Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/a6f506-6948-4cef-8548-c93c1ee898be/1/OMnuxUeA0haC1p_KDdRfwFA8Q2s.roa
File:                     OMnuxUeA0haC1p_KDdRfwFA8Q2s.roa (raw, json)
Hash identifier:          cDQVnRaiJ+Kb9nhkJ6FSjxN3vz7jN+QBdbH8z93gYFM=
Subject key identifier:   38:C9:EE:C5:47:80:D2:16:82:D6:9F:CA:0D:D4:5F:C0:50:3C:43:6B
Certificate issuer:       /CN=ddfd94ebb8cb98a1dbdf50bdcd69dcc29144889e
Certificate serial:       0197449A14A4907F3D84D901134CA9D062A5
Authority key identifier: DD:FD:94:EB:B8:CB:98:A1:DB:DF:50:BD:CD:69:DC:C2:91:44:88:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3f2U67jLmKHb31C9zWncwpFEiJ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/a6f506-6948-4cef-8548-c93c1ee898be/1/OMnuxUeA0haC1p_KDdRfwFA8Q2s.roa
Signing time:             Fri 06 Jun 2025 09:37:17 +0000
ROA not before:           Fri 06 Jun 2025 09:37:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60633
IP address blocks:        194.56.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/a6f506-6948-4cef-8548-c93c1ee898be/1/3f2U67jLmKHb31C9zWncwpFEiJ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/a6f506-6948-4cef-8548-c93c1ee898be/1/3f2U67jLmKHb31C9zWncwpFEiJ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3f2U67jLmKHb31C9zWncwpFEiJ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 00:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:9a:14:a4:90:7f:3d:84:d9:01:13:4c:a9:d0:62:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddfd94ebb8cb98a1dbdf50bdcd69dcc29144889e
        Validity
            Not Before: Jun  6 09:37:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38c9eec54780d21682d69fca0dd45fc0503c436b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:89:d0:d5:04:7a:0b:0a:7a:fe:fc:3f:5d:af:
                    66:a0:8f:e8:87:ad:45:b5:75:4b:85:17:60:5d:5c:
                    40:73:9b:4b:4c:0d:29:9e:6a:19:9f:95:d1:1c:b5:
                    55:97:6e:e5:f0:8f:c8:c5:87:df:53:3e:42:40:dc:
                    f5:12:48:86:1d:2b:87:f2:aa:a1:97:95:f7:5d:d1:
                    31:9d:ef:46:b8:8a:71:fb:2c:b1:b7:52:e3:78:90:
                    ca:95:2d:f8:a2:2c:47:fd:0d:e9:43:6b:aa:e5:33:
                    c8:d2:2e:3c:bb:0b:be:ec:4e:3b:6d:b8:e1:f7:f9:
                    3b:52:87:6c:3f:09:26:cb:52:d8:f2:99:91:5a:40:
                    9a:d9:06:f9:fa:33:0c:be:df:61:35:be:39:dd:3b:
                    0f:04:d5:0e:71:d6:5f:bd:9a:78:39:b5:a2:99:ff:
                    a1:17:19:42:36:ca:95:50:e1:2f:9d:5d:30:6c:72:
                    42:be:f5:a8:c3:92:29:bf:0d:f2:02:59:d7:96:d0:
                    d2:40:9e:c9:72:8e:32:e2:21:11:75:13:37:9c:9c:
                    96:8a:7e:51:33:5a:fc:79:64:57:9d:01:95:dd:db:
                    cb:8e:bf:97:6a:e0:99:20:de:bd:0f:73:b1:96:75:
                    71:b4:3c:3e:5d:4c:08:5c:fd:1c:0a:d5:6c:f0:3d:
                    18:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:C9:EE:C5:47:80:D2:16:82:D6:9F:CA:0D:D4:5F:C0:50:3C:43:6B
            X509v3 Authority Key Identifier:
                keyid:DD:FD:94:EB:B8:CB:98:A1:DB:DF:50:BD:CD:69:DC:C2:91:44:88:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f2U67jLmKHb31C9zWncwpFEiJ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/a6f506-6948-4cef-8548-c93c1ee898be/1/OMnuxUeA0haC1p_KDdRfwFA8Q2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/a6f506-6948-4cef-8548-c93c1ee898be/1/3f2U67jLmKHb31C9zWncwpFEiJ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:cb:d8:24:fd:e3:5e:d4:19:19:02:db:0a:56:2f:26:e7:33:
         c1:3c:36:28:5b:01:fd:15:52:9c:f2:c8:c2:9c:0e:16:e1:70:
         e6:5a:e4:1d:af:81:d6:74:aa:f2:ca:3b:48:fe:8d:a5:bc:75:
         31:91:01:df:75:51:d4:31:92:27:8f:84:24:79:f7:99:eb:58:
         b3:70:cb:47:d0:c2:a0:cc:21:9b:a0:2a:d0:0b:5f:81:ff:ca:
         fe:95:a6:45:44:65:78:a4:7a:a3:6a:3f:87:56:01:0b:32:61:
         be:f4:b6:72:4f:1b:9c:32:d8:ed:83:9f:11:eb:1e:f9:53:01:
         66:22:3a:0e:09:7d:43:19:59:5c:4f:4d:9e:86:d8:09:a5:28:
         33:fe:69:a9:2a:03:b7:9b:22:7d:a9:a2:7e:3e:3f:46:25:8a:
         39:29:83:96:75:cb:29:14:32:93:1e:ed:9a:d2:44:60:4b:de:
         8f:4b:de:da:e3:0b:c8:40:14:35:30:33:fa:03:91:8e:bd:ba:
         87:59:c3:79:ae:bf:e9:16:68:a4:ec:e6:a4:50:21:9f:50:13:
         cf:07:85:c0:e0:3a:64:86:13:3c:6b:ff:36:1c:d6:2d:31:9f:
         bc:fe:3b:55:5b:4c:e0:1f:1f:65:6f:20:c5:f0:27:f0:c2:b7:
         13:da:f8:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdEmhSkkH89hNkBE0yp0GKlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZmQ5NGViYjhjYjk4YTFkYmRmNTBiZGNkNjlkY2MyOTE0
NDg4OWUwHhcNMjUwNjA2MDkzNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGM5ZWVjNTQ3ODBkMjE2ODJkNjlmY2EwZGQ0NWZjMDUwM2M0MzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0InQ1QR6Cwp6/vw/Xa9moI/oh61F
tXVLhRdgXVxAc5tLTA0pnmoZn5XRHLVVl27l8I/IxYffUz5CQNz1EkiGHSuH8qqh
l5X3XdExne9GuIpx+yyxt1LjeJDKlS34oixH/Q3pQ2uq5TPI0i48uwu+7E47bbjh
9/k7UodsPwkmy1LY8pmRWkCa2Qb5+jMMvt9hNb453TsPBNUOcdZfvZp4ObWimf+h
FxlCNsqVUOEvnV0wbHJCvvWow5Ipvw3yAlnXltDSQJ7Jco4y4iERdRM3nJyWin5R
M1r8eWRXnQGV3dvLjr+XauCZIN69D3OxlnVxtDw+XUwIXP0cCtVs8D0YGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjJ7sVHgNIWgtafyg3UX8BQPENrMB8GA1UdIwQY
MBaAFN39lOu4y5ih299Qvc1p3MKRRIieMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2YyVTY3akxtS0hiMzFDOXpXbmN3cEZFaUo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9hNmY1MDYtNjk0OC00Y2VmLTg1NDgt
YzkzYzFlZTg5OGJlLzEvT01udXhVZUEwaGFDMXBfS0RkUmZ3RkE4UTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9hNmY1MDYtNjk0OC00Y2VmLTg1NDgtYzkzYzFlZTg5OGJl
LzEvM2YyVTY3akxtS0hiMzFDOXpXbmN3cEZFaUo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjh/MA0G
CSqGSIb3DQEBCwUAA4IBAQC0y9gk/eNe1BkZAtsKVi8m5zPBPDYoWwH9FVKc8sjC
nA4W4XDmWuQdr4HWdKryyjtI/o2lvHUxkQHfdVHUMZInj4QkefeZ61izcMtH0MKg
zCGboCrQC1+B/8r+laZFRGV4pHqjaj+HVgELMmG+9LZyTxucMtjtg58R6x75UwFm
IjoOCX1DGVlcT02ehtgJpSgz/mmpKgO3myJ9qaJ+Pj9GJYo5KYOWdcspFDKTHu2a
0kRgS96PS97a4wvIQBQ1MDP6A5GOvbqHWcN5rr/pFmik7OakUCGfUBPPB4XA4Dpk
hhM8a/82HNYtMZ+8/jtVW0zgHx9lbyDF8CfwwrcT2vhe
-----END CERTIFICATE-----