Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/jalSk_9M-jp2JziUFcL42vg8J5Q.roa
File:                     jalSk_9M-jp2JziUFcL42vg8J5Q.roa (raw, json)
Hash identifier:          uvltO/PpvYYSzBwcM7o8nDEtUstGGhCcIf8eSWCeY2A=
Subject key identifier:   8D:A9:52:93:FF:4C:FA:3A:76:27:38:94:15:C2:F8:DA:F8:3C:27:94
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       018CC56EB37764938C3075AFC476D2DAB585
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/jalSk_9M-jp2JziUFcL42vg8J5Q.roa
Signing time:             Mon 01 Jan 2024 14:30:15 +0000
ROA not before:           Mon 01 Jan 2024 14:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        37.19.64.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b3:77:64:93:8c:30:75:af:c4:76:d2:da:b5:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 14:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8da95293ff4cfa3a7627389415c2f8daf83c2794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:47:bf:d8:91:a4:58:f0:4c:4f:8c:a5:02:1c:
                    85:fc:10:c7:8e:18:80:96:7b:ec:4e:6b:a3:56:95:
                    98:8b:ef:a5:04:8a:7f:0f:d4:6b:1f:00:9c:5e:dd:
                    94:9e:74:c5:7f:06:8f:e3:5e:aa:f1:06:db:88:01:
                    97:a8:4d:21:2d:dd:d7:7f:33:2f:19:fc:48:16:79:
                    d5:c4:2d:ca:c9:a1:2a:72:8a:c1:3d:05:e1:43:a5:
                    76:44:10:19:d0:78:5c:f2:43:f5:c1:81:4f:4e:bc:
                    91:8d:f7:9f:2f:5d:bb:7b:90:6a:c5:6c:f4:66:9a:
                    29:ec:50:24:c0:ec:88:90:65:9d:86:57:8b:60:ec:
                    98:ea:3b:ba:c2:e2:84:20:36:2f:91:9a:e3:24:ec:
                    2f:49:14:d8:59:d4:b4:31:ba:df:57:f8:b9:f0:af:
                    13:fc:50:ab:17:06:b5:4b:90:95:2c:9d:d5:77:d1:
                    cf:7e:8b:42:0a:b0:b7:36:9d:4d:38:7a:9a:38:ed:
                    39:65:b1:32:f1:48:2b:b0:ac:2a:12:49:01:1f:54:
                    41:73:b8:1c:d5:5b:d5:88:0d:ec:6c:15:f9:c5:02:
                    d0:39:2f:c1:97:22:aa:ac:6f:0f:ef:ee:8b:fb:03:
                    4c:2c:37:d4:b4:5d:ee:76:6d:c1:80:7e:f1:fa:c8:
                    41:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:A9:52:93:FF:4C:FA:3A:76:27:38:94:15:C2:F8:DA:F8:3C:27:94
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/jalSk_9M-jp2JziUFcL42vg8J5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.19.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:95:ff:2d:e0:80:ff:11:c2:b7:e2:67:68:e7:5b:12:f7:75:
         46:cf:d2:35:89:65:06:e7:4b:d4:09:aa:26:94:31:a1:a5:12:
         3e:41:27:48:56:95:ab:c0:6e:df:1e:6d:de:db:91:ab:c9:2f:
         8c:95:f8:b0:b3:2d:b5:96:1a:af:4a:91:94:87:86:ff:26:97:
         22:4a:0e:8e:15:3c:10:b1:2c:cb:d5:da:ca:c0:7c:66:1f:b3:
         df:26:f8:11:11:64:12:04:24:9b:94:04:db:df:ee:41:20:11:
         35:9f:88:09:14:c0:f2:55:19:0a:28:2d:80:f5:ab:b1:d1:a0:
         2e:36:c7:39:4a:af:9b:22:d4:60:3e:67:b1:5a:a5:4a:75:68:
         58:03:59:22:7a:42:a3:41:a2:3f:43:ce:f0:f6:93:cf:af:c8:
         a2:88:a1:32:0d:f8:ea:a3:a9:5a:75:5a:f0:f3:9b:14:45:1d:
         08:e8:91:d4:7f:d3:0d:a5:6c:fc:4d:09:12:30:06:88:96:c3:
         75:a8:71:27:b7:69:22:a0:06:fb:79:17:b3:99:34:bc:1c:b4:
         55:0e:f9:9a:94:47:d0:6a:31:f9:bc:4d:eb:be:a2:17:2f:e2:
         11:fd:3d:a6:b0:71:e9:45:54:60:7a:0c:32:3c:89:07:24:d3:
         ed:53:4f:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrN3ZJOMMHWvxHbS2rWFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjQwMTAxMTQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGE5NTI5M2ZmNGNmYTNhNzYyNzM4OTQxNWMyZjhkYWY4M2MyNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhke/2JGkWPBMT4ylAhyF/BDHjhiA
lnvsTmujVpWYi++lBIp/D9RrHwCcXt2UnnTFfwaP416q8QbbiAGXqE0hLd3XfzMv
GfxIFnnVxC3KyaEqcorBPQXhQ6V2RBAZ0Hhc8kP1wYFPTryRjfefL127e5BqxWz0
Zpop7FAkwOyIkGWdhleLYOyY6ju6wuKEIDYvkZrjJOwvSRTYWdS0MbrfV/i58K8T
/FCrFwa1S5CVLJ3Vd9HPfotCCrC3Np1NOHqaOO05ZbEy8UgrsKwqEkkBH1RBc7gc
1VvViA3sbBX5xQLQOS/BlyKqrG8P7+6L+wNMLDfUtF3udm3BgH7x+shBfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2pUpP/TPo6dic4lBXC+Nr4PCeUMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvamFsU2tfOU0tanAySnppVUZjTDQydmc4SjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJRNAMA0G
CSqGSIb3DQEBCwUAA4IBAQCdlf8t4ID/EcK34mdo51sS93VGz9I1iWUG50vUCaom
lDGhpRI+QSdIVpWrwG7fHm3e25GryS+Mlfiwsy21lhqvSpGUh4b/JpciSg6OFTwQ
sSzL1drKwHxmH7PfJvgREWQSBCSblATb3+5BIBE1n4gJFMDyVRkKKC2A9aux0aAu
Nsc5Sq+bItRgPmexWqVKdWhYA1kiekKjQaI/Q87w9pPPr8iiiKEyDfjqo6ladVrw
85sURR0I6JHUf9MNpWz8TQkSMAaIlsN1qHEnt2kioAb7eRezmTS8HLRVDvmalEfQ
ajH5vE3rvqIXL+IR/T2msHHpRVRgegwyPIkHJNPtU08n
-----END CERTIFICATE-----