Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/5b1657-abf0-4d36-a892-abe5c8e2bad6/1/s_VH1RJUenuP8OvNJaH6yu7OYsg.roa
File:                     s_VH1RJUenuP8OvNJaH6yu7OYsg.roa (raw, json)
Hash identifier:          vyeEoRPPlhaqhjAq4VATA3B5K5D/1bqk7r9/7EELRFU=
Subject key identifier:   B3:F5:47:D5:12:54:7A:7B:8F:F0:EB:CD:25:A1:FA:CA:EE:CE:62:C8
Certificate issuer:       /CN=a6a8f3436fd83e8af610f216808996e90acac75d
Certificate serial:       0195E83FCC18BB3B21A20E1E7A6D5869E5C8
Authority key identifier: A6:A8:F3:43:6F:D8:3E:8A:F6:10:F2:16:80:89:96:E9:0A:CA:C7:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pqjzQ2_YPor2EPIWgImW6QrKx10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/5b1657-abf0-4d36-a892-abe5c8e2bad6/1/s_VH1RJUenuP8OvNJaH6yu7OYsg.roa
Signing time:             Sun 30 Mar 2025 18:10:49 +0000
ROA not before:           Sun 30 Mar 2025 18:10:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216068
IP address blocks:        94.232.47.0/24 maxlen: 24
                          195.10.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/5b1657-abf0-4d36-a892-abe5c8e2bad6/1/pqjzQ2_YPor2EPIWgImW6QrKx10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/5b1657-abf0-4d36-a892-abe5c8e2bad6/1/pqjzQ2_YPor2EPIWgImW6QrKx10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pqjzQ2_YPor2EPIWgImW6QrKx10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:e8:3f:cc:18:bb:3b:21:a2:0e:1e:7a:6d:58:69:e5:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6a8f3436fd83e8af610f216808996e90acac75d
        Validity
            Not Before: Mar 30 18:10:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3f547d512547a7b8ff0ebcd25a1facaeece62c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:18:1c:05:6c:1c:3d:73:13:db:1d:e4:93:bd:
                    e8:f7:31:fa:52:98:ba:2d:91:69:69:cb:66:88:a5:
                    73:ce:44:e6:73:78:a4:7c:33:ce:61:03:2c:4d:de:
                    56:ed:17:4a:c5:14:7f:02:8e:5b:de:55:99:6d:4a:
                    c3:53:9f:ed:94:06:65:e1:84:23:61:5f:87:5c:70:
                    46:00:0f:a9:90:da:9a:46:60:c2:a8:5c:c6:5d:2a:
                    3b:a6:6b:7d:af:ad:4f:51:a7:1a:0c:70:be:9a:ae:
                    56:50:cd:d6:7f:e7:bd:84:fd:28:9a:5b:c3:46:3a:
                    9e:9c:fb:d3:7d:9c:61:7b:b2:f2:a6:aa:87:31:72:
                    08:f5:c7:c3:d8:5f:91:af:b3:6e:7d:40:76:88:8f:
                    4a:c4:0b:72:85:44:a5:55:17:75:d1:70:dd:3e:61:
                    d1:bb:76:fd:80:4a:b1:1d:d2:06:ed:99:07:f5:9d:
                    7b:b2:5e:66:3a:69:30:cc:44:a8:c0:53:12:db:27:
                    3a:86:d6:e5:05:b3:5e:5b:77:54:99:93:ae:ad:38:
                    be:6f:dc:d4:40:5a:a7:ad:7f:21:e3:77:22:c7:bb:
                    60:f7:fb:2d:ed:6c:2d:b7:aa:35:61:6a:47:ad:7c:
                    1c:70:6e:33:ed:45:2a:d3:25:b8:ea:54:d4:ae:3b:
                    9a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:F5:47:D5:12:54:7A:7B:8F:F0:EB:CD:25:A1:FA:CA:EE:CE:62:C8
            X509v3 Authority Key Identifier:
                keyid:A6:A8:F3:43:6F:D8:3E:8A:F6:10:F2:16:80:89:96:E9:0A:CA:C7:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pqjzQ2_YPor2EPIWgImW6QrKx10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/5b1657-abf0-4d36-a892-abe5c8e2bad6/1/s_VH1RJUenuP8OvNJaH6yu7OYsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/5b1657-abf0-4d36-a892-abe5c8e2bad6/1/pqjzQ2_YPor2EPIWgImW6QrKx10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.232.47.0/24
                  195.10.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:40:8b:b3:ec:fe:0a:c7:63:3a:b5:2e:15:9f:d2:71:54:21:
         64:e6:03:5a:1d:05:9f:a1:6a:39:e0:b3:dd:7c:b1:a4:d4:c1:
         26:af:d8:fa:26:75:c5:02:bb:e0:27:23:09:f9:9c:b5:95:3f:
         27:f2:6b:f0:2b:78:ff:80:52:74:22:35:98:b6:3c:a8:20:0e:
         28:3d:7d:5c:3b:0d:81:10:2a:41:36:1f:e7:2f:24:23:c8:fb:
         96:89:d3:a5:06:6f:63:e3:23:5f:d0:f1:ff:39:39:8a:25:ff:
         8d:5b:d8:e4:fb:dc:73:89:c3:41:63:dc:fa:b9:7a:8d:99:10:
         da:6f:f4:45:31:49:47:3e:9d:c6:59:84:c2:db:b1:0a:67:18:
         95:b3:b5:92:2a:ec:97:69:f0:e5:7d:f7:ee:3f:e1:9d:59:5f:
         0e:4d:ec:de:e4:69:23:a7:76:b1:cb:55:26:33:5d:63:9b:84:
         6b:13:3b:aa:52:95:07:08:56:e9:62:81:a6:d9:63:09:01:31:
         ad:47:a9:0e:20:86:40:f1:3d:37:86:0b:b4:f2:24:70:4f:97:
         6f:24:a0:ce:9e:de:84:48:b1:f7:33:96:e7:b2:94:0d:30:51:
         fb:eb:19:01:53:3e:b4:41:6e:eb:1f:5d:d4:41:da:8b:d6:72:
         e1:b8:90:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXoP8wYuzshog4eem1YaeXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2YThmMzQzNmZkODNlOGFmNjEwZjIxNjgwODk5NmU5MGFj
YWM3NWQwHhcNMjUwMzMwMTgxMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2Y1NDdkNTEyNTQ3YTdiOGZmMGViY2QyNWExZmFjYWVlY2U2MmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxgcBWwcPXMT2x3kk73o9zH6Upi6
LZFpactmiKVzzkTmc3ikfDPOYQMsTd5W7RdKxRR/Ao5b3lWZbUrDU5/tlAZl4YQj
YV+HXHBGAA+pkNqaRmDCqFzGXSo7pmt9r61PUacaDHC+mq5WUM3Wf+e9hP0omlvD
RjqenPvTfZxhe7LypqqHMXII9cfD2F+Rr7NufUB2iI9KxAtyhUSlVRd10XDdPmHR
u3b9gEqxHdIG7ZkH9Z17sl5mOmkwzESowFMS2yc6htblBbNeW3dUmZOurTi+b9zU
QFqnrX8h43cix7tg9/st7Wwtt6o1YWpHrXwccG4z7UUq0yW46lTUrjua0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLP1R9USVHp7j/DrzSWh+sruzmLIMB8GA1UdIwQY
MBaAFKao80Nv2D6K9hDyFoCJlukKysddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHFqelEyX1lQb3IyRVBJV2dJbVc2UXJLeDEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi81YjE2NTctYWJmMC00ZDM2LWE4OTIt
YWJlNWM4ZTJiYWQ2LzEvc19WSDFSSlVlbnVQOE92TkphSDZ5dTdPWXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi81YjE2NTctYWJmMC00ZDM2LWE4OTItYWJlNWM4ZTJiYWQ2
LzEvcHFqelEyX1lQb3IyRVBJV2dJbVc2UXJLeDEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXugvAwQA
wwrBMA0GCSqGSIb3DQEBCwUAA4IBAQC8QIuz7P4Kx2M6tS4Vn9JxVCFk5gNaHQWf
oWo54LPdfLGk1MEmr9j6JnXFArvgJyMJ+Zy1lT8n8mvwK3j/gFJ0IjWYtjyoIA4o
PX1cOw2BECpBNh/nLyQjyPuWidOlBm9j4yNf0PH/OTmKJf+NW9jk+9xzicNBY9z6
uXqNmRDab/RFMUlHPp3GWYTC27EKZxiVs7WSKuyXafDlfffuP+GdWV8OTeze5Gkj
p3axy1UmM11jm4RrEzuqUpUHCFbpYoGm2WMJATGtR6kOIIZA8T03hgu08iRwT5dv
JKDOnt6ESLH3M5bnspQNMFH76xkBUz60QW7rH13UQdqL1nLhuJDt
-----END CERTIFICATE-----