Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/jXxdkMidg44E3E_KP_hKnZMuHZ4.roa
File:                     jXxdkMidg44E3E_KP_hKnZMuHZ4.roa (raw, json)
Hash identifier:          8ZvHHdbC/7dvZNloRgtLCWLhsGpybzDuh3zUCrAuSxc=
Subject key identifier:   8D:7C:5D:90:C8:9D:83:8E:04:DC:4F:CA:3F:F8:4A:9D:93:2E:1D:9E
Certificate issuer:       /CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
Certificate serial:       018CC2DAC79BF48FDE3E50F0C46A21F3F89C
Authority key identifier: 20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/jXxdkMidg44E3E_KP_hKnZMuHZ4.roa
Signing time:             Mon 01 Jan 2024 02:29:26 +0000
ROA not before:           Mon 01 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197766
IP address blocks:        185.226.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c7:9b:f4:8f:de:3e:50:f0:c4:6a:21:f3:f8:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
        Validity
            Not Before: Jan  1 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d7c5d90c89d838e04dc4fca3ff84a9d932e1d9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:8d:28:73:84:f3:17:6a:32:0a:73:95:70:9d:
                    fc:82:87:e0:fe:0d:6d:2d:ba:c5:2d:95:54:b9:7c:
                    7d:fb:e3:18:bc:df:29:6a:ec:e5:2c:f7:26:b5:84:
                    1f:a9:f9:05:fd:27:36:cf:44:62:74:29:0e:10:d6:
                    e9:00:e9:c8:bb:5d:18:ed:87:02:cd:7b:c4:7b:1d:
                    45:72:8d:df:17:96:be:20:97:c9:31:dd:e9:78:e7:
                    e0:69:e7:ef:03:6b:0e:5b:de:2b:1e:ec:f2:28:4f:
                    7f:bf:d6:b9:a1:57:76:ae:57:08:3d:95:db:cc:47:
                    2c:74:82:9b:3d:a8:ca:a1:36:80:99:1c:73:21:8b:
                    ab:48:1c:90:1c:5a:d3:7d:3f:54:84:07:b8:d6:c7:
                    4c:50:fb:c5:1c:2c:5d:f0:ff:a6:04:b1:a2:d4:94:
                    b5:85:62:e8:e9:cd:98:48:dc:17:c6:7b:99:aa:c9:
                    92:46:f7:b0:b5:44:0f:e2:75:45:87:7b:60:9a:52:
                    fc:b0:dc:7a:92:0a:62:1c:99:96:6d:0a:95:40:93:
                    c9:5a:e9:82:6f:d5:4c:2d:5f:de:4b:57:fe:26:4f:
                    af:c4:e8:7e:15:3a:54:12:09:15:1f:93:bc:25:87:
                    bf:0b:4e:83:b8:36:b1:00:3c:b1:ee:77:db:e7:49:
                    f1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:7C:5D:90:C8:9D:83:8E:04:DC:4F:CA:3F:F8:4A:9D:93:2E:1D:9E
            X509v3 Authority Key Identifier:
                keyid:20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/jXxdkMidg44E3E_KP_hKnZMuHZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:8d:87:73:04:79:a2:76:bd:ac:b1:d9:1c:e8:0f:54:9f:70:
         7b:ab:43:22:ed:9a:08:5b:32:83:b6:b3:0e:5d:22:7c:7d:e0:
         77:73:f7:f2:e2:17:b1:eb:4a:35:8d:45:2e:1a:8c:6f:10:07:
         07:2e:89:e8:f4:77:cc:86:1b:82:4d:2a:3f:c0:fb:fc:00:05:
         b3:9c:d0:ae:f6:50:e7:9e:61:1a:b3:a4:a2:f8:7a:12:26:fd:
         9b:d8:a1:72:a3:08:ff:5f:bc:23:ec:f9:86:e6:61:08:84:dc:
         32:f3:e8:dd:16:58:94:8f:c6:8b:f4:c5:e6:31:dc:f6:ac:ae:
         fe:92:80:79:e1:d0:24:76:86:4d:74:dc:e5:34:ed:d8:52:e9:
         93:1f:97:75:2f:c5:ae:4a:e7:19:67:bd:a3:ad:08:b3:13:2c:
         e5:f6:47:ab:39:4b:0e:c8:f4:54:e0:2b:ed:ee:66:38:0d:64:
         d4:8e:fb:15:24:9a:63:f0:e7:a2:f3:e8:34:55:52:27:37:f2:
         34:ac:a8:ff:e1:75:3a:26:4b:d8:f4:b0:3c:a2:18:6b:da:7c:
         2b:1e:2c:94:ee:a4:7f:d5:41:5a:a8:ab:90:e0:13:f3:90:35:
         94:b2:0f:62:81:67:57:f0:70:78:ed:7b:22:08:47:a5:19:6f:
         b0:0d:9c:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2seb9I/ePlDwxGoh8/icMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjYzODEwN2FiYjg0YWU2ZmIwM2NjMWRiMmNmZDFiYzQ0
ODdmOGQwHhcNMjQwMTAxMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDdjNWQ5MGM4OWQ4MzhlMDRkYzRmY2EzZmY4NGE5ZDkzMmUxZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg40oc4TzF2oyCnOVcJ38gofg/g1t
LbrFLZVUuXx9++MYvN8pauzlLPcmtYQfqfkF/Sc2z0RidCkOENbpAOnIu10Y7YcC
zXvEex1Fco3fF5a+IJfJMd3peOfgaefvA2sOW94rHuzyKE9/v9a5oVd2rlcIPZXb
zEcsdIKbPajKoTaAmRxzIYurSByQHFrTfT9UhAe41sdMUPvFHCxd8P+mBLGi1JS1
hWLo6c2YSNwXxnuZqsmSRvewtUQP4nVFh3tgmlL8sNx6kgpiHJmWbQqVQJPJWumC
b9VMLV/eS1f+Jk+vxOh+FTpUEgkVH5O8JYe/C06DuDaxADyx7nfb50nxKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI18XZDInYOOBNxPyj/4Sp2TLh2eMB8GA1UdIwQY
MBaAFCD2OBB6u4Sub7A8wdss/RvESH+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQt
YTgyODM2ZGUwNWZjLzEvalh4ZGtNaWRnNDRFM0VfS1BfaEtuWk11SFo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQtYTgyODM2ZGUwNWZj
LzEvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueJiMA0G
CSqGSIb3DQEBCwUAA4IBAQCyjYdzBHmidr2ssdkc6A9Un3B7q0Mi7ZoIWzKDtrMO
XSJ8feB3c/fy4hex60o1jUUuGoxvEAcHLono9HfMhhuCTSo/wPv8AAWznNCu9lDn
nmEas6Si+HoSJv2b2KFyowj/X7wj7PmG5mEIhNwy8+jdFliUj8aL9MXmMdz2rK7+
koB54dAkdoZNdNzlNO3YUumTH5d1L8WuSucZZ72jrQizEyzl9kerOUsOyPRU4Cvt
7mY4DWTUjvsVJJpj8Oei8+g0VVInN/I0rKj/4XU6JkvY9LA8ohhr2nwrHiyU7qR/
1UFaqKuQ4BPzkDWUsg9igWdX8HB47XsiCEelGW+wDZy6
-----END CERTIFICATE-----