Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5d0278-216e-4712-9487-19b3d1544c39/1/nFBNjLpyqlMJyJBfPMDQr_7pohA.roa
File:                     nFBNjLpyqlMJyJBfPMDQr_7pohA.roa (raw, json)
Hash identifier:          iHLEOqswtI0dyjz6RNxPRyYbViNwBJ+NfvhK0Fa6dLk=
Subject key identifier:   9C:50:4D:8C:BA:72:AA:53:09:C8:90:5F:3C:C0:D0:AF:FE:E9:A2:10
Certificate issuer:       /CN=095dff1f6bd8813de5ff9af167247f78b88439bd
Certificate serial:       018CC5DCB7C8E9C6A8A84EC382E2F98589DC
Authority key identifier: 09:5D:FF:1F:6B:D8:81:3D:E5:FF:9A:F1:67:24:7F:78:B8:84:39:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CV3_H2vYgT3l_5rxZyR_eLiEOb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/5d0278-216e-4712-9487-19b3d1544c39/1/nFBNjLpyqlMJyJBfPMDQr_7pohA.roa
Signing time:             Mon 01 Jan 2024 16:30:25 +0000
ROA not before:           Mon 01 Jan 2024 16:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197116
IP address blocks:        94.126.224.0/21 maxlen: 24
                          2a11:f400::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/5d0278-216e-4712-9487-19b3d1544c39/1/CV3_H2vYgT3l_5rxZyR_eLiEOb0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/5d0278-216e-4712-9487-19b3d1544c39/1/CV3_H2vYgT3l_5rxZyR_eLiEOb0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CV3_H2vYgT3l_5rxZyR_eLiEOb0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:b7:c8:e9:c6:a8:a8:4e:c3:82:e2:f9:85:89:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=095dff1f6bd8813de5ff9af167247f78b88439bd
        Validity
            Not Before: Jan  1 16:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c504d8cba72aa5309c8905f3cc0d0affee9a210
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:91:8e:9a:0d:80:fa:5b:c5:ff:ea:fe:45:7a:
                    1c:a8:89:e3:d1:8f:1f:5b:f9:6d:a7:44:4b:62:13:
                    ea:f4:4a:66:88:9a:dd:89:b2:7e:0e:cf:e1:70:3d:
                    de:4b:ac:01:a6:7e:e8:d3:77:02:99:38:ea:b4:79:
                    d2:e3:2b:a0:d6:cd:37:7f:1a:1b:69:8e:8e:b6:a6:
                    4f:c5:e6:c9:3e:53:74:9b:aa:3a:e7:c0:c3:05:0a:
                    3a:10:a3:2d:06:11:4b:90:1b:08:0f:cc:b1:53:b2:
                    0b:ec:3b:af:b7:29:48:3b:98:34:53:50:11:77:03:
                    25:0d:3c:3e:ee:50:2f:8b:e2:5c:30:a1:53:ed:f2:
                    59:7e:1f:b6:35:a4:31:2c:a9:a8:6e:ff:4e:84:66:
                    ce:66:b1:75:c9:4d:a0:3f:bf:99:3b:f5:7d:15:8a:
                    02:56:c1:8f:13:65:af:dc:1b:8d:c9:4d:3e:90:ed:
                    0e:3a:1f:ac:08:b3:6a:2d:b3:36:f9:28:fc:77:87:
                    fc:1e:ac:e9:16:0e:87:4a:88:8f:1d:f1:97:d7:a0:
                    4f:9c:a4:43:ae:b0:47:6a:26:32:21:12:04:d0:e1:
                    75:bc:d8:73:28:6e:d4:25:ee:5e:ce:f4:21:41:cb:
                    2d:cc:68:50:d2:65:d2:d8:ff:3f:dc:0f:22:d1:9a:
                    c3:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:50:4D:8C:BA:72:AA:53:09:C8:90:5F:3C:C0:D0:AF:FE:E9:A2:10
            X509v3 Authority Key Identifier:
                keyid:09:5D:FF:1F:6B:D8:81:3D:E5:FF:9A:F1:67:24:7F:78:B8:84:39:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CV3_H2vYgT3l_5rxZyR_eLiEOb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5d0278-216e-4712-9487-19b3d1544c39/1/nFBNjLpyqlMJyJBfPMDQr_7pohA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5d0278-216e-4712-9487-19b3d1544c39/1/CV3_H2vYgT3l_5rxZyR_eLiEOb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.126.224.0/21
                IPv6:
                  2a11:f400::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:5f:f7:f4:92:4d:e4:e5:f2:a9:d8:be:4e:fb:8f:ff:84:2c:
         64:df:32:96:a2:ad:0b:28:6e:32:85:cd:04:bb:a4:36:0c:32:
         5a:f5:4a:a1:c3:96:16:69:d2:00:b6:90:da:70:ec:71:cb:3c:
         9e:66:4e:cd:5c:3e:cd:3c:25:4b:df:2a:e1:c1:19:bc:68:41:
         c1:51:98:c0:39:a6:79:5a:e6:2c:65:09:c0:b5:0c:d5:2b:bc:
         11:41:cf:c7:28:1c:ae:5b:6a:de:5a:10:e2:52:ef:22:11:89:
         31:8c:26:64:c0:28:65:7f:74:d9:9e:c0:2a:1f:33:c8:10:f9:
         0c:08:21:5d:d6:73:fc:0c:65:7b:f9:65:c5:ea:c5:77:5a:3c:
         96:89:83:28:0b:51:3a:70:ef:81:d9:a0:4f:7b:2c:4f:5e:91:
         fa:12:7e:a3:1a:8e:1d:3b:b7:3d:27:03:c4:21:74:a5:4b:b8:
         71:f8:6e:17:ac:bc:24:94:05:db:96:ec:ca:e6:be:6c:15:68:
         d1:30:80:88:ac:ed:a4:58:a1:cd:36:93:b7:2d:84:40:8e:cc:
         81:c7:42:47:92:77:7a:4b:03:f8:0e:fd:df:72:79:aa:a4:46:
         a4:4c:67:58:b3:79:60:ad:09:0c:f8:9e:c0:cd:f2:2a:28:17:
         e9:f0:eb:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3LfI6caoqE7DguL5hYncMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NWRmZjFmNmJkODgxM2RlNWZmOWFmMTY3MjQ3Zjc4Yjg4
NDM5YmQwHhcNMjQwMTAxMTYzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzUwNGQ4Y2JhNzJhYTUzMDljODkwNWYzY2MwZDBhZmZlZTlhMjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5GOmg2A+lvF/+r+RXocqInj0Y8f
W/ltp0RLYhPq9EpmiJrdibJ+Ds/hcD3eS6wBpn7o03cCmTjqtHnS4yug1s03fxob
aY6OtqZPxebJPlN0m6o658DDBQo6EKMtBhFLkBsID8yxU7IL7DuvtylIO5g0U1AR
dwMlDTw+7lAvi+JcMKFT7fJZfh+2NaQxLKmobv9OhGbOZrF1yU2gP7+ZO/V9FYoC
VsGPE2Wv3BuNyU0+kO0OOh+sCLNqLbM2+Sj8d4f8HqzpFg6HSoiPHfGX16BPnKRD
rrBHaiYyIRIE0OF1vNhzKG7UJe5ezvQhQcstzGhQ0mXS2P8/3A8i0ZrDdQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJxQTYy6cqpTCciQXzzA0K/+6aIQMB8GA1UdIwQY
MBaAFAld/x9r2IE95f+a8Wckf3i4hDm9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1YzX0gydllnVDNsXzVyeFp5Ul9lTGlFT2IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81ZDAyNzgtMjE2ZS00NzEyLTk0ODct
MTliM2QxNTQ0YzM5LzEvbkZCTmpMcHlxbE1KeUpCZlBNRFFyXzdwb2hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81ZDAyNzgtMjE2ZS00NzEyLTk0ODctMTliM2QxNTQ0YzM5
LzEvQ1YzX0gydllnVDNsXzVyeFp5Ul9lTGlFT2IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXn7gMA0E
AgACMAcDBQAqEfQAMA0GCSqGSIb3DQEBCwUAA4IBAQCAX/f0kk3k5fKp2L5O+4//
hCxk3zKWoq0LKG4yhc0Eu6Q2DDJa9Uqhw5YWadIAtpDacOxxyzyeZk7NXD7NPCVL
3yrhwRm8aEHBUZjAOaZ5WuYsZQnAtQzVK7wRQc/HKByuW2reWhDiUu8iEYkxjCZk
wChlf3TZnsAqHzPIEPkMCCFd1nP8DGV7+WXF6sV3WjyWiYMoC1E6cO+B2aBPeyxP
XpH6En6jGo4dO7c9JwPEIXSlS7hx+G4XrLwklAXbluzK5r5sFWjRMICIrO2kWKHN
NpO3LYRAjsyBx0JHknd6SwP4Dv3fcnmqpEakTGdYs3lgrQkM+J7AzfIqKBfp8OtG
-----END CERTIFICATE-----