Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/JKMKM7uXmV7lI_F_YSWzDWamfs0.roa
File:                     JKMKM7uXmV7lI_F_YSWzDWamfs0.roa (raw, json)
Hash identifier:          xcsy0pAckaCr9b80/NnrYrq4k894iPZjymdOh59OUBk=
Subject key identifier:   24:A3:0A:33:BB:97:99:5E:E5:23:F1:7F:61:25:B3:0D:66:A6:7E:CD
Certificate issuer:       /CN=f2262faf4376420024aad72983ac3e87944ea7a5
Certificate serial:       0195D27491EF8F0924D768741FFBF89A4F5E
Authority key identifier: F2:26:2F:AF:43:76:42:00:24:AA:D7:29:83:AC:3E:87:94:4E:A7:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/JKMKM7uXmV7lI_F_YSWzDWamfs0.roa
Signing time:             Wed 26 Mar 2025 12:36:49 +0000
ROA not before:           Wed 26 Mar 2025 12:36:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211248
IP address blocks:        193.35.44.0/24 maxlen: 24
                          2a04:2a40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d2:74:91:ef:8f:09:24:d7:68:74:1f:fb:f8:9a:4f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2262faf4376420024aad72983ac3e87944ea7a5
        Validity
            Not Before: Mar 26 12:36:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24a30a33bb97995ee523f17f6125b30d66a67ecd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:14:40:4f:4f:4e:88:3c:48:04:ba:bf:29:b7:
                    18:4c:9e:ba:62:5b:ca:f3:ed:5c:6b:d4:85:f3:2d:
                    8f:5b:7f:ff:82:82:36:22:55:8e:a3:8a:30:dd:86:
                    04:7a:76:8e:c1:ef:50:dd:b4:fb:c9:57:6e:8f:a4:
                    53:cb:10:87:29:e3:13:bc:ee:29:79:5d:6e:94:b2:
                    9a:a0:79:fc:31:a8:b3:83:a2:74:3b:42:53:61:ce:
                    05:c8:32:76:c6:ee:bf:92:48:6c:49:5f:b2:dc:a1:
                    b6:8a:e0:8f:ec:b3:e9:07:ad:45:67:c7:c8:24:e2:
                    b7:a3:47:2b:c9:18:29:3f:2c:1f:50:ca:6a:f9:1b:
                    6d:be:6f:f7:3b:43:90:94:02:80:74:ed:18:41:8b:
                    aa:93:cb:13:04:9e:c3:f9:49:51:3c:0b:17:c9:ec:
                    d8:e3:ca:6d:1b:1d:74:64:a9:84:1f:75:2d:44:ca:
                    61:2a:ff:a0:15:0d:9d:e5:6b:2d:ff:57:79:c2:5e:
                    2d:9a:e0:39:8c:c7:3d:78:4c:62:c3:57:53:7c:64:
                    dc:b8:b6:5f:e6:18:10:e5:cb:de:32:96:90:80:82:
                    86:c6:0f:ae:37:93:2e:95:c8:fe:40:91:a6:1b:57:
                    1a:d3:d5:fc:b6:7e:b7:7f:d6:be:8c:4c:21:10:dc:
                    ff:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A3:0A:33:BB:97:99:5E:E5:23:F1:7F:61:25:B3:0D:66:A6:7E:CD
            X509v3 Authority Key Identifier:
                keyid:F2:26:2F:AF:43:76:42:00:24:AA:D7:29:83:AC:3E:87:94:4E:A7:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/JKMKM7uXmV7lI_F_YSWzDWamfs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.44.0/24
                IPv6:
                  2a04:2a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:af:a5:cd:e1:01:fd:1e:05:3e:bb:15:41:3b:e2:5d:92:b8:
         16:3e:e8:4d:03:02:a8:9c:49:5a:99:20:20:52:1a:50:81:a7:
         45:2d:bf:8d:61:a7:e3:77:ae:7f:c6:a9:60:bd:d6:95:49:c2:
         4a:40:18:63:b6:38:63:d3:51:e4:1f:3e:ef:c2:e7:ab:02:51:
         b4:c9:6a:a7:f0:1e:62:fc:45:f8:9c:9f:05:70:e1:df:15:ca:
         17:75:80:5d:39:e2:8c:76:93:9d:2b:ce:43:0c:98:f2:3c:52:
         8f:c5:59:ac:22:63:3b:f2:64:3b:69:54:d8:53:c2:bd:90:d4:
         98:15:29:bb:fa:3f:ce:3c:68:89:3c:91:16:3c:25:ac:c0:5f:
         69:60:0d:78:54:ff:09:bf:8b:c4:53:31:63:27:b9:17:43:33:
         6c:d8:2b:54:1f:8c:65:a3:f7:de:38:ae:0f:e5:fa:ba:4a:08:
         16:6f:73:39:a0:ff:20:bb:c2:e7:af:d1:a5:99:e0:7e:a8:dc:
         ce:e0:71:fb:89:6f:50:87:99:c0:88:fa:56:22:93:88:6d:50:
         8b:ca:ad:29:12:36:5a:6a:0e:e0:44:25:fd:4a:27:1f:36:7e:
         a2:e3:06:c9:b9:b9:31:80:de:f0:5f:92:c8:e6:be:3f:80:ba:
         0a:42:7a:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZXSdJHvjwkk12h0H/v4mk9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMjYyZmFmNDM3NjQyMDAyNGFhZDcyOTgzYWMzZTg3OTQ0
ZWE3YTUwHhcNMjUwMzI2MTIzNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGEzMGEzM2JiOTc5OTVlZTUyM2YxN2Y2MTI1YjMwZDY2YTY3ZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBRAT09OiDxIBLq/KbcYTJ66YlvK
8+1ca9SF8y2PW3//goI2IlWOo4ow3YYEenaOwe9Q3bT7yVduj6RTyxCHKeMTvO4p
eV1ulLKaoHn8Maizg6J0O0JTYc4FyDJ2xu6/kkhsSV+y3KG2iuCP7LPpB61FZ8fI
JOK3o0cryRgpPywfUMpq+Rttvm/3O0OQlAKAdO0YQYuqk8sTBJ7D+UlRPAsXyezY
48ptGx10ZKmEH3UtRMphKv+gFQ2d5Wst/1d5wl4tmuA5jMc9eExiw1dTfGTcuLZf
5hgQ5cveMpaQgIKGxg+uN5Mulcj+QJGmG1ca09X8tn63f9a+jEwhENz/TwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCSjCjO7l5le5SPxf2Elsw1mpn7NMB8GA1UdIwQY
MBaAFPImL69DdkIAJKrXKYOsPoeUTqelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGlZdnIwTjJRZ0FrcXRjcGc2dy1oNVJPcDZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmZkOWQtNmFmYy00YmQ3LWJiNDMt
YmFkYWZjYTM5NDRmLzEvSktNS003dVhtVjdsSV9GX1lTV3pEV2FtZnMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmZkOWQtNmFmYy00YmQ3LWJiNDMtYmFkYWZjYTM5NDRm
LzEvOGlZdnIwTjJRZ0FrcXRjcGc2dy1oNVJPcDZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSMsMA0E
AgACMAcDBQMqBCpAMA0GCSqGSIb3DQEBCwUAA4IBAQB5r6XN4QH9HgU+uxVBO+Jd
krgWPuhNAwKonElamSAgUhpQgadFLb+NYafjd65/xqlgvdaVScJKQBhjtjhj01Hk
Hz7vwuerAlG0yWqn8B5i/EX4nJ8FcOHfFcoXdYBdOeKMdpOdK85DDJjyPFKPxVms
ImM78mQ7aVTYU8K9kNSYFSm7+j/OPGiJPJEWPCWswF9pYA14VP8Jv4vEUzFjJ7kX
QzNs2CtUH4xlo/feOK4P5fq6SggWb3M5oP8gu8Lnr9GlmeB+qNzO4HH7iW9Qh5nA
iPpWIpOIbVCLyq0pEjZaag7gRCX9SicfNn6i4wbJubkxgN7wX5LI5r4/gLoKQnp6
-----END CERTIFICATE-----