Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/2JQiF-KuxisBuWKzCCYjlMYezbU.roa
File:                     2JQiF-KuxisBuWKzCCYjlMYezbU.roa (raw, json)
Hash identifier:          SXSN+jTHRj/1XPCNhGNyMfhXX6aenkr84XXZn44oBus=
Subject key identifier:   D8:94:22:17:E2:AE:C6:2B:01:B9:62:B3:08:26:23:94:C6:1E:CD:B5
Certificate issuer:       /CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
Certificate serial:       019423D746E68B82EBEC36C100AA2D613BA1
Authority key identifier: 19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/2JQiF-KuxisBuWKzCCYjlMYezbU.roa
Signing time:             Wed 01 Jan 2025 21:48:18 +0000
ROA not before:           Wed 01 Jan 2025 21:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6220
IP address blocks:        83.111.3.0/24 maxlen: 24
                          83.111.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 10:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:46:e6:8b:82:eb:ec:36:c1:00:aa:2d:61:3b:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
        Validity
            Not Before: Jan  1 21:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8942217e2aec62b01b962b308262394c61ecdb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:06:55:4d:95:ea:74:53:51:65:ce:72:1f:14:
                    e0:c5:57:79:84:2c:e2:9c:79:76:e0:52:fe:af:61:
                    0c:84:bb:e8:81:1a:74:f9:42:7d:03:88:f1:a6:20:
                    ab:7b:61:42:c7:13:f0:36:3d:25:3d:8e:58:d5:b1:
                    01:92:1d:ed:47:5a:78:9e:db:bf:92:7b:df:55:23:
                    1b:24:f3:c0:f1:0d:60:a6:20:b4:ee:54:02:ec:b9:
                    6e:a3:4c:df:7b:59:84:be:62:76:84:6f:ee:1e:fd:
                    a5:02:7a:b3:00:e6:05:ef:d0:19:e4:86:2c:ac:39:
                    01:de:6a:fd:1c:97:06:d6:69:66:59:31:1b:1d:41:
                    1c:29:2e:93:cf:96:e3:9f:40:14:cb:db:0d:5c:b7:
                    9d:85:ca:9e:e3:50:f5:ca:d5:14:a3:e6:19:c0:9b:
                    ec:b2:86:c2:18:98:58:b2:1d:07:e9:56:32:43:98:
                    aa:55:dc:b4:d9:88:2d:eb:44:fc:af:e3:24:51:58:
                    ae:7b:e2:e7:d8:52:80:5a:eb:97:33:60:15:2e:72:
                    c1:27:63:46:24:32:d5:50:bc:f5:c7:9e:dc:c7:da:
                    48:38:ca:7b:1c:f1:9f:66:ae:30:7e:8a:71:20:4c:
                    94:66:32:b3:46:4a:55:99:16:24:e4:cb:f9:cb:17:
                    7f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:94:22:17:E2:AE:C6:2B:01:B9:62:B3:08:26:23:94:C6:1E:CD:B5
            X509v3 Authority Key Identifier:
                keyid:19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/2JQiF-KuxisBuWKzCCYjlMYezbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.111.3.0-83.111.4.255

    Signature Algorithm: sha256WithRSAEncryption
         5a:84:cb:36:01:76:7a:92:5b:8a:36:f6:c7:1b:0b:a6:1a:33:
         d1:b7:6e:17:7f:41:6e:53:bb:3e:55:a9:32:68:dd:49:be:76:
         81:a9:bb:e4:06:14:c5:ea:20:e6:70:43:15:d5:c1:c7:09:45:
         1f:72:9f:82:83:ce:3f:60:39:11:c7:39:fa:f1:8f:8e:c4:bf:
         ac:31:f3:85:b6:85:a5:e3:45:b2:3c:f1:dc:60:00:65:1c:3c:
         d1:d1:18:86:58:2c:31:1c:54:72:ca:53:62:0c:4d:ed:1b:84:
         84:4d:21:c3:74:5a:c9:05:3a:85:58:83:68:a1:16:f8:17:fa:
         05:67:67:e0:fa:7a:0d:fe:79:25:3d:14:ac:46:5d:be:c7:1e:
         ba:11:69:38:87:ff:1b:22:a2:84:0f:f5:f3:1a:f4:70:ec:f0:
         81:c6:a4:d8:e8:c7:fc:42:d0:9b:c4:f7:62:b6:34:aa:43:52:
         ed:a9:c6:2f:84:11:21:59:25:00:67:eb:e1:ff:5a:8f:c7:60:
         dc:5b:fa:31:b1:6c:8c:2c:70:c2:6a:57:00:16:87:b4:e0:a2:
         74:1d:29:fe:50:f4:6d:99:f8:38:da:9c:60:76:df:22:00:07:
         04:7f:13:70:20:9b:68:14:63:b0:39:cc:69:85:61:47:31:8e:
         42:8f:19:f7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQj10bmi4Lr7DbBAKotYTuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZWU1ZjE2ZmMxNDRhY2I5ODk3NzQ0OWZhYTBhYjc3ZGUx
YmRjYzkwHhcNMjUwMTAxMjE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODk0MjIxN2UyYWVjNjJiMDFiOTYyYjMwODI2MjM5NGM2MWVjZGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgZVTZXqdFNRZc5yHxTgxVd5hCzi
nHl24FL+r2EMhLvogRp0+UJ9A4jxpiCre2FCxxPwNj0lPY5Y1bEBkh3tR1p4ntu/
knvfVSMbJPPA8Q1gpiC07lQC7Lluo0zfe1mEvmJ2hG/uHv2lAnqzAOYF79AZ5IYs
rDkB3mr9HJcG1mlmWTEbHUEcKS6Tz5bjn0AUy9sNXLedhcqe41D1ytUUo+YZwJvs
sobCGJhYsh0H6VYyQ5iqVdy02Ygt60T8r+MkUViue+Ln2FKAWuuXM2AVLnLBJ2NG
JDLVULz1x57cx9pIOMp7HPGfZq4wfopxIEyUZjKzRkpVmRYk5Mv5yxd/SQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNiUIhfirsYrAbliswgmI5TGHs21MB8GA1UdIwQY
MBaAFBnuXxb8FErLmJd0Sfqgq3feG9zJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMt
NjFhZmI2NmQxZThjLzEvMkpRaUYtS3V4aXNCdVdLekNDWWpsTVllemJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMtNjFhZmI2NmQxZThj
LzEvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABTbwMD
BABTbwQwDQYJKoZIhvcNAQELBQADggEBAFqEyzYBdnqSW4o29scbC6YaM9G3bhd/
QW5Tuz5VqTJo3Um+doGpu+QGFMXqIOZwQxXVwccJRR9yn4KDzj9gORHHOfrxj47E
v6wx84W2haXjRbI88dxgAGUcPNHRGIZYLDEcVHLKU2IMTe0bhIRNIcN0WskFOoVY
g2ihFvgX+gVnZ+D6eg3+eSU9FKxGXb7HHroRaTiH/xsiooQP9fMa9HDs8IHGpNjo
x/xC0JvE92K2NKpDUu2pxi+EESFZJQBn6+H/Wo/HYNxb+jGxbIwscMJqVwAWh7Tg
onQdKf5Q9G2Z+DjanGB23yIABwR/E3Agm2gUY7A5zGmFYUcxjkKPGfc=
-----END CERTIFICATE-----