Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/jLLwumPdBK5tH4p1U1lXVa7aTKg.roa
File:                     jLLwumPdBK5tH4p1U1lXVa7aTKg.roa (raw, json)
Hash identifier:          0KkdwWQE7I+v0z9RdF7QLuLsU50/ZE4i9ivLcydPr/I=
Subject key identifier:   8C:B2:F0:BA:63:DD:04:AE:6D:1F:8A:75:53:59:57:55:AE:DA:4C:A8
Certificate issuer:       /CN=c3a8e8648e0ba36a323ab9df6341d668bda6b4d2
Certificate serial:       018CC5006CE7BFAB4318F7DE49D1C7C3E307
Authority key identifier: C3:A8:E8:64:8E:0B:A3:6A:32:3A:B9:DF:63:41:D6:68:BD:A6:B4:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w6joZI4Lo2oyOrnfY0HWaL2mtNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/jLLwumPdBK5tH4p1U1lXVa7aTKg.roa
Signing time:             Mon 01 Jan 2024 12:29:48 +0000
ROA not before:           Mon 01 Jan 2024 12:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211826
IP address blocks:        193.34.81.0/24 maxlen: 24
                          193.38.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/w6joZI4Lo2oyOrnfY0HWaL2mtNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/w6joZI4Lo2oyOrnfY0HWaL2mtNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w6joZI4Lo2oyOrnfY0HWaL2mtNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 04:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:6c:e7:bf:ab:43:18:f7:de:49:d1:c7:c3:e3:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3a8e8648e0ba36a323ab9df6341d668bda6b4d2
        Validity
            Not Before: Jan  1 12:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cb2f0ba63dd04ae6d1f8a7553595755aeda4ca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7f:21:6c:ab:7e:b2:64:32:e8:6a:53:cd:86:
                    d9:af:64:70:64:af:de:14:f9:81:42:fc:79:a6:7f:
                    96:62:34:6e:19:04:4f:19:65:3d:cb:8e:d0:a7:94:
                    b7:29:69:d6:ad:34:68:af:1d:64:f3:cb:e1:27:a4:
                    80:4c:c1:6c:32:ed:43:24:b3:db:60:1f:14:48:71:
                    a6:90:e4:6b:da:d1:c1:b6:3e:c1:4b:2c:7e:dd:59:
                    f9:dd:af:79:49:7d:bd:4b:2f:73:93:e7:ed:e1:90:
                    de:ab:ae:56:b8:29:16:21:de:be:df:3a:73:7d:40:
                    a8:7e:12:cd:bc:d8:23:c5:df:f0:54:b0:33:74:07:
                    d0:20:4d:f7:c4:d8:b6:33:76:44:77:ce:53:dd:e1:
                    57:75:91:3c:08:34:6e:72:6c:8e:7b:41:33:c7:cc:
                    1d:9a:d9:c2:db:3b:4e:1f:7c:6b:05:d3:17:e8:a0:
                    56:3c:75:2d:a1:3e:bc:5c:f3:d1:b0:ed:d7:41:9d:
                    8d:1c:59:a8:78:71:de:01:80:64:c4:07:4b:3b:5d:
                    53:2f:59:0d:69:77:4b:6c:12:65:da:52:02:a8:6e:
                    4a:45:ae:cf:95:3a:65:0f:a4:c0:d7:b9:cb:df:f6:
                    4c:e8:39:54:73:40:93:c0:aa:a0:26:69:a7:50:63:
                    13:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:B2:F0:BA:63:DD:04:AE:6D:1F:8A:75:53:59:57:55:AE:DA:4C:A8
            X509v3 Authority Key Identifier:
                keyid:C3:A8:E8:64:8E:0B:A3:6A:32:3A:B9:DF:63:41:D6:68:BD:A6:B4:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6joZI4Lo2oyOrnfY0HWaL2mtNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/jLLwumPdBK5tH4p1U1lXVa7aTKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/5a3d20-ecaa-40ea-9db2-d59845fb9b3d/1/w6joZI4Lo2oyOrnfY0HWaL2mtNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.81.0/24
                  193.38.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:23:8b:d5:ec:2b:e4:af:40:12:48:ea:b0:2b:fb:a0:1a:d6:
         6d:97:fc:87:6d:b0:3d:2b:dc:00:58:8d:77:a2:d7:5b:4c:84:
         f5:89:7e:be:fd:1b:70:7e:41:f9:9a:40:e3:bf:55:79:46:42:
         81:48:0c:12:40:2b:2e:17:fa:f9:ea:ea:41:3c:32:d5:1e:16:
         d4:33:e5:3d:7c:73:2c:bc:00:56:16:07:b4:69:b4:15:d5:43:
         59:a1:99:28:12:ba:c5:92:2f:28:d9:e5:b0:58:fe:88:05:51:
         c4:5d:1a:4d:b6:43:34:3f:a4:4e:69:bb:d6:e5:20:e1:84:45:
         5c:78:2f:fc:17:ad:99:32:a3:80:e5:22:3f:eb:5b:89:0d:07:
         80:d9:0f:93:d6:7e:f5:a9:ea:b6:37:12:99:f7:60:31:22:03:
         1a:67:02:e3:16:69:21:dd:ca:d0:ab:a0:83:0b:26:02:c9:52:
         4b:02:da:33:1e:2b:9a:3f:95:a4:50:d9:c4:74:12:82:48:88:
         7b:22:d6:3f:96:7c:de:cb:4c:19:84:35:c4:71:9c:eb:e9:75:
         da:f7:82:36:40:cc:59:0a:7d:be:11:4f:db:b9:fa:1b:cf:49:
         a9:bb:d8:a5:22:ec:09:91:17:68:84:6f:0a:6d:f2:8e:fb:81:
         10:ad:c8:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAGznv6tDGPfeSdHHw+MHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYThlODY0OGUwYmEzNmEzMjNhYjlkZjYzNDFkNjY4YmRh
NmI0ZDIwHhcNMjQwMTAxMTIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2IyZjBiYTYzZGQwNGFlNmQxZjhhNzU1MzU5NTc1NWFlZGE0Y2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt38hbKt+smQy6GpTzYbZr2RwZK/e
FPmBQvx5pn+WYjRuGQRPGWU9y47Qp5S3KWnWrTRorx1k88vhJ6SATMFsMu1DJLPb
YB8USHGmkORr2tHBtj7BSyx+3Vn53a95SX29Sy9zk+ft4ZDeq65WuCkWId6+3zpz
fUCofhLNvNgjxd/wVLAzdAfQIE33xNi2M3ZEd85T3eFXdZE8CDRucmyOe0Ezx8wd
mtnC2ztOH3xrBdMX6KBWPHUtoT68XPPRsO3XQZ2NHFmoeHHeAYBkxAdLO11TL1kN
aXdLbBJl2lICqG5KRa7PlTplD6TA17nL3/ZM6DlUc0CTwKqgJmmnUGMTVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIyy8Lpj3QSubR+KdVNZV1Wu2kyoMB8GA1UdIwQY
MBaAFMOo6GSOC6NqMjq532NB1mi9prTSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZqb1pJNExvMm95T3JuZlkwSFdhTDJtdE5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC81YTNkMjAtZWNhYS00MGVhLTlkYjIt
ZDU5ODQ1ZmI5YjNkLzEvakxMd3VtUGRCSzV0SDRwMVUxbFhWYTdhVEtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC81YTNkMjAtZWNhYS00MGVhLTlkYjItZDU5ODQ1ZmI5YjNk
LzEvdzZqb1pJNExvMm95T3JuZlkwSFdhTDJtdE5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSJRAwQA
wSb0MA0GCSqGSIb3DQEBCwUAA4IBAQClI4vV7Cvkr0ASSOqwK/ugGtZtl/yHbbA9
K9wAWI13otdbTIT1iX6+/RtwfkH5mkDjv1V5RkKBSAwSQCsuF/r56upBPDLVHhbU
M+U9fHMsvABWFge0abQV1UNZoZkoErrFki8o2eWwWP6IBVHEXRpNtkM0P6ROabvW
5SDhhEVceC/8F62ZMqOA5SI/61uJDQeA2Q+T1n71qeq2NxKZ92AxIgMaZwLjFmkh
3crQq6CDCyYCyVJLAtozHiuaP5WkUNnEdBKCSIh7ItY/lnzey0wZhDXEcZzr6XXa
94I2QMxZCn2+EU/bufobz0mpu9ilIuwJkRdohG8KbfKO+4EQrchj
-----END CERTIFICATE-----