Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/Pnm8frsLOG1lxrX532GQmoUoDpY.roa
File:                     Pnm8frsLOG1lxrX532GQmoUoDpY.roa (raw, json)
Hash identifier:          cOemY/moi+7UlENgnt0uirHT47+EnhfuNvxuemyQMZ4=
Subject key identifier:   3E:79:BC:7E:BB:0B:38:6D:65:C6:B5:F9:DF:61:90:9A:85:28:0E:96
Certificate issuer:       /CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
Certificate serial:       018CC26D2BC2AB36F4AFCB5FACE9A8E0F26D
Authority key identifier: 1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/Pnm8frsLOG1lxrX532GQmoUoDpY.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201104
IP address blocks:        94.45.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2b:c2:ab:36:f4:af:cb:5f:ac:e9:a8:e0:f2:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e79bc7ebb0b386d65c6b5f9df61909a85280e96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:65:82:8e:44:e5:20:c2:80:bf:aa:96:f0:26:
                    26:10:7f:41:4e:33:6f:48:fc:40:8b:bd:a8:02:70:
                    cb:a9:4f:79:57:cb:02:71:3b:6c:4a:1a:ce:2d:dc:
                    b8:ca:f6:82:83:f3:11:de:5a:bb:30:c0:a1:aa:d8:
                    3f:52:2c:e7:c9:79:f8:84:0e:00:2c:af:55:c3:c2:
                    fe:33:57:b6:53:9c:f8:68:35:ef:42:5f:65:45:ab:
                    44:9d:d3:7a:b6:ba:b2:43:df:d3:76:a9:d2:bf:e6:
                    b7:ed:b6:9d:70:bf:18:6d:19:4e:14:7f:73:9a:3d:
                    ee:b7:38:39:aa:59:2d:9f:55:63:e8:4c:77:74:2e:
                    b9:f7:0f:f5:3c:f1:ae:70:5e:fe:3b:0a:56:93:17:
                    77:7c:f4:d0:eb:15:7d:23:86:e6:bd:ee:90:cf:2b:
                    40:d2:1b:85:f4:aa:78:47:3a:59:30:f8:32:e3:dd:
                    5c:55:cb:cd:9e:5f:df:f5:19:a7:29:1b:0f:a5:24:
                    67:4a:d3:7f:c8:59:ab:60:c4:5a:8d:47:86:12:02:
                    f1:64:76:31:a0:b2:5e:38:b8:00:4c:02:ab:e5:76:
                    36:ae:31:ed:67:f9:83:38:ab:07:22:4b:24:67:cd:
                    0a:d7:f8:63:d2:55:41:41:99:8f:fa:58:34:71:c2:
                    02:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:79:BC:7E:BB:0B:38:6D:65:C6:B5:F9:DF:61:90:9A:85:28:0E:96
            X509v3 Authority Key Identifier:
                keyid:1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/Pnm8frsLOG1lxrX532GQmoUoDpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.45.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:e1:27:73:52:c7:11:8a:3f:1d:9f:7b:ee:6e:99:a2:9d:a2:
         25:7d:ed:a8:f9:7a:64:d8:d8:9d:e6:32:0a:0e:4a:02:62:94:
         e0:d9:bd:93:3d:99:33:54:07:0f:53:9e:72:27:88:8c:f1:d7:
         63:8e:90:0c:38:36:4e:17:93:66:04:a1:10:31:d9:99:b7:3f:
         f7:7f:5c:67:91:59:39:3c:45:e8:e5:e4:92:d5:b5:1d:0f:3e:
         dd:ce:32:a0:8d:be:f8:7b:e8:d2:85:a9:a6:78:70:86:c1:5d:
         40:51:b2:62:df:b1:9b:ad:06:3f:97:80:1b:9e:4e:ce:5b:00:
         55:d7:c6:82:ce:4a:a8:aa:c4:96:7d:49:6c:08:42:8d:86:e3:
         e5:9f:80:ca:ba:06:97:41:f6:27:28:18:22:62:13:22:ad:02:
         0a:06:48:87:82:c1:04:21:36:d3:9f:84:a2:44:aa:4b:9f:a5:
         c3:45:54:e0:76:be:fa:54:13:d1:f0:ee:5c:29:ff:00:78:c1:
         9b:c5:22:70:d4:b3:74:7c:f1:62:92:90:90:0b:a4:ed:71:8f:
         fa:81:fd:a7:ea:9e:14:b6:2c:68:8d:c3:d2:68:b3:b2:ce:4a:
         b8:59:a7:08:32:9e:e9:df:f1:86:4d:85:39:6d:9b:03:1a:7d:
         97:c5:bc:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSvCqzb0r8tfrOmo4PJtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMTRlYjFlZWY2NmMyZDM0OWYzZjdkN2JhZmE2OGU0OWZi
ZmVjOWMwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTc5YmM3ZWJiMGIzODZkNjVjNmI1ZjlkZjYxOTA5YTg1MjgwZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2WCjkTlIMKAv6qW8CYmEH9BTjNv
SPxAi72oAnDLqU95V8sCcTtsShrOLdy4yvaCg/MR3lq7MMChqtg/UiznyXn4hA4A
LK9Vw8L+M1e2U5z4aDXvQl9lRatEndN6trqyQ9/TdqnSv+a37badcL8YbRlOFH9z
mj3utzg5qlktn1Vj6Ex3dC659w/1PPGucF7+OwpWkxd3fPTQ6xV9I4bmve6QzytA
0huF9Kp4RzpZMPgy491cVcvNnl/f9RmnKRsPpSRnStN/yFmrYMRajUeGEgLxZHYx
oLJeOLgATAKr5XY2rjHtZ/mDOKsHIkskZ80K1/hj0lVBQZmP+lg0ccICEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD55vH67CzhtZca1+d9hkJqFKA6WMB8GA1UdIwQY
MBaAFB4U6x7vZsLTSfP317r6aOSfv+ycMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMt
OWNhOThmNDk1MGNmLzEvUG5tOGZyc0xPRzFseHJYNTMyR1Ftb1VvRHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMtOWNhOThmNDk1MGNm
LzEvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXi2WMA0G
CSqGSIb3DQEBCwUAA4IBAQB/4SdzUscRij8dn3vubpminaIlfe2o+Xpk2Nid5jIK
DkoCYpTg2b2TPZkzVAcPU55yJ4iM8ddjjpAMODZOF5NmBKEQMdmZtz/3f1xnkVk5
PEXo5eSS1bUdDz7dzjKgjb74e+jShammeHCGwV1AUbJi37GbrQY/l4Abnk7OWwBV
18aCzkqoqsSWfUlsCEKNhuPln4DKugaXQfYnKBgiYhMirQIKBkiHgsEEITbTn4Si
RKpLn6XDRVTgdr76VBPR8O5cKf8AeMGbxSJw1LN0fPFikpCQC6TtcY/6gf2n6p4U
tixojcPSaLOyzkq4WacIMp7p3/GGTYU5bZsDGn2Xxbye
-----END CERTIFICATE-----