Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/JBxZoSrW35odi2y3ehUGir85gpc.roa
File:                     JBxZoSrW35odi2y3ehUGir85gpc.roa (raw, json)
Hash identifier:          ZfSkxCcbTlzdkdkhesmXPLL34s/OH7HxxneQyJ7Fr8I=
Subject key identifier:   24:1C:59:A1:2A:D6:DF:9A:1D:8B:6C:B7:7A:15:06:8A:BF:39:82:97
Certificate issuer:       /CN=84db747b289717a0684cd6ac82307aa67bb2d7bb
Certificate serial:       018CC56DEEC6277E73453358FFA48E9AD283
Authority key identifier: 84:DB:74:7B:28:97:17:A0:68:4C:D6:AC:82:30:7A:A6:7B:B2:D7:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hNt0eyiXF6BoTNasgjB6pnuy17s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/JBxZoSrW35odi2y3ehUGir85gpc.roa
Signing time:             Mon 01 Jan 2024 14:29:25 +0000
ROA not before:           Mon 01 Jan 2024 14:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206191
IP address blocks:        195.110.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/hNt0eyiXF6BoTNasgjB6pnuy17s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/hNt0eyiXF6BoTNasgjB6pnuy17s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hNt0eyiXF6BoTNasgjB6pnuy17s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ee:c6:27:7e:73:45:33:58:ff:a4:8e:9a:d2:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84db747b289717a0684cd6ac82307aa67bb2d7bb
        Validity
            Not Before: Jan  1 14:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=241c59a12ad6df9a1d8b6cb77a15068abf398297
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b0:23:85:16:91:99:ba:7d:37:9d:df:13:64:
                    c5:5e:18:83:73:27:40:5f:01:82:7b:f6:af:8f:c5:
                    bc:cf:fa:16:14:2e:df:d5:2f:d3:04:bc:4d:44:c5:
                    d0:ec:e0:31:fe:26:1a:5a:26:13:c3:12:d0:21:7d:
                    67:88:b9:9f:7f:d9:97:ce:22:8c:3b:e9:cf:bc:d9:
                    f6:52:58:40:e1:c3:cc:48:01:55:b7:9c:4d:29:22:
                    75:a8:c9:65:61:bb:84:1e:43:b9:3d:59:da:b4:1d:
                    90:6e:8a:aa:06:a5:29:ca:9d:5e:da:b0:9a:d7:45:
                    39:a7:40:b3:8d:7a:6e:3b:68:f1:a7:f8:00:c3:b4:
                    0c:a2:a7:cf:9e:79:73:fd:55:7d:94:a4:f7:ef:0b:
                    14:c7:3b:a0:28:52:7d:3d:29:bf:aa:54:10:cc:6f:
                    f5:cc:f9:f7:e5:2f:11:d3:44:fd:ee:0c:95:ae:a1:
                    a9:42:91:63:46:84:27:fc:5c:54:8c:2f:2e:e1:7f:
                    f1:3d:31:6f:30:1e:2a:3d:e6:0d:b0:72:cb:8c:ad:
                    4c:36:5c:11:08:13:2f:a7:5a:97:c9:7d:1d:1b:09:
                    58:01:78:5b:f1:a1:91:13:c7:be:e6:1f:e9:d5:3f:
                    1c:f1:a7:a4:6c:c8:20:b7:2d:5a:10:74:cb:1f:39:
                    34:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:1C:59:A1:2A:D6:DF:9A:1D:8B:6C:B7:7A:15:06:8A:BF:39:82:97
            X509v3 Authority Key Identifier:
                keyid:84:DB:74:7B:28:97:17:A0:68:4C:D6:AC:82:30:7A:A6:7B:B2:D7:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hNt0eyiXF6BoTNasgjB6pnuy17s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/JBxZoSrW35odi2y3ehUGir85gpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/7142b1-7091-4d3a-bd6d-9fe7ee9c0368/1/hNt0eyiXF6BoTNasgjB6pnuy17s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.110.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:bf:92:75:ab:f8:7b:ca:ca:88:c3:c5:fc:a5:86:95:a7:0b:
         e3:41:1c:61:66:47:19:a4:ec:e8:4b:89:2d:d5:a6:6c:71:9c:
         46:56:93:d0:1f:34:fb:36:15:50:63:8e:2b:2a:c2:23:0d:9c:
         81:09:5c:31:cc:bb:3e:49:64:cf:93:07:c0:26:f9:a4:29:3d:
         eb:0c:38:9c:81:0b:e7:6f:31:3a:5a:db:2e:2e:33:37:5d:10:
         e3:45:54:36:b5:5e:d4:66:11:9b:1e:85:44:bd:f2:62:b6:70:
         80:41:12:83:64:81:0d:63:40:30:03:c3:9e:a1:c6:7e:43:d0:
         f3:c1:5f:04:13:b4:63:60:11:d9:7a:c6:e1:25:71:9a:8e:bb:
         cf:53:79:cc:5c:0c:89:21:96:5f:cc:54:01:0c:80:19:99:38:
         87:9f:72:ad:94:93:4c:00:4d:07:80:20:7c:4f:29:62:cf:55:
         e9:a8:d6:45:2f:7f:55:71:a8:17:b1:32:d1:8f:ee:19:e8:a9:
         5f:f0:4c:62:db:87:62:3a:ee:ac:99:aa:3a:ac:ae:48:4b:93:
         74:17:e5:79:99:1c:bb:59:76:06:2c:b2:57:f4:03:fb:55:3b:
         a5:bb:14:18:40:f2:38:06:f3:ba:a7:a5:6c:35:ee:b1:b0:89:
         da:54:05:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbe7GJ35zRTNY/6SOmtKDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZGI3NDdiMjg5NzE3YTA2ODRjZDZhYzgyMzA3YWE2N2Ji
MmQ3YmIwHhcNMjQwMTAxMTQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDFjNTlhMTJhZDZkZjlhMWQ4YjZjYjc3YTE1MDY4YWJmMzk4Mjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbAjhRaRmbp9N53fE2TFXhiDcydA
XwGCe/avj8W8z/oWFC7f1S/TBLxNRMXQ7OAx/iYaWiYTwxLQIX1niLmff9mXziKM
O+nPvNn2UlhA4cPMSAFVt5xNKSJ1qMllYbuEHkO5PVnatB2QboqqBqUpyp1e2rCa
10U5p0CzjXpuO2jxp/gAw7QMoqfPnnlz/VV9lKT37wsUxzugKFJ9PSm/qlQQzG/1
zPn35S8R00T97gyVrqGpQpFjRoQn/FxUjC8u4X/xPTFvMB4qPeYNsHLLjK1MNlwR
CBMvp1qXyX0dGwlYAXhb8aGRE8e+5h/p1T8c8aekbMggty1aEHTLHzk0pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQcWaEq1t+aHYtst3oVBoq/OYKXMB8GA1UdIwQY
MBaAFITbdHsolxegaEzWrIIweqZ7ste7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE50MGV5aVhGNkJvVE5hc2dqQjZwbnV5MTdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi83MTQyYjEtNzA5MS00ZDNhLWJkNmQt
OWZlN2VlOWMwMzY4LzEvSkJ4Wm9TclczNW9kaTJ5M2VoVUdpcjg1Z3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi83MTQyYjEtNzA5MS00ZDNhLWJkNmQtOWZlN2VlOWMwMzY4
LzEvaE50MGV5aVhGNkJvVE5hc2dqQjZwbnV5MTdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw250MA0G
CSqGSIb3DQEBCwUAA4IBAQCEv5J1q/h7ysqIw8X8pYaVpwvjQRxhZkcZpOzoS4kt
1aZscZxGVpPQHzT7NhVQY44rKsIjDZyBCVwxzLs+SWTPkwfAJvmkKT3rDDicgQvn
bzE6WtsuLjM3XRDjRVQ2tV7UZhGbHoVEvfJitnCAQRKDZIENY0AwA8OeocZ+Q9Dz
wV8EE7RjYBHZesbhJXGajrvPU3nMXAyJIZZfzFQBDIAZmTiHn3KtlJNMAE0HgCB8
Tyliz1XpqNZFL39VcagXsTLRj+4Z6Klf8Exi24diOu6smao6rK5IS5N0F+V5mRy7
WXYGLLJX9AP7VTuluxQYQPI4BvO6p6VsNe6xsInaVAUc
-----END CERTIFICATE-----