Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/q3Drz0MaEOffYD8n_mTEACvRmZs.roa
File:                     q3Drz0MaEOffYD8n_mTEACvRmZs.roa (raw, json)
Hash identifier:          58W+VGbx5Oy2Ij+JB67NPykOehvg0QeHJqv/yxGQS/4=
Subject key identifier:   AB:70:EB:CF:43:1A:10:E7:DF:60:3F:27:FE:64:C4:00:2B:D1:99:9B
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       018CC348ABC3AE96BF0257526F4137A49E2D
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/q3Drz0MaEOffYD8n_mTEACvRmZs.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198389
IP address blocks:        94.240.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ab:c3:ae:96:bf:02:57:52:6f:41:37:a4:9e:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab70ebcf431a10e7df603f27fe64c4002bd1999b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:46:91:28:a9:e1:29:e5:58:d5:66:c7:db:57:
                    a1:1d:6d:f2:2f:7a:72:4a:b6:04:0b:a1:1c:95:9b:
                    49:84:a9:ca:71:62:fe:54:3b:d7:40:93:78:22:4e:
                    18:fa:97:6a:f8:60:19:0a:b0:a4:17:dd:bf:c2:51:
                    b9:3f:24:fd:b2:b3:07:73:17:6d:30:b5:d0:9c:25:
                    af:d3:33:51:70:f9:bb:ae:08:8c:ef:18:54:a5:2d:
                    08:a9:5c:26:40:e7:86:d9:69:85:1d:d2:16:27:89:
                    c8:ce:3a:7b:d7:4a:11:2b:11:a4:24:b8:c3:70:f7:
                    fe:55:cb:0f:ef:bb:be:93:53:d7:72:08:00:b5:df:
                    a6:01:15:5f:29:fd:63:9a:3a:37:8e:95:65:70:76:
                    56:03:ac:47:0b:c3:18:c0:ce:8c:26:b9:8a:81:93:
                    e4:46:5e:69:fd:f4:eb:ec:b0:51:94:34:23:a6:f5:
                    b6:15:2d:b7:0c:41:2b:2f:fa:fe:35:88:56:b5:22:
                    26:04:1c:b2:25:99:f1:0d:2d:27:79:26:e9:19:e5:
                    25:b2:c7:56:7d:05:07:97:be:aa:14:fe:dc:95:79:
                    6c:ef:37:25:d8:cd:c1:75:50:80:f9:c7:5d:9e:86:
                    5b:4e:4b:cb:0a:44:c7:9f:d0:ed:b1:7c:16:7d:d6:
                    a0:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:70:EB:CF:43:1A:10:E7:DF:60:3F:27:FE:64:C4:00:2B:D1:99:9B
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/q3Drz0MaEOffYD8n_mTEACvRmZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:90:71:21:03:e4:b0:36:e3:10:96:eb:1c:de:9a:b4:c7:52:
         1c:65:0b:ee:df:00:65:b1:c0:3f:13:c3:37:62:c4:69:6f:53:
         1e:8b:77:78:90:94:12:74:02:f9:12:9d:1f:17:52:cf:94:22:
         15:2f:3b:b1:c2:ae:6a:ab:73:ee:18:c5:0b:87:08:94:5a:82:
         dc:24:3d:8f:56:f3:d3:6b:2a:36:65:0f:20:dd:a3:bd:ce:8a:
         4f:10:42:b7:aa:60:0e:a8:70:b9:b0:38:10:45:06:72:79:27:
         c8:7a:5f:2d:cf:b6:a1:9c:5f:f4:7c:93:20:3f:36:5d:13:a7:
         a5:c3:07:f5:49:97:04:a0:c2:07:86:33:eb:95:ab:22:0d:df:
         a1:5a:b9:dd:70:09:4c:60:8d:93:60:cc:c5:09:b2:7d:20:32:
         da:17:d8:a2:a4:ad:9b:3e:78:dd:e5:55:be:99:5f:f7:67:91:
         ae:fb:a2:cd:e3:3d:cf:21:10:39:0c:69:93:ec:e6:a4:ae:03:
         14:27:4f:1d:ec:4b:6c:14:9f:6a:3d:1b:3c:a1:82:0c:96:f2:
         d8:e7:d6:38:f9:74:16:9e:72:17:05:e9:3e:ee:ad:51:5e:bc:
         5f:c9:29:b8:52:33:d8:52:66:4e:f0:d4:c0:3d:49:30:45:bc:
         78:25:c4:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKvDrpa/AldSb0E3pJ4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjcwZWJjZjQzMWExMGU3ZGY2MDNmMjdmZTY0YzQwMDJiZDE5OTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEaRKKnhKeVY1WbH21ehHW3yL3py
SrYEC6EclZtJhKnKcWL+VDvXQJN4Ik4Y+pdq+GAZCrCkF92/wlG5PyT9srMHcxdt
MLXQnCWv0zNRcPm7rgiM7xhUpS0IqVwmQOeG2WmFHdIWJ4nIzjp710oRKxGkJLjD
cPf+VcsP77u+k1PXcggAtd+mARVfKf1jmjo3jpVlcHZWA6xHC8MYwM6MJrmKgZPk
Rl5p/fTr7LBRlDQjpvW2FS23DEErL/r+NYhWtSImBByyJZnxDS0neSbpGeUlssdW
fQUHl76qFP7clXls7zcl2M3BdVCA+cddnoZbTkvLCkTHn9DtsXwWfdagwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtw689DGhDn32A/J/5kxAAr0ZmbMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvcTNEcnowTWFFT2ZmWUQ4bl9tVEVBQ3ZSbVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvANMA0G
CSqGSIb3DQEBCwUAA4IBAQBzkHEhA+SwNuMQlusc3pq0x1IcZQvu3wBlscA/E8M3
YsRpb1Mei3d4kJQSdAL5Ep0fF1LPlCIVLzuxwq5qq3PuGMULhwiUWoLcJD2PVvPT
ayo2ZQ8g3aO9zopPEEK3qmAOqHC5sDgQRQZyeSfIel8tz7ahnF/0fJMgPzZdE6el
wwf1SZcEoMIHhjPrlasiDd+hWrndcAlMYI2TYMzFCbJ9IDLaF9iipK2bPnjd5VW+
mV/3Z5Gu+6LN4z3PIRA5DGmT7OakrgMUJ08d7EtsFJ9qPRs8oYIMlvLY59Y4+XQW
nnIXBek+7q1RXrxfySm4UjPYUmZO8NTAPUkwRbx4JcTA
-----END CERTIFICATE-----