Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/zJRE173-ogYCzPc7u4BCrBeC8co.roa
File:                     zJRE173-ogYCzPc7u4BCrBeC8co.roa (raw, json)
Hash identifier:          NcxlrCYF8g8pFVJjcQvuSm3hGan61yAiGp95ghY7m1g=
Subject key identifier:   CC:94:44:D7:BD:FE:A2:06:02:CC:F7:3B:BB:80:42:AC:17:82:F1:CA
Certificate issuer:       /CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Certificate serial:       0191925D216D745607628551BEF0504E93B6
Authority key identifier: 9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/zJRE173-ogYCzPc7u4BCrBeC8co.roa
Signing time:             Tue 27 Aug 2024 05:44:22 +0000
ROA not before:           Tue 27 Aug 2024 05:44:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214414
IP address blocks:        109.207.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:92:5d:21:6d:74:56:07:62:85:51:be:f0:50:4e:93:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
        Validity
            Not Before: Aug 27 05:44:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc9444d7bdfea20602ccf73bbb8042ac1782f1ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0d:ec:e6:d5:23:f8:0c:52:4a:16:f1:c1:7c:
                    a1:7f:af:dc:9c:f7:50:d6:61:3d:44:49:b0:80:2e:
                    16:38:74:b0:58:6a:40:ad:35:3e:18:d7:36:4c:8c:
                    1b:34:b1:49:da:3a:66:1b:54:39:95:64:dc:28:2d:
                    df:dc:a6:f8:fd:52:4a:96:03:09:6f:a6:b4:60:50:
                    fc:2a:90:7d:36:92:b0:88:27:e9:89:fb:ee:ac:95:
                    41:c8:51:c8:76:6f:21:1e:3c:26:62:c5:d9:17:79:
                    65:cc:2e:e5:15:07:45:2f:4c:9a:36:1d:0e:26:4f:
                    dc:95:2a:10:d5:6a:55:a1:a7:69:fb:b5:a7:33:4f:
                    22:da:fb:8e:6f:f9:0a:a6:e0:e6:30:22:0c:b3:c5:
                    65:29:32:06:d0:e7:75:24:50:4f:0c:20:5c:a1:f9:
                    5f:bf:75:4a:66:88:7d:77:e5:7b:81:74:e2:83:ff:
                    96:71:2c:38:23:ad:d7:f8:c9:75:1d:f1:d5:16:17:
                    6b:09:5c:53:88:90:34:46:45:10:0c:a1:57:33:93:
                    f6:9a:84:9d:a5:90:c3:3e:36:d7:4d:da:8c:c7:65:
                    2a:f1:f7:3a:14:8d:dc:9c:d0:5e:25:be:bf:40:2e:
                    9b:02:20:35:ea:bb:da:82:f5:ea:5c:81:01:06:42:
                    a8:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:94:44:D7:BD:FE:A2:06:02:CC:F7:3B:BB:80:42:AC:17:82:F1:CA
            X509v3 Authority Key Identifier:
                keyid:9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/zJRE173-ogYCzPc7u4BCrBeC8co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.207.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:8f:5c:4e:4d:d9:a8:b4:73:b6:30:78:74:7b:cb:87:09:f3:
         ba:5c:97:21:fa:d5:e0:2a:9b:95:39:d3:b1:ac:75:61:14:dd:
         42:7c:e9:66:51:86:7f:cc:2a:3e:20:c8:02:e3:90:2f:66:26:
         1e:0a:e6:69:6a:5d:7b:22:d2:27:26:43:97:1b:4e:a6:01:dc:
         22:13:ec:36:ec:53:53:25:59:d8:c0:84:59:e6:3c:75:0f:7b:
         1d:8f:ac:46:eb:a1:d4:5c:69:28:0e:d4:b7:92:19:00:6a:33:
         7b:81:b4:53:24:a7:59:86:46:98:f0:41:41:02:0c:ac:04:59:
         ef:b9:d7:c5:fe:ab:ef:38:02:81:a4:34:bb:55:10:c1:ee:b3:
         c2:62:65:c4:aa:0e:29:86:8c:84:3f:b1:49:86:08:e0:1d:eb:
         95:df:7e:4e:b1:dc:4a:5c:4a:67:ba:a1:8e:eb:a0:d9:97:f2:
         ce:ce:bc:a1:36:4d:18:59:1e:0c:b1:18:4c:e4:b0:4a:d1:38:
         66:6b:f8:3e:53:d0:de:89:28:91:87:6f:61:03:35:9e:46:34:
         74:71:30:d7:18:8c:6d:ab:4b:6e:97:5c:26:8a:b9:43:d9:dd:
         a7:1a:0a:bf:4c:ad:d0:02:36:de:af:c1:85:3e:f0:18:47:42:
         10:76:de:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGSXSFtdFYHYoVRvvBQTpO2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYjRhOGI5M2FmOWVhOWNmMThhYWNhNGU3M2YxMTZlYzI2
ZWIzNTcwHhcNMjQwODI3MDU0NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzk0NDRkN2JkZmVhMjA2MDJjY2Y3M2JiYjgwNDJhYzE3ODJmMWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApA3s5tUj+AxSShbxwXyhf6/cnPdQ
1mE9REmwgC4WOHSwWGpArTU+GNc2TIwbNLFJ2jpmG1Q5lWTcKC3f3Kb4/VJKlgMJ
b6a0YFD8KpB9NpKwiCfpifvurJVByFHIdm8hHjwmYsXZF3llzC7lFQdFL0yaNh0O
Jk/clSoQ1WpVoadp+7WnM08i2vuOb/kKpuDmMCIMs8VlKTIG0Od1JFBPDCBcoflf
v3VKZoh9d+V7gXTig/+WcSw4I63X+Ml1HfHVFhdrCVxTiJA0RkUQDKFXM5P2moSd
pZDDPjbXTdqMx2Uq8fc6FI3cnNBeJb6/QC6bAiA16rvagvXqXIEBBkKobwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyURNe9/qIGAsz3O7uAQqwXgvHKMB8GA1UdIwQY
MBaAFJ+0qLk6+eqc8YqspOc/EW7CbrNXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYt
OGQ2OGViMjBmYmRkLzEvekpSRTE3My1vZ1lDelBjN3U0QkNyQmVDOGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYtOGQ2OGViMjBmYmRk
LzEvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc/yMA0G
CSqGSIb3DQEBCwUAA4IBAQANj1xOTdmotHO2MHh0e8uHCfO6XJch+tXgKpuVOdOx
rHVhFN1CfOlmUYZ/zCo+IMgC45AvZiYeCuZpal17ItInJkOXG06mAdwiE+w27FNT
JVnYwIRZ5jx1D3sdj6xG66HUXGkoDtS3khkAajN7gbRTJKdZhkaY8EFBAgysBFnv
udfF/qvvOAKBpDS7VRDB7rPCYmXEqg4phoyEP7FJhgjgHeuV335OsdxKXEpnuqGO
66DZl/LOzryhNk0YWR4MsRhM5LBK0Thma/g+U9DeiSiRh29hAzWeRjR0cTDXGIxt
q0tul1wmirlD2d2nGgq/TK3QAjber8GFPvAYR0IQdt4D
-----END CERTIFICATE-----