Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/JjF15bD4XKhoSagiPKECHkF49_4.roa
File:                     JjF15bD4XKhoSagiPKECHkF49_4.roa (raw, json)
Hash identifier:          msWSGy3QqtRfz/W12ombHYXBxCol1mZdPbLHnF1mzfg=
Subject key identifier:   26:31:75:E5:B0:F8:5C:A8:68:49:A8:22:3C:A1:02:1E:41:78:F7:FE
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01963448F94AEB473B0A1F74DAE367DE9164
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/JjF15bD4XKhoSagiPKECHkF49_4.roa
Signing time:             Mon 14 Apr 2025 12:31:59 +0000
ROA not before:           Mon 14 Apr 2025 12:31:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43330
IP address blocks:        46.8.239.0/24 maxlen: 24
                          188.130.149.0/24 maxlen: 24
                          188.130.150.0/24 maxlen: 24
                          188.130.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:34:48:f9:4a:eb:47:3b:0a:1f:74:da:e3:67:de:91:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Apr 14 12:31:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=263175e5b0f85ca86849a8223ca1021e4178f7fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:24:ef:ba:8f:4a:92:35:05:c2:71:3b:f2:0b:
                    75:22:df:25:cd:6b:bf:f9:ed:04:ce:db:39:93:87:
                    9c:e5:9a:6a:97:2f:e7:67:8a:df:15:a7:4a:6c:03:
                    97:64:c2:8d:b1:b8:8d:2b:95:9a:d5:5b:9d:21:35:
                    3b:e4:66:ff:cf:97:4d:b6:f4:dd:d3:d4:ea:e4:69:
                    bb:b4:1e:10:11:57:a9:46:1d:fb:28:d0:23:36:e2:
                    05:5f:73:49:67:81:f3:ff:f0:87:d2:39:9b:29:5c:
                    2a:c8:0e:5f:8c:18:d1:f8:94:f1:a5:f4:4b:96:ed:
                    85:8a:b6:8b:cf:70:57:52:26:fb:82:67:55:0c:c8:
                    b6:c7:d7:86:8b:0d:1e:da:81:30:6a:22:98:b7:cb:
                    b9:d5:4e:a4:1f:a5:dc:3c:50:28:47:b0:62:36:36:
                    86:a2:17:0c:38:5d:38:9d:a4:b1:46:a2:06:93:1f:
                    92:0d:16:71:ca:fd:aa:dc:10:80:14:b2:e2:1a:2c:
                    c9:1b:97:83:cb:c2:ff:6f:c2:6b:83:51:08:b2:3d:
                    72:78:a2:da:d3:df:a4:bb:63:57:e6:74:87:a1:2f:
                    fa:36:0c:43:c7:41:7e:72:eb:9f:25:b0:d4:5e:65:
                    44:fe:05:04:df:ea:8a:8f:f5:d2:c8:d2:7a:7c:08:
                    2f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:31:75:E5:B0:F8:5C:A8:68:49:A8:22:3C:A1:02:1E:41:78:F7:FE
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/JjF15bD4XKhoSagiPKECHkF49_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.239.0/24
                  188.130.149.0-188.130.151.255

    Signature Algorithm: sha256WithRSAEncryption
         33:96:8c:a4:3d:bd:db:d5:e6:90:11:67:43:a7:ad:d4:c6:72:
         69:b5:ca:3b:ee:85:3d:76:86:40:d4:32:40:0c:46:4d:00:e4:
         cc:fb:8e:04:67:ff:15:ce:da:41:d2:c5:12:8c:88:b8:e5:91:
         a0:6d:03:06:35:a1:1b:d9:e2:24:5b:e0:d8:90:c2:8d:8a:e8:
         eb:b7:60:a5:62:4d:e5:11:63:a2:1d:80:d2:05:69:79:5e:82:
         91:39:60:0c:a9:7f:4f:d8:7b:32:f4:e1:90:8e:29:81:04:e0:
         76:8f:d7:5b:fe:e4:35:5a:9f:74:de:33:6c:aa:36:5e:0c:33:
         76:7f:66:bd:4f:38:b8:dc:09:61:70:89:7c:65:0c:1d:d2:0c:
         b6:67:4f:64:e3:e9:8f:ce:07:2d:ec:85:8c:ca:74:5a:95:b4:
         a1:8a:16:96:a9:56:ff:d7:6e:a5:5a:11:8d:2b:52:48:ed:d3:
         fc:60:f7:b7:04:7f:c6:65:6f:27:8e:f8:97:02:60:19:e1:d6:
         71:3e:35:f4:88:62:79:fd:37:12:0b:9e:d3:16:ba:bb:2f:da:
         d5:1f:a0:3e:c6:b5:d0:56:fd:c2:aa:75:62:b0:bc:0c:ba:2a:
         8b:5d:28:26:95:ea:77:73:5f:b2:13:de:e3:9d:1a:35:67:7a:
         e4:e1:1b:06
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZY0SPlK60c7Ch902uNn3pFkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwNDE0MTIzMTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjMxNzVlNWIwZjg1Y2E4Njg0OWE4MjIzY2ExMDIxZTQxNzhmN2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCTvuo9KkjUFwnE78gt1It8lzWu/
+e0Ezts5k4ec5Zpqly/nZ4rfFadKbAOXZMKNsbiNK5Wa1VudITU75Gb/z5dNtvTd
09Tq5Gm7tB4QEVepRh37KNAjNuIFX3NJZ4Hz//CH0jmbKVwqyA5fjBjR+JTxpfRL
lu2FiraLz3BXUib7gmdVDMi2x9eGiw0e2oEwaiKYt8u51U6kH6XcPFAoR7BiNjaG
ohcMOF04naSxRqIGkx+SDRZxyv2q3BCAFLLiGizJG5eDy8L/b8Jrg1EIsj1yeKLa
09+ku2NX5nSHoS/6NgxDx0F+cuufJbDUXmVE/gUE3+qKj/XSyNJ6fAgvVwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCYxdeWw+FyoaEmoIjyhAh5BePf+MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvSmpGMTViRDRYS2hvU2FnaVBLRUNIa0Y0OV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQALgjvMAwD
BAC8gpUDBAO8gpAwDQYJKoZIhvcNAQELBQADggEBADOWjKQ9vdvV5pARZ0OnrdTG
cmm1yjvuhT12hkDUMkAMRk0A5Mz7jgRn/xXO2kHSxRKMiLjlkaBtAwY1oRvZ4iRb
4NiQwo2K6Ou3YKViTeURY6IdgNIFaXlegpE5YAypf0/YezL04ZCOKYEE4HaP11v+
5DVan3TeM2yqNl4MM3Z/Zr1POLjcCWFwiXxlDB3SDLZnT2Tj6Y/OBy3shYzKdFqV
tKGKFpapVv/XbqVaEY0rUkjt0/xg97cEf8ZlbyeO+JcCYBnh1nE+NfSIYnn9NxIL
ntMWursv2tUfoD7GtdBW/cKqdWKwvAy6KotdKCaV6ndzX7IT3uOdGjVneuThGwY=
-----END CERTIFICATE-----