Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/jjkTGGrZ9OrIIN0QyyAPSHol1VU.roa
File:                     jjkTGGrZ9OrIIN0QyyAPSHol1VU.roa (raw, json)
Hash identifier:          7kFrIBuCevjIVXmdsSwm3j7J6/1XLoAZWOVm6zPhP/I=
Subject key identifier:   8E:39:13:18:6A:D9:F4:EA:C8:20:DD:10:CB:20:0F:48:7A:25:D5:55
Certificate issuer:       /CN=d540ab185cf399de6cdb3ca45ded296b6be68fea
Certificate serial:       018CC5010D6108E03DC76800C2BDB429EFA0
Authority key identifier: D5:40:AB:18:5C:F3:99:DE:6C:DB:3C:A4:5D:ED:29:6B:6B:E6:8F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1UCrGFzzmd5s2zykXe0pa2vmj-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/jjkTGGrZ9OrIIN0QyyAPSHol1VU.roa
Signing time:             Mon 01 Jan 2024 12:30:29 +0000
ROA not before:           Mon 01 Jan 2024 12:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28920
IP address blocks:        91.231.144.0/24 maxlen: 24
                          2a06:2e00::/29 maxlen: 29
                          2a0b:67c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/1UCrGFzzmd5s2zykXe0pa2vmj-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/1UCrGFzzmd5s2zykXe0pa2vmj-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1UCrGFzzmd5s2zykXe0pa2vmj-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0d:61:08:e0:3d:c7:68:00:c2:bd:b4:29:ef:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d540ab185cf399de6cdb3ca45ded296b6be68fea
        Validity
            Not Before: Jan  1 12:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e3913186ad9f4eac820dd10cb200f487a25d555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:77:02:2c:26:e0:19:3f:6d:f2:2d:17:ce:36:
                    79:f9:53:eb:6d:96:53:1f:64:2e:d1:05:c2:3a:3e:
                    db:ce:3f:f1:b5:76:39:79:c7:7b:5b:de:6d:73:2b:
                    e3:9e:24:98:79:4e:47:e2:35:06:89:36:8e:c2:0d:
                    0a:9a:73:f9:a1:26:b4:49:ba:ce:f4:b7:72:0b:91:
                    95:02:5d:d7:6f:2c:93:8e:45:70:a0:cd:90:e2:b0:
                    fe:b8:f9:f9:9f:0b:da:48:a7:56:36:db:e0:2a:c5:
                    b1:7f:12:d8:4a:3b:84:4e:12:cd:7c:14:c2:6f:86:
                    ea:13:a4:73:0e:fa:f4:1a:cc:45:65:ec:41:af:43:
                    38:7a:e7:aa:bd:fd:20:c7:5d:f9:73:70:7c:2b:ae:
                    5f:a2:47:8e:10:f0:1e:06:05:59:21:95:ce:1f:0d:
                    6c:5b:2e:07:b7:19:a0:97:b8:61:41:b2:88:4e:01:
                    97:5f:32:1a:b6:a5:72:94:46:5d:2f:70:a6:45:30:
                    63:e4:3d:ab:99:39:21:0c:7d:49:6c:b7:80:d5:69:
                    7f:68:e4:68:34:25:2c:59:6a:1f:91:c7:b4:2c:4c:
                    7e:fd:a7:41:fb:d4:5e:f0:d5:54:9a:1b:81:24:6c:
                    90:c0:c6:36:04:f7:bc:c7:0e:43:91:7b:5b:4f:d9:
                    8f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:39:13:18:6A:D9:F4:EA:C8:20:DD:10:CB:20:0F:48:7A:25:D5:55
            X509v3 Authority Key Identifier:
                keyid:D5:40:AB:18:5C:F3:99:DE:6C:DB:3C:A4:5D:ED:29:6B:6B:E6:8F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1UCrGFzzmd5s2zykXe0pa2vmj-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/jjkTGGrZ9OrIIN0QyyAPSHol1VU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/1aaf5d-4e6f-4974-bfe4-c572cf867cbf/1/1UCrGFzzmd5s2zykXe0pa2vmj-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.144.0/24
                IPv6:
                  2a06:2e00::/29
                  2a0b:67c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:3c:c0:d1:03:f5:65:56:e6:77:6a:e7:8e:e4:e4:98:2b:50:
         e9:76:47:57:05:f6:2b:59:f7:a9:d6:9f:64:52:5d:6f:40:21:
         f0:d6:23:50:36:b3:14:4f:c6:a2:59:26:9a:9b:fc:72:65:ba:
         4d:5b:26:ba:2b:be:3a:74:f7:37:93:29:93:2b:74:d0:d6:fe:
         0b:80:c5:d2:64:d7:ef:f7:f6:47:36:7c:e7:94:a7:a4:71:2a:
         58:f8:5b:a6:a1:5d:5b:1d:8a:3a:30:d7:01:8c:a4:84:97:af:
         3b:26:c8:70:34:21:20:77:46:cf:ba:50:48:60:18:6e:1c:c8:
         45:d3:4e:7e:3e:db:9c:d7:5a:03:d3:6d:9c:73:b7:a5:94:96:
         8e:e6:5d:6a:08:bb:ce:ab:c6:cb:a7:8b:fa:50:84:62:8e:9a:
         2c:46:1d:69:93:e7:b2:25:36:ce:3f:9e:34:be:28:21:3f:fa:
         87:8a:f2:27:88:d2:be:36:ef:f7:7f:18:a2:19:b2:c0:d9:45:
         22:84:f2:c2:4a:ec:ec:47:3e:7f:f4:df:0c:f7:d0:12:3d:f5:
         80:17:56:2d:8f:a9:c0:77:e8:91:a3:5d:f9:65:08:02:72:c4:
         c3:0e:66:39:9a:a7:b8:93:18:fd:3d:7d:ef:76:a4:3a:5d:96:
         b1:2f:2a:14
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzFAQ1hCOA9x2gAwr20Ke+gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NDBhYjE4NWNmMzk5ZGU2Y2RiM2NhNDVkZWQyOTZiNmJl
NjhmZWEwHhcNMjQwMTAxMTIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTM5MTMxODZhZDlmNGVhYzgyMGRkMTBjYjIwMGY0ODdhMjVkNTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuncCLCbgGT9t8i0XzjZ5+VPrbZZT
H2Qu0QXCOj7bzj/xtXY5ecd7W95tcyvjniSYeU5H4jUGiTaOwg0KmnP5oSa0SbrO
9LdyC5GVAl3XbyyTjkVwoM2Q4rD+uPn5nwvaSKdWNtvgKsWxfxLYSjuEThLNfBTC
b4bqE6RzDvr0GsxFZexBr0M4eueqvf0gx135c3B8K65fokeOEPAeBgVZIZXOHw1s
Wy4Htxmgl7hhQbKITgGXXzIatqVylEZdL3CmRTBj5D2rmTkhDH1JbLeA1Wl/aORo
NCUsWWofkce0LEx+/adB+9Re8NVUmhuBJGyQwMY2BPe8xw5DkXtbT9mP1QIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFI45Exhq2fTqyCDdEMsgD0h6JdVVMB8GA1UdIwQY
MBaAFNVAqxhc85nebNs8pF3tKWtr5o/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVVDckdGenptZDVzMnp5a1hlMHBhMnZtai1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8xYWFmNWQtNGU2Zi00OTc0LWJmZTQt
YzU3MmNmODY3Y2JmLzEvamprVEdHclo5T3JJSU4wUXl5QVBTSG9sMVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8xYWFmNWQtNGU2Zi00OTc0LWJmZTQtYzU3MmNmODY3Y2Jm
LzEvMVVDckdGenptZDVzMnp5a1hlMHBhMnZtai1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAW+eQMBQE
AgACMA4DBQMqBi4AAwUDKgtnwDANBgkqhkiG9w0BAQsFAAOCAQEAfDzA0QP1ZVbm
d2rnjuTkmCtQ6XZHVwX2K1n3qdafZFJdb0Ah8NYjUDazFE/Golkmmpv8cmW6TVsm
uiu+OnT3N5Mpkyt00Nb+C4DF0mTX7/f2RzZ855SnpHEqWPhbpqFdWx2KOjDXAYyk
hJevOybIcDQhIHdGz7pQSGAYbhzIRdNOfj7bnNdaA9NtnHO3pZSWjuZdagi7zqvG
y6eL+lCEYo6aLEYdaZPnsiU2zj+eNL4oIT/6h4ryJ4jSvjbv938YohmywNlFIoTy
wkrs7Ec+f/TfDPfQEj31gBdWLY+pwHfokaNd+WUIAnLEww5mOZqnuJMY/T1973ak
Ol2WsS8qFA==
-----END CERTIFICATE-----