Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/oRUxzVoH-ecaccAJbQnwtoBC8Jk.roa
File:                     oRUxzVoH-ecaccAJbQnwtoBC8Jk.roa (raw, json)
Hash identifier:          3kWzs7eGQFJBiG0oD7/nKwti5bqZvVRKsEMCom1QtY8=
Subject key identifier:   A1:15:31:CD:5A:07:F9:E7:1A:71:C0:09:6D:09:F0:B6:80:42:F0:99
Certificate issuer:       /CN=f8ae9881bf112098a2bfd49a0bcffdccce7bc208
Certificate serial:       018CC6B7E31D76262CE05AFEC0556851C3C7
Authority key identifier: F8:AE:98:81:BF:11:20:98:A2:BF:D4:9A:0B:CF:FD:CC:CE:7B:C2:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/oRUxzVoH-ecaccAJbQnwtoBC8Jk.roa
Signing time:             Mon 01 Jan 2024 20:29:49 +0000
ROA not before:           Mon 01 Jan 2024 20:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        194.145.240.0/24 maxlen: 24
                          194.145.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 19:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:e3:1d:76:26:2c:e0:5a:fe:c0:55:68:51:c3:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8ae9881bf112098a2bfd49a0bcffdccce7bc208
        Validity
            Not Before: Jan  1 20:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a11531cd5a07f9e71a71c0096d09f0b68042f099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:cc:d4:2f:52:a7:81:3f:5c:69:4a:cc:c6:de:
                    b2:78:f2:bc:d8:78:b3:34:4e:86:05:03:3e:a5:18:
                    f2:42:22:90:8d:48:1a:fb:3f:45:95:46:c0:3e:5a:
                    c9:c9:0b:09:98:b6:7f:6e:2c:74:a6:73:dc:73:17:
                    f6:d4:3e:cb:4e:55:b2:4b:06:e6:a0:14:a0:5e:a2:
                    52:bd:c1:52:53:6d:38:f1:f5:a3:18:6f:f7:52:f3:
                    3b:cd:36:45:d9:61:ff:83:de:b2:da:75:ab:c1:f0:
                    65:bf:47:c0:2e:83:2d:b1:11:db:e6:d9:67:33:96:
                    cc:d6:6e:94:ee:0e:e5:c9:a0:7c:c0:36:7b:f3:d6:
                    83:29:fc:a3:07:b6:c6:85:5d:82:25:b6:ac:1b:1a:
                    22:89:9e:1a:31:d3:ed:ef:25:d8:17:3b:12:85:dc:
                    ee:f4:52:33:10:71:46:f0:c6:29:96:71:61:2e:46:
                    da:52:d1:38:a6:00:64:fd:05:98:81:2e:5e:52:e4:
                    78:79:eb:8f:39:fb:12:96:8d:9f:02:6b:3b:5d:3f:
                    12:3c:13:a7:97:7b:a3:ad:5d:73:6b:a6:ca:43:79:
                    ca:de:6c:ef:07:a5:82:be:db:c0:63:54:83:fb:90:
                    cd:be:28:94:a8:54:59:fa:7f:69:76:70:e6:2a:f4:
                    a4:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:15:31:CD:5A:07:F9:E7:1A:71:C0:09:6D:09:F0:B6:80:42:F0:99
            X509v3 Authority Key Identifier:
                keyid:F8:AE:98:81:BF:11:20:98:A2:BF:D4:9A:0B:CF:FD:CC:CE:7B:C2:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/oRUxzVoH-ecaccAJbQnwtoBC8Jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:ba:6f:08:e2:a3:76:8e:9f:2a:35:40:54:92:b1:d1:11:c5:
         e7:87:6e:48:0e:4f:ef:6f:75:e1:60:88:31:83:33:5e:32:72:
         77:b3:06:97:c5:d6:86:d2:95:d8:5c:42:be:77:3b:f0:e1:ea:
         1c:1d:82:31:5f:1f:af:7a:f1:10:5e:a7:50:9d:b6:06:a0:a9:
         e2:74:42:68:0b:76:64:12:da:84:2e:0c:ba:2d:a4:e3:42:dc:
         c7:b5:14:b2:92:ac:4f:e3:0f:6e:07:25:4c:b8:6f:26:5c:b1:
         6a:be:27:b8:da:f0:77:d2:76:5d:76:21:db:18:82:0a:44:9c:
         b2:63:35:5d:94:71:41:84:17:1b:cb:6c:dc:bf:c3:f4:19:8c:
         63:59:03:ea:fd:2c:89:ff:d2:4d:af:56:21:25:ef:80:36:ba:
         9f:87:60:52:e1:d9:23:ad:53:12:d9:ff:72:81:a8:52:4b:f9:
         9a:a2:0f:56:d2:4a:3e:a9:91:cb:ce:18:ba:50:57:80:dd:7c:
         8c:a4:4b:fc:b3:eb:fd:f1:f1:f0:bd:f4:c5:2d:b1:61:62:99:
         5a:e3:0b:e8:21:6a:c9:ed:bf:8b:c7:02:2b:8c:95:92:50:7a:
         1b:21:a4:9c:0d:01:77:33:c7:12:bd:1e:b8:7b:fe:28:a1:3b:
         c6:db:9c:a2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGt+MddiYs4Fr+wFVoUcPHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YWU5ODgxYmYxMTIwOThhMmJmZDQ5YTBiY2ZmZGNjY2U3
YmMyMDgwHhcNMjQwMTAxMjAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTE1MzFjZDVhMDdmOWU3MWE3MWMwMDk2ZDA5ZjBiNjgwNDJmMDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2szUL1KngT9caUrMxt6yePK82Hiz
NE6GBQM+pRjyQiKQjUga+z9FlUbAPlrJyQsJmLZ/bix0pnPccxf21D7LTlWySwbm
oBSgXqJSvcFSU2048fWjGG/3UvM7zTZF2WH/g96y2nWrwfBlv0fALoMtsRHb5tln
M5bM1m6U7g7lyaB8wDZ789aDKfyjB7bGhV2CJbasGxoiiZ4aMdPt7yXYFzsShdzu
9FIzEHFG8MYplnFhLkbaUtE4pgBk/QWYgS5eUuR4eeuPOfsSlo2fAms7XT8SPBOn
l3ujrV1za6bKQ3nK3mzvB6WCvtvAY1SD+5DNviiUqFRZ+n9pdnDmKvSkSQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKEVMc1aB/nnGnHACW0J8LaAQvCZMB8GA1UdIwQY
MBaAFPiumIG/ESCYor/UmgvP/czOe8IIMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LNllnYjhSSUppaXY5U2FDOF85ek01N3dnZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTQvNWQ5ZjU3LTBmMTAtNGUxNC1iNGFm
LTI1YTE1YTUyNGY4Ny8xL29SVXh6Vm9ILWVjYWNjQUpiUW53dG9CQzhKay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTQvNWQ5ZjU3LTBmMTAtNGUxNC1iNGFmLTI1YTE1YTUyNGY4
Ny8xLzEtSzZZZ2I4UklKaWl2OVNhQzhfOXpNNTd3Z2cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHCkfAw
DQYJKoZIhvcNAQELBQADggEBAFu6bwjio3aOnyo1QFSSsdERxeeHbkgOT+9vdeFg
iDGDM14ycnezBpfF1obSldhcQr53O/Dh6hwdgjFfH6968RBep1CdtgagqeJ0QmgL
dmQS2oQuDLotpONC3Me1FLKSrE/jD24HJUy4byZcsWq+J7ja8HfSdl12IdsYggpE
nLJjNV2UcUGEFxvLbNy/w/QZjGNZA+r9LIn/0k2vViEl74A2up+HYFLh2SOtUxLZ
/3KBqFJL+ZqiD1bSSj6pkcvOGLpQV4DdfIykS/yz6/3x8fC99MUtsWFimVrjC+gh
asntv4vHAiuMlZJQehshpJwNAXczxxK9Hrh7/iihO8bbnKI=
-----END CERTIFICATE-----