Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/jmKBHm1x6v9NE9Lx_x6qOaCL8gk.roa
File:                     jmKBHm1x6v9NE9Lx_x6qOaCL8gk.roa (raw, json)
Hash identifier:          dHmfRfP8TI4FRWXt3CzKDPiJ5PEfDisRaa3hNPmZ+ro=
Subject key identifier:   8E:62:81:1E:6D:71:EA:FF:4D:13:D2:F1:FF:1E:AA:39:A0:8B:F2:09
Certificate issuer:       /CN=e0d435784da8c218e0ff107cdcfe24ca4569c949
Certificate serial:       018CCA9961E8F635847B0CC23ACD6D0EB71A
Authority key identifier: E0:D4:35:78:4D:A8:C2:18:E0:FF:10:7C:DC:FE:24:CA:45:69:C9:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4NQ1eE2owhjg_xB83P4kykVpyUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/jmKBHm1x6v9NE9Lx_x6qOaCL8gk.roa
Signing time:             Tue 02 Jan 2024 14:34:58 +0000
ROA not before:           Tue 02 Jan 2024 14:34:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197214
IP address blocks:        87.243.67.0/24 maxlen: 24
                          87.243.66.0/24 maxlen: 24
                          87.243.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/4NQ1eE2owhjg_xB83P4kykVpyUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/4NQ1eE2owhjg_xB83P4kykVpyUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4NQ1eE2owhjg_xB83P4kykVpyUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:61:e8:f6:35:84:7b:0c:c2:3a:cd:6d:0e:b7:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0d435784da8c218e0ff107cdcfe24ca4569c949
        Validity
            Not Before: Jan  2 14:34:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e62811e6d71eaff4d13d2f1ff1eaa39a08bf209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4d:fa:38:78:4d:88:60:b0:b1:46:d0:86:85:
                    d7:59:d6:ae:6d:7e:98:a5:ad:1e:4a:99:95:d3:56:
                    a5:06:90:f0:fd:90:94:71:01:09:ad:62:83:d1:aa:
                    2b:77:4e:d7:31:1f:cb:0e:87:1f:44:6b:25:bc:d2:
                    75:1c:d8:2d:5b:6c:19:7d:4f:db:ab:dd:6c:e7:e5:
                    69:dc:7e:6c:e8:ad:4a:70:f0:1d:5d:63:4b:b0:80:
                    45:76:c4:31:5c:f2:8e:2e:19:9a:e0:d7:8c:31:15:
                    cb:31:38:d5:b2:47:c2:73:0c:0d:b6:1c:36:71:19:
                    db:d8:5e:dd:a1:a6:c2:cf:c4:3f:ce:73:41:2c:3f:
                    07:b7:06:91:42:88:89:99:20:f0:00:b4:87:f2:11:
                    8e:2d:9f:f1:cf:20:55:89:fc:8e:5e:06:dc:29:8b:
                    81:9a:24:81:bd:c0:1e:bd:91:fe:fb:91:0c:d9:bd:
                    b8:be:09:ed:38:4e:45:84:67:dd:08:0e:bd:a0:92:
                    9b:0a:44:ee:09:f9:f0:0b:60:4e:76:fc:1e:8b:30:
                    6f:49:35:52:1b:3a:8a:3a:a5:98:fa:a8:f2:30:bd:
                    75:bf:12:63:f5:78:d4:95:f2:b9:bf:58:bf:dc:70:
                    52:90:72:7c:b3:46:2f:03:1a:bc:f9:0c:b8:09:6b:
                    ea:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:62:81:1E:6D:71:EA:FF:4D:13:D2:F1:FF:1E:AA:39:A0:8B:F2:09
            X509v3 Authority Key Identifier:
                keyid:E0:D4:35:78:4D:A8:C2:18:E0:FF:10:7C:DC:FE:24:CA:45:69:C9:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4NQ1eE2owhjg_xB83P4kykVpyUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/jmKBHm1x6v9NE9Lx_x6qOaCL8gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/4NQ1eE2owhjg_xB83P4kykVpyUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.243.65.0-87.243.67.255

    Signature Algorithm: sha256WithRSAEncryption
         f2:6f:70:06:da:42:f1:dd:02:c4:2f:9a:bb:b0:5b:38:c6:d8:
         a1:ad:95:65:14:01:22:7a:29:1c:b3:88:6d:ff:51:9c:7a:44:
         f6:04:c0:f4:a4:cd:ac:b3:31:3b:33:59:7a:1e:4a:a7:3e:59:
         d2:c8:cc:ea:6a:8b:98:9e:3c:0d:05:c6:40:dc:10:94:2f:6d:
         2f:b9:a3:aa:44:13:26:95:22:61:8b:df:d0:3a:7d:c1:6a:9d:
         df:cc:6d:f1:0b:0e:7a:ef:02:d2:bc:fe:11:c2:b1:f8:be:98:
         60:fb:7e:bc:86:56:94:aa:17:ce:e7:31:e4:a5:1f:01:3b:72:
         49:b4:a3:52:29:f4:6e:7c:55:04:04:16:58:3e:2e:ca:ae:1c:
         f4:c3:cc:f2:f4:63:d0:36:3e:f6:3c:73:e6:16:ff:ec:b1:92:
         d9:23:6c:67:6a:44:ff:62:b4:ff:1f:a0:4e:87:88:1a:66:65:
         34:0d:a5:53:4e:80:cb:1b:aa:b9:5b:8e:03:3f:d3:7b:44:a9:
         c4:86:d9:4c:e7:a9:36:e4:33:84:ac:c2:79:a5:b0:f3:66:02:
         7a:4a:f5:2f:e6:41:84:9f:7b:4c:86:61:31:1c:51:4c:f8:80:
         fc:61:b1:84:bd:ed:8d:f3:fd:91:72:f4:76:c6:08:77:94:96:
         97:79:96:a3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKmWHo9jWEewzCOs1tDrcaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZDQzNTc4NGRhOGMyMThlMGZmMTA3Y2RjZmUyNGNhNDU2
OWM5NDkwHhcNMjQwMTAyMTQzNDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTYyODExZTZkNzFlYWZmNGQxM2QyZjFmZjFlYWEzOWEwOGJmMjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp036OHhNiGCwsUbQhoXXWdaubX6Y
pa0eSpmV01alBpDw/ZCUcQEJrWKD0aord07XMR/LDocfRGslvNJ1HNgtW2wZfU/b
q91s5+Vp3H5s6K1KcPAdXWNLsIBFdsQxXPKOLhma4NeMMRXLMTjVskfCcwwNthw2
cRnb2F7doabCz8Q/znNBLD8HtwaRQoiJmSDwALSH8hGOLZ/xzyBVifyOXgbcKYuB
miSBvcAevZH++5EM2b24vgntOE5FhGfdCA69oJKbCkTuCfnwC2BOdvweizBvSTVS
GzqKOqWY+qjyML11vxJj9XjUlfK5v1i/3HBSkHJ8s0YvAxq8+Qy4CWvqYwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI5igR5tcer/TRPS8f8eqjmgi/IJMB8GA1UdIwQY
MBaAFODUNXhNqMIY4P8QfNz+JMpFaclJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE5RMWVFMm93aGpnX3hCODNQNGt5a1ZweVVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9hMDVlYmEtOWQ4NS00ODliLWFlYzct
ZWQ0MmQzYTYyNWE0LzEvam1LQkhtMXg2djlORTlMeF94NnFPYUNMOGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9hMDVlYmEtOWQ4NS00ODliLWFlYzctZWQ0MmQzYTYyNWE0
LzEvNE5RMWVFMm93aGpnX3hCODNQNGt5a1ZweVVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABX80ED
BAJX80AwDQYJKoZIhvcNAQELBQADggEBAPJvcAbaQvHdAsQvmruwWzjG2KGtlWUU
ASJ6KRyziG3/UZx6RPYEwPSkzayzMTszWXoeSqc+WdLIzOpqi5iePA0FxkDcEJQv
bS+5o6pEEyaVImGL39A6fcFqnd/MbfELDnrvAtK8/hHCsfi+mGD7fryGVpSqF87n
MeSlHwE7ckm0o1Ip9G58VQQEFlg+LsquHPTDzPL0Y9A2PvY8c+YW/+yxktkjbGdq
RP9itP8foE6HiBpmZTQNpVNOgMsbqrlbjgM/03tEqcSG2UznqTbkM4SswnmlsPNm
AnpK9S/mQYSfe0yGYTEcUUz4gPxhsYS97Y3z/ZFy9HbGCHeUlpd5lqM=
-----END CERTIFICATE-----