Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/jDFCxnkLzS4FMFKisncoKIYKliw.roa
File:                     jDFCxnkLzS4FMFKisncoKIYKliw.roa (raw, json)
Hash identifier:          hs9Ep3SwMRgsMB3vq1Cmd1Wk8EAzo0RFuiqoaA6PdBU=
Subject key identifier:   8C:31:42:C6:79:0B:CD:2E:05:30:52:A2:B2:77:28:28:86:0A:96:2C
Certificate issuer:       /CN=9af9d0d4befda09e999eabd0c8724e217364de10
Certificate serial:       018CC3488D81B507AD3453274DD90F2D96FE
Authority key identifier: 9A:F9:D0:D4:BE:FD:A0:9E:99:9E:AB:D0:C8:72:4E:21:73:64:DE:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/jDFCxnkLzS4FMFKisncoKIYKliw.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13238
IP address blocks:        199.36.240.0/22 maxlen: 22
                          100.43.64.0/19 maxlen: 19
                          199.21.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8d:81:b5:07:ad:34:53:27:4d:d9:0f:2d:96:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9af9d0d4befda09e999eabd0c8724e217364de10
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c3142c6790bcd2e053052a2b2772828860a962c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7e:79:b9:74:2a:fb:bc:85:54:1c:4e:4e:8d:
                    6f:67:f0:8e:3c:3e:eb:86:a2:54:e2:25:4b:df:69:
                    f5:f4:0e:7f:3c:6c:8a:27:9e:5e:50:db:c6:13:48:
                    c8:3a:55:a3:ed:99:d3:20:b3:78:78:db:b8:9e:b7:
                    6c:7b:ef:88:b0:c6:6a:62:90:3d:18:6c:19:db:09:
                    ef:66:52:ff:f2:dc:92:05:65:e0:13:01:1e:04:d0:
                    e2:29:1e:35:b6:6a:3f:f8:2d:c9:04:03:51:2a:4a:
                    35:0c:69:c9:e3:47:85:11:2f:30:ad:14:da:50:34:
                    09:b7:55:bf:56:ca:74:b0:e7:80:35:90:87:66:a4:
                    0e:06:64:34:e9:28:38:87:28:38:10:b4:13:65:df:
                    7a:3e:6a:f8:d8:1a:3b:4d:c0:a6:d8:52:06:2c:47:
                    60:fb:9e:5b:fc:3a:20:aa:e1:b0:d4:2b:4a:d4:6f:
                    24:48:b2:65:34:8e:ba:9e:a2:42:d8:92:d4:4e:cb:
                    13:d4:c7:96:bb:a5:fb:99:d7:34:ac:40:bc:b1:b4:
                    7d:3d:c2:03:cf:b7:a2:b0:25:c5:57:eb:50:15:28:
                    36:7f:14:73:30:10:1e:f5:65:a5:10:8c:65:1b:66:
                    df:07:9e:4d:f0:c6:18:11:73:14:f0:b8:50:b5:17:
                    aa:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:31:42:C6:79:0B:CD:2E:05:30:52:A2:B2:77:28:28:86:0A:96:2C
            X509v3 Authority Key Identifier:
                keyid:9A:F9:D0:D4:BE:FD:A0:9E:99:9E:AB:D0:C8:72:4E:21:73:64:DE:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/jDFCxnkLzS4FMFKisncoKIYKliw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  100.43.64.0/19
                  199.21.96.0/22
                  199.36.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:2c:aa:d5:21:04:11:cb:22:50:68:ce:50:b9:df:92:23:cb:
         29:f8:df:73:b0:1a:e5:d2:24:0b:14:da:6a:69:c2:50:5a:37:
         50:70:87:2e:be:d4:28:93:c7:20:fb:c8:92:64:f4:6a:9c:95:
         c4:5f:9a:1e:fe:00:38:f5:72:06:1c:f1:ff:1a:51:1b:ff:35:
         7c:48:02:aa:aa:14:11:d2:01:74:f4:0f:36:82:d1:89:22:95:
         b8:2c:94:b3:85:aa:7e:f9:e7:6a:90:48:72:5e:5f:67:08:84:
         d6:dc:8e:fa:3f:51:e7:15:0c:71:19:04:65:d0:1a:6f:27:cd:
         73:e2:76:54:02:a9:33:67:ef:d5:03:cb:44:a4:8d:9f:01:ff:
         82:cc:6e:6c:83:2a:f6:eb:8d:c4:27:ba:ec:f4:10:32:10:b4:
         93:df:f3:32:4f:14:e3:bf:71:26:df:ec:c2:8a:a2:7c:63:72:
         22:98:ec:e3:0b:cb:68:f6:e9:2e:d2:bd:4b:fc:77:8a:f7:0f:
         ef:13:6b:8e:9f:2d:05:2f:fa:83:52:b4:45:ca:a4:bf:d6:e9:
         6f:c0:8c:35:77:b8:f7:be:be:fe:a9:6d:98:fc:5a:d0:19:60:
         6a:c0:6f:18:f7:bb:1b:3d:32:22:a5:5b:54:b5:e5:c4:e4:99:
         ec:8c:e5:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSI2BtQetNFMnTdkPLZb+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZjlkMGQ0YmVmZGEwOWU5OTllYWJkMGM4NzI0ZTIxNzM2
NGRlMTAwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzMxNDJjNjc5MGJjZDJlMDUzMDUyYTJiMjc3MjgyODg2MGE5NjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtn55uXQq+7yFVBxOTo1vZ/COPD7r
hqJU4iVL32n19A5/PGyKJ55eUNvGE0jIOlWj7ZnTILN4eNu4nrdse++IsMZqYpA9
GGwZ2wnvZlL/8tySBWXgEwEeBNDiKR41tmo/+C3JBANRKko1DGnJ40eFES8wrRTa
UDQJt1W/Vsp0sOeANZCHZqQOBmQ06Sg4hyg4ELQTZd96Pmr42Bo7TcCm2FIGLEdg
+55b/DogquGw1CtK1G8kSLJlNI66nqJC2JLUTssT1MeWu6X7mdc0rEC8sbR9PcID
z7eisCXFV+tQFSg2fxRzMBAe9WWlEIxlG2bfB55N8MYYEXMU8LhQtReqtwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIwxQsZ5C80uBTBSorJ3KCiGCpYsMB8GA1UdIwQY
MBaAFJr50NS+/aCemZ6r0MhyTiFzZN4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXZuUTFMNzlvSjZabnF2UXlISk9JWE5rM2hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wMWQ5ZmUtZTE0YS00MGE0LTg0NTgt
MjY3MDFiMTYyZmMzLzEvakRGQ3hua0x6UzRGTUZLaXNuY29LSVlLbGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wMWQ5ZmUtZTE0YS00MGE0LTg0NTgtMjY3MDFiMTYyZmMz
LzEvbXZuUTFMNzlvSjZabnF2UXlISk9JWE5rM2hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFZCtAAwQC
xxVgAwQCxyTwMA0GCSqGSIb3DQEBCwUAA4IBAQAeLKrVIQQRyyJQaM5Qud+SI8sp
+N9zsBrl0iQLFNpqacJQWjdQcIcuvtQok8cg+8iSZPRqnJXEX5oe/gA49XIGHPH/
GlEb/zV8SAKqqhQR0gF09A82gtGJIpW4LJSzhap++edqkEhyXl9nCITW3I76P1Hn
FQxxGQRl0BpvJ81z4nZUAqkzZ+/VA8tEpI2fAf+CzG5sgyr2643EJ7rs9BAyELST
3/MyTxTjv3Em3+zCiqJ8Y3IimOzjC8to9uku0r1L/HeK9w/vE2uOny0FL/qDUrRF
yqS/1ulvwIw1d7j3vr7+qW2Y/FrQGWBqwG8Y97sbPTIipVtUteXE5JnsjOVb
-----END CERTIFICATE-----