Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/JvaHIKyywICcdV6HqF0hUQiinrM.roa
File:                     JvaHIKyywICcdV6HqF0hUQiinrM.roa (raw, json)
Hash identifier:          anEfR3v1sRJnRdAFp5AmNAXl+6w9NLNzxANU25mp1Uw=
Subject key identifier:   26:F6:87:20:AC:B2:C0:80:9C:75:5E:87:A8:5D:21:51:08:A2:9E:B3
Certificate issuer:       /CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
Certificate serial:       018CC4252A60B419F37EFAE75C91471A66DD
Authority key identifier: CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/JvaHIKyywICcdV6HqF0hUQiinrM.roa
Signing time:             Mon 01 Jan 2024 08:30:19 +0000
ROA not before:           Mon 01 Jan 2024 08:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3221
IP address blocks:        171.22.244.0/22 maxlen: 22
                          193.40.0.0/16 maxlen: 16
                          2001:bb8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 10:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:2a:60:b4:19:f3:7e:fa:e7:5c:91:47:1a:66:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
        Validity
            Not Before: Jan  1 08:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26f68720acb2c0809c755e87a85d215108a29eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ec:85:35:7f:9d:9a:cf:26:37:60:ee:e9:d9:
                    54:38:b7:4e:b5:79:de:9a:25:c1:ac:6e:e8:f3:3b:
                    81:6c:f9:e1:e5:25:63:72:80:f9:7b:17:1d:7d:9e:
                    fb:38:d5:cb:5e:a1:95:ed:19:c5:9c:51:57:a6:c6:
                    14:04:f6:7f:1f:e0:0a:2e:60:10:9e:23:2e:95:88:
                    ab:c8:fd:fb:b8:44:19:14:bc:36:b7:48:7a:e2:a3:
                    f1:9a:9d:a0:05:90:e6:f2:6b:e3:d2:c8:fc:d4:7b:
                    b1:cc:1c:30:84:08:d1:9b:ee:05:77:c8:2a:ac:b9:
                    42:87:6d:1d:3e:f8:32:f6:14:bc:dc:49:31:35:8a:
                    17:0a:35:d1:aa:4f:2d:74:47:22:9c:be:4d:f5:8e:
                    46:a1:c6:59:79:f1:97:2f:61:eb:7f:85:57:e1:23:
                    8f:a3:c7:cd:0f:fc:be:8b:15:66:96:8d:bf:68:42:
                    65:9d:35:b3:94:da:cf:5f:fb:b2:64:79:ab:cb:77:
                    bc:f1:cc:af:77:e4:8d:55:7e:ed:f0:4c:59:df:f0:
                    b4:f8:41:01:10:56:e0:29:ca:9b:34:3d:16:d3:7f:
                    c9:13:d3:35:5a:f0:a2:af:09:00:61:38:38:94:3f:
                    00:99:17:0b:66:cf:f6:a1:5f:ca:7f:0e:5f:2b:72:
                    8a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:F6:87:20:AC:B2:C0:80:9C:75:5E:87:A8:5D:21:51:08:A2:9E:B3
            X509v3 Authority Key Identifier:
                keyid:CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/JvaHIKyywICcdV6HqF0hUQiinrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.244.0/22
                  193.40.0.0/16
                IPv6:
                  2001:bb8::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:8f:4e:54:4e:a4:cb:3b:50:2f:e7:fe:d8:5a:ba:24:79:32:
         8e:ee:1c:cd:ca:98:87:f9:1e:d1:89:16:b9:86:89:67:2c:fc:
         7f:77:29:7e:4f:1f:fe:60:4d:2b:0b:16:bc:05:c5:2c:d2:57:
         27:56:6c:58:3e:27:f0:b9:95:12:f4:3f:b9:f8:39:63:f4:73:
         83:7d:94:3d:63:6c:47:5f:e5:0b:66:a0:4d:73:81:f5:2e:bc:
         50:e2:f0:5b:1b:86:72:20:7f:b8:94:a9:29:3e:92:ff:f1:ba:
         81:92:3f:db:c4:af:c7:af:de:95:40:3c:05:0c:d6:ce:17:a2:
         6d:10:d7:6e:a0:7e:00:bb:3a:d2:49:93:82:4b:da:dd:6c:b8:
         03:3d:4a:63:2f:e2:de:cf:75:72:b2:f8:03:2c:14:9a:fe:8d:
         80:7a:05:83:47:e3:62:72:10:75:2a:9d:04:4f:37:a6:81:6a:
         b2:c3:fa:a2:26:70:99:5a:8d:f6:b4:11:24:ae:9c:ac:5b:e8:
         a4:b4:2e:f0:90:bc:04:b4:76:a9:9e:1e:02:e5:22:97:d2:1b:
         8a:a1:51:78:30:eb:d5:fd:7c:15:29:d2:f0:20:2b:08:41:9c:
         87:27:43:f7:77:18:71:eb:9d:96:25:33:e1:e9:48:c2:f7:bb:
         3b:f4:40:f5
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzEJSpgtBnzfvrnXJFHGmbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZTBkZjgyMTIxNDM4MjcxYzkxM2MyNGZmNTBmZDNiNjJk
NDBkYzYwHhcNMjQwMTAxMDgzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmY2ODcyMGFjYjJjMDgwOWM3NTVlODdhODVkMjE1MTA4YTI5ZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheyFNX+dms8mN2Du6dlUOLdOtXne
miXBrG7o8zuBbPnh5SVjcoD5excdfZ77ONXLXqGV7RnFnFFXpsYUBPZ/H+AKLmAQ
niMulYiryP37uEQZFLw2t0h64qPxmp2gBZDm8mvj0sj81HuxzBwwhAjRm+4Fd8gq
rLlCh20dPvgy9hS83EkxNYoXCjXRqk8tdEcinL5N9Y5GocZZefGXL2Hrf4VX4SOP
o8fND/y+ixVmlo2/aEJlnTWzlNrPX/uyZHmry3e88cyvd+SNVX7t8ExZ3/C0+EEB
EFbgKcqbND0W03/JE9M1WvCirwkAYTg4lD8AmRcLZs/2oV/Kfw5fK3KKhQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFCb2hyCsssCAnHVeh6hdIVEIop6zMB8GA1UdIwQY
MBaAFM/g34ISFDgnHJE8JP9Q/Tti1A3GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMt
ZjJjNzkyMmZhZjMyLzEvSnZhSElLeXl3SUNjZFY2SHFGMGhVUWlpbnJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMtZjJjNzkyMmZhZjMy
LzEvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwQCqxb0AwMA
wSgwDQQCAAIwBwMFACABC7gwDQYJKoZIhvcNAQELBQADggEBAECPTlROpMs7UC/n
/thauiR5Mo7uHM3KmIf5HtGJFrmGiWcs/H93KX5PH/5gTSsLFrwFxSzSVydWbFg+
J/C5lRL0P7n4OWP0c4N9lD1jbEdf5QtmoE1zgfUuvFDi8FsbhnIgf7iUqSk+kv/x
uoGSP9vEr8ev3pVAPAUM1s4Xom0Q126gfgC7OtJJk4JL2t1suAM9SmMv4t7PdXKy
+AMsFJr+jYB6BYNH42JyEHUqnQRPN6aBarLD+qImcJlajfa0ESSunKxb6KS0LvCQ
vAS0dqmeHgLlIpfSG4qhUXgw69X9fBUp0vAgKwhBnIcnQ/d3GHHrnZYlM+HpSML3
uzv0QPU=
-----END CERTIFICATE-----