Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/Johv_1ZHm9BnPmbrSaD1g2r2nHQ.roa
File:                     Johv_1ZHm9BnPmbrSaD1g2r2nHQ.roa (raw, json)
Hash identifier:          tNwKWd1R801ObXmox90ZNPkPpTSAXLB3O2CiUBCHxkg=
Subject key identifier:   26:88:6F:FF:56:47:9B:D0:67:3E:66:EB:49:A0:F5:83:6A:F6:9C:74
Certificate issuer:       /CN=8b0d81f3e0f2d18f3b590dcc536d5e94cfe07012
Certificate serial:       018E5178A6483D472525AB88C6161AFEFB59
Authority key identifier: 8B:0D:81:F3:E0:F2:D1:8F:3B:59:0D:CC:53:6D:5E:94:CF:E0:70:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iw2B8-Dy0Y87WQ3MU21elM_gcBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/Johv_1ZHm9BnPmbrSaD1g2r2nHQ.roa
Signing time:             Mon 18 Mar 2024 12:10:45 +0000
ROA not before:           Mon 18 Mar 2024 12:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206502
IP address blocks:        78.108.212.0/23 maxlen: 23
                          78.108.212.0/24 maxlen: 24
                          2a0d:11c0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/iw2B8-Dy0Y87WQ3MU21elM_gcBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/iw2B8-Dy0Y87WQ3MU21elM_gcBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iw2B8-Dy0Y87WQ3MU21elM_gcBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:78:a6:48:3d:47:25:25:ab:88:c6:16:1a:fe:fb:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b0d81f3e0f2d18f3b590dcc536d5e94cfe07012
        Validity
            Not Before: Mar 18 12:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26886fff56479bd0673e66eb49a0f5836af69c74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7c:42:bb:f1:dc:a7:22:65:d6:32:8e:81:bb:
                    89:45:3a:09:d4:da:62:04:11:69:45:4a:c9:5c:17:
                    bd:fe:cd:96:74:1a:b5:4c:aa:af:71:4d:8d:be:7f:
                    f2:1e:98:d8:29:12:f1:c5:6f:43:02:31:81:3e:bc:
                    b7:69:77:d8:61:a6:36:a0:bb:8b:4a:1b:c8:53:22:
                    ad:27:ce:09:76:bf:05:b7:f3:67:09:82:6d:3e:f7:
                    13:8c:27:e9:fa:a2:e2:88:b3:cd:53:78:ec:24:a3:
                    ee:3f:62:0d:18:62:19:fa:e3:b3:08:2d:17:5b:00:
                    87:4a:ee:a9:cd:a3:dd:69:c7:15:08:0d:ac:04:22:
                    03:de:fa:23:09:0a:bf:36:34:85:40:47:0e:65:c9:
                    06:0f:c5:25:cb:35:9a:a9:e9:22:1f:39:0a:c1:37:
                    18:af:5c:35:3b:c8:1f:ab:ba:c2:ca:14:8d:04:53:
                    c8:79:6b:84:ad:99:f8:5b:7b:b8:01:0d:e0:84:44:
                    3c:de:6d:3a:3a:fd:2d:00:4e:e6:39:a7:17:0f:77:
                    a8:21:45:32:27:2b:64:b6:fc:de:6a:e4:22:aa:b3:
                    12:a8:2e:b5:80:2d:3a:29:05:fb:82:bc:41:6f:e8:
                    8d:6e:30:5d:07:ad:90:a9:38:35:36:2b:8a:ec:41:
                    d3:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:88:6F:FF:56:47:9B:D0:67:3E:66:EB:49:A0:F5:83:6A:F6:9C:74
            X509v3 Authority Key Identifier:
                keyid:8B:0D:81:F3:E0:F2:D1:8F:3B:59:0D:CC:53:6D:5E:94:CF:E0:70:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iw2B8-Dy0Y87WQ3MU21elM_gcBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/Johv_1ZHm9BnPmbrSaD1g2r2nHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0517f9-9a1e-4600-b043-f6541f778585/1/iw2B8-Dy0Y87WQ3MU21elM_gcBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.212.0/23
                IPv6:
                  2a0d:11c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:3d:03:b4:2a:4e:59:8b:46:a6:fd:de:b9:9a:ed:12:d4:36:
         02:d3:35:b5:47:df:7d:19:bf:53:6c:02:c2:0a:53:cc:19:bd:
         a9:c3:93:b9:f3:14:17:b2:8e:22:85:3e:ae:e4:90:47:c3:1a:
         71:7b:95:38:86:05:ed:51:ac:dd:13:c5:b5:7c:85:2c:74:e9:
         b2:d7:f3:b8:45:89:58:99:49:f5:0c:2d:42:df:a0:90:db:2d:
         d0:35:ea:ae:08:78:02:a7:57:16:50:58:ae:ad:c9:0a:64:2a:
         24:ed:d4:7e:00:44:97:72:f4:90:33:06:37:e6:f2:c0:6a:ba:
         96:69:27:5e:b9:c0:a5:1c:b3:9c:30:0f:18:c6:d0:76:ab:4e:
         84:fd:2d:e0:36:22:50:c9:f5:11:01:ce:18:03:3d:db:c8:59:
         4b:e2:77:9a:d0:78:58:9c:fa:73:41:51:0a:fd:47:3b:db:81:
         67:de:ca:75:ce:f1:8f:6c:79:a2:34:ef:ff:a4:1c:92:35:0b:
         90:6b:53:33:32:7b:05:fb:45:a8:88:61:cb:32:df:a1:db:3f:
         f8:fd:3e:08:dc:ea:18:67:6e:4e:04:80:0f:1a:22:1a:45:27:
         2d:53:e9:7c:96:ab:2a:dc:4b:8f:8b:b6:2d:ba:e4:e1:9b:fa:
         57:3c:7c:5c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY5ReKZIPUclJauIxhYa/vtZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMGQ4MWYzZTBmMmQxOGYzYjU5MGRjYzUzNmQ1ZTk0Y2Zl
MDcwMTIwHhcNMjQwMzE4MTIxMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjg4NmZmZjU2NDc5YmQwNjczZTY2ZWI0OWEwZjU4MzZhZjY5Yzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHxCu/HcpyJl1jKOgbuJRToJ1Npi
BBFpRUrJXBe9/s2WdBq1TKqvcU2Nvn/yHpjYKRLxxW9DAjGBPry3aXfYYaY2oLuL
ShvIUyKtJ84Jdr8Ft/NnCYJtPvcTjCfp+qLiiLPNU3jsJKPuP2INGGIZ+uOzCC0X
WwCHSu6pzaPdaccVCA2sBCID3vojCQq/NjSFQEcOZckGD8UlyzWaqekiHzkKwTcY
r1w1O8gfq7rCyhSNBFPIeWuErZn4W3u4AQ3ghEQ83m06Ov0tAE7mOacXD3eoIUUy
JytktvzeauQiqrMSqC61gC06KQX7grxBb+iNbjBdB62QqTg1NiuK7EHT+wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCaIb/9WR5vQZz5m60mg9YNq9px0MB8GA1UdIwQY
MBaAFIsNgfPg8tGPO1kNzFNtXpTP4HASMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXcyQjgtRHkwWTg3V1EzTVUyMWVsTV9nY0JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8wNTE3ZjktOWExZS00NjAwLWIwNDMt
ZjY1NDFmNzc4NTg1LzEvSm9odl8xWkhtOUJuUG1iclNhRDFnMnIybkhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8wNTE3ZjktOWExZS00NjAwLWIwNDMtZjY1NDFmNzc4NTg1
LzEvaXcyQjgtRHkwWTg3V1EzTVUyMWVsTV9nY0JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBTmzUMA8E
AgACMAkDBwAqDRHAAAEwDQYJKoZIhvcNAQELBQADggEBAFg9A7QqTlmLRqb93rma
7RLUNgLTNbVH330Zv1NsAsIKU8wZvanDk7nzFBeyjiKFPq7kkEfDGnF7lTiGBe1R
rN0TxbV8hSx06bLX87hFiViZSfUMLULfoJDbLdA16q4IeAKnVxZQWK6tyQpkKiTt
1H4ARJdy9JAzBjfm8sBqupZpJ165wKUcs5wwDxjG0HarToT9LeA2IlDJ9REBzhgD
PdvIWUvid5rQeFic+nNBUQr9RzvbgWfeynXO8Y9seaI07/+kHJI1C5BrUzMyewX7
RaiIYcsy36HbP/j9Pgjc6hhnbk4EgA8aIhpFJy1T6XyWqyrcS4+Lti265OGb+lc8
fFw=
-----END CERTIFICATE-----