Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/Sj1iz-ORdmMwnbJR6Eyd7ELrV10.roa
File:                     Sj1iz-ORdmMwnbJR6Eyd7ELrV10.roa (raw, json)
Hash identifier:          uIsmt14DqfuKdzUgJdLi1h/N7QwTs4eZvC3Nw8GW7Ww=
Subject key identifier:   4A:3D:62:CF:E3:91:76:63:30:9D:B2:51:E8:4C:9D:EC:42:EB:57:5D
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       018CC348E02F909E97EC6343B39D2064F1C1
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/Sj1iz-ORdmMwnbJR6Eyd7ELrV10.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        92.51.40.0/23 maxlen: 24
                          92.51.42.0/23 maxlen: 24
                          92.51.34.0/23 maxlen: 24
                          92.51.32.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e0:2f:90:9e:97:ec:63:43:b3:9d:20:64:f1:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a3d62cfe3917663309db251e84c9dec42eb575d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:70:56:e4:c5:6c:9c:02:7c:a3:51:bd:06:bf:
                    3c:ec:bd:cd:c4:af:18:54:2d:20:2b:30:47:17:74:
                    5c:c2:23:a1:23:44:a1:a1:b3:63:78:7b:af:99:22:
                    54:e2:ee:39:a2:e6:e2:18:08:50:f5:47:45:fa:33:
                    df:39:7c:52:ca:ac:29:60:df:ed:38:0b:46:58:55:
                    4f:00:4c:af:4b:a3:39:a1:97:ca:d8:5d:7c:bc:a7:
                    4b:6b:7a:1f:93:ce:58:22:47:be:08:77:25:c1:21:
                    50:8a:9c:52:dc:25:f1:e6:e7:35:9b:49:c5:55:f9:
                    a6:cf:45:9c:34:08:e2:f1:84:83:0c:ee:1e:f9:46:
                    d2:78:dd:85:85:65:1d:be:d9:eb:10:d2:6e:f3:ce:
                    21:05:1c:ed:18:3e:38:43:ba:7b:f8:59:30:7c:d7:
                    42:60:7f:02:af:5c:00:1e:73:38:9d:e5:01:10:1b:
                    3b:b1:e3:c9:b1:0e:1c:f8:45:f7:f6:13:3a:e6:fd:
                    03:89:de:e7:45:bd:4c:c0:db:e7:80:fc:07:33:20:
                    91:8b:44:aa:e8:ba:5d:2a:44:f5:1c:e4:57:06:0d:
                    fb:98:fc:d9:45:c2:8b:96:27:32:4b:91:24:16:dc:
                    26:80:02:20:1c:ff:07:ad:3a:ae:24:d6:86:9f:e4:
                    2f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:3D:62:CF:E3:91:76:63:30:9D:B2:51:E8:4C:9D:EC:42:EB:57:5D
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/Sj1iz-ORdmMwnbJR6Eyd7ELrV10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.51.32.0/22
                  92.51.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:d2:87:f9:41:61:a6:88:09:20:5c:15:30:6b:0b:1a:7a:0c:
         e4:7f:fd:36:0b:cc:a8:9b:26:74:5e:9d:1f:42:4c:5b:96:1a:
         a9:de:5c:a5:94:3e:f6:33:43:2c:2c:6b:02:fb:27:e0:4b:e6:
         c7:dd:dc:3b:a6:a8:12:e5:a4:18:59:ff:a5:83:a3:19:7c:ca:
         f4:9b:64:2f:50:83:32:fa:cd:a8:f9:5a:fd:26:ae:e6:04:6e:
         41:72:04:23:f6:8a:74:83:3d:3f:84:32:65:9d:8a:30:01:04:
         a3:23:88:16:a4:f4:1e:f6:b1:cf:a0:82:8c:5e:59:eb:25:e0:
         b4:9d:84:6d:b7:f5:5d:78:10:0e:ed:d2:92:1c:c4:9c:5c:8d:
         f3:9d:a5:31:5d:b3:51:87:29:5e:f1:83:38:9f:23:51:75:b4:
         74:2d:b1:cc:ed:b9:29:0d:38:af:59:7e:a1:3c:02:cb:d3:e7:
         87:88:0f:31:92:23:f9:2e:0c:02:26:3d:2c:5b:ef:dd:e2:b6:
         96:5e:1a:14:12:d0:dc:0e:8c:29:17:55:2b:b2:39:18:be:9f:
         01:a0:ea:0e:c6:8f:b8:55:62:c1:0b:a5:ac:d1:47:3f:5a:84:
         4f:59:35:b6:d8:cc:93:83:00:eb:cd:e8:39:61:34:b4:b2:6c:
         a3:9d:99:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSOAvkJ6X7GNDs50gZPHBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTNkNjJjZmUzOTE3NjYzMzA5ZGIyNTFlODRjOWRlYzQyZWI1NzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnBW5MVsnAJ8o1G9Br887L3NxK8Y
VC0gKzBHF3RcwiOhI0ShobNjeHuvmSJU4u45oubiGAhQ9UdF+jPfOXxSyqwpYN/t
OAtGWFVPAEyvS6M5oZfK2F18vKdLa3ofk85YIke+CHclwSFQipxS3CXx5uc1m0nF
Vfmmz0WcNAji8YSDDO4e+UbSeN2FhWUdvtnrENJu884hBRztGD44Q7p7+FkwfNdC
YH8Cr1wAHnM4neUBEBs7sePJsQ4c+EX39hM65v0Did7nRb1MwNvngPwHMyCRi0Sq
6LpdKkT1HORXBg37mPzZRcKLlicyS5EkFtwmgAIgHP8HrTquJNaGn+Qv2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEo9Ys/jkXZjMJ2yUehMnexC61ddMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvU2oxaXotT1JkbU13bmJKUjZFeWQ3RUxyVjEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXDMgAwQC
XDMoMA0GCSqGSIb3DQEBCwUAA4IBAQAp0of5QWGmiAkgXBUwawsaegzkf/02C8yo
myZ0Xp0fQkxblhqp3lyllD72M0MsLGsC+yfgS+bH3dw7pqgS5aQYWf+lg6MZfMr0
m2QvUIMy+s2o+Vr9Jq7mBG5BcgQj9op0gz0/hDJlnYowAQSjI4gWpPQe9rHPoIKM
XlnrJeC0nYRtt/VdeBAO7dKSHMScXI3znaUxXbNRhyle8YM4nyNRdbR0LbHM7bkp
DTivWX6hPALL0+eHiA8xkiP5LgwCJj0sW+/d4raWXhoUEtDcDowpF1UrsjkYvp8B
oOoOxo+4VWLBC6Ws0Uc/WoRPWTW22MyTgwDrzeg5YTS0smyjnZmq
-----END CERTIFICATE-----