Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/415d4b-f7a6-49d6-a7ad-ddf0b8b09616/1/jh-TOxpxIUBWeRHqyE_TsQ3xZPw.roa
File:                     jh-TOxpxIUBWeRHqyE_TsQ3xZPw.roa (raw, json)
Hash identifier:          h4140lmsN13+jNtLubDuYn8kTL6T4/sAQ4MD0yMdaVw=
Subject key identifier:   8E:1F:93:3B:1A:71:21:40:56:79:11:EA:C8:4F:D3:B1:0D:F1:64:FC
Certificate issuer:       /CN=14b71800dddc497f60f9edb7833c94973ab7dc1c
Certificate serial:       019421B1AFE2CB5DDB546C33DF65A7AA326E
Authority key identifier: 14:B7:18:00:DD:DC:49:7F:60:F9:ED:B7:83:3C:94:97:3A:B7:DC:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FLcYAN3cSX9g-e23gzyUlzq33Bw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/415d4b-f7a6-49d6-a7ad-ddf0b8b09616/1/jh-TOxpxIUBWeRHqyE_TsQ3xZPw.roa
Signing time:             Wed 01 Jan 2025 11:48:00 +0000
ROA not before:           Wed 01 Jan 2025 11:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        31.132.8.0/22 maxlen: 22
                          2a06:6400::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/415d4b-f7a6-49d6-a7ad-ddf0b8b09616/1/FLcYAN3cSX9g-e23gzyUlzq33Bw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/415d4b-f7a6-49d6-a7ad-ddf0b8b09616/1/FLcYAN3cSX9g-e23gzyUlzq33Bw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FLcYAN3cSX9g-e23gzyUlzq33Bw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:af:e2:cb:5d:db:54:6c:33:df:65:a7:aa:32:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14b71800dddc497f60f9edb7833c94973ab7dc1c
        Validity
            Not Before: Jan  1 11:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e1f933b1a712140567911eac84fd3b10df164fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5d:ac:19:15:b8:4e:6b:b2:b1:07:1f:1d:f8:
                    85:97:a7:05:f7:17:2e:54:52:0d:67:b6:0c:20:41:
                    5e:7a:93:70:ec:84:c6:ae:bc:9f:50:7b:49:ee:44:
                    b8:89:15:cc:ab:14:3c:ae:57:13:9d:98:ca:a6:bc:
                    c3:49:f1:c9:4e:e2:ea:82:07:a9:92:d8:0d:f1:9b:
                    c2:f4:9d:ad:90:b4:0a:e8:a4:8d:c7:26:ad:6c:ca:
                    dc:99:44:c1:8a:c3:00:d0:6a:e6:d7:40:4e:db:83:
                    47:27:ef:b3:6f:1c:73:45:36:3c:68:81:f0:24:01:
                    bf:92:2e:70:7a:dc:22:5a:ee:18:54:24:a5:c8:aa:
                    fb:f3:a2:68:82:ab:30:65:41:71:46:7a:76:3e:1e:
                    62:d8:0f:ba:38:f4:a8:cb:75:41:5e:3d:9a:f4:07:
                    b3:fc:27:c7:ff:e4:e8:e2:63:75:fa:64:a2:82:d2:
                    d7:fa:b3:fa:fb:a2:28:86:e9:32:f6:40:a6:4f:e0:
                    04:af:67:d2:d7:c2:81:ac:7f:1c:ea:04:8d:34:83:
                    27:ea:04:ee:4a:83:04:80:ad:79:17:e5:13:19:7e:
                    5d:32:9f:68:07:0d:a9:60:65:14:f8:a5:c1:1d:e5:
                    28:8b:9b:04:35:dc:bf:f3:86:d3:c8:06:7f:61:cd:
                    fe:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:1F:93:3B:1A:71:21:40:56:79:11:EA:C8:4F:D3:B1:0D:F1:64:FC
            X509v3 Authority Key Identifier:
                keyid:14:B7:18:00:DD:DC:49:7F:60:F9:ED:B7:83:3C:94:97:3A:B7:DC:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FLcYAN3cSX9g-e23gzyUlzq33Bw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/415d4b-f7a6-49d6-a7ad-ddf0b8b09616/1/jh-TOxpxIUBWeRHqyE_TsQ3xZPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/415d4b-f7a6-49d6-a7ad-ddf0b8b09616/1/FLcYAN3cSX9g-e23gzyUlzq33Bw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.132.8.0/22
                IPv6:
                  2a06:6400::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:62:4b:54:dd:b9:77:99:1e:e2:d9:3a:0a:d1:d0:4a:b7:ed:
         7c:fc:90:48:03:e8:6e:ad:2f:f8:5e:89:c2:8d:05:8f:8d:e9:
         72:be:74:79:6d:7b:a1:49:ed:dd:1d:fc:d9:9e:72:77:f9:e7:
         41:e6:54:4b:5d:bb:6c:fe:1a:9d:6a:2f:fe:53:66:40:51:94:
         0f:7b:21:6e:2a:2a:42:b8:bb:79:07:bd:ed:0a:6b:96:89:a0:
         04:be:df:5f:83:8d:06:f2:1d:72:91:25:6d:61:f2:fa:51:66:
         11:f3:a2:76:94:3d:88:38:55:1d:bd:60:34:6d:3e:c8:30:a1:
         05:7d:81:21:6d:17:96:7e:ea:da:72:f1:6a:60:f7:c7:70:0a:
         42:4d:1c:72:d0:a5:b1:2a:6b:ae:c2:86:cf:c6:26:36:a4:e7:
         f8:0a:c3:72:54:c9:f2:3c:92:e4:44:ac:45:40:3f:df:fd:f7:
         ae:8a:dc:ac:7f:4a:89:24:e9:90:ae:79:27:e9:35:d5:f8:44:
         9a:78:04:c5:ae:90:e7:e3:3a:86:9c:67:93:d4:2e:0c:78:89:
         1a:e7:cd:34:e4:2e:86:55:fa:73:44:af:0c:68:48:28:e5:6b:
         c9:f7:93:aa:c0:97:ae:31:f2:cb:78:43:da:7a:51:80:a9:4c:
         43:ae:b2:85
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsa/iy13bVGwz32WnqjJuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YjcxODAwZGRkYzQ5N2Y2MGY5ZWRiNzgzM2M5NDk3M2Fi
N2RjMWMwHhcNMjUwMTAxMTE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTFmOTMzYjFhNzEyMTQwNTY3OTExZWFjODRmZDNiMTBkZjE2NGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz12sGRW4TmuysQcfHfiFl6cF9xcu
VFINZ7YMIEFeepNw7ITGrryfUHtJ7kS4iRXMqxQ8rlcTnZjKprzDSfHJTuLqggep
ktgN8ZvC9J2tkLQK6KSNxyatbMrcmUTBisMA0Grm10BO24NHJ++zbxxzRTY8aIHw
JAG/ki5wetwiWu4YVCSlyKr786JogqswZUFxRnp2Ph5i2A+6OPSoy3VBXj2a9Aez
/CfH/+To4mN1+mSigtLX+rP6+6Iohuky9kCmT+AEr2fS18KBrH8c6gSNNIMn6gTu
SoMEgK15F+UTGX5dMp9oBw2pYGUU+KXBHeUoi5sENdy/84bTyAZ/Yc3+hQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI4fkzsacSFAVnkR6shP07EN8WT8MB8GA1UdIwQY
MBaAFBS3GADd3El/YPntt4M8lJc6t9wcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkxjWUFOM2NTWDlnLWUyM2d6eVVsenEzM0J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy80MTVkNGItZjdhNi00OWQ2LWE3YWQt
ZGRmMGI4YjA5NjE2LzEvamgtVE94cHhJVUJXZVJIcXlFX1RzUTN4WlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy80MTVkNGItZjdhNi00OWQ2LWE3YWQtZGRmMGI4YjA5NjE2
LzEvRkxjWUFOM2NTWDlnLWUyM2d6eVVsenEzM0J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCH4QIMA0E
AgACMAcDBQMqBmQAMA0GCSqGSIb3DQEBCwUAA4IBAQCBYktU3bl3mR7i2ToK0dBK
t+18/JBIA+hurS/4XonCjQWPjelyvnR5bXuhSe3dHfzZnnJ3+edB5lRLXbts/hqd
ai/+U2ZAUZQPeyFuKipCuLt5B73tCmuWiaAEvt9fg40G8h1ykSVtYfL6UWYR86J2
lD2IOFUdvWA0bT7IMKEFfYEhbReWfuracvFqYPfHcApCTRxy0KWxKmuuwobPxiY2
pOf4CsNyVMnyPJLkRKxFQD/f/feuitysf0qJJOmQrnkn6TXV+ESaeATFrpDn4zqG
nGeT1C4MeIka58005C6GVfpzRK8MaEgo5WvJ95OqwJeuMfLLeEPaelGAqUxDrrKF
-----END CERTIFICATE-----