Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/jovhATU82sve6VyWcGV94Q1WfWw.roa
File:                     jovhATU82sve6VyWcGV94Q1WfWw.roa (raw, json)
Hash identifier:          lWimsV0zhAjgmEPGe1sMci4Ew+Syn3Xx7l44GxiUE5A=
Subject key identifier:   8E:8B:E1:01:35:3C:DA:CB:DE:E9:5C:96:70:65:7D:E1:0D:56:7D:6C
Certificate issuer:       /CN=2109b475d3ab5cd1cc1c49671e77ff9db5ce19f1
Certificate serial:       018CC50122063CD742787BFE5A94ADAD1AD3
Authority key identifier: 21:09:B4:75:D3:AB:5C:D1:CC:1C:49:67:1E:77:FF:9D:B5:CE:19:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQm0ddOrXNHMHElnHnf_nbXOGfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/jovhATU82sve6VyWcGV94Q1WfWw.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48222
IP address blocks:        195.43.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/IQm0ddOrXNHMHElnHnf_nbXOGfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/IQm0ddOrXNHMHElnHnf_nbXOGfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQm0ddOrXNHMHElnHnf_nbXOGfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:22:06:3c:d7:42:78:7b:fe:5a:94:ad:ad:1a:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2109b475d3ab5cd1cc1c49671e77ff9db5ce19f1
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e8be101353cdacbdee95c9670657de10d567d6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3d:fe:1e:12:b6:22:52:68:a1:d8:d4:0d:e3:
                    85:04:07:e9:c2:25:29:ad:03:20:53:06:3e:f7:54:
                    cb:74:5e:b7:4a:fa:65:91:0f:aa:67:1a:87:43:48:
                    9a:fc:d1:e1:9d:64:ef:77:c3:29:5f:1e:7b:44:92:
                    07:8c:d2:16:e1:12:66:9c:91:e5:fb:33:97:67:ad:
                    eb:38:27:40:0d:fc:be:5b:c3:1c:7c:c7:26:07:b4:
                    4f:d9:13:02:6d:58:aa:e4:d3:7a:cf:9f:e5:c1:8c:
                    e3:c8:87:54:bb:6c:8f:56:88:da:5f:7f:17:37:81:
                    b2:ef:5c:b9:f9:18:9e:72:80:c5:a8:50:9b:6e:cb:
                    c3:e2:eb:91:18:96:d1:33:1f:f5:36:a5:3d:55:cc:
                    a4:ca:2d:92:63:c0:17:7d:ab:76:80:2b:3b:f1:ad:
                    1e:7e:00:6a:4a:25:cf:a4:27:fe:43:e4:f8:65:28:
                    9a:1c:44:c5:78:65:a7:4b:65:e9:a4:9c:c2:f9:7f:
                    40:56:ff:1c:1e:65:e5:3b:b1:0e:97:c3:42:38:6a:
                    21:70:75:cd:02:5d:67:fe:ba:a3:39:5f:48:60:80:
                    b5:18:c4:25:ad:76:e0:9d:5b:38:b8:a5:fc:7e:00:
                    2e:70:e9:b9:fc:16:c6:4b:08:f0:5d:a1:db:d9:3e:
                    05:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:8B:E1:01:35:3C:DA:CB:DE:E9:5C:96:70:65:7D:E1:0D:56:7D:6C
            X509v3 Authority Key Identifier:
                keyid:21:09:B4:75:D3:AB:5C:D1:CC:1C:49:67:1E:77:FF:9D:B5:CE:19:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQm0ddOrXNHMHElnHnf_nbXOGfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/jovhATU82sve6VyWcGV94Q1WfWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/IQm0ddOrXNHMHElnHnf_nbXOGfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:01:4a:3b:11:4d:bf:de:c5:53:19:d7:31:96:f7:5d:49:62:
         0b:53:0b:72:64:49:45:a8:0c:62:15:97:ec:02:f8:b7:51:c0:
         39:be:72:c7:c2:5e:ea:3d:7d:45:6e:97:8e:01:64:84:e4:18:
         51:9d:86:ae:c5:a4:0e:73:6a:1e:df:62:dc:f7:1e:aa:3c:0f:
         93:24:4b:e6:08:04:d5:54:56:1c:24:0d:1e:10:33:35:02:0a:
         87:11:1f:4d:dc:06:4a:16:14:89:bc:5b:f4:8b:a7:14:5a:cd:
         c4:d4:85:72:ea:15:28:f9:2b:d4:30:45:1f:7a:48:f9:02:15:
         ef:0b:b8:62:e0:e1:55:4e:10:1e:2b:03:15:77:e5:f6:3f:52:
         d1:3a:25:fd:b7:b1:58:8b:a1:36:c9:0a:ec:58:b2:4d:a0:82:
         b1:12:ed:6e:0c:94:e2:c4:9f:b8:12:d4:f5:9a:97:43:89:51:
         79:c7:25:2e:9d:43:63:b8:ef:8d:7d:54:7c:da:91:2f:37:f1:
         47:5b:a5:5f:0b:53:d4:87:dd:8b:09:6f:10:3e:32:ec:51:29:
         bf:b4:9e:66:8f:f6:d2:74:16:0a:a6:c2:8e:88:45:48:75:f4:
         32:13:3f:a0:f2:5b:c7:b0:83:f6:6f:e2:56:38:93:b9:9e:f3:
         1d:cb:46:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASIGPNdCeHv+WpStrRrTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDliNDc1ZDNhYjVjZDFjYzFjNDk2NzFlNzdmZjlkYjVj
ZTE5ZjEwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZThiZTEwMTM1M2NkYWNiZGVlOTVjOTY3MDY1N2RlMTBkNTY3ZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjD3+HhK2IlJoodjUDeOFBAfpwiUp
rQMgUwY+91TLdF63SvplkQ+qZxqHQ0ia/NHhnWTvd8MpXx57RJIHjNIW4RJmnJHl
+zOXZ63rOCdADfy+W8McfMcmB7RP2RMCbViq5NN6z5/lwYzjyIdUu2yPVojaX38X
N4Gy71y5+RiecoDFqFCbbsvD4uuRGJbRMx/1NqU9Vcykyi2SY8AXfat2gCs78a0e
fgBqSiXPpCf+Q+T4ZSiaHETFeGWnS2XppJzC+X9AVv8cHmXlO7EOl8NCOGohcHXN
Al1n/rqjOV9IYIC1GMQlrXbgnVs4uKX8fgAucOm5/BbGSwjwXaHb2T4FYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6L4QE1PNrL3ulclnBlfeENVn1sMB8GA1UdIwQY
MBaAFCEJtHXTq1zRzBxJZx53/521zhnxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFtMGRkT3JYTkhNSEVsbkhuZl9uYlhPR2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS81MDViMWEtMDI5OC00ZTgyLTkxNjEt
MDlhZDMyNzdlODRmLzEvam92aEFUVTgyc3ZlNlZ5V2NHVjk0UTFXZld3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS81MDViMWEtMDI5OC00ZTgyLTkxNjEtMDlhZDMyNzdlODRm
LzEvSVFtMGRkT3JYTkhNSEVsbkhuZl9uYlhPR2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyuFMA0G
CSqGSIb3DQEBCwUAA4IBAQCrAUo7EU2/3sVTGdcxlvddSWILUwtyZElFqAxiFZfs
Avi3UcA5vnLHwl7qPX1FbpeOAWSE5BhRnYauxaQOc2oe32Lc9x6qPA+TJEvmCATV
VFYcJA0eEDM1AgqHER9N3AZKFhSJvFv0i6cUWs3E1IVy6hUo+SvUMEUfekj5AhXv
C7hi4OFVThAeKwMVd+X2P1LROiX9t7FYi6E2yQrsWLJNoIKxEu1uDJTixJ+4EtT1
mpdDiVF5xyUunUNjuO+NfVR82pEvN/FHW6VfC1PUh92LCW8QPjLsUSm/tJ5mj/bS
dBYKpsKOiEVIdfQyEz+g8lvHsIP2b+JWOJO5nvMdy0Y/
-----END CERTIFICATE-----