Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/d54e81-3317-4283-b45f-c81743b2cae6/1/JI_IFEVZOLgwy-WHZOm2izr6PIo.roa
File:                     JI_IFEVZOLgwy-WHZOm2izr6PIo.roa (raw, json)
Hash identifier:          OO8EbVI1MKPERWUpbisO0H4MA7HYDCDhv160pD1pO5c=
Subject key identifier:   24:8F:C8:14:45:59:38:B8:30:CB:E5:87:64:E9:B6:8B:3A:FA:3C:8A
Certificate issuer:       /CN=9b67c02de7fc8d11a1afe7ae62c5854d17767553
Certificate serial:       019422FC454AABFCC46CAA7C826180253867
Authority key identifier: 9B:67:C0:2D:E7:FC:8D:11:A1:AF:E7:AE:62:C5:85:4D:17:76:75:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m2fALef8jRGhr-euYsWFTRd2dVM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/d54e81-3317-4283-b45f-c81743b2cae6/1/JI_IFEVZOLgwy-WHZOm2izr6PIo.roa
Signing time:             Wed 01 Jan 2025 17:49:05 +0000
ROA not before:           Wed 01 Jan 2025 17:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        193.8.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/d54e81-3317-4283-b45f-c81743b2cae6/1/m2fALef8jRGhr-euYsWFTRd2dVM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/d54e81-3317-4283-b45f-c81743b2cae6/1/m2fALef8jRGhr-euYsWFTRd2dVM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m2fALef8jRGhr-euYsWFTRd2dVM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:45:4a:ab:fc:c4:6c:aa:7c:82:61:80:25:38:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b67c02de7fc8d11a1afe7ae62c5854d17767553
        Validity
            Not Before: Jan  1 17:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=248fc814455938b830cbe58764e9b68b3afa3c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:65:3c:71:fd:a2:ed:10:b1:68:0a:64:6c:a4:
                    f3:2c:28:3b:be:a1:a5:ba:91:0f:d5:b2:b0:d2:f5:
                    45:ad:fb:29:54:5f:4c:ed:e9:17:71:17:8e:1b:9a:
                    ac:09:bb:a6:be:01:b8:86:09:e8:d1:b1:d8:2c:9f:
                    4c:30:5e:db:c7:c6:13:cd:96:11:1c:c0:53:a6:1a:
                    26:af:f5:1e:94:a1:71:ab:68:2a:9b:0b:16:80:42:
                    0c:6b:02:2a:07:a8:ad:29:a8:48:50:83:a7:2f:4a:
                    1a:f8:7e:6d:4c:c7:b9:a1:ef:b0:5a:6e:fa:b1:c9:
                    47:df:f4:a3:d2:fa:55:79:98:b5:bd:e1:05:7c:b5:
                    1d:a2:2d:83:f7:af:b7:1b:37:11:af:44:a6:5d:91:
                    9f:eb:cd:23:b0:4d:86:f8:53:3a:73:a6:e8:8f:54:
                    58:83:33:af:a0:58:6b:7b:94:04:9e:06:7f:e4:63:
                    17:4e:d9:05:72:9e:65:fa:fb:2d:40:ef:26:db:f9:
                    44:ef:c8:18:d7:83:e2:d4:ae:94:bb:45:21:9e:13:
                    67:64:83:8e:0d:66:0c:34:f2:ff:1c:63:bd:77:50:
                    fc:83:e5:10:e1:18:ca:ac:e8:96:c4:19:33:76:c6:
                    0c:fe:5e:1a:b6:01:97:5b:bc:24:5e:5d:63:cc:bd:
                    4d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8F:C8:14:45:59:38:B8:30:CB:E5:87:64:E9:B6:8B:3A:FA:3C:8A
            X509v3 Authority Key Identifier:
                keyid:9B:67:C0:2D:E7:FC:8D:11:A1:AF:E7:AE:62:C5:85:4D:17:76:75:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m2fALef8jRGhr-euYsWFTRd2dVM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/d54e81-3317-4283-b45f-c81743b2cae6/1/JI_IFEVZOLgwy-WHZOm2izr6PIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/d54e81-3317-4283-b45f-c81743b2cae6/1/m2fALef8jRGhr-euYsWFTRd2dVM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:30:c3:26:46:e2:64:e9:31:4b:76:54:36:d8:c6:d1:a5:84:
         4f:d4:09:82:f4:d6:96:d4:8e:79:45:d6:af:ee:d2:96:44:1b:
         90:2a:10:0b:69:85:93:ae:a1:98:45:2f:37:96:85:ef:73:48:
         74:f1:f2:6b:a0:9e:e3:41:8d:00:b6:cb:a0:1f:09:f9:0c:81:
         f3:71:df:8d:16:e8:5e:d2:92:9e:d8:d7:54:f0:e0:a8:8f:e0:
         76:e5:69:ca:31:d2:b2:c0:b7:cd:1b:c4:0e:2e:9e:ec:88:dc:
         f0:dc:73:63:2c:62:78:1f:09:fb:89:f5:35:85:c1:0c:c5:ff:
         2e:a8:8a:cf:4e:84:5e:02:d6:17:66:58:04:9d:ad:e5:b1:40:
         c2:70:d4:6f:00:b5:a3:48:c4:c4:23:91:9a:e5:97:6d:e7:1a:
         76:6e:7a:2a:17:5b:74:a8:ec:93:2c:3e:e2:c9:95:1a:73:3e:
         87:ec:59:a8:c7:6c:1f:f3:b6:6d:d5:af:e1:ea:60:30:e1:38:
         58:d4:0f:a9:5c:3c:03:2d:67:a5:cf:d2:53:f2:8e:ed:f6:90:
         4c:f5:c3:89:8f:d5:c0:57:8b:77:98:f2:95:07:17:0c:bb:73:
         29:21:6f:e7:a3:d0:c4:72:24:04:19:4c:d1:a2:12:29:06:a7:
         78:e1:b4:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/EVKq/zEbKp8gmGAJThnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNjdjMDJkZTdmYzhkMTFhMWFmZTdhZTYyYzU4NTRkMTc3
Njc1NTMwHhcNMjUwMTAxMTc0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDhmYzgxNDQ1NTkzOGI4MzBjYmU1ODc2NGU5YjY4YjNhZmEzYzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGU8cf2i7RCxaApkbKTzLCg7vqGl
upEP1bKw0vVFrfspVF9M7ekXcReOG5qsCbumvgG4hgno0bHYLJ9MMF7bx8YTzZYR
HMBTphomr/UelKFxq2gqmwsWgEIMawIqB6itKahIUIOnL0oa+H5tTMe5oe+wWm76
sclH3/Sj0vpVeZi1veEFfLUdoi2D96+3GzcRr0SmXZGf680jsE2G+FM6c6boj1RY
gzOvoFhre5QEngZ/5GMXTtkFcp5l+vstQO8m2/lE78gY14Pi1K6Uu0UhnhNnZIOO
DWYMNPL/HGO9d1D8g+UQ4RjKrOiWxBkzdsYM/l4atgGXW7wkXl1jzL1NpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSPyBRFWTi4MMvlh2Tptos6+jyKMB8GA1UdIwQY
MBaAFJtnwC3n/I0Roa/nrmLFhU0XdnVTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTJmQUxlZjhqUkdoci1ldVlzV0ZUUmQyZFZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9kNTRlODEtMzMxNy00MjgzLWI0NWYt
YzgxNzQzYjJjYWU2LzEvSklfSUZFVlpPTGd3eS1XSFpPbTJpenI2UElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9kNTRlODEtMzMxNy00MjgzLWI0NWYtYzgxNzQzYjJjYWU2
LzEvbTJmQUxlZjhqUkdoci1ldVlzV0ZUUmQyZFZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQgrMA0G
CSqGSIb3DQEBCwUAA4IBAQB4MMMmRuJk6TFLdlQ22MbRpYRP1AmC9NaW1I55Rdav
7tKWRBuQKhALaYWTrqGYRS83loXvc0h08fJroJ7jQY0AtsugHwn5DIHzcd+NFuhe
0pKe2NdU8OCoj+B25WnKMdKywLfNG8QOLp7siNzw3HNjLGJ4Hwn7ifU1hcEMxf8u
qIrPToReAtYXZlgEna3lsUDCcNRvALWjSMTEI5Ga5Zdt5xp2bnoqF1t0qOyTLD7i
yZUacz6H7Fmox2wf87Zt1a/h6mAw4ThY1A+pXDwDLWelz9JT8o7t9pBM9cOJj9XA
V4t3mPKVBxcMu3MpIW/no9DEciQEGUzRohIpBqd44bTi
-----END CERTIFICATE-----