Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/kALeFOqdoUlsrrEA4gEeCsqdb7U.roa
File:                     kALeFOqdoUlsrrEA4gEeCsqdb7U.roa (raw, json)
Hash identifier:          CGGNVlWIfGNVOdkVdR2nL+rohybhJ6hPwgX68rdZVTI=
Subject key identifier:   90:02:DE:14:EA:9D:A1:49:6C:AE:B1:00:E2:01:1E:0A:CA:9D:6F:B5
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       019426D9C29D7CA025506DCBC342C6A0FB27
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/kALeFOqdoUlsrrEA4gEeCsqdb7U.roa
Signing time:             Thu 02 Jan 2025 11:49:52 +0000
ROA not before:           Thu 02 Jan 2025 11:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216314
IP address blocks:        94.137.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:c2:9d:7c:a0:25:50:6d:cb:c3:42:c6:a0:fb:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Jan  2 11:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9002de14ea9da1496caeb100e2011e0aca9d6fb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7e:fb:7c:3c:53:7f:43:dd:3a:fb:0b:4c:10:
                    b7:70:37:14:05:9f:02:98:f5:09:1f:46:dc:de:9f:
                    89:bf:f7:f4:f4:84:d6:a8:08:bc:c6:10:f4:74:0a:
                    1c:e8:c9:7f:55:97:50:a1:7e:34:48:1f:8e:9c:fa:
                    46:df:5a:4f:f1:f1:62:7f:5c:0a:8c:78:74:f2:b8:
                    18:78:e8:eb:89:9c:98:00:f4:2f:c5:56:97:c4:62:
                    e3:ec:d0:c6:cb:d3:20:4d:f0:13:93:d3:55:f8:dc:
                    95:85:d1:ec:66:18:a8:36:84:ef:71:4a:46:e0:77:
                    c9:52:19:42:7a:31:0c:b2:7b:23:a6:b4:64:94:4c:
                    4b:33:f6:cc:f4:08:cb:17:f9:78:b7:70:d6:fc:89:
                    54:c8:59:e1:bd:1f:f3:ea:5e:95:b2:d1:c7:87:ad:
                    f2:b3:11:e0:dd:c4:05:be:6b:2d:5a:a7:1a:f8:2f:
                    8a:38:8f:75:4b:e5:33:73:d3:56:c2:fa:bb:bd:40:
                    33:19:b0:64:9b:47:ea:97:1a:78:bf:67:1b:2a:0f:
                    90:67:33:25:ed:b0:08:6e:9d:ce:5c:cc:57:a5:da:
                    ce:e0:e6:f3:59:63:ec:f8:87:d7:20:c0:1b:75:45:
                    82:36:ee:81:86:ca:e5:cf:84:c1:ec:e8:75:b9:9f:
                    fe:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:02:DE:14:EA:9D:A1:49:6C:AE:B1:00:E2:01:1E:0A:CA:9D:6F:B5
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/kALeFOqdoUlsrrEA4gEeCsqdb7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.137.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:b8:33:bd:90:aa:8c:7f:54:79:e3:58:a0:bd:9f:5a:e6:c7:
         e4:c0:a8:50:0d:95:2c:22:2b:cf:77:13:d0:35:58:b4:81:15:
         f9:f1:f4:89:b6:57:95:df:ab:b9:8c:90:1c:5a:cc:f4:f0:07:
         88:ec:41:34:dc:ef:0a:3e:ec:aa:a2:cf:0a:d8:ad:63:86:5b:
         0c:de:c7:96:df:e3:9d:47:8f:8e:80:76:e0:57:06:59:8e:f9:
         66:e1:be:60:05:c0:44:5f:c9:de:f4:ac:0b:7f:13:84:1d:51:
         58:5f:a2:ab:c7:1d:b3:78:c4:e1:f2:bd:d1:e3:dc:5f:6a:77:
         04:71:4a:41:d9:e6:de:91:81:04:12:2b:6d:e6:dc:31:de:3c:
         50:03:17:1f:ac:29:74:b2:f3:a0:7d:f3:83:23:f2:bb:21:00:
         fc:e3:72:67:2e:2c:e0:55:62:d1:87:7b:c5:85:e3:5d:fa:1a:
         12:07:70:e1:21:4f:e8:9a:8e:86:86:7c:49:88:23:9b:35:39:
         bb:98:57:ca:e9:61:da:78:a2:b2:12:43:37:6e:58:d5:8b:2d:
         1d:04:67:4c:7c:de:0b:90:6b:6a:1e:54:30:70:01:d0:4f:a4:
         cc:8f:e4:b4:a3:41:ff:5f:3a:dd:ee:b0:67:b7:1a:43:e1:b5:
         8b:05:ef:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2cKdfKAlUG3Lw0LGoPsnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjUwMTAyMTE0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDAyZGUxNGVhOWRhMTQ5NmNhZWIxMDBlMjAxMWUwYWNhOWQ2ZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxX77fDxTf0PdOvsLTBC3cDcUBZ8C
mPUJH0bc3p+Jv/f09ITWqAi8xhD0dAoc6Ml/VZdQoX40SB+OnPpG31pP8fFif1wK
jHh08rgYeOjriZyYAPQvxVaXxGLj7NDGy9MgTfATk9NV+NyVhdHsZhioNoTvcUpG
4HfJUhlCejEMsnsjprRklExLM/bM9AjLF/l4t3DW/IlUyFnhvR/z6l6VstHHh63y
sxHg3cQFvmstWqca+C+KOI91S+Uzc9NWwvq7vUAzGbBkm0fqlxp4v2cbKg+QZzMl
7bAIbp3OXMxXpdrO4ObzWWPs+IfXIMAbdUWCNu6Bhsrlz4TB7Oh1uZ/+SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAC3hTqnaFJbK6xAOIBHgrKnW+1MB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEva0FMZUZPcWRvVWxzcnJFQTRnRWVDc3FkYjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoldMA0G
CSqGSIb3DQEBCwUAA4IBAQBKuDO9kKqMf1R541igvZ9a5sfkwKhQDZUsIivPdxPQ
NVi0gRX58fSJtleV36u5jJAcWsz08AeI7EE03O8KPuyqos8K2K1jhlsM3seW3+Od
R4+OgHbgVwZZjvlm4b5gBcBEX8ne9KwLfxOEHVFYX6Krxx2zeMTh8r3R49xfancE
cUpB2ebekYEEEitt5twx3jxQAxcfrCl0svOgffODI/K7IQD843JnLizgVWLRh3vF
heNd+hoSB3DhIU/omo6GhnxJiCObNTm7mFfK6WHaeKKyEkM3bljViy0dBGdMfN4L
kGtqHlQwcAHQT6TMj+S0o0H/Xzrd7rBntxpD4bWLBe/f
-----END CERTIFICATE-----