Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8qdNppc3f2W8CFE1q58hkdYPOYY.roa
File:                     8qdNppc3f2W8CFE1q58hkdYPOYY.roa (raw, json)
Hash identifier:          C5MWX/HhDSW8dr1SWQiZruY3B990XjT3rrelMc6jZhI=
Subject key identifier:   F2:A7:4D:A6:97:37:7F:65:BC:08:51:35:AB:9F:21:91:D6:0F:39:86
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01933EC15BA39056FFE7F59DECF398616852
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8qdNppc3f2W8CFE1q58hkdYPOYY.roa
Signing time:             Mon 18 Nov 2024 10:11:19 +0000
ROA not before:           Mon 18 Nov 2024 10:11:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42478
IP address blocks:        94.125.100.0/24 maxlen: 24
                          94.125.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3e:c1:5b:a3:90:56:ff:e7:f5:9d:ec:f3:98:61:68:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov 18 10:11:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2a74da697377f65bc085135ab9f2191d60f3986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:26:b9:51:92:a2:3a:6b:df:d8:93:4b:82:8f:
                    c0:a6:6a:53:4d:3c:48:16:bb:77:28:ae:f4:a9:ee:
                    2d:7d:71:c0:e7:37:51:56:0f:14:98:9d:da:0f:aa:
                    ac:b9:41:e5:f7:72:09:64:a6:5f:37:7c:cf:cd:64:
                    1b:10:3c:71:43:1a:5f:a6:67:85:74:c0:79:3e:aa:
                    72:55:36:65:60:45:2d:9b:00:ca:85:7e:23:4d:fb:
                    d5:e3:5b:e3:2d:f8:d0:82:82:ff:5e:a6:2e:33:b9:
                    62:af:8e:74:09:66:02:93:f3:63:76:2d:23:bd:28:
                    a1:25:a5:31:e9:aa:24:06:4b:fe:c6:45:65:a4:f9:
                    26:ed:14:de:24:0f:c3:88:23:91:03:5c:d9:55:06:
                    37:f7:15:d2:b6:75:00:35:a3:60:ce:77:33:8e:31:
                    30:31:9d:87:eb:55:8c:fb:a1:ce:51:15:63:5c:a4:
                    98:63:0c:7f:b0:e1:92:ef:63:7e:3c:d5:e7:b5:79:
                    ce:0b:ad:ce:27:4d:62:8d:6a:6c:b6:f5:be:bb:14:
                    20:5d:bc:bb:ed:ff:c7:e0:ca:01:70:cb:93:e8:1c:
                    da:d7:ab:ca:97:a7:6e:88:35:e1:e5:25:a4:a6:d0:
                    c6:c6:03:0e:da:ef:1b:b5:bd:ba:91:a5:ca:07:6b:
                    77:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A7:4D:A6:97:37:7F:65:BC:08:51:35:AB:9F:21:91:D6:0F:39:86
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8qdNppc3f2W8CFE1q58hkdYPOYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.125.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:b2:78:f8:35:8d:41:3c:53:e0:20:60:cc:fd:9d:c6:24:fb:
         2f:b4:53:a3:3a:c5:94:11:96:6c:10:d4:26:43:c2:55:45:cf:
         37:1a:ed:05:57:90:c9:0f:53:86:5d:b9:f1:91:65:82:59:cb:
         f7:bc:97:13:ee:db:9b:34:ec:59:46:eb:d0:db:59:69:dc:ee:
         da:30:f5:5a:87:7d:0c:d1:dd:43:09:06:1e:ab:7e:ad:21:e4:
         d3:5c:42:42:aa:15:03:77:76:76:1d:85:9f:77:c7:93:83:75:
         d2:54:a2:0d:af:21:57:61:8b:58:bd:31:c9:9d:7d:d2:65:bb:
         6c:f1:3c:ec:63:14:15:dc:aa:00:ad:60:3f:e7:1b:b9:8d:78:
         a4:7a:6d:e4:73:80:16:b7:ab:7c:45:c0:43:e3:1f:c6:41:ec:
         51:47:ee:b1:5e:59:53:9a:d0:07:58:9b:96:8b:7c:5f:f2:5b:
         01:fc:09:8e:04:52:9c:d8:5b:4b:a8:85:08:1e:a1:9e:9d:23:
         78:3c:d6:76:bf:c1:87:32:db:d3:83:98:bc:8b:00:f4:47:78:
         49:8f:16:94:0b:09:f4:e1:aa:8e:11:09:55:51:24:66:62:10:
         f7:57:9f:6d:be:f3:f2:38:c4:78:8e:ab:6e:89:fd:2c:d6:03:
         c6:4f:84:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM+wVujkFb/5/Wd7POYYWhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTE4MTAxMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmE3NGRhNjk3Mzc3ZjY1YmMwODUxMzVhYjlmMjE5MWQ2MGYzOTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvya5UZKiOmvf2JNLgo/ApmpTTTxI
Frt3KK70qe4tfXHA5zdRVg8UmJ3aD6qsuUHl93IJZKZfN3zPzWQbEDxxQxpfpmeF
dMB5PqpyVTZlYEUtmwDKhX4jTfvV41vjLfjQgoL/XqYuM7lir450CWYCk/Njdi0j
vSihJaUx6aokBkv+xkVlpPkm7RTeJA/DiCORA1zZVQY39xXStnUANaNgznczjjEw
MZ2H61WM+6HOURVjXKSYYwx/sOGS72N+PNXntXnOC63OJ01ijWpstvW+uxQgXby7
7f/H4MoBcMuT6Bza16vKl6duiDXh5SWkptDGxgMO2u8btb26kaXKB2t37QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKnTaaXN39lvAhRNaufIZHWDzmGMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOHFkTnBwYzNmMlc4Q0ZFMXE1OGhrZFlQT1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXn1kMA0G
CSqGSIb3DQEBCwUAA4IBAQA4snj4NY1BPFPgIGDM/Z3GJPsvtFOjOsWUEZZsENQm
Q8JVRc83Gu0FV5DJD1OGXbnxkWWCWcv3vJcT7tubNOxZRuvQ21lp3O7aMPVah30M
0d1DCQYeq36tIeTTXEJCqhUDd3Z2HYWfd8eTg3XSVKINryFXYYtYvTHJnX3SZbts
8TzsYxQV3KoArWA/5xu5jXikem3kc4AWt6t8RcBD4x/GQexRR+6xXllTmtAHWJuW
i3xf8lsB/AmOBFKc2FtLqIUIHqGenSN4PNZ2v8GHMtvTg5i8iwD0R3hJjxaUCwn0
4aqOEQlVUSRmYhD3V59tvvPyOMR4jqtuif0s1gPGT4S8
-----END CERTIFICATE-----