Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/JKhgHIpoeEgxYA01i-D9U7Id_lg.roa
File:                     JKhgHIpoeEgxYA01i-D9U7Id_lg.roa (raw, json)
Hash identifier:          BYFL4N2kM6pQ3NbeQd5vxKL86dtKhoN8U7X6KQzRBfo=
Subject key identifier:   24:A8:60:1C:8A:68:78:48:31:60:0D:35:8B:E0:FD:53:B2:1D:FE:58
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0190EAC8295C8F8CDBE6D6350AB131AA39A4
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/JKhgHIpoeEgxYA01i-D9U7Id_lg.roa
Signing time:             Thu 25 Jul 2024 16:45:04 +0000
ROA not before:           Thu 25 Jul 2024 16:45:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142299
IP address blocks:        107.150.167.0/24 maxlen: 24
                          167.160.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ea:c8:29:5c:8f:8c:db:e6:d6:35:0a:b1:31:aa:39:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jul 25 16:45:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24a8601c8a68784831600d358be0fd53b21dfe58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7c:8a:7b:f3:aa:c9:9f:62:ef:1d:d2:05:f8:
                    d6:75:8c:1c:56:3e:35:21:70:d9:9f:85:19:28:ae:
                    dd:ad:7e:c9:0d:b7:81:f3:54:97:09:97:e4:4e:13:
                    6d:91:95:82:fa:cf:58:fa:ef:eb:f5:64:58:ac:5b:
                    0e:08:55:21:ac:b3:f7:fd:2e:b4:13:6a:6a:74:00:
                    73:99:fb:b8:79:35:a8:85:56:c5:ac:db:ce:03:64:
                    c1:22:83:a2:5a:96:b3:d1:f9:0a:23:95:b8:d4:8c:
                    29:da:9b:99:32:f5:c3:a8:63:b2:9f:03:4a:3f:e9:
                    e4:b0:e0:e2:39:3c:c1:99:f1:ea:03:2a:97:90:98:
                    59:c3:87:c8:83:45:03:29:f9:66:b3:63:f3:9c:71:
                    60:37:96:9f:f8:6b:15:21:86:15:54:a2:c3:d4:79:
                    6a:ba:c4:45:d9:5f:e9:09:69:39:64:ce:b4:47:be:
                    0d:e5:71:33:4c:02:6f:9a:f4:d2:09:99:a3:f4:47:
                    68:f5:6b:3f:08:c8:39:61:82:d9:0e:4d:89:3d:26:
                    09:d4:17:45:f5:a4:6e:b1:ca:ba:00:b5:ce:00:26:
                    c8:b9:fd:aa:13:c2:c0:7c:5b:6d:07:dd:70:56:97:
                    fc:bd:87:b8:0d:3f:15:b8:9b:c6:e5:1d:56:b7:0c:
                    e1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A8:60:1C:8A:68:78:48:31:60:0D:35:8B:E0:FD:53:B2:1D:FE:58
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/JKhgHIpoeEgxYA01i-D9U7Id_lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.150.167.0/24
                  167.160.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:e3:b7:8d:c6:9d:83:b1:9d:f0:af:88:e3:56:82:07:3c:c3:
         23:f4:25:8b:52:11:e0:9a:06:bf:e4:0f:bf:d2:88:64:5e:46:
         d0:2d:7a:ab:8e:85:d2:a2:ea:09:54:e7:fe:da:bc:4c:f6:f9:
         c5:78:c1:96:d8:fa:43:2b:fa:ab:bc:35:10:07:35:3a:fa:6f:
         e7:22:f2:10:1b:70:f1:95:6a:c5:40:38:fb:52:ec:a2:95:5a:
         a1:0d:46:ad:de:43:2a:32:bb:09:2d:c7:92:18:13:a0:bd:97:
         aa:d8:e1:0f:55:6d:16:4a:f1:75:33:2d:b6:dd:8c:57:62:3e:
         c5:cf:4f:72:00:f2:20:63:77:4a:6f:ca:a1:c8:b0:4f:d8:91:
         38:56:14:73:ff:bb:99:ac:28:30:3a:24:d7:57:84:fa:cf:79:
         fa:4d:07:80:4e:05:9d:d4:69:29:09:0d:ba:77:91:d8:62:4c:
         d8:a3:dd:dd:72:79:0a:2b:8f:c5:ab:94:ec:9d:ab:91:63:9f:
         8f:4a:cc:ce:dc:e5:a4:3e:e9:73:0c:dd:fb:ec:82:f2:9a:85:
         ba:04:32:9b:a9:ea:47:ec:2f:9e:aa:ac:ef:9b:19:c3:5a:22:
         74:bb:69:7b:3b:b0:48:b2:63:6d:ce:91:b4:ef:2e:b4:99:8d:
         a4:ea:4e:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZDqyClcj4zb5tY1CrExqjmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQwNzI1MTY0NTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGE4NjAxYzhhNjg3ODQ4MzE2MDBkMzU4YmUwZmQ1M2IyMWRmZTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHyKe/OqyZ9i7x3SBfjWdYwcVj41
IXDZn4UZKK7drX7JDbeB81SXCZfkThNtkZWC+s9Y+u/r9WRYrFsOCFUhrLP3/S60
E2pqdABzmfu4eTWohVbFrNvOA2TBIoOiWpaz0fkKI5W41Iwp2puZMvXDqGOynwNK
P+nksODiOTzBmfHqAyqXkJhZw4fIg0UDKflms2PznHFgN5af+GsVIYYVVKLD1Hlq
usRF2V/pCWk5ZM60R74N5XEzTAJvmvTSCZmj9Edo9Ws/CMg5YYLZDk2JPSYJ1BdF
9aRuscq6ALXOACbIuf2qE8LAfFttB91wVpf8vYe4DT8VuJvG5R1WtwzhlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCSoYByKaHhIMWANNYvg/VOyHf5YMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvSktoZ0hJcG9lRWd4WUEwMWktRDlVN0lkX2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAa5anAwQA
p6ANMA0GCSqGSIb3DQEBCwUAA4IBAQDY47eNxp2DsZ3wr4jjVoIHPMMj9CWLUhHg
mga/5A+/0ohkXkbQLXqrjoXSouoJVOf+2rxM9vnFeMGW2PpDK/qrvDUQBzU6+m/n
IvIQG3DxlWrFQDj7UuyilVqhDUat3kMqMrsJLceSGBOgvZeq2OEPVW0WSvF1My22
3YxXYj7Fz09yAPIgY3dKb8qhyLBP2JE4VhRz/7uZrCgwOiTXV4T6z3n6TQeATgWd
1GkpCQ26d5HYYkzYo93dcnkKK4/Fq5TsnauRY5+PSszO3OWkPulzDN377ILymoW6
BDKbqepH7C+eqqzvmxnDWiJ0u2l7O7BIsmNtzpG07y60mY2k6k5e
-----END CERTIFICATE-----