Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/jyFzfI9NcnJlH2c2WUfX7LmD8vk.roa
File:                     jyFzfI9NcnJlH2c2WUfX7LmD8vk.roa (raw, json)
Hash identifier:          RgjUv2WaP1BVmUkHiY/Re/JV+B4ufjEncWocTvCYNjw=
Subject key identifier:   8F:21:73:7C:8F:4D:72:72:65:1F:67:36:59:47:D7:EC:B9:83:F2:F9
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802D7572BD91303CBC527E2A3E486F3
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/jyFzfI9NcnJlH2c2WUfX7LmD8vk.roa
Signing time:             Tue 02 Jan 2024 02:31:18 +0000
ROA not before:           Tue 02 Jan 2024 02:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1882
IP address blocks:        192.36.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:d7:57:2b:d9:13:03:cb:c5:27:e2:a3:e4:86:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f21737c8f4d7272651f67365947d7ecb983f2f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:df:df:eb:bf:e3:80:c7:16:fd:a6:8e:c9:ec:
                    e3:e5:8b:ba:5a:98:ae:ad:7c:31:de:8a:c3:53:8a:
                    80:5a:a9:15:f4:4e:c5:cd:d2:4d:e1:64:b3:7d:43:
                    66:95:24:21:b2:39:24:a0:00:cb:07:d0:fa:cf:32:
                    8c:8e:1f:e9:06:a5:f5:09:86:b8:f0:36:e8:56:6d:
                    43:3c:8d:c7:3a:84:e9:fd:74:f8:d4:2c:1d:10:ba:
                    fb:06:9b:3c:04:a8:40:be:93:95:ef:f2:f0:83:df:
                    51:03:5b:94:4e:17:9e:8f:cc:8b:33:b9:05:c1:e1:
                    60:fc:3e:9a:79:42:9f:42:fb:22:08:7f:9f:5b:73:
                    e5:f2:30:8f:0e:37:1f:ee:ab:b7:86:14:68:f6:1d:
                    22:0b:69:ed:94:cb:eb:cd:7f:df:a8:13:e4:bd:78:
                    77:03:b6:1f:d1:0d:64:b9:f1:76:ac:38:ae:c0:44:
                    a9:12:06:c2:61:fb:15:be:4f:10:3f:8f:da:02:50:
                    75:bb:e5:b9:94:23:7b:e4:86:12:d6:12:63:92:f4:
                    6a:16:43:1c:96:f5:0d:de:02:d8:f5:b7:97:f2:12:
                    5f:f9:2a:c5:70:e7:11:05:2a:b6:9a:f1:89:f9:f9:
                    a8:17:48:ce:82:df:56:35:20:16:ac:01:ea:7c:31:
                    e0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:21:73:7C:8F:4D:72:72:65:1F:67:36:59:47:D7:EC:B9:83:F2:F9
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/jyFzfI9NcnJlH2c2WUfX7LmD8vk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.36.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:a2:d9:a5:84:fd:37:44:38:61:ab:80:5c:cb:60:24:8a:4c:
         04:09:d8:b0:e5:e1:04:87:19:37:06:d2:1c:5f:57:a3:77:39:
         7c:0a:7d:e3:f4:3e:65:b1:f4:b1:f8:ce:60:fa:c4:02:cb:c7:
         92:04:dd:c3:00:a8:5b:65:8b:f2:dc:34:b3:62:32:d9:a8:e4:
         a6:50:39:29:0f:92:c6:75:ad:54:63:da:57:26:ba:e3:d1:4c:
         2f:57:74:15:03:b9:fb:b6:21:db:9d:3a:fb:0c:e1:83:a0:13:
         dc:cd:fa:55:39:db:5b:27:a4:19:1a:a4:e4:7f:3f:36:d1:2b:
         76:a2:e7:14:71:7e:01:29:0c:4b:83:36:ad:4f:a3:97:13:b7:
         96:ef:29:06:d5:f3:dd:2e:1c:86:94:99:6d:bf:3c:f6:b1:9f:
         7f:3c:10:a1:77:d3:44:35:12:1c:87:6d:ab:ae:b5:ef:bc:74:
         04:4b:f0:08:b1:cd:71:ea:85:1a:ac:97:45:a4:fc:b1:cc:1c:
         3c:34:c3:92:68:57:bf:87:0a:0d:8a:32:ec:f4:77:30:3a:93:
         f2:fa:cc:f2:bf:a0:7e:b4:12:03:17:91:d1:8d:39:cd:5d:32:
         27:07:3b:f9:be:72:6a:2f:68:16:c1:c7:d4:73:b6:46:8e:92:
         4c:4f:a0:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAtdXK9kTA8vFJ+Kj5IbzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjIxNzM3YzhmNGQ3MjcyNjUxZjY3MzY1OTQ3ZDdlY2I5ODNmMmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9/f67/jgMcW/aaOyezj5Yu6Wpiu
rXwx3orDU4qAWqkV9E7FzdJN4WSzfUNmlSQhsjkkoADLB9D6zzKMjh/pBqX1CYa4
8DboVm1DPI3HOoTp/XT41CwdELr7Bps8BKhAvpOV7/Lwg99RA1uUTheej8yLM7kF
weFg/D6aeUKfQvsiCH+fW3Pl8jCPDjcf7qu3hhRo9h0iC2ntlMvrzX/fqBPkvXh3
A7Yf0Q1kufF2rDiuwESpEgbCYfsVvk8QP4/aAlB1u+W5lCN75IYS1hJjkvRqFkMc
lvUN3gLY9beX8hJf+SrFcOcRBSq2mvGJ+fmoF0jOgt9WNSAWrAHqfDHg0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8hc3yPTXJyZR9nNllH1+y5g/L5MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvanlGemZJOU5jbkpsSDJjMldVZlg3TG1EOHZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwCQqMA0G
CSqGSIb3DQEBCwUAA4IBAQDFotmlhP03RDhhq4Bcy2AkikwECdiw5eEEhxk3BtIc
X1ejdzl8Cn3j9D5lsfSx+M5g+sQCy8eSBN3DAKhbZYvy3DSzYjLZqOSmUDkpD5LG
da1UY9pXJrrj0UwvV3QVA7n7tiHbnTr7DOGDoBPczfpVOdtbJ6QZGqTkfz820St2
oucUcX4BKQxLgzatT6OXE7eW7ykG1fPdLhyGlJltvzz2sZ9/PBChd9NENRIch22r
rrXvvHQES/AIsc1x6oUarJdFpPyxzBw8NMOSaFe/hwoNijLs9HcwOpPy+szyv6B+
tBIDF5HRjTnNXTInBzv5vnJqL2gWwcfUc7ZGjpJMT6B8
-----END CERTIFICATE-----