Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/faEiNZRiYifb0EqTXJxeRTJJP9c.roa
File:                     faEiNZRiYifb0EqTXJxeRTJJP9c.roa (raw, json)
Hash identifier:          cBxU65JI5dV7r1mACFfzIFB3UZOT4D1EEbkEettYNBs=
Subject key identifier:   7D:A1:22:35:94:62:62:27:DB:D0:4A:93:5C:9C:5E:45:32:49:3F:D7
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       01957BC1E70F0793D138532E5DCBD7A0FCE9
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/faEiNZRiYifb0EqTXJxeRTJJP9c.roa
Signing time:             Sun 09 Mar 2025 16:34:19 +0000
ROA not before:           Sun 09 Mar 2025 16:34:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        94.154.44.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:7b:c1:e7:0f:07:93:d1:38:53:2e:5d:cb:d7:a0:fc:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: Mar  9 16:34:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7da1223594626227dbd04a935c9c5e4532493fd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4c:03:2d:ff:fc:bd:49:c1:ef:4f:cd:0f:b7:
                    df:90:a7:12:b0:43:cb:cb:ed:11:10:e3:ab:59:ea:
                    01:3f:36:85:5f:f4:55:4c:da:e7:0b:e4:ec:34:71:
                    87:d2:2d:ba:02:85:3c:3c:c7:0b:22:f7:4c:59:46:
                    9e:84:d3:9c:f9:54:2b:29:32:e2:2a:7a:77:4e:f4:
                    5b:f4:11:71:3e:95:74:bc:5a:40:f2:2e:38:c9:bc:
                    0d:5f:77:38:88:7e:06:48:13:b4:fe:f2:30:6e:cf:
                    ac:6b:c9:3c:60:58:54:53:ae:8d:3c:01:fa:f4:99:
                    27:28:be:ac:44:7e:9f:11:d6:9f:35:dc:db:9a:a9:
                    c8:f8:70:9d:91:39:f6:3f:cd:e4:b7:0d:db:6a:29:
                    08:e1:7b:d4:8e:d6:d2:fc:40:48:d8:b6:64:d9:36:
                    ad:aa:5d:33:6a:ad:7b:04:51:2c:01:34:70:c5:20:
                    8f:54:df:e8:f5:8c:de:3e:d6:f4:08:0f:64:64:11:
                    79:17:71:18:03:cd:bf:e1:4c:b5:e1:a9:c2:b1:a7:
                    d8:4c:ea:79:0f:8b:0c:a0:70:c0:da:7e:ce:94:03:
                    57:2c:b5:31:11:84:7b:e5:9d:38:fc:0c:fb:42:d9:
                    ba:8a:80:ac:23:5e:42:32:e3:60:04:cc:9f:6d:36:
                    ce:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:A1:22:35:94:62:62:27:DB:D0:4A:93:5C:9C:5E:45:32:49:3F:D7
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/faEiNZRiYifb0EqTXJxeRTJJP9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:bf:73:ec:4f:15:43:9f:c7:96:a9:f5:7b:98:9d:21:9d:7f:
         07:96:67:7d:52:b0:a3:02:99:bf:97:ca:23:38:09:1a:42:e3:
         30:b5:ba:29:80:84:68:6e:bb:44:8b:04:00:0d:97:42:74:3a:
         64:11:c1:a3:4c:d2:ee:18:2a:86:ac:c0:67:3a:a1:27:cd:13:
         49:93:cd:a9:11:da:fc:33:8b:8f:1a:2f:0b:23:06:16:b8:e7:
         64:c3:c1:18:b3:d2:59:d3:12:ab:ab:8d:69:a2:e8:3f:bb:1a:
         ad:29:96:83:10:07:33:07:8a:86:de:63:b2:12:d8:ef:62:ea:
         c4:55:49:aa:b6:21:eb:c2:ba:a2:6c:d9:5f:f7:c9:df:b6:5a:
         5c:4c:df:6f:a2:ca:3a:18:49:ff:ed:d8:d4:20:df:a4:cc:8f:
         8b:d6:42:a7:02:39:55:6e:6e:29:ca:7b:8a:49:16:60:72:76:
         e8:ba:da:14:3b:22:ac:8d:f5:f0:e2:b9:79:6c:97:70:16:7c:
         1a:cd:bf:28:a5:df:a8:38:bb:3c:bc:09:96:14:81:5f:e1:fc:
         36:ee:28:25:76:bf:c5:87:cc:c6:91:47:90:13:9b:b5:59:b0:
         30:5e:e9:bd:01:1a:6c:de:92:af:14:8f:73:a1:36:13:14:94:
         41:c7:1e:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZV7wecPB5PROFMuXcvXoPzpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjUwMzA5MTYzNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGExMjIzNTk0NjI2MjI3ZGJkMDRhOTM1YzljNWU0NTMyNDkzZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEwDLf/8vUnB70/ND7ffkKcSsEPL
y+0REOOrWeoBPzaFX/RVTNrnC+TsNHGH0i26AoU8PMcLIvdMWUaehNOc+VQrKTLi
Knp3TvRb9BFxPpV0vFpA8i44ybwNX3c4iH4GSBO0/vIwbs+sa8k8YFhUU66NPAH6
9JknKL6sRH6fEdafNdzbmqnI+HCdkTn2P83ktw3baikI4XvUjtbS/EBI2LZk2Tat
ql0zaq17BFEsATRwxSCPVN/o9YzePtb0CA9kZBF5F3EYA82/4Uy14anCsafYTOp5
D4sMoHDA2n7OlANXLLUxEYR75Z04/Az7Qtm6ioCsI15CMuNgBMyfbTbOsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH2hIjWUYmIn29BKk1ycXkUyST/XMB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvZmFFaU5aUmlZaWZiMEVxVFhKeGVSVEpKUDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXposMA0G
CSqGSIb3DQEBCwUAA4IBAQBVv3PsTxVDn8eWqfV7mJ0hnX8Hlmd9UrCjApm/l8oj
OAkaQuMwtbopgIRobrtEiwQADZdCdDpkEcGjTNLuGCqGrMBnOqEnzRNJk82pEdr8
M4uPGi8LIwYWuOdkw8EYs9JZ0xKrq41poug/uxqtKZaDEAczB4qG3mOyEtjvYurE
VUmqtiHrwrqibNlf98nftlpcTN9voso6GEn/7djUIN+kzI+L1kKnAjlVbm4pynuK
SRZgcnboutoUOyKsjfXw4rl5bJdwFnwazb8opd+oOLs8vAmWFIFf4fw27igldr/F
h8zGkUeQE5u1WbAwXum9ARps3pKvFI9zoTYTFJRBxx4I
-----END CERTIFICATE-----