Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/JufGUN7lSpZAGWjrmqtvLUWR_zI.roa
File:                     JufGUN7lSpZAGWjrmqtvLUWR_zI.roa (raw, json)
Hash identifier:          Iy7o+pEYYChGs2ZCtdktx7oLzzJhBT8ccxmlI2oNeGY=
Subject key identifier:   26:E7:C6:50:DE:E5:4A:96:40:19:68:EB:9A:AB:6F:2D:45:91:FF:32
Certificate issuer:       /CN=f5a291224f82bc6d26b519ed7afbe25cb32c115c
Certificate serial:       0194266AFEF1E4D149B627792C78B248FF6D
Authority key identifier: F5:A2:91:22:4F:82:BC:6D:26:B5:19:ED:7A:FB:E2:5C:B3:2C:11:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9aKRIk-CvG0mtRntevviXLMsEVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/JufGUN7lSpZAGWjrmqtvLUWR_zI.roa
Signing time:             Thu 02 Jan 2025 09:48:53 +0000
ROA not before:           Thu 02 Jan 2025 09:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6830
IP address blocks:        193.238.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/9aKRIk-CvG0mtRntevviXLMsEVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/9aKRIk-CvG0mtRntevviXLMsEVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9aKRIk-CvG0mtRntevviXLMsEVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:fe:f1:e4:d1:49:b6:27:79:2c:78:b2:48:ff:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5a291224f82bc6d26b519ed7afbe25cb32c115c
        Validity
            Not Before: Jan  2 09:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26e7c650dee54a96401968eb9aab6f2d4591ff32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6f:38:48:28:a3:b1:61:8c:8a:2b:87:02:75:
                    fe:c7:55:bb:35:ab:d0:03:d1:e6:0e:84:14:ef:4c:
                    a6:f3:42:8b:85:19:f5:f9:80:e2:96:32:53:5f:8e:
                    96:42:fe:a6:94:99:d6:d5:de:8f:22:a7:ab:7b:0c:
                    50:30:ad:48:50:b3:a5:e6:68:c4:a6:8a:d8:72:cf:
                    3d:fa:29:18:22:74:d6:50:d1:7c:cc:51:94:06:ff:
                    7a:fa:56:21:d9:63:f0:42:45:4b:14:a9:10:85:b1:
                    cd:1f:5d:28:cf:a5:97:fd:66:9e:9d:35:24:22:32:
                    65:5f:ef:11:c8:d4:f2:f7:67:45:b8:d7:65:5a:a3:
                    cd:a3:c0:cb:da:e2:67:42:83:c3:dd:a6:5c:91:f8:
                    2e:e8:ef:2b:81:7d:18:fd:9c:dc:04:a9:ba:84:03:
                    e0:41:0c:2f:87:5d:53:1e:f8:c4:3e:8d:d5:cb:e6:
                    c2:1b:dc:7e:9c:c6:eb:a1:ec:48:b2:46:fb:f7:cb:
                    11:1c:4f:1d:3b:97:41:0d:48:5f:a0:77:ca:e3:e8:
                    d7:8a:08:a5:b9:22:ee:92:c4:5c:85:fb:37:a1:3e:
                    60:4a:01:d5:78:2e:30:c8:8e:9d:3b:af:11:d1:54:
                    57:14:28:38:cc:19:28:d4:ab:68:f5:ba:76:bd:95:
                    1e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:E7:C6:50:DE:E5:4A:96:40:19:68:EB:9A:AB:6F:2D:45:91:FF:32
            X509v3 Authority Key Identifier:
                keyid:F5:A2:91:22:4F:82:BC:6D:26:B5:19:ED:7A:FB:E2:5C:B3:2C:11:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9aKRIk-CvG0mtRntevviXLMsEVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/JufGUN7lSpZAGWjrmqtvLUWR_zI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/8a5cc2-c542-4c9b-8077-bc7977396d9b/1/9aKRIk-CvG0mtRntevviXLMsEVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:dc:47:f8:fb:42:52:34:96:c0:e4:15:43:c5:c5:c1:18:4d:
         64:36:73:53:89:88:97:33:ac:28:ad:c9:4f:ec:48:e3:4d:dd:
         47:da:9e:a5:be:34:05:58:bd:01:e2:58:b9:7e:fa:2f:3c:70:
         3f:ec:9d:7f:b2:5f:c0:97:46:84:1c:c8:7c:85:12:05:b9:39:
         5b:93:c5:60:bc:c9:51:89:86:ae:5c:8e:97:2e:e9:6d:e6:fd:
         49:ac:a5:fc:b9:af:0c:24:d5:a1:e9:ad:6f:83:29:1a:85:24:
         9e:52:11:9e:3f:0f:bb:0c:23:5e:69:e2:94:98:0c:43:50:71:
         77:2e:e7:2f:3d:1e:8b:ff:ce:77:de:fb:63:b5:59:e1:57:37:
         11:55:30:72:82:03:50:2e:b8:08:10:8f:cc:91:87:52:29:09:
         3c:c3:01:0c:52:c1:8b:b2:9a:a2:ca:74:d5:95:b7:0f:28:fa:
         76:30:d2:52:df:ed:91:1b:5f:f8:ba:fe:e8:f9:76:2e:77:16:
         93:9e:c5:f3:6a:4e:cb:5b:26:c7:2f:9e:72:e0:d7:63:d3:8b:
         91:a8:00:fc:49:d6:c8:d2:6a:4b:b9:27:c0:c1:2b:dd:97:d1:
         fd:ca:4b:a0:9c:7c:1b:a3:08:f0:40:8f:74:46:0b:5d:c4:51:
         c0:8f:a3:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmav7x5NFJtid5LHiySP9tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1YTI5MTIyNGY4MmJjNmQyNmI1MTllZDdhZmJlMjVjYjMy
YzExNWMwHhcNMjUwMTAyMDk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmU3YzY1MGRlZTU0YTk2NDAxOTY4ZWI5YWFiNmYyZDQ1OTFmZjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApW84SCijsWGMiiuHAnX+x1W7NavQ
A9HmDoQU70ym80KLhRn1+YDiljJTX46WQv6mlJnW1d6PIqerewxQMK1IULOl5mjE
porYcs89+ikYInTWUNF8zFGUBv96+lYh2WPwQkVLFKkQhbHNH10oz6WX/WaenTUk
IjJlX+8RyNTy92dFuNdlWqPNo8DL2uJnQoPD3aZckfgu6O8rgX0Y/ZzcBKm6hAPg
QQwvh11THvjEPo3Vy+bCG9x+nMbroexIskb798sRHE8dO5dBDUhfoHfK4+jXigil
uSLuksRchfs3oT5gSgHVeC4wyI6dO68R0VRXFCg4zBko1Kto9bp2vZUe/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbnxlDe5UqWQBlo65qrby1Fkf8yMB8GA1UdIwQY
MBaAFPWikSJPgrxtJrUZ7Xr74lyzLBFcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWFLUklrLUN2RzBtdFJudGV2dmlYTE1zRVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC84YTVjYzItYzU0Mi00YzliLTgwNzct
YmM3OTc3Mzk2ZDliLzEvSnVmR1VON2xTcFpBR1dqcm1xdHZMVVdSX3pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC84YTVjYzItYzU0Mi00YzliLTgwNzctYmM3OTc3Mzk2ZDli
LzEvOWFLUklrLUN2RzBtdFJudGV2dmlYTE1zRVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwe4YMA0G
CSqGSIb3DQEBCwUAA4IBAQAq3Ef4+0JSNJbA5BVDxcXBGE1kNnNTiYiXM6worclP
7EjjTd1H2p6lvjQFWL0B4li5fvovPHA/7J1/sl/Al0aEHMh8hRIFuTlbk8VgvMlR
iYauXI6XLult5v1JrKX8ua8MJNWh6a1vgykahSSeUhGePw+7DCNeaeKUmAxDUHF3
LucvPR6L/8533vtjtVnhVzcRVTByggNQLrgIEI/MkYdSKQk8wwEMUsGLspqiynTV
lbcPKPp2MNJS3+2RG1/4uv7o+XYudxaTnsXzak7LWybHL55y4Ndj04uRqAD8SdbI
0mpLuSfAwSvdl9H9ykugnHwbowjwQI90RgtdxFHAj6O1
-----END CERTIFICATE-----