Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/xHYktSklJzunFj9NHXzVPc0CAqM.roa
File:                     xHYktSklJzunFj9NHXzVPc0CAqM.roa (raw, json)
Hash identifier:          pBIWztONu6uK0G74swaQuTrYMfv0YA+GMSPiPasjTHQ=
Subject key identifier:   C4:76:24:B5:29:25:27:3B:A7:16:3F:4D:1D:7C:D5:3D:CD:02:02:A3
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019428276FCCD8671C00067CAAD1B0B95B3D
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/xHYktSklJzunFj9NHXzVPc0CAqM.roa
Signing time:             Thu 02 Jan 2025 17:54:20 +0000
ROA not before:           Thu 02 Jan 2025 17:54:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214209
IP address blocks:        94.177.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:6f:cc:d8:67:1c:00:06:7c:aa:d1:b0:b9:5b:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c47624b52925273ba7163f4d1d7cd53dcd0202a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:9a:62:d8:75:d2:ce:c0:f7:31:c6:1c:0e:b5:
                    5e:f8:38:32:ff:74:27:8b:5b:5d:99:31:b5:2d:36:
                    7f:00:55:fc:ef:bf:04:56:b9:f4:20:11:2d:fa:ca:
                    f7:75:a0:1c:0a:45:67:c8:64:c5:be:e6:13:a1:eb:
                    e2:91:8b:56:c1:c6:e8:fe:7e:1a:33:ed:c2:d7:31:
                    e8:44:80:39:30:ac:a1:dd:87:7b:33:7e:ad:1e:6f:
                    b2:15:0e:93:15:77:8b:eb:4f:61:b9:8f:fd:f3:73:
                    10:43:ee:bc:60:96:19:d5:5d:3c:65:4c:0e:d6:97:
                    42:56:2c:77:cc:04:ce:32:34:64:15:51:20:a6:e9:
                    72:4b:00:cb:44:cc:70:5f:d2:25:4b:ea:23:42:20:
                    8f:f3:21:02:7f:13:fe:6e:07:77:16:6d:e1:01:02:
                    0b:00:55:99:05:af:ed:24:34:c9:54:27:ea:fe:7f:
                    0e:8e:98:77:c9:ee:e6:2a:62:9c:83:18:51:be:cd:
                    8c:89:42:eb:29:f0:89:68:fc:d5:80:28:79:b1:68:
                    00:b9:4e:fb:2d:0b:48:9b:a3:75:fd:af:ff:6c:b7:
                    a5:a5:54:0a:7e:f8:4e:ea:1d:30:ea:e3:74:3c:1c:
                    c4:63:f5:02:07:90:38:d5:66:aa:b3:fe:fd:94:20:
                    8b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:76:24:B5:29:25:27:3B:A7:16:3F:4D:1D:7C:D5:3D:CD:02:02:A3
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/xHYktSklJzunFj9NHXzVPc0CAqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ef:bc:2f:69:00:eb:05:b9:85:71:f1:73:3c:64:6f:0d:52:
         cc:25:72:3a:87:05:2c:a6:19:46:ea:39:42:c1:b5:c4:dc:21:
         31:cc:3d:1c:d9:5a:b6:7e:21:d2:3c:3f:6e:8a:b1:00:0c:02:
         ec:07:5f:6b:8e:e4:df:e8:5e:79:db:33:0e:02:83:85:f6:c2:
         91:fb:67:ce:36:bd:cb:f7:84:f5:88:84:56:95:81:f4:78:5f:
         cb:1d:92:83:db:90:05:e2:d9:7d:99:72:ec:91:8d:76:43:0d:
         26:4d:f9:30:83:46:5b:29:c0:11:14:3e:86:79:ba:ca:08:31:
         58:fa:97:40:b6:6c:b5:5e:14:48:e5:16:b3:59:4d:53:4c:f2:
         df:d0:20:9d:04:d7:88:dd:82:ad:f4:06:cb:5a:2c:45:4c:ea:
         6b:81:61:8c:de:95:85:12:0e:84:d0:de:b7:24:1c:d8:d0:9e:
         14:1a:02:fd:cb:c0:77:93:0f:e7:78:fe:8e:1f:c7:6f:0a:40:
         79:a7:cd:8e:c2:00:55:3f:7b:09:b6:a8:54:2f:1a:02:2f:2f:
         b0:85:2f:8d:4f:1e:6e:33:ef:b8:9f:43:bb:78:6e:5d:d5:0b:
         f7:f6:c6:d3:57:3b:90:bf:a1:d5:f6:e2:b7:c9:21:2e:e2:52:
         35:67:2c:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ2/M2GccAAZ8qtGwuVs9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDc2MjRiNTI5MjUyNzNiYTcxNjNmNGQxZDdjZDUzZGNkMDIwMmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Zpi2HXSzsD3McYcDrVe+Dgy/3Qn
i1tdmTG1LTZ/AFX8778EVrn0IBEt+sr3daAcCkVnyGTFvuYToevikYtWwcbo/n4a
M+3C1zHoRIA5MKyh3Yd7M36tHm+yFQ6TFXeL609huY/983MQQ+68YJYZ1V08ZUwO
1pdCVix3zATOMjRkFVEgpulySwDLRMxwX9IlS+ojQiCP8yECfxP+bgd3Fm3hAQIL
AFWZBa/tJDTJVCfq/n8Ojph3ye7mKmKcgxhRvs2MiULrKfCJaPzVgCh5sWgAuU77
LQtIm6N1/a//bLelpVQKfvhO6h0w6uN0PBzEY/UCB5A41Waqs/79lCCLIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMR2JLUpJSc7pxY/TR181T3NAgKjMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEveEhZa3RTa2xKenVuRmo5TkhYelZQYzBDQXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrFqMA0G
CSqGSIb3DQEBCwUAA4IBAQBo77wvaQDrBbmFcfFzPGRvDVLMJXI6hwUsphlG6jlC
wbXE3CExzD0c2Vq2fiHSPD9uirEADALsB19rjuTf6F552zMOAoOF9sKR+2fONr3L
94T1iIRWlYH0eF/LHZKD25AF4tl9mXLskY12Qw0mTfkwg0ZbKcARFD6GebrKCDFY
+pdAtmy1XhRI5RazWU1TTPLf0CCdBNeI3YKt9AbLWixFTOprgWGM3pWFEg6E0N63
JBzY0J4UGgL9y8B3kw/neP6OH8dvCkB5p82OwgBVP3sJtqhULxoCLy+whS+NTx5u
M++4n0O7eG5d1Qv39sbTVzuQv6HV9uK3ySEu4lI1Zyzt
-----END CERTIFICATE-----