Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/2jsofi11deGPk4FrcXEFO0xbWyg.roa
File:                     2jsofi11deGPk4FrcXEFO0xbWyg.roa (raw, json)
Hash identifier:          kYqa1MK/pqDhpyUu064W34nB3DyUd32knSHUgPLYfcY=
Subject key identifier:   DA:3B:28:7E:2D:75:75:E1:8F:93:81:6B:71:71:05:3B:4C:5B:5B:28
Certificate issuer:       /CN=50980fb6ade858f2652e736993126c85759f06d9
Certificate serial:       018CC727263160373DDF9FBAEA13A4D51D4C
Authority key identifier: 50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/2jsofi11deGPk4FrcXEFO0xbWyg.roa
Signing time:             Mon 01 Jan 2024 22:31:20 +0000
ROA not before:           Mon 01 Jan 2024 22:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        84.22.148.0/23 maxlen: 23
                          84.22.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:26:31:60:37:3d:df:9f:ba:ea:13:a4:d5:1d:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50980fb6ade858f2652e736993126c85759f06d9
        Validity
            Not Before: Jan  1 22:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da3b287e2d7575e18f93816b7171053b4c5b5b28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ee:be:32:85:4a:1a:8d:a7:b0:d9:67:42:2d:
                    ae:8e:92:84:33:53:69:a0:a3:41:dc:dc:da:cf:d7:
                    47:90:f5:0b:ed:d3:58:bb:1e:05:1b:53:94:30:0d:
                    fc:d0:0b:2d:b7:b0:c1:55:e5:73:bc:ae:bc:53:77:
                    b8:24:41:6f:50:a9:3f:3e:94:72:8f:30:01:94:03:
                    72:14:ab:cb:cd:f5:56:26:20:72:ea:1a:fa:9e:e8:
                    da:15:2d:75:7a:eb:de:c5:7e:23:b4:e5:a5:18:3c:
                    bc:81:79:2b:25:0f:76:6d:0a:df:28:8f:91:40:47:
                    ce:a6:31:60:70:d7:51:41:e5:72:33:67:a5:7e:1b:
                    6c:bc:2e:f1:b9:73:69:a0:e3:e3:48:3a:34:ff:4a:
                    03:bf:4c:5f:f7:00:d3:8c:8c:2b:05:4c:d5:fa:a3:
                    60:5d:c5:ee:67:3c:73:ad:83:a6:3e:d2:42:17:b0:
                    26:cc:2d:66:81:15:43:c5:0d:84:21:a0:62:1c:55:
                    77:d3:b5:8c:6f:30:fc:f4:58:9c:b9:4f:7e:34:77:
                    b8:01:d5:ab:4d:b4:57:1b:e6:a1:f6:ac:14:90:0a:
                    d4:18:a6:22:f5:7a:50:48:92:fd:6d:6a:92:b9:ac:
                    93:39:65:6c:67:09:c3:86:89:6b:00:bd:46:f5:4b:
                    99:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:3B:28:7E:2D:75:75:E1:8F:93:81:6B:71:71:05:3B:4C:5B:5B:28
            X509v3 Authority Key Identifier:
                keyid:50:98:0F:B6:AD:E8:58:F2:65:2E:73:69:93:12:6C:85:75:9F:06:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJgPtq3oWPJlLnNpkxJshXWfBtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/2jsofi11deGPk4FrcXEFO0xbWyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/3c7af6-f466-4d87-b9f1-cca79a69820a/1/UJgPtq3oWPJlLnNpkxJshXWfBtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.22.148.0-84.22.150.255

    Signature Algorithm: sha256WithRSAEncryption
         0e:cc:48:cf:21:bc:4c:d4:62:b3:59:d9:08:56:4d:79:43:0b:
         fa:01:f5:f7:9b:aa:de:0b:57:b2:e5:24:15:11:11:63:cb:98:
         da:89:06:b7:e0:9c:69:5c:be:72:b7:c3:c5:2f:45:f9:89:4e:
         9f:d1:cb:bb:57:be:8e:7a:96:48:8f:55:6e:2f:d5:b0:67:a4:
         4c:45:f0:6d:58:84:14:b7:9d:b5:02:ff:bf:67:96:36:7b:7d:
         0a:44:7a:ab:7d:13:09:c0:75:35:7d:07:17:e1:e6:09:5c:fb:
         64:2b:70:b7:8e:52:4b:3c:3d:19:17:8d:11:a7:f6:f5:a2:31:
         5b:5e:c5:49:dd:2f:69:e3:c2:2d:da:95:c0:ed:fc:55:85:50:
         3f:8c:af:ba:80:e2:54:41:bf:81:20:22:1f:3f:7a:e8:3d:36:
         46:51:05:7a:bf:12:ef:97:0d:3a:14:67:ef:37:59:27:b7:26:
         91:a8:55:f7:24:ba:e9:a8:d0:a9:d8:fd:48:9d:d6:97:ed:77:
         26:78:6f:64:22:61:da:99:46:61:ef:3f:c3:7a:25:35:d4:63:
         cf:80:64:e1:2e:09:eb:9c:30:a9:49:c9:28:b2:e7:9f:b3:92:
         cd:c1:73:4a:5b:07:a6:78:fb:25:5b:61:64:6f:d3:82:37:e8:
         d0:25:4b:1d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHJyYxYDc935+66hOk1R1MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOTgwZmI2YWRlODU4ZjI2NTJlNzM2OTkzMTI2Yzg1NzU5
ZjA2ZDkwHhcNMjQwMTAxMjIzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTNiMjg3ZTJkNzU3NWUxOGY5MzgxNmI3MTcxMDUzYjRjNWI1YjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAru6+MoVKGo2nsNlnQi2ujpKEM1Np
oKNB3Nzaz9dHkPUL7dNYux4FG1OUMA380Astt7DBVeVzvK68U3e4JEFvUKk/PpRy
jzABlANyFKvLzfVWJiBy6hr6nujaFS11euvexX4jtOWlGDy8gXkrJQ92bQrfKI+R
QEfOpjFgcNdRQeVyM2elfhtsvC7xuXNpoOPjSDo0/0oDv0xf9wDTjIwrBUzV+qNg
XcXuZzxzrYOmPtJCF7AmzC1mgRVDxQ2EIaBiHFV307WMbzD89FicuU9+NHe4AdWr
TbRXG+ah9qwUkArUGKYi9XpQSJL9bWqSuayTOWVsZwnDholrAL1G9UuZQQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNo7KH4tdXXhj5OBa3FxBTtMW1soMB8GA1UdIwQY
MBaAFFCYD7at6FjyZS5zaZMSbIV1nwbZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEt
Y2NhNzlhNjk4MjBhLzEvMmpzb2ZpMTFkZUdQazRGcmNYRUZPMHhiV3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8zYzdhZjYtZjQ2Ni00ZDg3LWI5ZjEtY2NhNzlhNjk4MjBh
LzEvVUpnUHRxM29XUEpsTG5OcGt4SnNoWFdmQnRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJUFpQD
BABUFpYwDQYJKoZIhvcNAQELBQADggEBAA7MSM8hvEzUYrNZ2QhWTXlDC/oB9feb
qt4LV7LlJBUREWPLmNqJBrfgnGlcvnK3w8UvRfmJTp/Ry7tXvo56lkiPVW4v1bBn
pExF8G1YhBS3nbUC/79nljZ7fQpEeqt9EwnAdTV9Bxfh5glc+2QrcLeOUks8PRkX
jRGn9vWiMVtexUndL2njwi3alcDt/FWFUD+Mr7qA4lRBv4EgIh8/eug9NkZRBXq/
Eu+XDToUZ+83WSe3JpGoVfckuumo0KnY/Uid1pftdyZ4b2QiYdqZRmHvP8N6JTXU
Y8+AZOEuCeucMKlJySiy55+zks3Bc0pbB6Z4+yVbYWRv04I36NAlSx0=
-----END CERTIFICATE-----