Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/JE8EpcXspCsRNvmbqsB6Mi6Q19s.roa
File:                     JE8EpcXspCsRNvmbqsB6Mi6Q19s.roa (raw, json)
Hash identifier:          m/p3DVWoj8SE5gyxZIpvroOx7iZBcTkyugyZ5UZrb8k=
Subject key identifier:   24:4F:04:A5:C5:EC:A4:2B:11:36:F9:9B:AA:C0:7A:32:2E:90:D7:DB
Certificate issuer:       /CN=88775003f7d9e8e6e1ef48db06728e668ed187bc
Certificate serial:       018CC4248A9E7DB3813C83140747E08F5740
Authority key identifier: 88:77:50:03:F7:D9:E8:E6:E1:EF:48:DB:06:72:8E:66:8E:D1:87:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/JE8EpcXspCsRNvmbqsB6Mi6Q19s.roa
Signing time:             Mon 01 Jan 2024 08:29:38 +0000
ROA not before:           Mon 01 Jan 2024 08:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57000
IP address blocks:        46.149.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:8a:9e:7d:b3:81:3c:83:14:07:47:e0:8f:57:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88775003f7d9e8e6e1ef48db06728e668ed187bc
        Validity
            Not Before: Jan  1 08:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=244f04a5c5eca42b1136f99baac07a322e90d7db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:93:dd:e3:88:84:dd:a5:1f:8c:fb:2c:2c:a2:
                    bb:25:5b:3e:03:71:ad:de:c7:50:e4:ef:ac:99:95:
                    48:06:51:c0:12:e3:80:56:7d:ec:ca:f4:46:61:b7:
                    ed:7c:d9:09:90:2c:42:18:08:c0:70:65:70:0d:80:
                    8e:c4:2b:77:a3:67:4f:4b:e6:3f:62:11:23:f8:b0:
                    bf:28:1a:86:d8:20:fb:1a:66:94:67:53:ea:67:10:
                    b8:b0:44:03:65:f3:f3:98:b9:cd:19:93:eb:b1:4a:
                    8a:e9:5f:02:e4:61:c8:9e:29:5a:fe:82:6d:5c:92:
                    d9:32:bf:ed:b0:0b:3d:84:8c:7b:26:df:47:70:37:
                    be:1a:d7:fb:1f:23:9f:8b:4a:9f:c9:61:f7:97:69:
                    6e:ae:fc:9b:f5:79:fc:65:ad:03:c0:9f:4f:61:3b:
                    9f:0e:fe:18:28:ed:ed:c5:b6:99:f5:c3:46:50:ca:
                    ee:4b:62:d6:4b:76:1f:d9:8c:48:08:fd:2f:1f:f0:
                    b5:3f:a7:33:d9:3f:90:63:64:be:b0:22:db:d7:ec:
                    61:79:f4:c9:7d:e5:58:51:8d:17:df:eb:3e:cc:07:
                    31:dc:1a:1d:2b:d8:36:8e:5d:4e:8a:79:24:6f:c0:
                    e6:ea:26:07:1b:c4:17:09:78:37:5d:94:98:06:f2:
                    14:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:4F:04:A5:C5:EC:A4:2B:11:36:F9:9B:AA:C0:7A:32:2E:90:D7:DB
            X509v3 Authority Key Identifier:
                keyid:88:77:50:03:F7:D9:E8:E6:E1:EF:48:DB:06:72:8E:66:8E:D1:87:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/JE8EpcXspCsRNvmbqsB6Mi6Q19s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:2b:53:4e:5e:d5:6a:31:cc:05:7b:79:65:8f:1c:6d:2a:1f:
         62:b3:da:fa:f8:a4:d4:61:f3:97:30:d0:39:7a:2b:a8:e0:76:
         85:45:11:45:2d:08:cd:b4:77:5f:e7:9b:d8:d2:dc:86:10:88:
         02:5a:82:1e:af:35:20:54:c1:4a:59:19:3c:5c:ad:7f:7a:e8:
         16:fc:c6:8d:0b:1f:f2:08:80:73:78:58:bd:e5:b2:a8:e2:97:
         84:ac:98:9d:e0:8f:93:91:36:3a:5a:a9:44:79:1c:38:44:38:
         0a:be:dd:9d:c6:11:ca:29:b1:c8:43:a0:cc:54:ae:3c:e6:6f:
         6d:1b:b7:e8:3a:6f:07:f5:8f:bc:41:69:c8:5c:6b:d5:bf:be:
         af:6d:ab:17:4d:7f:32:92:4b:cc:0a:5c:f3:79:e1:cc:76:36:
         6c:b4:79:4c:49:2b:5e:7d:25:f9:0e:2c:69:85:ca:92:6b:b3:
         ee:41:4e:46:ab:07:a3:ef:70:1f:e9:aa:50:f0:cb:4a:be:7b:
         a7:0f:aa:d1:e4:2f:7e:2b:12:b9:e6:98:89:f9:07:db:8f:53:
         f9:6e:c5:1d:a5:75:f8:09:60:5e:91:44:40:fa:e7:b5:75:2d:
         8f:39:cb:7d:89:cb:17:d3:15:bf:e2:7f:ef:63:75:b1:b6:a3:
         3f:2e:b1:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJIqefbOBPIMUB0fgj1dAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4Nzc1MDAzZjdkOWU4ZTZlMWVmNDhkYjA2NzI4ZTY2OGVk
MTg3YmMwHhcNMjQwMTAxMDgyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDRmMDRhNWM1ZWNhNDJiMTEzNmY5OWJhYWMwN2EzMjJlOTBkN2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ZPd44iE3aUfjPssLKK7JVs+A3Gt
3sdQ5O+smZVIBlHAEuOAVn3syvRGYbftfNkJkCxCGAjAcGVwDYCOxCt3o2dPS+Y/
YhEj+LC/KBqG2CD7GmaUZ1PqZxC4sEQDZfPzmLnNGZPrsUqK6V8C5GHInila/oJt
XJLZMr/tsAs9hIx7Jt9HcDe+Gtf7HyOfi0qfyWH3l2lurvyb9Xn8Za0DwJ9PYTuf
Dv4YKO3txbaZ9cNGUMruS2LWS3Yf2YxICP0vH/C1P6cz2T+QY2S+sCLb1+xhefTJ
feVYUY0X3+s+zAcx3BodK9g2jl1Oinkkb8Dm6iYHG8QXCXg3XZSYBvIUWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCRPBKXF7KQrETb5m6rAejIukNfbMB8GA1UdIwQY
MBaAFIh3UAP32ejm4e9I2wZyjmaO0Ye8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUhkUUFfZlo2T2JoNzBqYkJuS09abzdSaDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi85YjhkM2ItMGMwMy00NTkxLWJkMGYt
ODc3NTBkNmY3N2E4LzEvSkU4RXBjWHNwQ3NSTnZtYnFzQjZNaTZRMTlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi85YjhkM2ItMGMwMy00NTkxLWJkMGYtODc3NTBkNmY3N2E4
LzEvaUhkUUFfZlo2T2JoNzBqYkJuS09abzdSaDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpVgMA0G
CSqGSIb3DQEBCwUAA4IBAQBaK1NOXtVqMcwFe3lljxxtKh9is9r6+KTUYfOXMNA5
eiuo4HaFRRFFLQjNtHdf55vY0tyGEIgCWoIerzUgVMFKWRk8XK1/eugW/MaNCx/y
CIBzeFi95bKo4peErJid4I+TkTY6WqlEeRw4RDgKvt2dxhHKKbHIQ6DMVK485m9t
G7foOm8H9Y+8QWnIXGvVv76vbasXTX8ykkvMClzzeeHMdjZstHlMSStefSX5Dixp
hcqSa7PuQU5Gqwej73Af6apQ8MtKvnunD6rR5C9+KxK55piJ+Qfbj1P5bsUdpXX4
CWBekURA+ue1dS2POct9icsX0xW/4n/vY3WxtqM/LrHr
-----END CERTIFICATE-----