Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/JyQJbELaexgQ6fqiGT_WU8kf0iA.roa
File:                     JyQJbELaexgQ6fqiGT_WU8kf0iA.roa (raw, json)
Hash identifier:          k3GN2/34cdpJMDa/U2bzg9E3dU3QeePwWvyheMjQ+5o=
Subject key identifier:   27:24:09:6C:42:DA:7B:18:10:E9:FA:A2:19:3F:D6:53:C9:1F:D2:20
Certificate issuer:       /CN=320ad0cb1c8fabd2a7172723f2eb53ea02e84a69
Certificate serial:       019425FDDB1C9100879639D6ECAA089BEBEE
Authority key identifier: 32:0A:D0:CB:1C:8F:AB:D2:A7:17:27:23:F2:EB:53:EA:02:E8:4A:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MgrQyxyPq9KnFycj8utT6gLoSmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/JyQJbELaexgQ6fqiGT_WU8kf0iA.roa
Signing time:             Thu 02 Jan 2025 07:49:41 +0000
ROA not before:           Thu 02 Jan 2025 07:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213757
IP address blocks:        217.119.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/MgrQyxyPq9KnFycj8utT6gLoSmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/MgrQyxyPq9KnFycj8utT6gLoSmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MgrQyxyPq9KnFycj8utT6gLoSmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:db:1c:91:00:87:96:39:d6:ec:aa:08:9b:eb:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=320ad0cb1c8fabd2a7172723f2eb53ea02e84a69
        Validity
            Not Before: Jan  2 07:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2724096c42da7b1810e9faa2193fd653c91fd220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e3:07:bb:d4:c4:f9:62:4e:3d:b5:a5:37:d5:
                    a4:33:24:8f:91:50:c0:eb:e7:72:69:d7:de:f2:aa:
                    1b:95:aa:93:c1:3b:b2:da:9f:14:33:82:a3:20:e9:
                    d8:ef:6d:9e:c9:6c:ad:21:aa:f2:8b:08:02:da:c0:
                    5e:fc:ed:e7:bd:4e:73:cb:7d:06:7e:86:15:64:cb:
                    ec:7f:3c:2c:3f:0e:40:fc:27:a1:a4:ed:6b:63:89:
                    9c:97:56:43:86:6a:59:85:4e:20:17:4b:0a:c0:9c:
                    0d:e9:80:4e:31:fb:cb:0c:a9:a3:bb:9a:e2:00:08:
                    ed:c8:73:1a:b6:0f:65:65:f6:1d:59:e0:0f:ab:71:
                    4c:a6:18:18:48:8a:7a:0a:49:1e:0a:7f:58:b7:ae:
                    e1:ad:4f:41:6d:75:e8:ab:a9:63:dc:3d:d8:43:af:
                    d6:2d:79:c3:0f:a3:38:de:a9:10:15:f0:8a:3c:36:
                    e8:84:94:f4:c8:b6:f8:0c:48:b4:f5:ab:8f:ee:b3:
                    3f:45:f4:4b:c1:91:09:07:a6:52:22:81:31:91:b5:
                    70:71:07:e8:cd:7b:cb:d7:03:dd:94:c5:81:b6:be:
                    3b:ce:54:f2:f3:62:39:b0:7e:84:a4:61:d6:09:06:
                    6a:7a:50:4d:f7:d7:e8:01:12:1e:8f:e4:57:6a:ea:
                    a0:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:24:09:6C:42:DA:7B:18:10:E9:FA:A2:19:3F:D6:53:C9:1F:D2:20
            X509v3 Authority Key Identifier:
                keyid:32:0A:D0:CB:1C:8F:AB:D2:A7:17:27:23:F2:EB:53:EA:02:E8:4A:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MgrQyxyPq9KnFycj8utT6gLoSmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/JyQJbELaexgQ6fqiGT_WU8kf0iA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c26199-3303-4223-9f0f-5dafc634ccd6/1/MgrQyxyPq9KnFycj8utT6gLoSmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.119.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:cb:7a:30:2c:a4:06:53:b5:21:11:21:4f:53:b8:29:7d:48:
         f5:f4:e8:4f:80:5c:62:cd:a5:94:07:14:37:c8:a3:88:fa:b8:
         3c:5e:59:74:e7:09:1b:ff:04:fa:02:87:8a:41:2c:79:a7:c1:
         67:24:a7:71:10:60:68:7a:2b:e6:37:17:46:b7:04:7e:9e:1c:
         92:1c:da:30:50:d1:4c:b9:c3:d6:d8:9b:39:f3:4b:bc:5a:e5:
         2a:65:b6:8e:47:f9:ab:fc:5c:be:80:43:ce:ca:70:68:3d:de:
         e4:ae:75:5d:a9:46:65:6c:f0:cf:b6:32:0a:b6:e2:fd:4c:4a:
         26:b7:19:73:65:4f:9e:22:35:99:a4:12:7a:68:33:90:61:4f:
         fd:aa:6c:44:4f:94:b4:cb:f5:2b:17:40:dc:ff:c4:b8:ae:4d:
         b2:43:66:86:e4:c6:48:75:32:ba:43:a0:11:a5:38:07:ba:5d:
         18:f3:8b:ce:18:10:ce:d1:3f:79:fe:8f:aa:ea:eb:df:f0:b3:
         44:b9:d7:e1:4a:34:1d:3c:79:83:43:95:89:29:5c:e5:09:c0:
         c0:b7:55:08:aa:80:c3:2a:16:fe:2b:bc:1e:b0:73:75:8b:18:
         ca:13:de:a2:78:47:19:75:9f:ee:12:f6:bd:2c:2c:68:07:8a:
         9f:df:93:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/dsckQCHljnW7KoIm+vuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMGFkMGNiMWM4ZmFiZDJhNzE3MjcyM2YyZWI1M2VhMDJl
ODRhNjkwHhcNMjUwMTAyMDc0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzI0MDk2YzQyZGE3YjE4MTBlOWZhYTIxOTNmZDY1M2M5MWZkMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOMHu9TE+WJOPbWlN9WkMySPkVDA
6+dyadfe8qoblaqTwTuy2p8UM4KjIOnY722eyWytIaryiwgC2sBe/O3nvU5zy30G
foYVZMvsfzwsPw5A/CehpO1rY4mcl1ZDhmpZhU4gF0sKwJwN6YBOMfvLDKmju5ri
AAjtyHMatg9lZfYdWeAPq3FMphgYSIp6CkkeCn9Yt67hrU9BbXXoq6lj3D3YQ6/W
LXnDD6M43qkQFfCKPDbohJT0yLb4DEi09auP7rM/RfRLwZEJB6ZSIoExkbVwcQfo
zXvL1wPdlMWBtr47zlTy82I5sH6EpGHWCQZqelBN99foARIej+RXauqgAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCckCWxC2nsYEOn6ohk/1lPJH9IgMB8GA1UdIwQY
MBaAFDIK0Mscj6vSpxcnI/LrU+oC6EppMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWdyUXl4eVBxOUtuRnljajh1dFQ2Z0xvU21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jMjYxOTktMzMwMy00MjIzLTlmMGYt
NWRhZmM2MzRjY2Q2LzEvSnlRSmJFTGFleGdRNmZxaUdUX1dVOGtmMGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jMjYxOTktMzMwMy00MjIzLTlmMGYtNWRhZmM2MzRjY2Q2
LzEvTWdyUXl4eVBxOUtuRnljajh1dFQ2Z0xvU21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XeKMA0G
CSqGSIb3DQEBCwUAA4IBAQAyy3owLKQGU7UhESFPU7gpfUj19OhPgFxizaWUBxQ3
yKOI+rg8Xll05wkb/wT6AoeKQSx5p8FnJKdxEGBoeivmNxdGtwR+nhySHNowUNFM
ucPW2Js580u8WuUqZbaOR/mr/Fy+gEPOynBoPd7krnVdqUZlbPDPtjIKtuL9TEom
txlzZU+eIjWZpBJ6aDOQYU/9qmxET5S0y/UrF0Dc/8S4rk2yQ2aG5MZIdTK6Q6AR
pTgHul0Y84vOGBDO0T95/o+q6uvf8LNEudfhSjQdPHmDQ5WJKVzlCcDAt1UIqoDD
Khb+K7wesHN1ixjKE96ieEcZdZ/uEva9LCxoB4qf35Op
-----END CERTIFICATE-----