Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/pJHITWbw8YrM6oMSu7LNXrCYcv4.roa
File:                     pJHITWbw8YrM6oMSu7LNXrCYcv4.roa (raw, json)
Hash identifier:          RJCA/UUwtiJfSDEUPUO0OD/Qu8klWCx/OvkQqeQMDnc=
Subject key identifier:   A4:91:C8:4D:66:F0:F1:8A:CC:EA:83:12:BB:B2:CD:5E:B0:98:72:FE
Certificate issuer:       /CN=fc44297e9271c6edf064915f6180ae12690dda8b
Certificate serial:       018CC56E1B3B2F51D1C9AB9E15605A781E26
Authority key identifier: FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/pJHITWbw8YrM6oMSu7LNXrCYcv4.roa
Signing time:             Mon 01 Jan 2024 14:29:36 +0000
ROA not before:           Mon 01 Jan 2024 14:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134963
IP address blocks:        194.30.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1b:3b:2f:51:d1:c9:ab:9e:15:60:5a:78:1e:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc44297e9271c6edf064915f6180ae12690dda8b
        Validity
            Not Before: Jan  1 14:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a491c84d66f0f18accea8312bbb2cd5eb09872fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a6:0f:33:5a:b2:15:f2:db:29:e5:a2:c7:68:
                    18:b9:77:58:93:92:90:4d:eb:52:72:4b:b5:a6:fe:
                    82:7b:36:19:1c:27:c9:17:dc:4c:1d:0c:64:46:9f:
                    6f:77:f3:34:7d:56:85:0e:a2:e3:59:60:51:a6:c6:
                    6b:93:15:87:8c:64:c8:29:f5:87:25:8a:5d:97:d7:
                    c8:76:15:25:3f:85:07:11:50:44:39:3b:75:65:0c:
                    b1:07:ec:91:1e:d1:02:10:32:d9:10:e3:12:fa:f1:
                    07:e6:e8:dd:c3:f9:e7:24:c5:97:dd:a4:43:1a:d2:
                    ab:57:9b:ea:a9:70:0f:e5:2e:e0:ac:6b:62:31:7b:
                    f0:f8:a7:19:51:95:57:41:b4:a5:3a:ff:81:4e:a6:
                    0a:5c:46:b4:bc:be:0f:c5:49:a0:b8:6c:a5:65:bf:
                    b6:7e:68:fb:1c:6b:1b:f4:1b:75:e5:c4:32:cc:19:
                    c2:c4:3a:d0:e3:01:27:5f:c2:85:e1:f4:a7:6c:31:
                    55:0f:4e:91:31:d2:64:89:e2:68:f8:de:44:7f:3b:
                    51:98:17:a2:ae:db:50:c9:41:76:ab:f0:91:98:20:
                    80:15:a3:95:d1:84:0e:0d:9a:22:81:a1:44:9d:2a:
                    bf:76:01:c8:e0:5e:ca:1c:f3:ff:e4:ae:43:bc:3a:
                    b7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:91:C8:4D:66:F0:F1:8A:CC:EA:83:12:BB:B2:CD:5E:B0:98:72:FE
            X509v3 Authority Key Identifier:
                keyid:FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/pJHITWbw8YrM6oMSu7LNXrCYcv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.30.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:2f:6a:c7:a5:fc:b4:14:59:4f:ad:9c:61:d9:2d:34:04:c6:
         9e:8c:08:53:cf:1a:8b:08:38:6a:36:10:9b:c7:08:97:88:a9:
         13:05:c9:11:f9:15:fd:87:d4:dc:d6:ac:3a:f4:c9:c3:07:77:
         81:1c:67:3d:a9:3f:9c:a6:93:16:f6:ed:90:f9:76:84:d4:a4:
         b3:7b:1b:f1:1c:39:52:77:78:d1:d3:d3:3d:af:ff:6a:8c:98:
         54:7f:91:2d:52:d7:a1:b2:b3:e6:96:02:26:10:b8:56:7b:9b:
         01:54:cc:c1:14:f3:5d:2f:f9:d3:9e:33:53:97:4b:fc:ce:fc:
         cc:d3:4a:bd:a5:d5:54:39:7e:ed:78:12:9d:3a:26:13:22:6c:
         c7:fe:c8:d2:f8:4a:04:03:e7:b6:46:ea:7b:3d:28:ce:b7:e1:
         eb:25:94:69:f0:7e:5c:28:ad:00:43:7c:2e:08:d1:51:cf:78:
         03:7a:e7:ab:26:2e:3a:6b:26:2b:b7:6a:69:23:9b:63:38:b3:
         2a:13:34:a1:13:81:17:56:29:68:f2:35:4b:0d:2e:af:2c:14:
         60:89:62:b4:21:31:d7:60:fe:86:cf:2d:bc:6c:b2:6d:5a:de:
         7a:b9:50:3c:c7:f3:08:ef:7a:35:98:17:7c:95:6f:9b:2d:e8:
         11:34:49:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhs7L1HRyaueFWBaeB4mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNDQyOTdlOTI3MWM2ZWRmMDY0OTE1ZjYxODBhZTEyNjkw
ZGRhOGIwHhcNMjQwMTAxMTQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDkxYzg0ZDY2ZjBmMThhY2NlYTgzMTJiYmIyY2Q1ZWIwOTg3MmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKYPM1qyFfLbKeWix2gYuXdYk5KQ
TetScku1pv6CezYZHCfJF9xMHQxkRp9vd/M0fVaFDqLjWWBRpsZrkxWHjGTIKfWH
JYpdl9fIdhUlP4UHEVBEOTt1ZQyxB+yRHtECEDLZEOMS+vEH5ujdw/nnJMWX3aRD
GtKrV5vqqXAP5S7grGtiMXvw+KcZUZVXQbSlOv+BTqYKXEa0vL4PxUmguGylZb+2
fmj7HGsb9Bt15cQyzBnCxDrQ4wEnX8KF4fSnbDFVD06RMdJkieJo+N5EfztRmBei
rttQyUF2q/CRmCCAFaOV0YQODZoigaFEnSq/dgHI4F7KHPP/5K5DvDq3IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSRyE1m8PGKzOqDEruyzV6wmHL+MB8GA1UdIwQY
MBaAFPxEKX6Sccbt8GSRX2GArhJpDdqLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUt
YWUwN2YzMmU0MTAyLzEvcEpISVRXYnc4WXJNNm9NU3U3TE5YckNZY3Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUtYWUwN2YzMmU0MTAy
LzEvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh6OMA0G
CSqGSIb3DQEBCwUAA4IBAQAPL2rHpfy0FFlPrZxh2S00BMaejAhTzxqLCDhqNhCb
xwiXiKkTBckR+RX9h9Tc1qw69MnDB3eBHGc9qT+cppMW9u2Q+XaE1KSzexvxHDlS
d3jR09M9r/9qjJhUf5EtUtehsrPmlgImELhWe5sBVMzBFPNdL/nTnjNTl0v8zvzM
00q9pdVUOX7teBKdOiYTImzH/sjS+EoEA+e2Rup7PSjOt+HrJZRp8H5cKK0AQ3wu
CNFRz3gDeuerJi46ayYrt2ppI5tjOLMqEzShE4EXVilo8jVLDS6vLBRgiWK0ITHX
YP6Gzy28bLJtWt56uVA8x/MI73o1mBd8lW+bLegRNEkc
-----END CERTIFICATE-----