Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/j__ZzKkdvj61_X9Ump6RMoupDaU.roa
File:                     j__ZzKkdvj61_X9Ump6RMoupDaU.roa (raw, json)
Hash identifier:          Tttk0d7fb3c3iD9daTiJPnqsKybQs/1AC4K3KtbsHbE=
Subject key identifier:   8F:FF:D9:CC:A9:1D:BE:3E:B5:FD:7F:54:9A:9E:91:32:8B:A9:0D:A5
Certificate issuer:       /CN=39f7c7498fd9c9f28680495162b9eb76ad47c603
Certificate serial:       018CC72771F022589AC137302FF1919FEA7C
Authority key identifier: 39:F7:C7:49:8F:D9:C9:F2:86:80:49:51:62:B9:EB:76:AD:47:C6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OffHSY_ZyfKGgElRYrnrdq1HxgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/j__ZzKkdvj61_X9Ump6RMoupDaU.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48918
IP address blocks:        185.250.110.0/24 maxlen: 24
                          185.250.108.0/24 maxlen: 24
                          2a0c:c40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/OffHSY_ZyfKGgElRYrnrdq1HxgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/OffHSY_ZyfKGgElRYrnrdq1HxgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OffHSY_ZyfKGgElRYrnrdq1HxgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:71:f0:22:58:9a:c1:37:30:2f:f1:91:9f:ea:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f7c7498fd9c9f28680495162b9eb76ad47c603
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fffd9cca91dbe3eb5fd7f549a9e91328ba90da5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:a6:ad:25:0e:76:1b:74:88:5a:52:3d:ae:00:
                    bc:54:4e:6f:5f:9c:5f:b6:f5:37:9d:2d:7f:92:ec:
                    58:c7:9b:e9:fe:43:02:95:91:74:83:fc:82:b2:e4:
                    ae:e8:a2:ee:90:be:9c:6b:fb:48:7f:65:1e:9e:fc:
                    2b:3d:47:28:11:46:7f:4f:6c:f8:53:a7:d3:65:33:
                    df:36:94:32:f8:ab:d0:f7:36:f9:bf:12:4e:35:7b:
                    dc:01:a3:4a:c5:1b:bb:ac:79:a1:3a:83:0e:c6:5d:
                    88:22:b9:75:96:d6:04:e8:de:7b:cb:2a:e6:40:2a:
                    e7:87:7f:01:07:41:f0:e2:ed:83:ce:32:41:84:ba:
                    c9:08:2a:df:87:33:74:71:82:df:3e:3c:d4:05:0d:
                    92:43:96:07:7c:7e:4e:bc:2f:27:7e:c2:ca:b6:57:
                    5d:92:f2:bd:c4:2e:47:05:65:68:10:88:90:a4:b7:
                    48:f6:1c:d8:ea:fa:55:53:ef:b6:f1:ac:ca:3b:61:
                    88:71:06:9f:ac:d2:e9:29:10:34:d2:28:c6:b3:4b:
                    e7:c9:8e:51:7a:0c:26:f3:1c:82:1b:c2:54:47:a0:
                    66:bb:f6:b5:d2:ec:ad:3a:f5:d2:9e:f2:36:54:ba:
                    ce:6c:c2:c7:03:f3:31:10:d9:22:62:67:8a:c2:44:
                    c2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:FF:D9:CC:A9:1D:BE:3E:B5:FD:7F:54:9A:9E:91:32:8B:A9:0D:A5
            X509v3 Authority Key Identifier:
                keyid:39:F7:C7:49:8F:D9:C9:F2:86:80:49:51:62:B9:EB:76:AD:47:C6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OffHSY_ZyfKGgElRYrnrdq1HxgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/j__ZzKkdvj61_X9Ump6RMoupDaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/OffHSY_ZyfKGgElRYrnrdq1HxgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.108.0/24
                  185.250.110.0/24
                IPv6:
                  2a0c:c40::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:b5:05:89:ff:5f:da:92:d3:ba:15:82:d8:f1:f3:7c:12:7d:
         b0:6f:c1:67:a3:41:0c:0a:fa:e3:35:fb:3c:31:09:08:4a:02:
         9e:2b:e4:b7:7a:6a:f3:4f:bd:3d:8b:5b:92:92:4b:6f:1c:70:
         f3:ba:f0:94:d4:ec:bb:e4:92:e5:f2:87:04:d2:fb:eb:68:b8:
         e2:2f:9a:89:3a:86:46:93:11:ae:de:a0:36:a8:e5:a9:66:35:
         2c:8b:3e:d0:97:55:3b:3c:f0:d1:14:83:7a:13:f0:37:ce:70:
         43:dc:b7:8c:2a:c7:59:fc:98:2a:50:3d:c8:2a:7b:cc:1a:d6:
         ce:82:5d:96:93:28:f0:a2:8f:b6:c7:e8:f8:0d:36:78:ef:13:
         12:65:31:05:0d:4d:98:09:45:fa:80:86:ff:9f:30:ea:55:04:
         a7:14:53:f7:e6:14:1c:ca:e2:ad:94:30:41:33:a1:15:0e:2b:
         43:ed:f4:28:98:78:07:ac:8e:d8:c2:3b:97:4f:3c:1d:5d:30:
         66:d0:40:cb:46:d3:df:8f:ce:4b:ab:5c:58:2e:c5:8f:fa:86:
         b9:42:c3:3d:2a:0a:80:28:16:1a:05:3a:69:d2:9d:8a:63:37:
         76:df:4d:e3:56:c2:10:49:b3:f4:a2:56:12:7e:33:cf:1f:9d:
         f3:50:f1:02
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJ3HwIliawTcwL/GRn+p8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ZjdjNzQ5OGZkOWM5ZjI4NjgwNDk1MTYyYjllYjc2YWQ0
N2M2MDMwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmZmZDljY2E5MWRiZTNlYjVmZDdmNTQ5YTllOTEzMjhiYTkwZGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaatJQ52G3SIWlI9rgC8VE5vX5xf
tvU3nS1/kuxYx5vp/kMClZF0g/yCsuSu6KLukL6ca/tIf2UenvwrPUcoEUZ/T2z4
U6fTZTPfNpQy+KvQ9zb5vxJONXvcAaNKxRu7rHmhOoMOxl2IIrl1ltYE6N57yyrm
QCrnh38BB0Hw4u2DzjJBhLrJCCrfhzN0cYLfPjzUBQ2SQ5YHfH5OvC8nfsLKtldd
kvK9xC5HBWVoEIiQpLdI9hzY6vpVU++28azKO2GIcQafrNLpKRA00ijGs0vnyY5R
egwm8xyCG8JUR6Bmu/a10uytOvXSnvI2VLrObMLHA/MxENkiYmeKwkTCOwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFI//2cypHb4+tf1/VJqekTKLqQ2lMB8GA1UdIwQY
MBaAFDn3x0mP2cnyhoBJUWK563atR8YDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2ZmSFNZX1p5ZktHZ0VsUllybnJkcTFIeGdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8xZDViMGItNGIwNS00MDJjLTgyNjUt
ZWZjZmJhOTkwN2RjLzEval9fWnpLa2R2ajYxX1g5VW1wNlJNb3VwRGFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8xZDViMGItNGIwNS00MDJjLTgyNjUtZWZjZmJhOTkwN2Rj
LzEvT2ZmSFNZX1p5ZktHZ0VsUllybnJkcTFIeGdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAufpsAwQA
ufpuMA0EAgACMAcDBQAqDAxAMA0GCSqGSIb3DQEBCwUAA4IBAQA+tQWJ/1/aktO6
FYLY8fN8En2wb8Fno0EMCvrjNfs8MQkISgKeK+S3emrzT709i1uSkktvHHDzuvCU
1Oy75JLl8ocE0vvraLjiL5qJOoZGkxGu3qA2qOWpZjUsiz7Ql1U7PPDRFIN6E/A3
znBD3LeMKsdZ/JgqUD3IKnvMGtbOgl2Wkyjwoo+2x+j4DTZ47xMSZTEFDU2YCUX6
gIb/nzDqVQSnFFP35hQcyuKtlDBBM6EVDitD7fQomHgHrI7YwjuXTzwdXTBm0EDL
RtPfj85Lq1xYLsWP+oa5QsM9KgqAKBYaBTpp0p2KYzd2303jVsIQSbP0olYSfjPP
H53zUPEC
-----END CERTIFICATE-----