Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/JiOkyUROZ04T3-1zzbwph-3kACQ.roa
File:                     JiOkyUROZ04T3-1zzbwph-3kACQ.roa (raw, json)
Hash identifier:          gvHwZfuLT4N4RKjQBknXYmvyjcyp7jodP9+WCGOoLVY=
Subject key identifier:   26:23:A4:C9:44:4E:67:4E:13:DF:ED:73:CD:BC:29:87:ED:E4:00:24
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       018CC2DB5C4B64D78916DDA220F7481410F6
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/JiOkyUROZ04T3-1zzbwph-3kACQ.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        91.235.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 14:41:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5c:4b:64:d7:89:16:dd:a2:20:f7:48:14:10:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2623a4c9444e674e13dfed73cdbc2987ede40024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:29:bd:aa:b6:05:34:d6:da:de:de:73:5f:b4:
                    71:37:93:60:ec:e4:d6:45:99:0a:a6:50:84:dc:9c:
                    d2:39:ba:97:9d:98:59:d6:27:35:90:ab:5d:84:65:
                    cc:2f:8d:2d:18:56:0a:68:0d:e8:a9:ee:4b:de:bc:
                    87:32:ae:5c:d2:fa:39:9e:39:d3:6d:ef:4b:4f:6f:
                    c0:0b:19:7a:56:57:d2:5e:ce:a1:a5:d4:db:04:38:
                    e5:c7:18:81:fb:7f:ad:80:00:da:ec:e4:bd:4c:81:
                    ad:73:78:d6:79:54:e3:8c:12:47:07:15:c1:19:c2:
                    54:9d:f9:ab:71:4e:36:13:be:60:90:2e:b7:1d:fa:
                    af:68:0d:a0:1e:e1:28:e7:a7:b2:7d:88:91:9e:db:
                    13:a0:c1:60:dd:c0:87:df:2d:77:a5:1a:51:37:47:
                    dd:1b:75:ec:98:8d:f9:f5:c8:c0:82:3f:00:68:5e:
                    8c:22:4c:7a:79:bb:d4:c5:05:8e:4f:6e:dc:e4:e7:
                    c5:53:81:40:50:e9:9c:8b:ba:f1:60:18:78:50:93:
                    80:7f:52:cd:b3:ee:14:29:3f:c0:ec:8d:33:1e:59:
                    be:a1:b6:b4:51:95:07:84:2b:5f:1a:89:b1:af:37:
                    8a:e0:ea:61:df:1b:bb:23:c7:e5:cb:5a:ef:d6:1f:
                    37:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:23:A4:C9:44:4E:67:4E:13:DF:ED:73:CD:BC:29:87:ED:E4:00:24
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/JiOkyUROZ04T3-1zzbwph-3kACQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:64:21:a3:c1:23:85:e0:4e:50:0b:f8:35:e5:5e:f9:82:ef:
         5e:57:bc:8f:15:c8:96:de:5b:63:f9:2d:c8:5f:e9:0f:75:d8:
         70:0a:31:70:14:f0:fb:f3:ea:54:bd:5c:49:1a:b1:35:2f:86:
         3a:84:55:d1:5f:0b:fa:c9:9d:d1:25:d6:61:de:b4:1a:11:a5:
         87:53:90:0a:dd:d1:a5:c1:a8:53:02:f7:df:7c:01:07:4f:19:
         18:fc:20:fc:16:ba:3c:0b:68:b8:c1:26:3a:0b:63:67:7d:aa:
         57:aa:83:00:ca:70:98:f7:92:c4:ab:6f:4d:02:33:f8:90:bc:
         dc:dc:56:9b:f6:d5:ef:26:38:d4:02:6f:f7:32:46:5e:1c:04:
         53:f1:42:23:86:16:16:0e:cb:7a:70:58:65:59:f2:7b:c7:5b:
         cb:98:b2:cc:c5:e0:c7:c6:11:5c:bd:4a:d5:9d:48:c1:f0:47:
         00:c0:70:07:a9:f2:32:7a:95:4a:3e:81:9d:ca:89:db:0e:e8:
         7d:62:34:85:8b:5a:cd:7e:a1:6d:3a:f2:8e:52:de:f2:a4:a5:
         2d:4e:52:08:9b:f7:56:22:c2:8c:90:2c:70:21:9a:c0:9e:0c:
         1c:dd:b3:d0:3f:4f:e2:69:ee:c0:e6:27:c4:15:35:46:60:c9:
         fe:e5:b8:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21xLZNeJFt2iIPdIFBD2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjIzYTRjOTQ0NGU2NzRlMTNkZmVkNzNjZGJjMjk4N2VkZTQwMDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmim9qrYFNNba3t5zX7RxN5Ng7OTW
RZkKplCE3JzSObqXnZhZ1ic1kKtdhGXML40tGFYKaA3oqe5L3ryHMq5c0vo5njnT
be9LT2/ACxl6VlfSXs6hpdTbBDjlxxiB+3+tgADa7OS9TIGtc3jWeVTjjBJHBxXB
GcJUnfmrcU42E75gkC63HfqvaA2gHuEo56eyfYiRntsToMFg3cCH3y13pRpRN0fd
G3XsmI359cjAgj8AaF6MIkx6ebvUxQWOT27c5OfFU4FAUOmci7rxYBh4UJOAf1LN
s+4UKT/A7I0zHlm+oba0UZUHhCtfGomxrzeK4Oph3xu7I8fly1rv1h83ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYjpMlETmdOE9/tc828KYft5AAkMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvSmlPa3lVUk9aMDRUMy0xenpid3BoLTNrQUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+sCMA0G
CSqGSIb3DQEBCwUAA4IBAQA3ZCGjwSOF4E5QC/g15V75gu9eV7yPFciW3ltj+S3I
X+kPddhwCjFwFPD78+pUvVxJGrE1L4Y6hFXRXwv6yZ3RJdZh3rQaEaWHU5AK3dGl
wahTAvfffAEHTxkY/CD8Fro8C2i4wSY6C2NnfapXqoMAynCY95LEq29NAjP4kLzc
3Fab9tXvJjjUAm/3MkZeHART8UIjhhYWDst6cFhlWfJ7x1vLmLLMxeDHxhFcvUrV
nUjB8EcAwHAHqfIyepVKPoGdyonbDuh9YjSFi1rNfqFtOvKOUt7ypKUtTlIIm/dW
IsKMkCxwIZrAngwc3bPQP0/iae7A5ifEFTVGYMn+5bgd
-----END CERTIFICATE-----