:25:C8:3E:5D:31:94:C7:1B:A4:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/kjpSG_7RYTF6msZSN-XV_e7FTZU.roa
Signing time:             Fri 10 May 2024 14:35:56 +0000
ROA not before:           Fri 10 May 2024 14:35:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        195.238.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:62:ee:a0:0e:1f:63:75:62:80:ee:8c:39:f0:ed:cc:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=807709e7b0efba127025c83e5d3194c71ba428c3
        Validity
            Not Before: May 10 14:35:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=923a521bfed161317a9ac65237e5d5fdeec54d95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:02:e6:6f:24:c8:9a:e6:a4:a5:45:d4:fb:73:
                    1e:54:82:c3:9a:40:ae:d4:bd:d9:7b:53:04:ff:85:
                    1c:71:e8:1e:77:84:5e:b2:b8:b5:db:92:a7:0b:97:
                    af:d5:3f:55:aa:cb:01:a9:17:29:6b:5f:c6:3c:2b:
                    24:1f:d0:98:89:ca:4f:98:59:f3:9b:57:0a:67:83:
                    6b:6c:a6:5d:5b:1e:de:05:37:01:0f:48:66:8d:c2:
                    f2:22:fe:96:08:67:38:85:61:ca:9f:8d:bb:94:29:
                    bb:a3:22:ef:89:85:f1:9a:ac:0b:a5:38:0d:3b:c6:
                    14:bf:ae:b9:67:75:f1:5e:06:83:91:aa:28:b0:11:
                    dd:45:86:e7:83:f9:9b:42:dd:71:0b:b2:3d:6a:7f:
                    ad:8c:74:04:c1:27:e3:61:4b:89:95:e9:b3:94:4a:
                    b1:f3:58:80:d6:62:f2:31:10:5b:87:ba:df:3c:1d:
                    70:69:93:24:a8:59:e5:06:9c:9b:a4:7d:8f:ab:f0:
                    fe:57:5a:37:de:fc:ae:f3:d1:bb:28:81:45:9f:c2:
                    bd:03:a3:0e:8b:09:3e:02:38:dc:8f:df:1c:2d:71:
                    84:a4:2d:aa:68:d7:60:2c:4e:16:80:18:80:47:2f:
                    2f:0a:36:9e:7d:7b:fd:d0:79:f1:24:c4:fe:ac:b9:
                    de:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:3A:52:1B:FE:D1:61:31:7A:9A:C6:52:37:E5:D5:FD:EE:C5:4D:95
            X509v3 Authority Key Identifier:
                keyid:80:77:09:E7:B0:EF:BA:12:70:25:C8:3E:5D:31:94:C7:1B:A4:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/kjpSG_7RYTF6msZSN-XV_e7FTZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:0f:60:35:8e:d5:09:22:2d:81:d0:9f:87:11:7f:f4:e7:01:
         6a:af:f3:98:13:d2:4f:9d:7f:e2:32:d9:99:18:2a:0c:a5:79:
         30:53:39:03:b7:f6:14:11:94:41:15:a4:48:39:9c:59:57:15:
         62:00:1a:1d:e0:01:27:23:72:d1:c5:6a:cc:6a:14:9d:9d:86:
         c3:67:52:96:c7:5d:50:90:66:4a:09:5b:ba:79:18:1b:7c:ab:
         4a:7c:b4:f3:cb:19:38:80:d6:8e:f8:2c:5e:be:f5:9b:9b:ea:
         8e:65:11:d0:00:5f:74:d0:37:dc:e7:1e:74:6f:42:b2:c9:26:
         4e:82:58:75:73:61:81:a1:d3:7e:0c:9b:30:ec:12:0a:cb:b0:
         9f:be:f8:1e:81:45:e6:e2:af:9b:d4:f0:e3:02:04:39:c3:19:
         5f:7b:39:41:73:0f:18:11:03:84:45:c9:41:ed:09:3f:d1:14:
         53:1d:82:66:4a:61:43:e1:7f:a2:49:75:56:73:5a:76:93:cb:
         d4:01:6c:fe:e1:4a:60:bc:3c:85:06:5e:ce:33:50:e3:20:ea:
         d5:cb:ec:61:4f:fb:7a:c1:66:2a:6c:45:43:90:98:a3:20:63:
         05:2d:3c:1f:72:8d:28:d8:3d:a5:e8:37:ce:2f:91:f8:5c:e4:
         3b:53:3b:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9i7qAOH2N1YoDujDnw7cyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNzcwOWU3YjBlZmJhMTI3MDI1YzgzZTVkMzE5NGM3MWJh
NDI4YzMwHhcNMjQwNTEwMTQzNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjNhNTIxYmZlZDE2MTMxN2E5YWM2NTIzN2U1ZDVmZGVlYzU0ZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wLmbyTImuakpUXU+3MeVILDmkCu
1L3Ze1ME/4Ucceged4Resri125KnC5ev1T9VqssBqRcpa1/GPCskH9CYicpPmFnz
m1cKZ4NrbKZdWx7eBTcBD0hmjcLyIv6WCGc4hWHKn427lCm7oyLviYXxmqwLpTgN
O8YUv665Z3XxXgaDkaoosBHdRYbng/mbQt1xC7I9an+tjHQEwSfjYUuJlemzlEqx
81iA1mLyMRBbh7rfPB1waZMkqFnlBpybpH2Pq/D+V1o33vyu89G7KIFFn8K9A6MO
iwk+Ajjcj98cLXGEpC2qaNdgLE4WgBiARy8vCjaefXv90HnxJMT+rLnecQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJI6Uhv+0WExeprGUjfl1f3uxU2VMB8GA1UdIwQY
MBaAFIB3Ceew77oScCXIPl0xlMcbpCjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0hjSjU3RHZ1aEp3SmNnLVhUR1V4eHVrS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jNDI2YzMtNGYwMy00NmJiLTgwMDgt
YmU5YWQyYmY3MjVmLzEva2pwU0dfN1JZVEY2bXNaU04tWFZfZTdGVFpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jNDI2YzMtNGYwMy00NmJiLTgwMDgtYmU5YWQyYmY3MjVm
LzEvZ0hjSjU3RHZ1aEp3SmNnLVhUR1V4eHVrS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+5eMA0G
CSqGSIb3DQEBCwUAA4IBAQBwD2A1jtUJIi2B0J+HEX/05wFqr/OYE9JPnX/iMtmZ
GCoMpXkwUzkDt/YUEZRBFaRIOZxZVxViABod4AEnI3LRxWrMahSdnYbDZ1KWx11Q
kGZKCVu6eRgbfKtKfLTzyxk4gNaO+CxevvWbm+qOZRHQAF900Dfc5x50b0KyySZO
glh1c2GBodN+DJsw7BIKy7CfvvgegUXm4q+b1PDjAgQ5wxlfezlBcw8YEQOERclB
7Qk/0RRTHYJmSmFD4X+iSXVWc1p2k8vUAWz+4UpgvDyFBl7OM1DjIOrVy+xhT/t6
wWYqbEVDkJijIGMFLTwfco0o2D2l6DfOL5H4XOQ7Uzsf
-----END CERTIFICATE-----