Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/1-JNlJinjq7kuel35O_T8kUcWQBw.roa
File:                     1-JNlJinjq7kuel35O_T8kUcWQBw.roa (raw, json)
Hash identifier:          1A2mPTXvGu8ShjNKjNG8ljmXuNzR5l5s2QNyKormBf0=
Subject key identifier:   F8:93:65:26:29:E3:AB:B9:2E:7A:5D:F9:3B:F4:FC:91:47:16:40:1C
Certificate issuer:       /CN=924a97d912d71f80fd36b73efc0fc7969762f337
Certificate serial:       019422FBEEB1DD70D0B1BBCDB6DF9681F957
Authority key identifier: 92:4A:97:D9:12:D7:1F:80:FD:36:B7:3E:FC:0F:C7:96:97:62:F3:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/1-JNlJinjq7kuel35O_T8kUcWQBw.roa
Signing time:             Wed 01 Jan 2025 17:48:43 +0000
ROA not before:           Wed 01 Jan 2025 17:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8455
IP address blocks:        217.194.18.0/24 maxlen: 24
                          217.194.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 23:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ee:b1:dd:70:d0:b1:bb:cd:b6:df:96:81:f9:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=924a97d912d71f80fd36b73efc0fc7969762f337
        Validity
            Not Before: Jan  1 17:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f893652629e3abb92e7a5df93bf4fc914716401c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:71:ae:33:4b:5e:b7:04:c4:69:42:26:91:7f:
                    73:ca:bf:87:1e:a7:80:2c:f0:a6:78:79:3c:8b:a0:
                    8b:c8:39:36:4d:c5:54:d1:ae:76:03:87:90:82:21:
                    c2:38:a9:0c:07:e6:17:91:3e:cf:5a:3c:fa:b7:5d:
                    8a:7d:df:87:0d:96:fb:1c:fb:88:5e:41:ae:ff:ec:
                    06:da:7c:e5:e6:c1:37:02:b4:5f:ec:94:44:83:e6:
                    4a:b4:fe:a8:cf:14:f0:e8:80:5b:87:7e:91:70:21:
                    77:93:da:14:ae:dd:8e:d3:f4:e4:02:3a:f9:f3:fd:
                    a1:57:98:9f:3d:eb:c1:4c:e9:cd:67:9f:84:7c:9c:
                    e3:72:67:47:3a:98:6a:1e:bd:d7:a9:d2:65:c4:67:
                    a6:51:2b:9a:f1:cb:38:97:4b:d2:fc:a0:88:eb:29:
                    66:e2:8b:57:55:dd:54:25:c8:14:f2:1d:7f:91:53:
                    a8:73:0b:86:f9:a6:5d:18:b0:d8:57:aa:2f:37:f9:
                    8e:e3:68:b7:78:98:f4:0b:20:6b:78:61:30:a3:64:
                    39:65:f6:6e:69:1d:e3:1e:04:66:dc:dd:5c:15:4b:
                    7c:f4:76:68:fc:4e:dc:66:a8:6f:0f:dc:0e:71:28:
                    8c:c2:6d:15:42:68:2a:ab:64:6d:c6:a6:89:b2:8a:
                    b6:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:93:65:26:29:E3:AB:B9:2E:7A:5D:F9:3B:F4:FC:91:47:16:40:1C
            X509v3 Authority Key Identifier:
                keyid:92:4A:97:D9:12:D7:1F:80:FD:36:B7:3E:FC:0F:C7:96:97:62:F3:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/1-JNlJinjq7kuel35O_T8kUcWQBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ad3586-a028-4746-b3da-814856e1b1f4/1/kkqX2RLXH4D9Nrc-_A_Hlpdi8zc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.194.18.0/24
                  217.194.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:38:f8:6d:17:d6:dd:2a:bc:4e:0b:73:02:9e:42:be:92:a6:
         84:c7:88:38:d0:e2:0a:11:ea:75:07:c5:4a:ea:90:2e:7b:5c:
         66:ed:69:82:e6:ea:fb:07:14:81:89:f7:4e:2a:a3:48:87:46:
         aa:48:5c:7f:bd:b0:4d:87:8b:dd:58:45:54:8d:f5:37:62:38:
         79:68:38:15:4e:0e:d1:2c:51:13:4f:94:86:75:3d:d8:f4:52:
         35:29:b1:36:4f:a6:83:be:6d:3f:07:00:80:62:3b:bc:a9:7a:
         52:e2:86:1c:b6:c5:c7:22:74:b7:2b:ec:57:cf:34:88:8a:5d:
         fc:e4:a2:38:fb:74:f3:4c:6e:f7:53:f2:a0:12:2e:f8:41:70:
         58:a5:82:21:e7:a1:80:0f:73:64:33:c4:cb:54:ab:77:08:32:
         27:79:6a:ef:fc:da:ce:36:c6:e7:d2:44:1a:26:a5:bc:1b:7d:
         af:8a:5b:02:5e:0d:0f:c9:53:59:d2:37:7e:af:85:40:74:82:
         64:4e:f1:4a:59:37:41:1b:f1:55:c4:35:25:c7:5b:b1:2e:18:
         10:b9:d3:20:b1:cb:b9:c3:ad:d7:0b:6c:b6:11:7c:47:0e:77:
         0d:47:c3:24:fb:8b:83:34:03:8c:81:77:3b:39:b1:d8:1b:0b:
         f0:ba:11:9b
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQi++6x3XDQsbvNtt+WgflXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNGE5N2Q5MTJkNzFmODBmZDM2YjczZWZjMGZjNzk2OTc2
MmYzMzcwHhcNMjUwMTAxMTc0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODkzNjUyNjI5ZTNhYmI5MmU3YTVkZjkzYmY0ZmM5MTQ3MTY0MDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03GuM0tetwTEaUImkX9zyr+HHqeA
LPCmeHk8i6CLyDk2TcVU0a52A4eQgiHCOKkMB+YXkT7PWjz6t12Kfd+HDZb7HPuI
XkGu/+wG2nzl5sE3ArRf7JREg+ZKtP6ozxTw6IBbh36RcCF3k9oUrt2O0/TkAjr5
8/2hV5ifPevBTOnNZ5+EfJzjcmdHOphqHr3XqdJlxGemUSua8cs4l0vS/KCI6ylm
4otXVd1UJcgU8h1/kVOocwuG+aZdGLDYV6ovN/mO42i3eJj0CyBreGEwo2Q5ZfZu
aR3jHgRm3N1cFUt89HZo/E7cZqhvD9wOcSiMwm0VQmgqq2RtxqaJsoq2zQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPiTZSYp46u5Lnpd+Tv0/JFHFkAcMB8GA1UdIwQY
MBaAFJJKl9kS1x+A/Ta3PvwPx5aXYvM3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2txWDJSTFhINEQ5TnJjLV9BX0hscGRpOHpjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9hZDM1ODYtYTAyOC00NzQ2LWIzZGEt
ODE0ODU2ZTFiMWY0LzEvMS1KTmxKaW5qcTdrdWVsMzVPX1Q4a1VjV1FCdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTAvYWQzNTg2LWEwMjgtNDc0Ni1iM2RhLTgxNDg1NmUxYjFm
NC8xL2trcVgyUkxYSDREOU5yYy1fQV9IbHBkaTh6Yy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEANnCEgME
ANnCFTANBgkqhkiG9w0BAQsFAAOCAQEArTj4bRfW3Sq8TgtzAp5CvpKmhMeIONDi
ChHqdQfFSuqQLntcZu1pgubq+wcUgYn3TiqjSIdGqkhcf72wTYeL3VhFVI31N2I4
eWg4FU4O0SxRE0+UhnU92PRSNSmxNk+mg75tPwcAgGI7vKl6UuKGHLbFxyJ0tyvs
V880iIpd/OSiOPt080xu91PyoBIu+EFwWKWCIeehgA9zZDPEy1SrdwgyJ3lq7/za
zjbG59JEGialvBt9r4pbAl4ND8lTWdI3fq+FQHSCZE7xSlk3QRvxVcQ1JcdbsS4Y
ELnTILHLucOt1wtsthF8Rw53DUfDJPuLgzQDjIF3Ozmx2BsL8LoRmw==
-----END CERTIFICATE-----