Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/8mkFQn8BDJefhiSpP5Kmmc-NGw8.roa
File:                     8mkFQn8BDJefhiSpP5Kmmc-NGw8.roa (raw, json)
Hash identifier:          ff+82rvlFDtuE0u+FqKBmPGfTtplg6EDNUxd74kTVRs=
Subject key identifier:   F2:69:05:42:7F:01:0C:97:9F:86:24:A9:3F:92:A6:99:CF:8D:1B:0F
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649DD9DB9088DD6C08452B2AEF69218
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/8mkFQn8BDJefhiSpP5Kmmc-NGw8.roa
Signing time:             Mon 01 Jan 2024 18:29:38 +0000
ROA not before:           Mon 01 Jan 2024 18:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47453
IP address blocks:        85.118.94.0/24 maxlen: 24
                          85.118.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:dd:9d:b9:08:8d:d6:c0:84:52:b2:ae:f6:92:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f26905427f010c979f8624a93f92a699cf8d1b0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:3d:d8:e2:7c:f3:1b:cc:37:d5:c8:36:8a:98:
                    f5:4b:78:a7:8b:3d:0f:18:1f:76:8b:7c:5e:1f:5a:
                    44:6f:7b:d7:2d:a0:6d:e3:29:c2:8c:a4:b2:c0:54:
                    38:ef:41:5a:9b:c4:52:44:0b:ad:79:1c:c4:7e:5a:
                    9a:0f:84:30:61:8c:3b:7d:cc:bb:e0:4d:25:8e:f3:
                    3d:4c:26:24:e0:1a:03:49:99:51:5c:97:5b:a1:12:
                    50:d3:49:4f:c0:a3:ca:13:f5:ea:af:db:cf:81:f9:
                    95:c7:45:ee:b0:c0:45:3d:2a:17:7b:22:b2:70:a0:
                    dc:ab:19:60:7a:37:cc:2a:83:78:2b:bc:26:6a:45:
                    60:dc:d1:bc:57:ec:34:4b:4c:6c:68:03:c4:5e:0a:
                    cc:9b:cc:fb:43:66:a0:1f:04:ab:bb:2d:d2:08:e5:
                    e2:ca:d2:c5:69:be:f8:fd:64:c5:4c:f3:f7:1e:36:
                    4f:e8:28:b3:f7:ae:60:ef:23:cf:0a:06:c3:8e:20:
                    82:25:f9:0b:b8:e2:88:a0:1a:f5:c1:a6:57:d1:1c:
                    9a:6a:12:41:ca:b7:bf:59:5e:76:5c:29:a6:cd:ee:
                    70:f7:bd:d1:13:f3:44:85:b2:cd:84:d6:bf:15:62:
                    50:d2:97:9d:83:72:3d:23:86:f6:8d:21:10:53:4d:
                    e6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:69:05:42:7F:01:0C:97:9F:86:24:A9:3F:92:A6:99:CF:8D:1B:0F
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/8mkFQn8BDJefhiSpP5Kmmc-NGw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.118.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:ce:7b:d1:92:0d:27:dc:bb:7a:1d:cf:c2:05:46:45:3a:02:
         1b:9c:0e:ab:55:e9:4f:89:a3:96:03:e6:83:aa:17:fe:0a:64:
         d4:74:ef:c6:22:c2:ee:19:76:f3:39:4f:c9:cb:dd:8c:c3:5a:
         ba:93:ad:01:c9:8f:ec:94:a7:85:ef:65:05:d8:8d:24:e5:7e:
         dd:d0:29:48:51:20:6c:07:6e:c9:e8:21:b5:da:30:eb:7a:16:
         5e:0c:7a:2f:96:5a:b3:52:a2:5b:79:f2:1d:9f:84:66:61:de:
         81:bc:76:38:0f:c5:75:b7:52:e4:c3:d1:d5:14:4d:75:d8:52:
         8d:e0:25:18:a6:7f:e6:c1:c7:9d:d0:fe:42:dc:27:ab:0c:e1:
         c1:fb:52:db:fa:57:0e:7d:55:cc:a4:e5:02:14:de:f7:bf:c4:
         fb:bc:45:95:05:9a:ab:28:c9:02:61:fc:b3:1c:d2:db:7a:71:
         a4:14:f4:0c:0a:ab:85:c8:91:2d:ca:a2:dc:9d:bd:3e:a5:6d:
         f9:d2:14:e6:97:73:85:04:fd:b5:58:1c:58:8f:16:93:bb:12:
         40:c3:44:0e:a9:8b:02:bb:c8:d6:e6:2c:e1:89:be:89:64:4c:
         86:75:12:59:97:1e:38:a6:4a:23:29:3d:6e:a2:d6:60:4d:94:
         24:0b:f3:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSd2duQiN1sCEUrKu9pIYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjY5MDU0MjdmMDEwYzk3OWY4NjI0YTkzZjkyYTY5OWNmOGQxYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1T3Y4nzzG8w31cg2ipj1S3iniz0P
GB92i3xeH1pEb3vXLaBt4ynCjKSywFQ470Fam8RSRAuteRzEflqaD4QwYYw7fcy7
4E0ljvM9TCYk4BoDSZlRXJdboRJQ00lPwKPKE/Xqr9vPgfmVx0XusMBFPSoXeyKy
cKDcqxlgejfMKoN4K7wmakVg3NG8V+w0S0xsaAPEXgrMm8z7Q2agHwSruy3SCOXi
ytLFab74/WTFTPP3HjZP6Ciz965g7yPPCgbDjiCCJfkLuOKIoBr1waZX0RyaahJB
yre/WV52XCmmze5w973RE/NEhbLNhNa/FWJQ0pedg3I9I4b2jSEQU03mPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJpBUJ/AQyXn4YkqT+SppnPjRsPMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvOG1rRlFuOEJESmVmaGlTcFA1S21tYy1OR3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVXZeMA0G
CSqGSIb3DQEBCwUAA4IBAQBIznvRkg0n3Lt6Hc/CBUZFOgIbnA6rVelPiaOWA+aD
qhf+CmTUdO/GIsLuGXbzOU/Jy92Mw1q6k60ByY/slKeF72UF2I0k5X7d0ClIUSBs
B27J6CG12jDrehZeDHovllqzUqJbefIdn4RmYd6BvHY4D8V1t1Lkw9HVFE112FKN
4CUYpn/mwced0P5C3CerDOHB+1Lb+lcOfVXMpOUCFN73v8T7vEWVBZqrKMkCYfyz
HNLbenGkFPQMCquFyJEtyqLcnb0+pW350hTml3OFBP21WBxYjxaTuxJAw0QOqYsC
u8jW5izhib6JZEyGdRJZlx44pkojKT1uotZgTZQkC/Mp
-----END CERTIFICATE-----