Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/JA9eF0lUbgqEu2CoGTfgLtDfZiE.roa
File:                     JA9eF0lUbgqEu2CoGTfgLtDfZiE.roa (raw, json)
Hash identifier:          O7lJWiN4gw1xbHxcPVphHrPdnW2bUYcnfOs2FEdhAko=
Subject key identifier:   24:0F:5E:17:49:54:6E:0A:84:BB:60:A8:19:37:E0:2E:D0:DF:66:21
Certificate issuer:       /CN=1713129ef4fa454e0f0ac407e008e957a1b795a0
Certificate serial:       018CC26D7B01BDAE14FF517A30B9EA116F17
Authority key identifier: 17:13:12:9E:F4:FA:45:4E:0F:0A:C4:07:E0:08:E9:57:A1:B7:95:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FxMSnvT6RU4PCsQH4AjpV6G3laA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/JA9eF0lUbgqEu2CoGTfgLtDfZiE.roa
Signing time:             Mon 01 Jan 2024 00:30:03 +0000
ROA not before:           Mon 01 Jan 2024 00:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204786
IP address blocks:        185.240.52.0/22 maxlen: 24
                          2a0c:7280::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/FxMSnvT6RU4PCsQH4AjpV6G3laA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/FxMSnvT6RU4PCsQH4AjpV6G3laA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FxMSnvT6RU4PCsQH4AjpV6G3laA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 08:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7b:01:bd:ae:14:ff:51:7a:30:b9:ea:11:6f:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1713129ef4fa454e0f0ac407e008e957a1b795a0
        Validity
            Not Before: Jan  1 00:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=240f5e1749546e0a84bb60a81937e02ed0df6621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c2:1c:4b:0b:24:6f:6e:a0:8a:2f:ca:88:87:
                    d9:b5:ee:3e:be:bb:39:83:be:69:eb:6d:29:ce:99:
                    b4:87:20:1a:7f:43:f9:4b:91:b4:13:65:da:fc:47:
                    1f:b1:19:f9:fb:aa:e5:53:b1:7d:8d:e5:38:ae:c0:
                    ae:a7:f3:34:e8:f6:be:f7:25:5d:55:91:9e:99:40:
                    3f:6f:4a:86:7a:b6:d0:67:34:94:81:b7:8b:ca:c2:
                    57:30:39:07:d1:71:2a:69:19:50:53:12:2a:d7:4e:
                    68:a1:55:5c:65:4d:23:ac:da:68:25:c2:b9:85:45:
                    d2:f4:43:c6:aa:4c:f2:a5:01:e5:c1:cd:d0:b9:de:
                    fd:e2:cf:6e:c5:37:6c:50:30:43:57:10:2b:fa:65:
                    ae:b3:09:65:76:a5:a2:7e:47:63:e8:7b:ed:ae:f1:
                    e6:13:0c:78:da:d0:17:44:2d:3b:c5:7b:ce:35:6b:
                    6a:3c:b9:3e:23:92:53:b0:f8:a8:1e:46:86:6b:f4:
                    52:fc:83:de:82:d0:13:48:a0:c8:92:d9:e0:05:37:
                    57:73:15:52:06:50:83:18:a5:0f:ab:2d:33:37:e7:
                    99:57:cb:78:36:b9:f0:08:b8:f1:25:70:e6:b6:01:
                    43:d7:41:9a:87:1d:82:93:05:3a:43:bb:bc:b7:85:
                    c8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:0F:5E:17:49:54:6E:0A:84:BB:60:A8:19:37:E0:2E:D0:DF:66:21
            X509v3 Authority Key Identifier:
                keyid:17:13:12:9E:F4:FA:45:4E:0F:0A:C4:07:E0:08:E9:57:A1:B7:95:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FxMSnvT6RU4PCsQH4AjpV6G3laA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/JA9eF0lUbgqEu2CoGTfgLtDfZiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/FxMSnvT6RU4PCsQH4AjpV6G3laA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.52.0/22
                IPv6:
                  2a0c:7280::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:d3:b4:51:ed:28:55:69:a4:ae:de:2b:cf:75:00:9d:ef:88:
         25:03:34:6d:be:04:34:5d:5b:4c:60:77:5d:83:97:09:ef:f9:
         d4:6f:3d:5e:16:fb:d5:96:65:05:20:3b:b4:e0:f7:d4:e9:bc:
         7b:6c:d3:dc:2d:e9:76:d5:12:40:10:cf:4c:c6:c0:c5:b3:42:
         16:41:6c:ef:56:8a:3c:c0:cd:62:b7:9a:b7:ca:22:b0:1d:e3:
         9f:45:d5:77:de:b3:3a:45:f9:d5:12:ee:fa:16:d9:43:7d:d9:
         7c:19:6a:15:fb:84:07:a5:94:91:ba:70:3c:92:b7:b4:ba:c4:
         f9:96:3a:0d:99:51:7c:fa:0d:01:e0:7a:56:ac:dc:cd:9c:de:
         8a:c4:bc:3f:2d:4e:a2:91:1e:08:5c:7d:86:ea:82:8d:9b:10:
         be:6d:95:40:43:c4:c8:d1:52:b0:8c:e3:c5:64:27:30:5b:4b:
         e5:a9:0e:74:3e:c8:d4:52:c3:3b:9f:2f:a7:17:05:44:db:64:
         cc:3f:cf:31:ef:19:ba:05:64:29:4a:7a:98:97:76:27:db:71:
         ef:e0:a0:79:b6:76:e4:80:83:b6:93:8e:c3:a0:4b:bb:0a:31:
         3c:2b:b6:66:78:ca:ac:b1:25:4b:37:ea:83:f8:68:f6:ed:38:
         08:a6:68:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbXsBva4U/1F6MLnqEW8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MTMxMjllZjRmYTQ1NGUwZjBhYzQwN2UwMDhlOTU3YTFi
Nzk1YTAwHhcNMjQwMTAxMDAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDBmNWUxNzQ5NTQ2ZTBhODRiYjYwYTgxOTM3ZTAyZWQwZGY2NjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMIcSwskb26gii/KiIfZte4+vrs5
g75p620pzpm0hyAaf0P5S5G0E2Xa/EcfsRn5+6rlU7F9jeU4rsCup/M06Pa+9yVd
VZGemUA/b0qGerbQZzSUgbeLysJXMDkH0XEqaRlQUxIq105ooVVcZU0jrNpoJcK5
hUXS9EPGqkzypQHlwc3Qud794s9uxTdsUDBDVxAr+mWuswlldqWifkdj6HvtrvHm
Ewx42tAXRC07xXvONWtqPLk+I5JTsPioHkaGa/RS/IPegtATSKDIktngBTdXcxVS
BlCDGKUPqy0zN+eZV8t4NrnwCLjxJXDmtgFD10Gahx2CkwU6Q7u8t4XIlQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCQPXhdJVG4KhLtgqBk34C7Q32YhMB8GA1UdIwQY
MBaAFBcTEp70+kVODwrEB+AI6Veht5WgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnhNU252VDZSVTRQQ3NRSDRBanBWNkczbGFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8xNTcyOTktOWQxYy00YzViLTlhNDEt
YzI1ZmRjNGNhMmY2LzEvSkE5ZUYwbFViZ3FFdTJDb0dUZmdMdERmWmlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8xNTcyOTktOWQxYy00YzViLTlhNDEtYzI1ZmRjNGNhMmY2
LzEvRnhNU252VDZSVTRQQ3NRSDRBanBWNkczbGFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufA0MA0E
AgACMAcDBQMqDHKAMA0GCSqGSIb3DQEBCwUAA4IBAQCI07RR7ShVaaSu3ivPdQCd
74glAzRtvgQ0XVtMYHddg5cJ7/nUbz1eFvvVlmUFIDu04PfU6bx7bNPcLel21RJA
EM9MxsDFs0IWQWzvVoo8wM1it5q3yiKwHeOfRdV33rM6RfnVEu76FtlDfdl8GWoV
+4QHpZSRunA8kre0usT5ljoNmVF8+g0B4HpWrNzNnN6KxLw/LU6ikR4IXH2G6oKN
mxC+bZVAQ8TI0VKwjOPFZCcwW0vlqQ50PsjUUsM7ny+nFwVE22TMP88x7xm6BWQp
SnqYl3Yn23Hv4KB5tnbkgIO2k47DoEu7CjE8K7ZmeMqssSVLN+qD+Gj27TgIpmjW
-----END CERTIFICATE-----