Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/GXOLHwEFu0p7gKJgkJ5kY6IvzIE.roa
File:                     GXOLHwEFu0p7gKJgkJ5kY6IvzIE.roa (raw, json)
Hash identifier:          pAl+GrJaPPBbeJpVI3BoizE0NzXiXcJyNH8QYeo2rB0=
Subject key identifier:   19:73:8B:1F:01:05:BB:4A:7B:80:A2:60:90:9E:64:63:A2:2F:CC:81
Certificate issuer:       /CN=0d55fa2a62837db9afe4423e4c119e9499b21b43
Certificate serial:       01942825ED958F00EED6A3F4D39DB37852B6
Authority key identifier: 0D:55:FA:2A:62:83:7D:B9:AF:E4:42:3E:4C:11:9E:94:99:B2:1B:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DVX6KmKDfbmv5EI-TBGelJmyG0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/GXOLHwEFu0p7gKJgkJ5kY6IvzIE.roa
Signing time:             Thu 02 Jan 2025 17:52:41 +0000
ROA not before:           Thu 02 Jan 2025 17:52:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215564
IP address blocks:        94.199.3.0/24 maxlen: 24
                          2a13:b040::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/DVX6KmKDfbmv5EI-TBGelJmyG0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/DVX6KmKDfbmv5EI-TBGelJmyG0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DVX6KmKDfbmv5EI-TBGelJmyG0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:ed:95:8f:00:ee:d6:a3:f4:d3:9d:b3:78:52:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d55fa2a62837db9afe4423e4c119e9499b21b43
        Validity
            Not Before: Jan  2 17:52:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19738b1f0105bb4a7b80a260909e6463a22fcc81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6b:f0:c8:6e:64:ac:d7:67:9a:8d:46:ef:57:
                    53:24:45:4c:cd:ea:57:10:b2:b4:57:0e:6a:80:52:
                    53:3a:66:98:88:7f:d7:bc:f4:25:11:9a:51:b2:a6:
                    e5:5d:ac:fe:d8:4d:08:e6:e6:44:03:d3:61:22:c7:
                    5e:70:69:e8:58:7b:5f:d6:b5:9b:53:3a:11:8e:ae:
                    b7:d2:4e:72:81:94:78:e1:78:cc:5c:a3:b8:57:f6:
                    af:b4:fa:17:32:8b:44:9f:bd:2e:3a:49:cc:1e:75:
                    dd:cc:7a:15:d3:c7:07:ba:fb:57:2d:c6:1f:7f:bf:
                    69:9d:9a:27:7d:27:6c:ae:26:88:47:26:67:76:21:
                    a5:48:0e:03:a9:f5:52:fa:62:2d:f6:7c:d7:00:54:
                    96:89:4d:f2:e0:b3:8c:44:90:5f:6d:2c:ee:34:b4:
                    59:2e:d5:34:84:17:3f:27:ff:06:ce:4d:3f:30:15:
                    f7:7e:93:4d:61:1c:e9:07:40:60:25:49:c4:f6:a8:
                    81:0d:34:ad:10:85:16:df:a8:59:88:2a:c9:d2:c6:
                    27:79:72:0d:d0:15:23:61:7b:be:00:6d:e9:23:34:
                    3a:05:ee:2f:d1:c6:7c:12:cc:d2:6a:a1:23:e1:a0:
                    f2:88:f4:24:11:42:54:ce:d9:3d:5a:f1:b0:5b:65:
                    6b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:73:8B:1F:01:05:BB:4A:7B:80:A2:60:90:9E:64:63:A2:2F:CC:81
            X509v3 Authority Key Identifier:
                keyid:0D:55:FA:2A:62:83:7D:B9:AF:E4:42:3E:4C:11:9E:94:99:B2:1B:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DVX6KmKDfbmv5EI-TBGelJmyG0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/GXOLHwEFu0p7gKJgkJ5kY6IvzIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e699a3-4d37-491a-b463-ef36a321749a/1/DVX6KmKDfbmv5EI-TBGelJmyG0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.3.0/24
                IPv6:
                  2a13:b040::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:4d:98:47:58:22:44:c9:4e:b4:c2:29:ba:ce:46:75:8c:f1:
         25:e6:98:a1:2e:c2:5d:20:79:ed:d8:19:59:1a:f9:00:c3:40:
         5e:84:67:38:08:aa:0b:5f:32:69:3f:24:42:d6:27:85:d5:39:
         4e:eb:64:34:7e:f8:74:73:b8:f8:37:a4:65:e9:ca:69:43:b3:
         b9:f7:af:92:0e:4c:8a:c4:80:eb:3c:77:db:60:2a:bf:24:17:
         af:6e:26:82:b6:cb:16:c1:cb:91:8a:23:fc:c6:c6:40:15:51:
         df:b0:db:e1:0e:7a:3e:f2:d3:fa:c3:35:98:4e:c6:c0:a7:8b:
         5e:51:b6:ca:e6:f1:82:79:ee:c5:9f:c3:8e:a4:c7:aa:13:74:
         f7:15:81:81:bd:8c:62:99:f7:89:4e:7b:fe:3a:1c:ec:af:dd:
         43:71:12:4d:8f:34:96:93:f7:95:bf:ce:1d:df:d9:d5:e8:46:
         27:06:3b:3c:35:a0:01:c9:1a:df:65:8f:95:8c:04:ab:8b:6d:
         63:a5:20:c3:63:71:46:b3:b9:d5:f0:de:2d:95:01:e3:23:2f:
         33:a5:86:f4:fe:6c:3f:f2:a0:f4:4e:ec:d2:a8:56:5c:fe:be:
         20:91:a2:4d:17:3c:3c:06:8d:c9:35:49:2a:f3:a0:57:3f:a0:
         db:62:8f:83
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoJe2VjwDu1qP0052zeFK2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNTVmYTJhNjI4MzdkYjlhZmU0NDIzZTRjMTE5ZTk0OTli
MjFiNDMwHhcNMjUwMTAyMTc1MjQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTczOGIxZjAxMDViYjRhN2I4MGEyNjA5MDllNjQ2M2EyMmZjYzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWvwyG5krNdnmo1G71dTJEVMzepX
ELK0Vw5qgFJTOmaYiH/XvPQlEZpRsqblXaz+2E0I5uZEA9NhIsdecGnoWHtf1rWb
UzoRjq630k5ygZR44XjMXKO4V/avtPoXMotEn70uOknMHnXdzHoV08cHuvtXLcYf
f79pnZonfSdsriaIRyZndiGlSA4DqfVS+mIt9nzXAFSWiU3y4LOMRJBfbSzuNLRZ
LtU0hBc/J/8Gzk0/MBX3fpNNYRzpB0BgJUnE9qiBDTStEIUW36hZiCrJ0sYneXIN
0BUjYXu+AG3pIzQ6Be4v0cZ8EszSaqEj4aDyiPQkEUJUztk9WvGwW2Vr2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBlzix8BBbtKe4CiYJCeZGOiL8yBMB8GA1UdIwQY
MBaAFA1V+ipig325r+RCPkwRnpSZshtDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFZYNkttS0RmYm12NUVJLVRCR2VsSm15RzBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lNjk5YTMtNGQzNy00OTFhLWI0NjMt
ZWYzNmEzMjE3NDlhLzEvR1hPTEh3RUZ1MHA3Z0tKZ2tKNWtZNkl2eklFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lNjk5YTMtNGQzNy00OTFhLWI0NjMtZWYzNmEzMjE3NDlh
LzEvRFZYNkttS0RmYm12NUVJLVRCR2VsSm15RzBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXscDMA0E
AgACMAcDBQMqE7BAMA0GCSqGSIb3DQEBCwUAA4IBAQAPTZhHWCJEyU60wim6zkZ1
jPEl5pihLsJdIHnt2BlZGvkAw0BehGc4CKoLXzJpPyRC1ieF1TlO62Q0fvh0c7j4
N6Rl6cppQ7O596+SDkyKxIDrPHfbYCq/JBevbiaCtssWwcuRiiP8xsZAFVHfsNvh
Dno+8tP6wzWYTsbAp4teUbbK5vGCee7Fn8OOpMeqE3T3FYGBvYximfeJTnv+Ohzs
r91DcRJNjzSWk/eVv84d39nV6EYnBjs8NaAByRrfZY+VjASri21jpSDDY3FGs7nV
8N4tlQHjIy8zpYb0/mw/8qD0TuzSqFZc/r4gkaJNFzw8Bo3JNUkq86BXP6DbYo+D
-----END CERTIFICATE-----