Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/mjk_9mBIX2K41ASneFahi5WxQms.roa
File:                     mjk_9mBIX2K41ASneFahi5WxQms.roa (raw, json)
Hash identifier:          qL7nGWS3Awht9PmP0vDzSTXhKhc/jIpjX536PZtB9fQ=
Subject key identifier:   9A:39:3F:F6:60:48:5F:62:B8:D4:04:A7:78:56:A1:8B:95:B1:42:6B
Certificate issuer:       /CN=d408cf09b6ab005ba933b2a7a4a6d27ea6bb72ca
Certificate serial:       01941FFA73B4833B21E2F95E1A2E2FFFFE10
Authority key identifier: D4:08:CF:09:B6:AB:00:5B:A9:33:B2:A7:A4:A6:D2:7E:A6:BB:72:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1AjPCbarAFupM7KnpKbSfqa7cso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/mjk_9mBIX2K41ASneFahi5WxQms.roa
Signing time:             Wed 01 Jan 2025 03:48:14 +0000
ROA not before:           Wed 01 Jan 2025 03:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213066
IP address blocks:        193.163.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/1AjPCbarAFupM7KnpKbSfqa7cso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/1AjPCbarAFupM7KnpKbSfqa7cso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1AjPCbarAFupM7KnpKbSfqa7cso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:73:b4:83:3b:21:e2:f9:5e:1a:2e:2f:ff:fe:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d408cf09b6ab005ba933b2a7a4a6d27ea6bb72ca
        Validity
            Not Before: Jan  1 03:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a393ff660485f62b8d404a77856a18b95b1426b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:97:d8:c3:a5:4f:91:39:8f:4b:24:a7:30:43:
                    05:04:02:ea:c8:79:3d:ad:99:a0:cd:a6:6b:b6:14:
                    60:3b:44:19:bb:6e:e8:f4:76:53:9a:b1:ce:80:95:
                    ff:23:fc:94:4f:3c:0d:2b:2c:d8:4c:71:1a:eb:12:
                    45:07:3c:7c:34:6e:d3:b0:f9:dd:b9:9e:84:e6:00:
                    d5:82:d6:3a:58:c2:c9:22:63:52:21:57:5a:dd:14:
                    27:5e:63:88:cf:45:2d:86:77:7c:b4:f2:65:4a:1b:
                    1d:ee:c5:23:f4:d5:98:57:a5:8a:fb:38:bf:12:ca:
                    c2:ad:71:5d:06:54:dd:05:f7:2f:48:f2:db:2c:35:
                    ff:8a:2c:04:86:33:b6:43:65:c1:10:e9:68:27:7d:
                    da:77:9d:a3:67:21:c0:97:9e:5f:01:b1:ff:8a:84:
                    eb:4b:c3:03:08:f5:61:19:65:09:f6:37:d8:b9:00:
                    1a:f7:10:fc:b9:39:4e:b8:e0:91:2e:14:91:c6:56:
                    93:32:79:ad:f5:36:5c:e2:62:94:4e:15:26:82:e1:
                    6d:75:f8:d3:22:34:c2:69:1d:c2:4c:a8:7b:f5:2c:
                    04:70:49:0d:e2:a9:28:76:14:3a:50:4a:95:db:a5:
                    e5:d1:03:ef:3c:b4:1e:a2:98:42:ed:0b:c9:82:e7:
                    6b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:39:3F:F6:60:48:5F:62:B8:D4:04:A7:78:56:A1:8B:95:B1:42:6B
            X509v3 Authority Key Identifier:
                keyid:D4:08:CF:09:B6:AB:00:5B:A9:33:B2:A7:A4:A6:D2:7E:A6:BB:72:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1AjPCbarAFupM7KnpKbSfqa7cso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/mjk_9mBIX2K41ASneFahi5WxQms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/a6d124-04e6-4def-a16b-d652368299d5/1/1AjPCbarAFupM7KnpKbSfqa7cso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:35:e5:69:fd:c8:3a:aa:91:0a:7f:a0:d3:91:43:1e:21:5d:
         ab:ab:3f:25:cf:8e:a6:ed:a4:1d:c1:b6:87:5c:f2:a3:53:85:
         f6:1e:eb:d6:94:3d:03:fd:ae:9d:b4:c7:6f:68:aa:b9:2a:48:
         87:c8:4a:13:e3:b0:5f:35:1b:31:df:8d:ab:6c:b0:f9:02:a9:
         da:11:88:87:7e:bd:9c:6f:b1:76:65:5e:74:44:4f:de:24:69:
         c8:9f:7d:90:23:60:04:1a:57:9a:53:9e:03:81:29:ce:b2:22:
         95:58:8c:da:d9:ba:0b:97:92:d0:74:b5:13:aa:cf:06:0e:66:
         3d:b2:62:ed:be:84:4d:66:9e:9c:c5:68:c0:79:b2:63:6b:dc:
         00:8a:e0:8f:14:19:3e:61:63:14:62:a8:d9:d6:5f:d2:e2:d3:
         5d:f0:fb:23:cc:df:c3:aa:70:4e:28:48:11:77:5d:e0:cc:be:
         74:8c:0d:65:8b:6c:3f:1f:29:81:eb:b1:d8:ba:84:a7:41:ca:
         41:f7:45:db:e6:86:2a:01:70:11:4c:e7:83:c1:bb:d3:61:6f:
         b9:a7:6c:67:38:bf:c6:21:68:e7:70:d9:9f:e5:13:54:68:b4:
         a3:d7:33:9e:7d:0d:62:7c:10:44:c3:fd:1a:cd:83:20:84:23:
         20:cf:82:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+nO0gzsh4vleGi4v//4QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MDhjZjA5YjZhYjAwNWJhOTMzYjJhN2E0YTZkMjdlYTZi
YjcyY2EwHhcNMjUwMTAxMDM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTM5M2ZmNjYwNDg1ZjYyYjhkNDA0YTc3ODU2YTE4Yjk1YjE0MjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA55fYw6VPkTmPSySnMEMFBALqyHk9
rZmgzaZrthRgO0QZu27o9HZTmrHOgJX/I/yUTzwNKyzYTHEa6xJFBzx8NG7TsPnd
uZ6E5gDVgtY6WMLJImNSIVda3RQnXmOIz0Uthnd8tPJlShsd7sUj9NWYV6WK+zi/
EsrCrXFdBlTdBfcvSPLbLDX/iiwEhjO2Q2XBEOloJ33ad52jZyHAl55fAbH/ioTr
S8MDCPVhGWUJ9jfYuQAa9xD8uTlOuOCRLhSRxlaTMnmt9TZc4mKUThUmguFtdfjT
IjTCaR3CTKh79SwEcEkN4qkodhQ6UEqV26Xl0QPvPLQeophC7QvJgudrgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJo5P/ZgSF9iuNQEp3hWoYuVsUJrMB8GA1UdIwQY
MBaAFNQIzwm2qwBbqTOyp6Sm0n6mu3LKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUFqUENiYXJBRnVwTTdLbnBLYlNmcWE3Y3NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hNmQxMjQtMDRlNi00ZGVmLWExNmIt
ZDY1MjM2ODI5OWQ1LzEvbWprXzltQklYMks0MUFTbmVGYWhpNVd4UW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hNmQxMjQtMDRlNi00ZGVmLWExNmItZDY1MjM2ODI5OWQ1
LzEvMUFqUENiYXJBRnVwTTdLbnBLYlNmcWE3Y3NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaMBMA0G
CSqGSIb3DQEBCwUAA4IBAQDBNeVp/cg6qpEKf6DTkUMeIV2rqz8lz46m7aQdwbaH
XPKjU4X2HuvWlD0D/a6dtMdvaKq5KkiHyEoT47BfNRsx342rbLD5AqnaEYiHfr2c
b7F2ZV50RE/eJGnIn32QI2AEGleaU54DgSnOsiKVWIza2boLl5LQdLUTqs8GDmY9
smLtvoRNZp6cxWjAebJja9wAiuCPFBk+YWMUYqjZ1l/S4tNd8PsjzN/DqnBOKEgR
d13gzL50jA1li2w/HymB67HYuoSnQcpB90Xb5oYqAXARTOeDwbvTYW+5p2xnOL/G
IWjncNmf5RNUaLSj1zOefQ1ifBBEw/0azYMghCMgz4JJ
-----END CERTIFICATE-----