Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/JsN1D5OuopYHCLFIEZKZ2Itv5Oc.roa
File:                     JsN1D5OuopYHCLFIEZKZ2Itv5Oc.roa (raw, json)
Hash identifier:          VDHMrvw/Ab+Op1OiM6hZje7T+CuOROPSPcHkZG8rfgU=
Subject key identifier:   26:C3:75:0F:93:AE:A2:96:07:08:B1:48:11:92:99:D8:8B:6F:E4:E7
Certificate issuer:       /CN=6992125e3d53cc481336105483fcff701fda1bb3
Certificate serial:       019425219B9251605143C664018F0E1420DD
Authority key identifier: 69:92:12:5E:3D:53:CC:48:13:36:10:54:83:FC:FF:70:1F:DA:1B:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZISXj1TzEgTNhBUg_z_cB_aG7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/JsN1D5OuopYHCLFIEZKZ2Itv5Oc.roa
Signing time:             Thu 02 Jan 2025 03:49:06 +0000
ROA not before:           Thu 02 Jan 2025 03:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209761
IP address blocks:        213.226.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/aZISXj1TzEgTNhBUg_z_cB_aG7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/aZISXj1TzEgTNhBUg_z_cB_aG7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZISXj1TzEgTNhBUg_z_cB_aG7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:9b:92:51:60:51:43:c6:64:01:8f:0e:14:20:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6992125e3d53cc481336105483fcff701fda1bb3
        Validity
            Not Before: Jan  2 03:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26c3750f93aea2960708b148119299d88b6fe4e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4e:50:c8:ff:f5:61:c7:a0:e7:f7:5c:0e:1d:
                    b4:59:ee:72:c6:50:f5:8d:bc:8d:7c:39:97:9e:cd:
                    d5:61:c8:16:82:1f:cb:08:0a:6a:3a:0a:57:f8:07:
                    fb:a2:d9:c6:de:37:fa:66:52:d4:01:6f:cf:71:4d:
                    30:b5:1a:ba:8d:1f:4f:94:e1:59:a4:8c:b1:75:82:
                    3d:b1:9d:1f:d5:8b:65:23:26:5f:2b:22:77:8e:c1:
                    1c:f1:65:6c:58:08:ce:e9:60:2d:84:ea:6a:92:27:
                    fa:2a:a4:a3:33:2f:74:74:c3:e1:f8:0b:eb:4e:cf:
                    e4:ab:de:13:68:ad:fc:45:7c:a7:6f:ee:b8:33:80:
                    73:f6:5d:a8:b9:7a:89:ff:07:ca:18:d7:78:c5:11:
                    ad:71:71:ab:24:2a:28:39:65:52:67:32:26:12:59:
                    e0:f8:b6:ef:55:da:16:2b:ee:ac:35:33:12:09:5b:
                    24:ce:ad:d4:34:5e:6c:df:e0:bd:6c:90:66:1e:ff:
                    20:39:fe:94:6b:4a:5f:06:85:4a:cc:42:6c:0a:22:
                    50:fd:44:1c:44:57:70:8d:49:99:d9:92:2d:90:7b:
                    33:db:63:22:c9:aa:c1:50:3a:d3:55:84:e1:c0:be:
                    7c:18:6c:a1:5b:a0:26:66:53:d9:ae:24:10:a9:d8:
                    b5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:C3:75:0F:93:AE:A2:96:07:08:B1:48:11:92:99:D8:8B:6F:E4:E7
            X509v3 Authority Key Identifier:
                keyid:69:92:12:5E:3D:53:CC:48:13:36:10:54:83:FC:FF:70:1F:DA:1B:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZISXj1TzEgTNhBUg_z_cB_aG7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/JsN1D5OuopYHCLFIEZKZ2Itv5Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4ac957-4183-49f3-bfbe-837c5e12bd04/1/aZISXj1TzEgTNhBUg_z_cB_aG7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.226.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:e1:0b:a6:1b:39:41:19:16:c5:58:a2:b7:ef:57:89:53:49:
         90:a6:72:4b:0f:92:f6:9d:26:43:7d:67:c2:88:6a:26:e4:61:
         fb:f5:7e:d4:6a:ab:36:61:af:67:49:11:4f:58:7d:c8:a6:32:
         b2:3d:17:68:7b:13:d0:b7:18:2c:9b:fe:0d:83:63:ff:f8:b7:
         75:5c:04:08:77:e2:9c:4e:d1:e5:cf:4c:68:36:cc:45:45:87:
         62:fd:08:af:85:d7:a9:73:a7:b6:cd:b6:5c:15:4e:ed:51:58:
         26:e5:ff:a1:f6:06:43:1a:9e:e0:80:b4:b4:23:3e:1a:6f:21:
         d3:fd:48:8e:19:95:a1:46:f5:3e:9c:62:14:fb:66:e1:c6:6b:
         da:b3:e4:55:89:17:44:82:d8:fd:d5:04:e9:a6:8c:c6:dd:c5:
         55:89:c6:e6:a9:26:41:14:61:e3:94:7c:ca:c5:d7:17:ff:0d:
         9e:eb:42:8e:82:d1:cf:47:db:fe:a7:34:af:14:7e:7e:20:d7:
         45:40:73:db:da:3a:65:23:0e:24:b0:c8:1f:7c:04:2d:37:f1:
         8e:61:d7:a0:6b:45:60:13:e8:35:53:bc:5a:5b:89:f5:99:81:
         f0:ac:44:7c:17:df:59:b8:95:c8:3b:3c:7a:01:e1:e9:6e:32:
         f9:2e:f7:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIZuSUWBRQ8ZkAY8OFCDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTIxMjVlM2Q1M2NjNDgxMzM2MTA1NDgzZmNmZjcwMWZk
YTFiYjMwHhcNMjUwMTAyMDM0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmMzNzUwZjkzYWVhMjk2MDcwOGIxNDgxMTkyOTlkODhiNmZlNGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU5QyP/1Yceg5/dcDh20We5yxlD1
jbyNfDmXns3VYcgWgh/LCApqOgpX+Af7otnG3jf6ZlLUAW/PcU0wtRq6jR9PlOFZ
pIyxdYI9sZ0f1YtlIyZfKyJ3jsEc8WVsWAjO6WAthOpqkif6KqSjMy90dMPh+Avr
Ts/kq94TaK38RXynb+64M4Bz9l2ouXqJ/wfKGNd4xRGtcXGrJCooOWVSZzImElng
+LbvVdoWK+6sNTMSCVskzq3UNF5s3+C9bJBmHv8gOf6Ua0pfBoVKzEJsCiJQ/UQc
RFdwjUmZ2ZItkHsz22MiyarBUDrTVYThwL58GGyhW6AmZlPZriQQqdi1hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbDdQ+TrqKWBwixSBGSmdiLb+TnMB8GA1UdIwQY
MBaAFGmSEl49U8xIEzYQVIP8/3Af2huzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpJU1hqMVR6RWdUTmhCVWdfel9jQl9hRzdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy80YWM5NTctNDE4My00OWYzLWJmYmUt
ODM3YzVlMTJiZDA0LzEvSnNOMUQ1T3VvcFlIQ0xGSUVaS1oySXR2NU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy80YWM5NTctNDE4My00OWYzLWJmYmUtODM3YzVlMTJiZDA0
LzEvYVpJU1hqMVR6RWdUTmhCVWdfel9jQl9hRzdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1eJYMA0G
CSqGSIb3DQEBCwUAA4IBAQCq4QumGzlBGRbFWKK371eJU0mQpnJLD5L2nSZDfWfC
iGom5GH79X7Uaqs2Ya9nSRFPWH3IpjKyPRdoexPQtxgsm/4Ng2P/+Ld1XAQId+Kc
TtHlz0xoNsxFRYdi/Qivhdepc6e2zbZcFU7tUVgm5f+h9gZDGp7ggLS0Iz4abyHT
/UiOGZWhRvU+nGIU+2bhxmvas+RViRdEgtj91QTppozG3cVVicbmqSZBFGHjlHzK
xdcX/w2e60KOgtHPR9v+pzSvFH5+INdFQHPb2jplIw4ksMgffAQtN/GOYdega0Vg
E+g1U7xaW4n1mYHwrER8F99ZuJXIOzx6AeHpbjL5Lvfx
-----END CERTIFICATE-----