Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1-fj-NAxzn3-Q-Nb2B6N0zF-boiU.roa
File:                     1-fj-NAxzn3-Q-Nb2B6N0zF-boiU.roa (raw, json)
Hash identifier:          OhCs5RTNrS8QSdgqPn21CO2ZCRehNldcVbDbI7gm4xQ=
Subject key identifier:   F9:F8:FE:34:0C:73:9F:7F:90:F8:D6:F6:07:A3:74:CC:5F:9B:A2:25
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067C4B14F1AB3667B7F81E9C391EBC5
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1-fj-NAxzn3-Q-Nb2B6N0zF-boiU.roa
Signing time:             Wed 01 Jan 2025 05:47:39 +0000
ROA not before:           Wed 01 Jan 2025 05:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24949
IP address blocks:        194.209.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:c4:b1:4f:1a:b3:66:7b:7f:81:e9:c3:91:eb:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9f8fe340c739f7f90f8d6f607a374cc5f9ba225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a8:f0:e9:dd:64:ad:45:ea:a6:d6:4b:8f:6b:
                    49:28:75:2d:0d:28:f4:29:22:40:a1:fc:82:75:b6:
                    c4:2a:8a:7a:9c:47:f8:59:13:c0:5a:13:5e:cb:8e:
                    a1:78:d1:93:e3:95:ac:3d:95:db:6e:b4:cf:5f:13:
                    9b:d2:4f:8c:b7:a8:2f:2e:3a:2c:1f:e1:92:72:9d:
                    df:3c:0a:59:2f:dc:ef:d1:37:0b:79:97:e1:1e:64:
                    5d:96:06:b2:b4:53:32:d9:79:12:fb:2d:6f:5b:65:
                    97:df:56:0d:bd:0d:b1:69:9a:c3:db:bd:aa:28:fb:
                    9e:85:c2:08:47:4f:20:71:8c:36:7d:35:6e:5b:ab:
                    17:2d:32:7b:68:b9:04:75:fc:0a:ef:6b:1d:30:ac:
                    60:57:bc:43:38:09:df:5c:a4:3d:38:82:98:7f:4d:
                    c8:9e:10:b5:19:80:aa:60:31:64:ad:5a:b1:45:fd:
                    ee:18:cd:95:ed:3f:63:91:c8:0f:ca:56:9b:cb:7c:
                    60:23:25:b6:e0:1e:33:88:fe:d0:33:f8:80:52:d9:
                    f8:ff:68:8b:34:ec:ee:02:9f:dd:66:bb:c7:15:93:
                    cd:de:9c:20:32:a9:69:a3:8e:4a:d6:fe:c5:32:6a:
                    dc:7c:55:5a:87:32:62:a5:b3:57:8b:c5:21:f4:d0:
                    fa:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F8:FE:34:0C:73:9F:7F:90:F8:D6:F6:07:A3:74:CC:5F:9B:A2:25
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1-fj-NAxzn3-Q-Nb2B6N0zF-boiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:2c:2e:9d:4d:b1:d4:81:70:4a:72:46:70:dc:ea:56:dc:ed:
         75:b9:84:48:80:36:cc:0d:ab:69:0e:9f:1b:63:6f:06:97:0e:
         86:92:ea:26:1f:43:b5:2d:9c:6d:a0:ab:68:03:8a:9b:3a:5a:
         8d:79:b1:06:86:7e:f1:17:ea:05:1e:d1:37:a3:7c:6f:1e:22:
         86:3d:46:48:8c:05:a2:53:0b:9b:aa:37:78:05:bb:a1:bb:5a:
         ea:1c:b3:07:2f:97:06:f3:f7:72:05:e1:89:b2:56:fb:c5:15:
         10:c0:a1:b8:e8:08:29:89:9f:ea:48:7d:8b:1e:eb:8e:0a:22:
         9f:4e:b2:de:18:79:af:6a:61:13:0a:41:32:56:53:43:81:6a:
         30:74:45:16:55:70:70:3a:f3:7b:26:c5:f7:4d:3f:a6:3f:d2:
         eb:fc:6c:ec:06:09:09:77:17:8b:d4:d1:14:cb:12:b2:6c:dc:
         a9:be:4d:8a:b1:cb:a6:69:ee:dd:09:00:6d:66:c7:c5:05:3d:
         c3:35:f1:06:8c:83:1e:3c:2f:b3:1f:bc:fa:1d:be:ab:29:f9:
         3f:2c:45:f6:6e:c5:c6:5a:4f:f8:2e:16:28:5f:90:27:a1:5d:
         bf:61:9d:24:51:2c:9c:a0:53:58:5f:a2:09:a4:f9:8b:a6:29:
         de:5f:6d:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgZ8SxTxqzZnt/genDkevFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWY4ZmUzNDBjNzM5ZjdmOTBmOGQ2ZjYwN2EzNzRjYzVmOWJhMjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqjw6d1krUXqptZLj2tJKHUtDSj0
KSJAofyCdbbEKop6nEf4WRPAWhNey46heNGT45WsPZXbbrTPXxOb0k+Mt6gvLjos
H+GScp3fPApZL9zv0TcLeZfhHmRdlgaytFMy2XkS+y1vW2WX31YNvQ2xaZrD272q
KPuehcIIR08gcYw2fTVuW6sXLTJ7aLkEdfwK72sdMKxgV7xDOAnfXKQ9OIKYf03I
nhC1GYCqYDFkrVqxRf3uGM2V7T9jkcgPylaby3xgIyW24B4ziP7QM/iAUtn4/2iL
NOzuAp/dZrvHFZPN3pwgMqlpo45K1v7FMmrcfFVahzJipbNXi8Uh9ND6SwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPn4/jQMc59/kPjW9gejdMxfm6IlMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvMS1mai1OQXh6bjMtUS1OYjJCNk4wekYtYm9pVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjkvYzhjNmY2LTU5NWMtNDViMS1hNzZlLWJkMTkyNjc2Yzli
Yi8xL0ptUHoyeFV1QlZyQlJiMjdRcDRCaGxRZ1RJMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMLRkjAN
BgkqhkiG9w0BAQsFAAOCAQEAGSwunU2x1IFwSnJGcNzqVtztdbmESIA2zA2raQ6f
G2NvBpcOhpLqJh9DtS2cbaCraAOKmzpajXmxBoZ+8RfqBR7RN6N8bx4ihj1GSIwF
olMLm6o3eAW7obta6hyzBy+XBvP3cgXhibJW+8UVEMChuOgIKYmf6kh9ix7rjgoi
n06y3hh5r2phEwpBMlZTQ4FqMHRFFlVwcDrzeybF900/pj/S6/xs7AYJCXcXi9TR
FMsSsmzcqb5NirHLpmnu3QkAbWbHxQU9wzXxBoyDHjwvsx+8+h2+qyn5PyxF9m7F
xlpP+C4WKF+QJ6Fdv2GdJFEsnKBTWF+iCaT5i6Yp3l9tkA==
-----END CERTIFICATE-----