Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/SpojZKBGSDWYk-DaMNQWyowGC9w.roa
File:                     SpojZKBGSDWYk-DaMNQWyowGC9w.roa (raw, json)
Hash identifier:          9WG491rOoQ4YymDvtj7Iknxs//jbkayhJ24NrTvSYgc=
Subject key identifier:   4A:9A:23:64:A0:46:48:35:98:93:E0:DA:30:D4:16:CA:8C:06:0B:DC
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018E14309DF6BD5BDBD31A300D3EC033505F
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/SpojZKBGSDWYk-DaMNQWyowGC9w.roa
Signing time:             Wed 06 Mar 2024 14:35:14 +0000
ROA not before:           Wed 06 Mar 2024 14:35:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46475
IP address blocks:        194.62.249.0/24 maxlen: 24
                          194.62.250.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:30:9d:f6:bd:5b:db:d3:1a:30:0d:3e:c0:33:50:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Mar  6 14:35:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a9a2364a04648359893e0da30d416ca8c060bdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:95:22:24:3c:c2:46:8d:eb:8f:11:46:b6:db:
                    61:0f:99:77:32:fe:1f:e9:54:c5:ad:17:8c:67:d9:
                    8d:32:c2:7b:d7:79:b7:f5:6f:f7:3c:a1:d8:cd:d0:
                    39:4c:86:e7:ac:50:e6:7c:f2:aa:c3:77:14:18:d2:
                    29:ba:62:68:71:ad:69:42:d0:2d:9a:48:fe:70:c4:
                    cd:3d:2f:e8:53:68:3e:88:41:15:51:89:27:f8:f8:
                    11:1c:33:1d:8d:e7:b4:60:be:3e:ab:71:e4:38:f4:
                    5c:90:ef:fc:70:81:a9:b3:e0:77:8a:75:c6:8d:5e:
                    2b:ab:30:59:b7:69:7f:15:fd:d9:de:9f:8b:4e:52:
                    78:df:c9:e7:f9:b7:73:ce:70:ed:07:0d:60:0d:30:
                    9f:17:20:13:67:bc:da:48:d1:c3:f9:f2:25:6b:d7:
                    5b:44:5d:b3:b7:bc:5e:67:d3:bb:54:3d:d4:87:c0:
                    4e:e5:82:dd:b6:8e:b6:7d:6b:88:e3:cb:ac:04:fc:
                    fc:ec:25:cf:dd:3b:02:b9:7e:8d:98:89:db:a3:fb:
                    82:32:ca:82:15:ec:36:ac:06:d6:e2:94:b7:1d:c0:
                    c4:9b:e8:2a:50:df:80:b1:26:e3:0b:84:2d:a9:ba:
                    19:0b:4e:c7:46:60:cb:38:29:95:e9:e5:4b:fd:fa:
                    cf:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:9A:23:64:A0:46:48:35:98:93:E0:DA:30:D4:16:CA:8C:06:0B:DC
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/SpojZKBGSDWYk-DaMNQWyowGC9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.249.0-194.62.251.255

    Signature Algorithm: sha256WithRSAEncryption
         33:47:69:bc:7d:db:e8:a2:a8:e4:e2:45:7a:f8:fd:a6:20:89:
         45:68:1f:b4:58:15:55:57:52:f0:12:bb:98:0d:f1:9b:d0:02:
         a9:fc:07:89:94:ff:5a:0a:89:4f:59:dd:dd:e6:75:f2:fb:60:
         5b:f8:74:86:af:1f:c6:61:75:65:72:ec:b8:36:04:9f:1f:cd:
         f1:4b:c3:ca:77:95:c1:df:20:47:7f:29:b3:4b:0e:48:d2:d9:
         58:7c:c2:af:77:88:6f:06:7e:43:65:58:a6:a2:51:b8:52:7f:
         bc:dd:95:f2:ed:17:0a:11:c4:f2:9b:4b:8f:a7:85:b3:e2:ac:
         a4:0e:73:d1:20:c5:7a:b4:08:d0:21:b3:92:7c:3a:64:bd:bd:
         63:ce:46:8a:46:e2:ca:87:c4:91:cf:94:af:23:2d:20:5d:a1:
         ca:43:e1:32:20:d2:96:54:77:94:1f:cb:c7:d6:52:e9:9a:fa:
         d5:f9:51:a5:c1:68:e9:11:a5:8b:18:58:6c:92:a2:79:5d:34:
         0b:f2:cf:b5:ea:f5:64:e0:a9:32:b0:71:42:39:31:4e:d5:2f:
         e5:19:01:16:62:e7:e9:91:95:2b:30:df:74:5d:3a:4a:a9:bb:
         46:e9:2e:38:8e:09:48:68:c3:71:2d:80:06:ae:4c:29:7a:fd:
         b1:9f:65:8b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY4UMJ32vVvb0xowDT7AM1BfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMzA2MTQzNTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTlhMjM2NGEwNDY0ODM1OTg5M2UwZGEzMGQ0MTZjYThjMDYwYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJUiJDzCRo3rjxFGttthD5l3Mv4f
6VTFrReMZ9mNMsJ713m39W/3PKHYzdA5TIbnrFDmfPKqw3cUGNIpumJoca1pQtAt
mkj+cMTNPS/oU2g+iEEVUYkn+PgRHDMdjee0YL4+q3HkOPRckO/8cIGps+B3inXG
jV4rqzBZt2l/Ff3Z3p+LTlJ438nn+bdzznDtBw1gDTCfFyATZ7zaSNHD+fIla9db
RF2zt7xeZ9O7VD3Uh8BO5YLdto62fWuI48usBPz87CXP3TsCuX6NmInbo/uCMsqC
Few2rAbW4pS3HcDEm+gqUN+AsSbjC4QtqboZC07HRmDLOCmV6eVL/frP3QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEqaI2SgRkg1mJPg2jDUFsqMBgvcMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvU3BvalpLQkdTRFdZay1EYU1OUVd5b3dHQzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCPvkD
BALCPvgwDQYJKoZIhvcNAQELBQADggEBADNHabx92+iiqOTiRXr4/aYgiUVoH7RY
FVVXUvASu5gN8ZvQAqn8B4mU/1oKiU9Z3d3mdfL7YFv4dIavH8ZhdWVy7Lg2BJ8f
zfFLw8p3lcHfIEd/KbNLDkjS2Vh8wq93iG8GfkNlWKaiUbhSf7zdlfLtFwoRxPKb
S4+nhbPirKQOc9EgxXq0CNAhs5J8OmS9vWPORopG4sqHxJHPlK8jLSBdocpD4TIg
0pZUd5Qfy8fWUuma+tX5UaXBaOkRpYsYWGySonldNAvyz7Xq9WTgqTKwcUI5MU7V
L+UZARZi5+mRlSsw33RdOkqpu0bpLjiOCUhow3EtgAauTCl6/bGfZYs=
-----END CERTIFICATE-----