Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/j4FNp9mow_ZjqOF5umWdqgSCTHc.roa
File:                     j4FNp9mow_ZjqOF5umWdqgSCTHc.roa (raw, json)
Hash identifier:          w+BRbMDUWElK/bEyUHCE4QRc+KrvMh823ajVhDy/3g0=
Subject key identifier:   8F:81:4D:A7:D9:A8:C3:F6:63:A8:E1:79:BA:65:9D:AA:04:82:4C:77
Certificate issuer:       /CN=70fee176f51ce8fd81424ff73a5417341279c0f1
Certificate serial:       0190DFC6B0F48AB8659B4964D98ECB3E4063
Authority key identifier: 70:FE:E1:76:F5:1C:E8:FD:81:42:4F:F7:3A:54:17:34:12:79:C0:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/j4FNp9mow_ZjqOF5umWdqgSCTHc.roa
Signing time:             Tue 23 Jul 2024 13:27:38 +0000
ROA not before:           Tue 23 Jul 2024 13:27:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        2a05:b100:1000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:df:c6:b0:f4:8a:b8:65:9b:49:64:d9:8e:cb:3e:40:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70fee176f51ce8fd81424ff73a5417341279c0f1
        Validity
            Not Before: Jul 23 13:27:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f814da7d9a8c3f663a8e179ba659daa04824c77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e0:fd:02:d9:0c:62:44:5e:ab:f8:55:4f:c4:
                    f8:a8:e2:36:c6:d5:31:6a:a3:02:04:a8:33:ff:7e:
                    8e:2e:a8:d6:88:e4:76:c5:f4:42:f8:3a:cf:21:c6:
                    2e:ba:62:13:87:88:93:f0:28:36:82:3f:68:45:db:
                    9a:50:d9:c8:da:dd:1d:5d:0f:ac:44:2c:87:23:2e:
                    39:0e:f4:e9:0a:92:fa:d0:63:02:eb:25:2d:af:c0:
                    32:95:85:2b:e4:da:a6:a3:70:99:23:51:6c:4c:fb:
                    6d:99:65:b4:3b:41:ac:39:d2:c2:a3:48:87:ee:21:
                    48:3a:46:37:54:d3:ef:00:96:9b:28:f5:c9:c0:f2:
                    4b:f0:90:f9:01:df:4a:da:a4:42:5b:39:f5:7e:54:
                    e4:9d:6f:fc:07:54:98:b6:19:79:02:16:79:58:ce:
                    cb:8b:85:7d:96:89:a4:f9:cd:15:66:25:fa:b7:3e:
                    ec:a5:26:be:ca:e9:27:27:2f:ef:cc:f2:73:85:f4:
                    d0:2c:7e:d8:26:85:83:95:c0:f4:fa:40:f9:de:1a:
                    ff:eb:f6:41:3a:a4:58:3c:49:4b:64:26:df:70:f8:
                    f1:52:a3:97:d1:eb:ae:e8:7d:c3:6a:a0:2d:b5:4b:
                    fc:e7:d0:65:ce:9c:71:5e:e4:a6:81:5f:3d:e0:b7:
                    e3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:81:4D:A7:D9:A8:C3:F6:63:A8:E1:79:BA:65:9D:AA:04:82:4C:77
            X509v3 Authority Key Identifier:
                keyid:70:FE:E1:76:F5:1C:E8:FD:81:42:4F:F7:3A:54:17:34:12:79:C0:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/j4FNp9mow_ZjqOF5umWdqgSCTHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b100:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3f:9a:04:04:42:18:d8:e5:7c:f8:30:be:46:b5:73:02:44:45:
         62:bf:40:0e:98:71:10:48:ed:1c:8c:5b:8a:a1:53:67:81:28:
         fa:e1:6f:0c:f1:53:93:4a:0c:b3:d3:98:22:d0:70:bb:56:e3:
         83:52:be:46:7f:83:c4:8f:e2:86:28:ee:c0:6f:58:84:2c:26:
         6a:62:80:ce:d7:e6:fd:4d:75:cd:7f:4f:77:14:40:c9:a3:e1:
         0f:a5:e0:ad:e4:e5:a3:b1:85:9d:cb:32:ad:39:99:6b:6d:4f:
         66:ea:05:5e:fb:32:7b:e6:b8:f9:36:3e:dc:e9:1c:27:93:42:
         e6:4b:3c:8f:32:e6:ed:b6:8e:69:0b:93:0f:b2:22:3d:3c:67:
         f9:99:53:3f:51:74:81:f3:e2:b0:22:e6:80:c2:35:9c:52:8a:
         63:28:9f:41:23:4f:32:76:f3:b6:e6:e1:f0:f3:17:01:ba:94:
         62:d5:d5:77:a3:14:21:29:91:04:cf:47:bb:80:76:4a:fb:3f:
         4f:1a:13:34:81:ab:ee:a4:28:f5:98:d3:d1:56:80:9d:18:a3:
         3e:ab:32:4f:f2:62:10:14:4e:ba:05:0b:f1:5d:b4:47:98:66:
         7b:c0:8e:27:65:2f:bb:c5:92:29:c0:ba:f5:d0:48:d7:f4:bf:
         64:10:49:86
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZDfxrD0irhlm0lk2Y7LPkBjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZmVlMTc2ZjUxY2U4ZmQ4MTQyNGZmNzNhNTQxNzM0MTI3
OWMwZjEwHhcNMjQwNzIzMTMyNzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjgxNGRhN2Q5YThjM2Y2NjNhOGUxNzliYTY1OWRhYTA0ODI0Yzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOD9AtkMYkReq/hVT8T4qOI2xtUx
aqMCBKgz/36OLqjWiOR2xfRC+DrPIcYuumITh4iT8Cg2gj9oRduaUNnI2t0dXQ+s
RCyHIy45DvTpCpL60GMC6yUtr8AylYUr5Nqmo3CZI1FsTPttmWW0O0GsOdLCo0iH
7iFIOkY3VNPvAJabKPXJwPJL8JD5Ad9K2qRCWzn1flTknW/8B1SYthl5AhZ5WM7L
i4V9lomk+c0VZiX6tz7spSa+yuknJy/vzPJzhfTQLH7YJoWDlcD0+kD53hr/6/ZB
OqRYPElLZCbfcPjxUqOX0euu6H3DaqAttUv859BlzpxxXuSmgV894Lfj0wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFI+BTafZqMP2Y6jhebplnaoEgkx3MB8GA1UdIwQY
MBaAFHD+4Xb1HOj9gUJP9zpUFzQSecDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1A3aGR2VWM2UDJCUWtfM09sUVhOQko1d1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS80YmUyMjItNjQ4Mi00ZGI5LTlhNWYt
NzUyZTliOGIwNzU2LzEvajRGTnA5bW93X1pqcU9GNXVtV2RxZ1NDVEhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS80YmUyMjItNjQ4Mi00ZGI5LTlhNWYtNzUyZTliOGIwNzU2
LzEvY1A3aGR2VWM2UDJCUWtfM09sUVhOQko1d1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgWxABAw
DQYJKoZIhvcNAQELBQADggEBAD+aBARCGNjlfPgwvka1cwJERWK/QA6YcRBI7RyM
W4qhU2eBKPrhbwzxU5NKDLPTmCLQcLtW44NSvkZ/g8SP4oYo7sBvWIQsJmpigM7X
5v1Ndc1/T3cUQMmj4Q+l4K3k5aOxhZ3LMq05mWttT2bqBV77MnvmuPk2PtzpHCeT
QuZLPI8y5u22jmkLkw+yIj08Z/mZUz9RdIHz4rAi5oDCNZxSimMon0EjTzJ287bm
4fDzFwG6lGLV1XejFCEpkQTPR7uAdkr7P08aEzSBq+6kKPWY09FWgJ0Yoz6rMk/y
YhAUTroFC/FdtEeYZnvAjidlL7vFkinAuvXQSNf0v2QQSYY=
-----END CERTIFICATE-----