Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/86ed5b-bcc1-4d03-95da-b99d4d00f831/1/JIt-cN-TJtL8VtT0aqf3mjQzYRE.roa
File:                     JIt-cN-TJtL8VtT0aqf3mjQzYRE.roa (raw, json)
Hash identifier:          rUyTWM4NtKXIeCNWMU8A/sKBiyF0x7SSDzOhB7THEmg=
Subject key identifier:   24:8B:7E:70:DF:93:26:D2:FC:56:D4:F4:6A:A7:F7:9A:34:33:61:11
Certificate issuer:       /CN=fac0f0da39a22a79f80c1f379b668b90f6d74708
Certificate serial:       018CC3B70D2BC7A997D4804F0227956B130D
Authority key identifier: FA:C0:F0:DA:39:A2:2A:79:F8:0C:1F:37:9B:66:8B:90:F6:D7:47:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-sDw2jmiKnn4DB83m2aLkPbXRwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/86ed5b-bcc1-4d03-95da-b99d4d00f831/1/JIt-cN-TJtL8VtT0aqf3mjQzYRE.roa
Signing time:             Mon 01 Jan 2024 06:30:02 +0000
ROA not before:           Mon 01 Jan 2024 06:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204272
IP address blocks:        185.108.208.0/22 maxlen: 22
                          2a05:4100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/86ed5b-bcc1-4d03-95da-b99d4d00f831/1/1-sDw2jmiKnn4DB83m2aLkPbXRwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/86ed5b-bcc1-4d03-95da-b99d4d00f831/1/1-sDw2jmiKnn4DB83m2aLkPbXRwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-sDw2jmiKnn4DB83m2aLkPbXRwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0d:2b:c7:a9:97:d4:80:4f:02:27:95:6b:13:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fac0f0da39a22a79f80c1f379b668b90f6d74708
        Validity
            Not Before: Jan  1 06:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=248b7e70df9326d2fc56d4f46aa7f79a34336111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:4f:39:c2:fa:33:a2:ca:36:d7:2a:9c:35:a5:
                    34:f8:02:da:b4:2a:50:97:e2:64:6a:89:74:db:3f:
                    db:0e:38:ab:ae:c7:36:ca:a0:19:46:db:37:8c:0d:
                    bb:44:71:24:d2:07:1b:f9:78:27:37:55:ec:89:0c:
                    3a:ef:77:8e:22:a3:4a:7d:9f:12:30:ad:1d:08:12:
                    7d:64:95:90:a7:66:30:84:dc:f0:96:6b:14:1a:87:
                    e2:dc:65:15:11:b0:bf:ff:31:e7:26:c8:f2:73:b7:
                    52:16:39:bb:6f:e7:29:79:df:aa:60:a1:2f:66:bf:
                    9f:f4:fd:90:3b:2d:d2:31:bd:22:db:89:70:91:da:
                    cb:7c:c9:63:b4:d6:34:17:92:6a:22:2d:f8:f7:41:
                    be:11:f1:e2:f3:8c:28:92:44:8a:62:77:08:09:28:
                    de:1e:20:ae:bf:dc:df:f7:29:4b:79:4d:ed:72:3e:
                    16:a7:c6:77:93:c7:0f:28:47:66:37:c2:57:f3:e8:
                    7f:be:32:2c:69:78:2c:78:1d:03:bd:18:30:d0:b4:
                    53:8b:28:3e:d6:05:b1:1b:bc:91:50:f7:28:4a:d2:
                    4e:1c:04:b2:66:12:bb:2f:46:41:df:c8:be:c4:57:
                    dc:cd:05:00:0d:a5:22:15:76:9d:0e:a9:11:c6:bc:
                    60:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8B:7E:70:DF:93:26:D2:FC:56:D4:F4:6A:A7:F7:9A:34:33:61:11
            X509v3 Authority Key Identifier:
                keyid:FA:C0:F0:DA:39:A2:2A:79:F8:0C:1F:37:9B:66:8B:90:F6:D7:47:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sDw2jmiKnn4DB83m2aLkPbXRwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/86ed5b-bcc1-4d03-95da-b99d4d00f831/1/JIt-cN-TJtL8VtT0aqf3mjQzYRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/86ed5b-bcc1-4d03-95da-b99d4d00f831/1/1-sDw2jmiKnn4DB83m2aLkPbXRwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.208.0/22
                IPv6:
                  2a05:4100::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:2d:53:01:35:48:f7:66:f8:f3:2a:fe:a1:27:ba:60:04:c5:
         88:8c:c5:d8:3f:ec:5b:fe:ee:d2:0b:18:5b:43:87:ee:42:6d:
         fc:80:af:47:98:68:bb:2a:d3:16:14:e3:2d:e9:11:c1:cf:68:
         d0:4b:af:5d:f1:6c:c6:c1:17:96:b5:74:80:94:a6:69:f3:e5:
         b7:08:89:8d:a8:c2:27:24:ea:0b:7e:4e:80:59:ed:21:d4:00:
         64:e6:81:e5:a4:9a:9b:bd:38:e0:26:9b:f5:a4:2a:70:b5:1c:
         57:71:ff:62:58:be:11:74:f4:ee:79:65:a9:f2:c7:c8:db:7a:
         6b:52:eb:c4:9f:97:2a:d5:a4:ae:e3:58:39:0c:e2:3d:5d:e1:
         30:7d:c1:93:02:bf:e4:f6:91:79:7a:ec:96:ee:5d:76:82:51:
         9d:22:53:e0:73:dc:f7:d3:b4:e0:d3:18:20:fe:52:60:49:ca:
         9c:a4:ec:b6:44:50:1b:31:73:05:fb:71:86:c3:67:7b:5b:ce:
         16:25:1f:8c:0a:c3:36:df:4a:84:21:57:e5:4e:32:74:f4:13:
         b6:ab:14:7d:76:d2:bd:ed:5b:81:90:5a:bb:37:45:6d:b3:e4:
         34:40:67:38:d4:97:34:82:da:d5:d2:83:fa:9c:98:83:38:55:
         fd:f6:74:e5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDtw0rx6mX1IBPAieVaxMNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhYzBmMGRhMzlhMjJhNzlmODBjMWYzNzliNjY4YjkwZjZk
NzQ3MDgwHhcNMjQwMTAxMDYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDhiN2U3MGRmOTMyNmQyZmM1NmQ0ZjQ2YWE3Zjc5YTM0MzM2MTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh085wvozoso21yqcNaU0+ALatCpQ
l+Jkaol02z/bDjirrsc2yqAZRts3jA27RHEk0gcb+XgnN1XsiQw673eOIqNKfZ8S
MK0dCBJ9ZJWQp2YwhNzwlmsUGofi3GUVEbC//zHnJsjyc7dSFjm7b+cped+qYKEv
Zr+f9P2QOy3SMb0i24lwkdrLfMljtNY0F5JqIi3490G+EfHi84wokkSKYncICSje
HiCuv9zf9ylLeU3tcj4Wp8Z3k8cPKEdmN8JX8+h/vjIsaXgseB0DvRgw0LRTiyg+
1gWxG7yRUPcoStJOHASyZhK7L0ZB38i+xFfczQUADaUiFXadDqkRxrxg1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCSLfnDfkybS/FbU9Gqn95o0M2ERMB8GA1UdIwQY
MBaAFPrA8No5oip5+AwfN5tmi5D210cIMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1zRHcyam1pS25uNERCODNtMmFMa1BiWFJ3Zy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODgvODZlZDViLWJjYzEtNGQwMy05NWRh
LWI5OWQ0ZDAwZjgzMS8xL0pJdC1jTi1USnRMOFZ0VDBhcWYzbWpRellSRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODgvODZlZDViLWJjYzEtNGQwMy05NWRhLWI5OWQ0ZDAwZjgz
MS8xLzEtc0R3MmptaUtubjREQjgzbTJhTGtQYlhSd2cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAK5bNAw
DQQCAAIwBwMFAyoFQQAwDQYJKoZIhvcNAQELBQADggEBAIEtUwE1SPdm+PMq/qEn
umAExYiMxdg/7Fv+7tILGFtDh+5CbfyAr0eYaLsq0xYU4y3pEcHPaNBLr13xbMbB
F5a1dICUpmnz5bcIiY2owick6gt+ToBZ7SHUAGTmgeWkmpu9OOAmm/WkKnC1HFdx
/2JYvhF09O55Zanyx8jbemtS68SflyrVpK7jWDkM4j1d4TB9wZMCv+T2kXl67Jbu
XXaCUZ0iU+Bz3PfTtODTGCD+UmBJypyk7LZEUBsxcwX7cYbDZ3tbzhYlH4wKwzbf
SoQhV+VOMnT0E7arFH120r3tW4GQWrs3RW2z5DRAZzjUlzSC2tXSg/qcmIM4Vf32
dOU=
-----END CERTIFICATE-----