Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/X55oS6kQd_LmjKNDAQ9m1_alZzU.roa
File:                     X55oS6kQd_LmjKNDAQ9m1_alZzU.roa (raw, json)
Hash identifier:          wHKMyLqTnxKGvz7NQ53qQszdnu4K70iRee+BiThUfq0=
Subject key identifier:   5F:9E:68:4B:A9:10:77:F2:E6:8C:A3:43:01:0F:66:D7:F6:A5:67:35
Certificate issuer:       /CN=beba48c7e2c9e05eda546d899146b89f799df85d
Certificate serial:       018CC6B88E55C26EB50B30DA4DF345B949F2
Authority key identifier: BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/X55oS6kQd_LmjKNDAQ9m1_alZzU.roa
Signing time:             Mon 01 Jan 2024 20:30:32 +0000
ROA not before:           Mon 01 Jan 2024 20:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33908
IP address blocks:        94.125.8.0/24 maxlen: 24
                          185.42.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:8e:55:c2:6e:b5:0b:30:da:4d:f3:45:b9:49:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beba48c7e2c9e05eda546d899146b89f799df85d
        Validity
            Not Before: Jan  1 20:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f9e684ba91077f2e68ca343010f66d7f6a56735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a0:51:fc:8a:1b:d8:a2:95:7e:b0:b7:ad:98:
                    52:eb:67:cf:ea:db:81:d5:30:ca:a7:97:cb:04:30:
                    f5:73:6d:7f:bd:32:e4:af:eb:a0:be:70:89:07:80:
                    52:c9:11:0f:24:64:95:28:06:85:20:89:14:33:65:
                    2c:e6:88:cc:02:fa:6a:a7:ad:14:88:6a:3e:dc:c4:
                    da:1c:36:f8:98:a1:3f:d2:f4:89:44:af:bd:e2:fc:
                    e3:c2:b7:a8:b0:43:83:7c:3a:f3:a0:09:17:9c:25:
                    02:c1:2d:f6:bb:fa:58:72:aa:30:28:19:07:5f:26:
                    00:68:b7:ba:3e:fb:f8:25:aa:c8:95:e3:d2:b4:b5:
                    44:a8:25:da:2f:ec:4b:81:6a:ee:91:ab:5d:ff:0f:
                    3e:7f:b7:9e:03:60:67:00:0f:02:c4:31:88:26:9e:
                    b0:8c:4e:c0:05:7f:37:47:eb:32:d9:a8:f5:a1:d0:
                    d4:5b:fd:27:cb:ed:9b:27:c0:b7:7e:c0:b5:d5:7c:
                    18:13:ae:6f:60:60:d8:ca:62:ad:23:39:20:5a:0e:
                    df:e1:52:00:45:39:57:de:08:13:c3:71:f9:1f:fa:
                    3c:0c:c6:b9:dd:91:e0:bc:3e:f0:5f:65:de:cd:bf:
                    60:f7:25:a5:7a:e5:61:fd:88:e6:c9:97:ed:28:67:
                    fe:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:9E:68:4B:A9:10:77:F2:E6:8C:A3:43:01:0F:66:D7:F6:A5:67:35
            X509v3 Authority Key Identifier:
                keyid:BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/X55oS6kQd_LmjKNDAQ9m1_alZzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.125.8.0/24
                  185.42.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:ad:2e:25:30:0a:5c:20:5a:c3:e5:fa:5c:d9:2f:ad:cf:1f:
         ae:ba:bd:35:a5:7b:92:6e:f6:24:12:0e:e1:bd:ef:44:70:27:
         69:48:a6:76:32:3d:24:13:ee:d0:17:c5:d6:b3:e7:79:f6:4c:
         cf:db:7f:21:1c:19:1a:c2:2b:ac:ed:dc:62:0a:ca:d4:3d:f7:
         3a:68:87:9b:ae:2a:1a:79:63:22:2f:8f:5e:67:79:f3:33:0f:
         d6:16:9a:a1:e9:a5:94:fe:5a:8a:9d:d6:fe:1a:1e:87:a4:4e:
         2e:63:28:f2:42:e2:c7:87:a0:2b:71:5e:bb:15:d2:fd:8e:57:
         52:9a:2c:c8:7d:d8:41:75:28:b9:ba:94:99:90:c3:1c:c1:6b:
         35:27:b2:0f:5b:04:a2:cd:6c:a0:78:f8:1f:72:6d:fc:b1:d6:
         43:3b:c9:8d:2d:d1:85:e9:41:79:3b:1f:42:1d:cf:4a:3e:9d:
         3a:e3:34:0c:e3:a1:68:c4:b9:ee:86:83:82:74:31:af:76:e5:
         48:3d:27:94:a9:71:2e:3c:52:e7:a7:20:85:32:76:34:02:f2:
         2a:c9:63:70:8a:b1:9e:31:37:86:1a:ad:72:76:48:3e:35:bf:
         ca:ec:53:5b:c4:35:75:5f:56:18:73:b4:1b:1c:fa:a0:f4:c2:
         e4:ad:c8:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuI5Vwm61CzDaTfNFuUnyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmE0OGM3ZTJjOWUwNWVkYTU0NmQ4OTkxNDZiODlmNzk5
ZGY4NWQwHhcNMjQwMTAxMjAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjllNjg0YmE5MTA3N2YyZTY4Y2EzNDMwMTBmNjZkN2Y2YTU2NzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6BR/Iob2KKVfrC3rZhS62fP6tuB
1TDKp5fLBDD1c21/vTLkr+ugvnCJB4BSyREPJGSVKAaFIIkUM2Us5ojMAvpqp60U
iGo+3MTaHDb4mKE/0vSJRK+94vzjwreosEODfDrzoAkXnCUCwS32u/pYcqowKBkH
XyYAaLe6Pvv4JarIlePStLVEqCXaL+xLgWrukatd/w8+f7eeA2BnAA8CxDGIJp6w
jE7ABX83R+sy2aj1odDUW/0ny+2bJ8C3fsC11XwYE65vYGDYymKtIzkgWg7f4VIA
RTlX3ggTw3H5H/o8DMa53ZHgvD7wX2Xezb9g9yWleuVh/YjmyZftKGf+5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF+eaEupEHfy5oyjQwEPZtf2pWc1MB8GA1UdIwQY
MBaAFL66SMfiyeBe2lRtiZFGuJ95nfhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYt
M2Q1MjIxODFhMmM0LzEvWDU1b1M2a1FkX0xtaktOREFROW0xX2FsWnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYtM2Q1MjIxODFhMmM0
LzEvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXn0IAwQA
uSo+MA0GCSqGSIb3DQEBCwUAA4IBAQAmrS4lMApcIFrD5fpc2S+tzx+uur01pXuS
bvYkEg7hve9EcCdpSKZ2Mj0kE+7QF8XWs+d59kzP238hHBkawius7dxiCsrUPfc6
aIebrioaeWMiL49eZ3nzMw/WFpqh6aWU/lqKndb+Gh6HpE4uYyjyQuLHh6ArcV67
FdL9jldSmizIfdhBdSi5upSZkMMcwWs1J7IPWwSizWygePgfcm38sdZDO8mNLdGF
6UF5Ox9CHc9KPp064zQM46FoxLnuhoOCdDGvduVIPSeUqXEuPFLnpyCFMnY0AvIq
yWNwirGeMTeGGq1ydkg+Nb/K7FNbxDV1X1YYc7QbHPqg9MLkrcg7
-----END CERTIFICATE-----