Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lJDmxkP8FYMOKrHx81KIQgsCt6s.roa
File:                     lJDmxkP8FYMOKrHx81KIQgsCt6s.roa (raw, json)
Hash identifier:          n84Ydw+kXl0I+qNpb2T1oGRz8noYIT3evYn7IxFyWzI=
Subject key identifier:   94:90:E6:C6:43:FC:15:83:0E:2A:B1:F1:F3:52:88:42:0B:02:B7:AB
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018E1C6BF61A46C764FAA23DF1B99D699EB7
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lJDmxkP8FYMOKrHx81KIQgsCt6s.roa
Signing time:             Fri 08 Mar 2024 04:57:01 +0000
ROA not before:           Fri 08 Mar 2024 04:57:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44103
IP address blocks:        94.176.214.0/24 maxlen: 24
                          188.214.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:31:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1c:6b:f6:1a:46:c7:64:fa:a2:3d:f1:b9:9d:69:9e:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Mar  8 04:57:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9490e6c643fc15830e2ab1f1f35288420b02b7ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:04:18:3b:3c:6f:a8:29:f8:26:55:f4:2e:83:
                    9f:b8:55:38:9c:08:d6:fd:b8:bc:aa:e2:2b:e1:45:
                    a7:a4:d1:43:2f:c2:ad:c8:be:39:29:47:15:eb:fb:
                    ff:ee:f2:67:52:1d:32:a9:89:f0:52:64:97:1a:ac:
                    eb:9f:47:60:65:bd:34:7f:b5:00:4f:67:2e:27:36:
                    27:0a:c1:b3:f8:6c:03:40:1e:15:99:6d:76:cb:ba:
                    dc:0b:47:3c:77:31:c9:fc:82:3b:47:16:36:94:3a:
                    3b:21:3e:e2:24:ac:f7:0b:41:33:fe:02:72:00:a2:
                    65:26:e0:41:90:0f:06:a1:6b:e0:c2:36:0e:3b:06:
                    d2:79:03:29:d2:1d:ba:4e:f2:52:db:ca:62:23:0c:
                    63:a3:60:c0:8d:02:c4:04:f7:51:a5:f7:a2:78:21:
                    d7:8c:39:08:f8:17:07:33:1d:71:50:cd:d9:07:03:
                    e6:1c:e4:81:53:bc:f2:73:a5:f0:df:de:40:3e:dc:
                    9b:52:c6:8f:1e:66:c7:fd:d7:da:9a:25:d7:47:d1:
                    d3:2f:83:dc:db:e6:9c:dd:b0:2a:b3:d8:6a:33:8c:
                    20:0f:61:ed:20:ec:32:36:f4:17:20:43:94:a1:0e:
                    91:2f:49:e3:de:68:a4:09:4e:8c:79:7a:af:e3:5c:
                    e5:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:90:E6:C6:43:FC:15:83:0E:2A:B1:F1:F3:52:88:42:0B:02:B7:AB
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/lJDmxkP8FYMOKrHx81KIQgsCt6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.214.0/24
                  188.214.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:ff:1a:b2:10:57:67:db:20:7f:f0:e6:0a:7c:ab:de:49:38:
         dd:c9:9e:2a:59:88:69:fd:f0:a7:65:3f:46:a2:40:eb:db:e6:
         5d:76:64:c0:74:ef:93:2b:b7:14:dc:aa:1e:c4:ab:62:cb:94:
         34:f8:82:40:0c:d9:41:f7:96:1f:95:3f:29:f6:3c:17:eb:65:
         be:d5:51:ab:9c:8c:97:1f:68:01:2c:1e:cb:4e:b5:77:47:71:
         e3:d2:a9:d7:9b:e3:f5:30:57:f1:fa:04:63:b8:5d:8e:7a:84:
         fb:33:73:fd:8e:32:f7:cb:43:9a:21:50:4b:9c:50:6c:94:0d:
         2e:62:54:f8:53:df:e3:db:b3:d4:17:18:47:87:71:9b:17:a7:
         bf:37:64:54:8e:67:83:1f:8f:5f:71:b2:6c:46:95:24:2a:91:
         f3:38:83:bb:89:64:d6:29:c8:77:a3:95:92:aa:e3:c9:56:fd:
         80:10:57:e0:c4:ee:32:c5:c6:0f:a8:da:43:36:1b:95:a4:68:
         d2:fd:68:d1:3a:36:df:99:98:2d:ee:1c:3f:a7:6d:9e:50:49:
         43:12:de:7d:a2:76:12:67:44:4a:3d:44:f8:6b:54:d6:8d:7d:
         d6:6b:ee:2b:23:c2:51:6a:59:0e:b2:ec:40:fe:de:2d:b8:f6:
         ec:16:3d:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4ca/YaRsdk+qI98bmdaZ63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMzA4MDQ1NzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDkwZTZjNjQzZmMxNTgzMGUyYWIxZjFmMzUyODg0MjBiMDJiN2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQQYOzxvqCn4JlX0LoOfuFU4nAjW
/bi8quIr4UWnpNFDL8KtyL45KUcV6/v/7vJnUh0yqYnwUmSXGqzrn0dgZb00f7UA
T2cuJzYnCsGz+GwDQB4VmW12y7rcC0c8dzHJ/II7RxY2lDo7IT7iJKz3C0Ez/gJy
AKJlJuBBkA8GoWvgwjYOOwbSeQMp0h26TvJS28piIwxjo2DAjQLEBPdRpfeieCHX
jDkI+BcHMx1xUM3ZBwPmHOSBU7zyc6Xw395APtybUsaPHmbH/dfamiXXR9HTL4Pc
2+ac3bAqs9hqM4wgD2HtIOwyNvQXIEOUoQ6RL0nj3mikCU6MeXqv41zluwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJSQ5sZD/BWDDiqx8fNSiEILArerMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvbEpEbXhrUDhGWU1PS3JIeDgxS0lRZ3NDdDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXrDWAwQA
vNZrMA0GCSqGSIb3DQEBCwUAA4IBAQBI/xqyEFdn2yB/8OYKfKveSTjdyZ4qWYhp
/fCnZT9GokDr2+ZddmTAdO+TK7cU3KoexKtiy5Q0+IJADNlB95YflT8p9jwX62W+
1VGrnIyXH2gBLB7LTrV3R3Hj0qnXm+P1MFfx+gRjuF2OeoT7M3P9jjL3y0OaIVBL
nFBslA0uYlT4U9/j27PUFxhHh3GbF6e/N2RUjmeDH49fcbJsRpUkKpHzOIO7iWTW
Kch3o5WSquPJVv2AEFfgxO4yxcYPqNpDNhuVpGjS/WjROjbfmZgt7hw/p22eUElD
Et59onYSZ0RKPUT4a1TWjX3Wa+4rI8JRalkOsuxA/t4tuPbsFj14
-----END CERTIFICATE-----