Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/3bad52-9246-4709-a617-bd942371c86a/1/JmtgsDo5DNq-vhZ6IYVuhvzPgD0.roa
File:                     JmtgsDo5DNq-vhZ6IYVuhvzPgD0.roa (raw, json)
Hash identifier:          WtuLUC0Aa5KAgIEp4S0FbLjHvrr18rVfsxxlE5lP0OA=
Subject key identifier:   26:6B:60:B0:3A:39:0C:DA:BE:BE:16:7A:21:85:6E:86:FC:CF:80:3D
Certificate issuer:       /CN=613789e73c75cab6d83ab69da328fc2dffbc9082
Certificate serial:       018CC9BB9E169A2B4A76736036F5E5D1B4FB
Authority key identifier: 61:37:89:E7:3C:75:CA:B6:D8:3A:B6:9D:A3:28:FC:2D:FF:BC:90:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YTeJ5zx1yrbYOradoyj8Lf-8kII.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/3bad52-9246-4709-a617-bd942371c86a/1/JmtgsDo5DNq-vhZ6IYVuhvzPgD0.roa
Signing time:             Tue 02 Jan 2024 10:32:45 +0000
ROA not before:           Tue 02 Jan 2024 10:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44478
IP address blocks:        194.48.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/3bad52-9246-4709-a617-bd942371c86a/1/YTeJ5zx1yrbYOradoyj8Lf-8kII.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/3bad52-9246-4709-a617-bd942371c86a/1/YTeJ5zx1yrbYOradoyj8Lf-8kII.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YTeJ5zx1yrbYOradoyj8Lf-8kII.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:9e:16:9a:2b:4a:76:73:60:36:f5:e5:d1:b4:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=613789e73c75cab6d83ab69da328fc2dffbc9082
        Validity
            Not Before: Jan  2 10:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=266b60b03a390cdabebe167a21856e86fccf803d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3f:4b:e6:9f:66:74:36:fa:00:3d:05:4f:0b:
                    23:0d:4e:ea:49:cb:0b:4e:23:f0:ac:66:93:06:b6:
                    87:fc:84:4e:74:8b:9e:0b:f1:80:02:bf:9b:35:95:
                    60:28:d4:07:fd:82:ea:9a:dc:6f:14:11:45:36:2f:
                    3a:a8:65:3b:77:e1:3a:d6:3f:c8:ad:78:ce:bb:19:
                    0a:ee:7b:7a:44:ee:00:9a:ac:af:92:1f:5c:14:df:
                    de:b6:98:62:70:b4:7a:1b:1b:d9:96:09:4d:f5:e4:
                    1c:82:3c:a7:99:37:c1:ed:c2:29:c7:92:c0:cf:26:
                    50:ad:ab:98:90:2d:4f:3d:fd:bd:5d:ff:1e:d5:87:
                    87:fc:c3:50:b7:da:a9:b4:8a:45:85:03:15:b0:d1:
                    91:86:c2:be:e1:3c:c1:a4:62:77:4d:94:1b:8c:d1:
                    34:55:70:e4:d3:77:61:68:d7:71:be:27:b4:5f:38:
                    e4:ff:97:79:d0:eb:b4:dc:62:3c:b2:c2:bc:7c:30:
                    3a:a3:ec:b9:84:b9:ed:b2:13:83:a4:08:c8:dc:a0:
                    bf:23:a7:87:a7:05:87:d8:70:17:3a:11:8e:10:35:
                    f3:e4:14:2f:3f:d3:8f:67:21:10:12:5b:86:71:4c:
                    34:3d:67:70:38:a5:59:6e:11:06:f7:9c:ce:9d:80:
                    d7:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:6B:60:B0:3A:39:0C:DA:BE:BE:16:7A:21:85:6E:86:FC:CF:80:3D
            X509v3 Authority Key Identifier:
                keyid:61:37:89:E7:3C:75:CA:B6:D8:3A:B6:9D:A3:28:FC:2D:FF:BC:90:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YTeJ5zx1yrbYOradoyj8Lf-8kII.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/3bad52-9246-4709-a617-bd942371c86a/1/JmtgsDo5DNq-vhZ6IYVuhvzPgD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/3bad52-9246-4709-a617-bd942371c86a/1/YTeJ5zx1yrbYOradoyj8Lf-8kII.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:8f:fd:02:f8:71:d2:67:47:1e:91:dd:21:51:f9:ab:e1:2e:
         ba:73:d0:b4:ab:bb:06:f0:b2:90:2d:5e:0f:7e:f2:1f:92:e8:
         27:e7:d0:7e:bb:2c:d7:74:fe:61:d0:ca:09:af:51:46:20:b9:
         90:c9:7d:b5:3b:03:fd:c0:4d:45:19:30:24:a3:30:ea:6c:a9:
         93:a4:4a:6b:e4:ec:73:14:e4:9d:38:31:e7:81:30:b9:56:bc:
         4e:33:31:3b:e1:bd:64:af:45:37:29:86:43:6b:d7:d4:f2:62:
         fa:b8:8f:90:d2:68:d6:27:79:58:c1:32:79:20:83:80:57:af:
         47:e8:11:87:9f:62:52:04:c9:a9:02:59:17:04:34:07:6d:38:
         6c:f2:ee:77:51:42:60:dc:c1:3b:d2:b6:56:4f:9e:0a:bb:b6:
         10:28:6d:80:17:be:ce:b8:88:f6:89:f5:f2:c5:53:72:5b:c5:
         6f:46:f4:b5:2a:78:9a:47:aa:b0:91:22:96:de:46:bb:f5:1e:
         5e:b0:c3:db:2f:44:66:36:6b:9e:1a:45:b5:2f:60:f2:95:16:
         6c:bb:d8:fe:5f:e5:e0:59:d8:19:3d:1c:73:8e:cc:e7:4c:4f:
         3f:e6:16:e7:50:c9:3e:60:e3:ec:b0:24:ab:1f:ec:b3:0c:f8:
         77:51:10:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu54WmitKdnNgNvXl0bT7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMzc4OWU3M2M3NWNhYjZkODNhYjY5ZGEzMjhmYzJkZmZi
YzkwODIwHhcNMjQwMTAyMTAzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjZiNjBiMDNhMzkwY2RhYmViZTE2N2EyMTg1NmU4NmZjY2Y4MDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxj9L5p9mdDb6AD0FTwsjDU7qScsL
TiPwrGaTBraH/IROdIueC/GAAr+bNZVgKNQH/YLqmtxvFBFFNi86qGU7d+E61j/I
rXjOuxkK7nt6RO4Amqyvkh9cFN/etphicLR6GxvZlglN9eQcgjynmTfB7cIpx5LA
zyZQrauYkC1PPf29Xf8e1YeH/MNQt9qptIpFhQMVsNGRhsK+4TzBpGJ3TZQbjNE0
VXDk03dhaNdxvie0Xzjk/5d50Ou03GI8ssK8fDA6o+y5hLntshODpAjI3KC/I6eH
pwWH2HAXOhGOEDXz5BQvP9OPZyEQEluGcUw0PWdwOKVZbhEG95zOnYDXwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZrYLA6OQzavr4WeiGFbob8z4A9MB8GA1UdIwQY
MBaAFGE3iec8dcq22Dq2naMo/C3/vJCCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVRlSjV6eDF5cmJZT3JhZG95ajhMZi04a0lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8zYmFkNTItOTI0Ni00NzA5LWE2MTct
YmQ5NDIzNzFjODZhLzEvSm10Z3NEbzVETnEtdmhaNklZVnVodnpQZ0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8zYmFkNTItOTI0Ni00NzA5LWE2MTctYmQ5NDIzNzFjODZh
LzEvWVRlSjV6eDF5cmJZT3JhZG95ajhMZi04a0lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjDaMA0G
CSqGSIb3DQEBCwUAA4IBAQBvj/0C+HHSZ0cekd0hUfmr4S66c9C0q7sG8LKQLV4P
fvIfkugn59B+uyzXdP5h0MoJr1FGILmQyX21OwP9wE1FGTAkozDqbKmTpEpr5Oxz
FOSdODHngTC5VrxOMzE74b1kr0U3KYZDa9fU8mL6uI+Q0mjWJ3lYwTJ5IIOAV69H
6BGHn2JSBMmpAlkXBDQHbThs8u53UUJg3ME70rZWT54Ku7YQKG2AF77OuIj2ifXy
xVNyW8VvRvS1KniaR6qwkSKW3ka79R5esMPbL0RmNmueGkW1L2DylRZsu9j+X+Xg
WdgZPRxzjsznTE8/5hbnUMk+YOPssCSrH+yzDPh3URBF
-----END CERTIFICATE-----