Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/jO3myQDaRJcweoQRPM8SkcQgSAg.roa
File:                     jO3myQDaRJcweoQRPM8SkcQgSAg.roa (raw, json)
Hash identifier:          bcLvLsrPNE5g3esL4TGau/shv1edRuCc9IpRL22EjXs=
Subject key identifier:   8C:ED:E6:C9:00:DA:44:97:30:7A:84:11:3C:CF:12:91:C4:20:48:08
Certificate issuer:       /CN=01f649b9d0546227b1d4626c2081e4d3da850efe
Certificate serial:       018CC50139A62342248525E05C31FEB7AD65
Authority key identifier: 01:F6:49:B9:D0:54:62:27:B1:D4:62:6C:20:81:E4:D3:DA:85:0E:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AfZJudBUYiex1GJsIIHk09qFDv4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/jO3myQDaRJcweoQRPM8SkcQgSAg.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207143
IP address blocks:        185.35.28.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/AfZJudBUYiex1GJsIIHk09qFDv4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/AfZJudBUYiex1GJsIIHk09qFDv4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AfZJudBUYiex1GJsIIHk09qFDv4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:39:a6:23:42:24:85:25:e0:5c:31:fe:b7:ad:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01f649b9d0546227b1d4626c2081e4d3da850efe
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cede6c900da4497307a84113ccf1291c4204808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8d:a9:c1:32:f1:59:a4:b8:c1:54:01:be:f9:
                    de:33:92:5f:69:77:4b:ce:23:96:20:c4:fb:27:b9:
                    60:ae:1f:dd:d5:76:1c:5d:06:42:08:8f:bb:7e:f7:
                    24:0a:85:aa:b8:ec:77:14:3e:08:1d:ff:3f:d3:2e:
                    42:d2:9b:46:3e:c8:18:46:5b:db:91:41:34:74:e9:
                    57:d3:72:b8:76:b1:5b:7d:b9:2c:f9:c7:35:62:cb:
                    a1:cd:d8:81:2e:00:2f:44:de:06:81:2f:ba:f8:14:
                    f0:8c:43:89:b9:8e:b8:98:b7:dc:3e:d8:a8:e4:5c:
                    35:01:3c:7f:ff:13:e0:a1:df:bc:49:0b:9c:42:98:
                    d2:9d:ca:92:06:f7:a7:94:1a:85:c2:2c:40:ef:ba:
                    ca:77:61:f3:12:f7:28:bd:98:d0:b2:32:d4:86:2a:
                    11:3e:d4:74:0e:c9:b0:6e:b9:1a:96:d0:51:d1:e5:
                    94:29:df:b2:3a:ea:5d:bf:db:70:b3:17:9f:7c:d7:
                    6d:fc:af:45:c0:72:11:f4:7a:a9:25:05:bc:5f:a4:
                    9d:84:2d:09:08:4e:7e:0e:35:03:b3:cc:45:b0:97:
                    63:d2:7c:e7:0f:c5:b8:73:0d:c6:2c:3f:1a:99:a0:
                    0e:11:c5:9d:23:8b:f3:1f:30:40:18:4e:50:d6:1c:
                    26:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:ED:E6:C9:00:DA:44:97:30:7A:84:11:3C:CF:12:91:C4:20:48:08
            X509v3 Authority Key Identifier:
                keyid:01:F6:49:B9:D0:54:62:27:B1:D4:62:6C:20:81:E4:D3:DA:85:0E:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AfZJudBUYiex1GJsIIHk09qFDv4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/jO3myQDaRJcweoQRPM8SkcQgSAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/AfZJudBUYiex1GJsIIHk09qFDv4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:86:36:36:31:ec:39:03:fa:d8:3a:58:43:71:07:31:4b:ae:
         49:9c:1c:ac:c4:78:60:21:f5:c5:51:a7:c4:03:1f:9b:5c:2b:
         da:d3:a7:fd:df:1b:e9:23:7d:97:79:3d:9e:5d:83:d6:af:85:
         af:4e:0f:32:c4:f0:46:64:bb:7a:af:af:b2:ce:12:3d:c6:5a:
         ed:3e:8a:3a:f6:5e:d1:1c:4a:18:69:af:0b:42:3c:ce:8d:04:
         eb:c4:91:a8:47:ad:21:07:b0:26:0a:c8:5d:b5:7e:7e:06:68:
         09:7e:36:dc:28:ea:30:7e:d9:e5:98:94:41:50:a0:db:97:20:
         1b:fb:c4:36:ea:c7:86:a0:e8:65:05:6f:91:c8:a2:03:d1:09:
         72:d3:58:10:e2:24:ee:b4:b6:62:5e:10:70:16:25:dd:0b:c2:
         d7:34:87:94:0e:a5:80:4e:0d:0d:05:c7:1e:74:b5:a4:49:64:
         41:f1:64:dc:fe:8a:d7:89:09:68:97:76:42:ec:19:38:4d:65:
         02:10:9e:31:07:ea:60:b2:7e:c3:23:ca:7d:03:53:bb:09:4d:
         77:da:71:ab:3f:6f:d0:65:96:2b:81:3e:0e:47:f1:38:ec:7a:
         f2:8e:99:80:c3:cb:ca:cc:3d:c2:61:e3:fc:1f:24:51:cb:bd:
         45:b9:69:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATmmI0IkhSXgXDH+t61lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxZjY0OWI5ZDA1NDYyMjdiMWQ0NjI2YzIwODFlNGQzZGE4
NTBlZmUwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2VkZTZjOTAwZGE0NDk3MzA3YTg0MTEzY2NmMTI5MWM0MjA0ODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi42pwTLxWaS4wVQBvvneM5JfaXdL
ziOWIMT7J7lgrh/d1XYcXQZCCI+7fvckCoWquOx3FD4IHf8/0y5C0ptGPsgYRlvb
kUE0dOlX03K4drFbfbks+cc1YsuhzdiBLgAvRN4GgS+6+BTwjEOJuY64mLfcPtio
5Fw1ATx//xPgod+8SQucQpjSncqSBvenlBqFwixA77rKd2HzEvcovZjQsjLUhioR
PtR0DsmwbrkaltBR0eWUKd+yOupdv9twsxeffNdt/K9FwHIR9HqpJQW8X6SdhC0J
CE5+DjUDs8xFsJdj0nznD8W4cw3GLD8amaAOEcWdI4vzHzBAGE5Q1hwmvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzt5skA2kSXMHqEETzPEpHEIEgIMB8GA1UdIwQY
MBaAFAH2SbnQVGInsdRibCCB5NPahQ7+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWZaSnVkQlVZaWV4MUdKc0lJSGswOXFGRHY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9hMTkyM2YtMjZkNy00NGJlLWEyYmUt
MDNjYmRiOGZmOTYwLzEvak8zbXlRRGFSSmN3ZW9RUlBNOFNrY1FnU0FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9hMTkyM2YtMjZkNy00NGJlLWEyYmUtMDNjYmRiOGZmOTYw
LzEvQWZaSnVkQlVZaWV4MUdKc0lJSGswOXFGRHY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSMcMA0G
CSqGSIb3DQEBCwUAA4IBAQAuhjY2Mew5A/rYOlhDcQcxS65JnBysxHhgIfXFUafE
Ax+bXCva06f93xvpI32XeT2eXYPWr4WvTg8yxPBGZLt6r6+yzhI9xlrtPoo69l7R
HEoYaa8LQjzOjQTrxJGoR60hB7AmCshdtX5+BmgJfjbcKOowftnlmJRBUKDblyAb
+8Q26seGoOhlBW+RyKID0Qly01gQ4iTutLZiXhBwFiXdC8LXNIeUDqWATg0NBcce
dLWkSWRB8WTc/orXiQlol3ZC7Bk4TWUCEJ4xB+pgsn7DI8p9A1O7CU132nGrP2/Q
ZZYrgT4OR/E47HryjpmAw8vKzD3CYeP8HyRRy71FuWke
-----END CERTIFICATE-----