Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/oL7En9RC1rfTz3mUuS-wlPiW_PA.roa
File:                     oL7En9RC1rfTz3mUuS-wlPiW_PA.roa (raw, json)
Hash identifier:          HfB5apJzCc1++CJL4ouKqqnlc/tqj6I6aZPcPl3sz2I=
Subject key identifier:   A0:BE:C4:9F:D4:42:D6:B7:D3:CF:79:94:B9:2F:B0:94:F8:96:FC:F0
Certificate issuer:       /CN=c3181a923e9ac3c005eb4c73edc7a1e8325a5b1e
Certificate serial:       01912EEACA9E53E76E4CB14F0D2B6F708BE6
Authority key identifier: C3:18:1A:92:3E:9A:C3:C0:05:EB:4C:73:ED:C7:A1:E8:32:5A:5B:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wxgakj6aw8AF60xz7ceh6DJaWx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/oL7En9RC1rfTz3mUuS-wlPiW_PA.roa
Signing time:             Wed 07 Aug 2024 22:17:04 +0000
ROA not before:           Wed 07 Aug 2024 22:17:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216371
IP address blocks:        94.101.106.0/24 maxlen: 24
                          2a14:7cc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/wxgakj6aw8AF60xz7ceh6DJaWx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/wxgakj6aw8AF60xz7ceh6DJaWx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wxgakj6aw8AF60xz7ceh6DJaWx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2e:ea:ca:9e:53:e7:6e:4c:b1:4f:0d:2b:6f:70:8b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3181a923e9ac3c005eb4c73edc7a1e8325a5b1e
        Validity
            Not Before: Aug  7 22:17:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0bec49fd442d6b7d3cf7994b92fb094f896fcf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6e:c1:e1:2c:48:da:4d:59:ae:00:7a:88:9a:
                    63:97:a1:e5:ef:c0:35:c0:12:85:25:0d:2d:c8:d0:
                    94:22:9f:7b:95:83:e6:cb:33:87:28:da:d3:74:45:
                    d5:4e:78:28:64:b4:28:30:8d:47:17:47:ac:4c:e5:
                    71:94:55:98:a1:f3:60:05:fb:95:cb:4c:e5:0b:76:
                    a8:68:37:cd:2d:af:bb:f6:54:63:d1:ab:a9:d0:51:
                    41:d1:04:4f:71:c3:b1:00:25:bc:b6:23:9d:96:6a:
                    14:60:a4:3d:ce:65:a4:e0:a5:d5:d4:4f:f8:2b:ec:
                    a5:d2:eb:47:f2:fb:d2:f5:bf:01:e5:d2:5f:23:88:
                    f0:4a:79:ce:fd:73:a9:1f:fe:0d:67:18:8f:7c:c7:
                    27:68:51:37:d8:b3:d3:38:84:e9:46:10:ab:ca:eb:
                    3b:c7:b0:1d:ab:df:a9:a0:eb:1b:40:6b:b8:30:69:
                    d6:cf:b1:85:eb:9c:59:96:4f:72:dd:69:e8:c5:02:
                    7a:0a:0c:ae:29:2f:fe:ad:a6:00:68:99:6e:e9:32:
                    21:f7:fc:c5:76:41:ba:4a:de:83:df:b4:27:83:66:
                    00:45:1d:33:74:6c:18:57:82:a5:89:36:b7:a5:72:
                    b4:8c:7a:db:71:95:a8:da:1d:2a:e1:bd:99:4e:52:
                    bc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:BE:C4:9F:D4:42:D6:B7:D3:CF:79:94:B9:2F:B0:94:F8:96:FC:F0
            X509v3 Authority Key Identifier:
                keyid:C3:18:1A:92:3E:9A:C3:C0:05:EB:4C:73:ED:C7:A1:E8:32:5A:5B:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wxgakj6aw8AF60xz7ceh6DJaWx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/oL7En9RC1rfTz3mUuS-wlPiW_PA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/9bcada-d955-4f2a-9254-f9ec566686b9/1/wxgakj6aw8AF60xz7ceh6DJaWx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.101.106.0/24
                IPv6:
                  2a14:7cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:55:ac:cd:54:8c:59:d9:d7:7b:a3:f0:dc:f4:b3:c5:45:58:
         12:f2:4f:a3:84:f1:0b:b0:cc:16:34:8d:30:71:05:db:57:4e:
         00:e0:18:59:ea:2a:a3:17:5a:3c:86:8d:de:56:22:8a:54:f9:
         de:5b:9a:36:9c:28:7b:8b:71:fc:2e:d7:e6:a5:0c:ad:44:8d:
         7e:44:c8:09:2c:a5:3f:d6:43:cf:46:32:3f:d3:f4:eb:26:d5:
         ad:d4:b3:57:44:c1:6e:7c:94:a7:51:e0:c6:b2:a6:08:b5:4d:
         84:fb:e5:09:f0:30:f2:df:8c:1d:ca:82:6f:07:ec:10:dc:86:
         b5:b8:ed:75:e6:d7:07:b7:ab:76:7c:a7:46:a4:8e:6e:bc:53:
         fb:31:78:83:f8:58:d2:d1:d0:8f:93:2b:ef:2d:e9:e7:56:ea:
         ab:6e:f4:eb:69:91:b2:fa:61:74:b0:4d:5c:85:d1:90:3a:bf:
         44:4b:0e:57:af:5e:3b:56:76:fc:aa:d5:1d:9a:f9:e2:7f:77:
         78:b5:c2:bd:29:99:2e:8e:ee:05:9c:b4:29:1c:2f:2a:24:a6:
         e1:e1:51:97:16:1f:21:44:2f:04:90:03:8a:1b:65:9d:0b:51:
         1f:e6:df:46:53:2d:3c:e6:8e:84:29:f0:17:8c:8a:9d:69:17:
         87:27:68:eb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZEu6sqeU+duTLFPDStvcIvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzMTgxYTkyM2U5YWMzYzAwNWViNGM3M2VkYzdhMWU4MzI1
YTViMWUwHhcNMjQwODA3MjIxNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGJlYzQ5ZmQ0NDJkNmI3ZDNjZjc5OTRiOTJmYjA5NGY4OTZmY2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs27B4SxI2k1ZrgB6iJpjl6Hl78A1
wBKFJQ0tyNCUIp97lYPmyzOHKNrTdEXVTngoZLQoMI1HF0esTOVxlFWYofNgBfuV
y0zlC3aoaDfNLa+79lRj0aup0FFB0QRPccOxACW8tiOdlmoUYKQ9zmWk4KXV1E/4
K+yl0utH8vvS9b8B5dJfI4jwSnnO/XOpH/4NZxiPfMcnaFE32LPTOITpRhCryus7
x7Adq9+poOsbQGu4MGnWz7GF65xZlk9y3WnoxQJ6CgyuKS/+raYAaJlu6TIh9/zF
dkG6St6D37Qng2YARR0zdGwYV4KliTa3pXK0jHrbcZWo2h0q4b2ZTlK8rQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKC+xJ/UQta30895lLkvsJT4lvzwMB8GA1UdIwQY
MBaAFMMYGpI+msPABetMc+3HoegyWlseMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3hnYWtqNmF3OEFGNjB4ejdjZWg2REphV3g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS85YmNhZGEtZDk1NS00ZjJhLTkyNTQt
ZjllYzU2NjY4NmI5LzEvb0w3RW45UkMxcmZUejNtVXVTLXdsUGlXX1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS85YmNhZGEtZDk1NS00ZjJhLTkyNTQtZjllYzU2NjY4NmI5
LzEvd3hnYWtqNmF3OEFGNjB4ejdjZWg2REphV3g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXmVqMA0E
AgACMAcDBQMqFHzAMA0GCSqGSIb3DQEBCwUAA4IBAQA+VazNVIxZ2dd7o/Dc9LPF
RVgS8k+jhPELsMwWNI0wcQXbV04A4BhZ6iqjF1o8ho3eViKKVPneW5o2nCh7i3H8
LtfmpQytRI1+RMgJLKU/1kPPRjI/0/TrJtWt1LNXRMFufJSnUeDGsqYItU2E++UJ
8DDy34wdyoJvB+wQ3Ia1uO115tcHt6t2fKdGpI5uvFP7MXiD+FjS0dCPkyvvLenn
VuqrbvTraZGy+mF0sE1chdGQOr9ESw5Xr147Vnb8qtUdmvnif3d4tcK9KZkuju4F
nLQpHC8qJKbh4VGXFh8hRC8EkAOKG2WdC1Ef5t9GUy085o6EKfAXjIqdaReHJ2jr
-----END CERTIFICATE-----