Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/KddtDEquGnwPab0FB_ANPqquFb0.roa
File:                     KddtDEquGnwPab0FB_ANPqquFb0.roa (raw, json)
Hash identifier:          6qib1OXGXgtbqAWVIWkrQJHA4JRV5oCWqVP6hS+M1b8=
Subject key identifier:   29:D7:6D:0C:4A:AE:1A:7C:0F:69:BD:05:07:F0:0D:3E:AA:AE:15:BD
Certificate issuer:       /CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
Certificate serial:       018CC86FCDCE107A3B4CE71E44B9F33C9CF2
Authority key identifier: 8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/KddtDEquGnwPab0FB_ANPqquFb0.roa
Signing time:             Tue 02 Jan 2024 04:30:19 +0000
ROA not before:           Tue 02 Jan 2024 04:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213126
IP address blocks:        212.94.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:cd:ce:10:7a:3b:4c:e7:1e:44:b9:f3:3c:9c:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
        Validity
            Not Before: Jan  2 04:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29d76d0c4aae1a7c0f69bd0507f00d3eaaae15bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ac:0a:74:73:26:5c:d6:ca:15:84:ef:35:39:
                    67:ce:d0:d7:3b:59:fe:9c:41:c7:ba:6d:fd:05:c5:
                    df:59:f5:40:6e:13:9d:33:2f:2e:f6:75:b0:91:e9:
                    41:52:79:54:bc:4a:3f:af:da:1f:c9:05:b2:d5:7b:
                    60:7b:66:46:e5:fa:0b:85:61:f9:5e:64:24:09:4d:
                    75:1c:aa:93:7a:9c:29:10:f4:9a:88:72:08:d2:9f:
                    53:e3:d8:88:47:92:aa:a5:25:e5:2c:66:12:cd:a9:
                    2b:6b:29:ef:5e:72:04:fe:ab:82:81:76:9e:7f:26:
                    8c:ca:5d:4f:0c:b3:0b:ee:52:7f:81:50:d8:60:46:
                    76:4d:6a:2a:ac:db:95:fc:93:08:3d:34:91:cc:39:
                    d3:a7:02:71:ff:9b:21:3a:8c:66:8e:6a:08:48:09:
                    09:c4:45:23:e0:6d:e1:9f:ab:d5:84:ad:f4:da:89:
                    d9:88:74:9a:58:44:1e:f8:86:06:57:25:01:41:d0:
                    92:ac:20:ec:d1:99:fc:58:23:40:a8:08:31:4c:c5:
                    7e:3e:b9:39:3f:11:00:4d:79:50:1d:33:40:54:a3:
                    75:52:98:24:ca:45:a5:36:ee:da:b9:56:26:12:61:
                    37:7f:43:7f:b0:3e:cd:10:aa:16:7a:d8:32:c8:7d:
                    3c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:D7:6D:0C:4A:AE:1A:7C:0F:69:BD:05:07:F0:0D:3E:AA:AE:15:BD
            X509v3 Authority Key Identifier:
                keyid:8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/KddtDEquGnwPab0FB_ANPqquFb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.94.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:1d:50:a3:dc:7c:af:06:0c:21:05:29:55:a2:e4:a0:15:9c:
         2f:94:9f:f2:c8:f1:32:f0:8d:f1:48:e9:b1:65:24:d0:95:81:
         81:1f:4d:e7:0f:7f:e8:04:02:61:c0:de:e3:6e:30:6b:15:6c:
         78:eb:71:7f:18:37:f3:30:10:a2:c5:44:7f:03:d8:76:1a:cc:
         ec:91:6b:f0:84:a5:c9:e7:27:ed:53:fb:dc:04:2e:3f:46:0d:
         f1:cd:f4:d8:84:8f:5f:9a:b9:63:3f:27:9c:98:ba:75:45:16:
         70:72:a4:1f:bb:a4:d7:6d:b2:8a:17:41:75:4a:33:42:5d:69:
         1c:5a:12:08:18:57:cb:39:c8:b4:45:ed:b9:1a:bd:75:b6:b1:
         4b:8f:9b:a5:a6:6c:f0:5a:01:b6:f8:e2:a3:79:83:53:a3:78:
         92:90:87:8d:c5:ca:3b:7d:c0:60:f0:6d:09:60:63:c9:e0:0e:
         64:ec:34:1f:d6:82:4a:4a:c6:62:ab:38:09:0e:a8:f3:2d:85:
         ca:94:ef:ec:7a:c0:c3:fc:2b:94:b0:d5:eb:e2:87:e7:f3:b7:
         34:fa:85:93:f6:46:d4:67:9a:ab:c2:4e:d7:d9:51:20:ea:8c:
         6e:5c:ff:b9:59:db:a6:af:15:70:51:ec:9b:e3:a2:61:af:31:
         2a:9c:b5:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb83OEHo7TOceRLnzPJzyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGFjMThhN2FkNTAxYmE3ZWExMzU2NzkwOWYxN2U0Zjcz
Mjc0MTMwHhcNMjQwMTAyMDQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWQ3NmQwYzRhYWUxYTdjMGY2OWJkMDUwN2YwMGQzZWFhYWUxNWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnawKdHMmXNbKFYTvNTlnztDXO1n+
nEHHum39BcXfWfVAbhOdMy8u9nWwkelBUnlUvEo/r9ofyQWy1Xtge2ZG5foLhWH5
XmQkCU11HKqTepwpEPSaiHII0p9T49iIR5KqpSXlLGYSzakraynvXnIE/quCgXae
fyaMyl1PDLML7lJ/gVDYYEZ2TWoqrNuV/JMIPTSRzDnTpwJx/5shOoxmjmoISAkJ
xEUj4G3hn6vVhK302onZiHSaWEQe+IYGVyUBQdCSrCDs0Zn8WCNAqAgxTMV+Prk5
PxEATXlQHTNAVKN1UpgkykWlNu7auVYmEmE3f0N/sD7NEKoWetgyyH08vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnXbQxKrhp8D2m9BQfwDT6qrhW9MB8GA1UdIwQY
MBaAFIvawYp61QG6fqE1Z5CfF+T3MnQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzkt
YzNjYzVkZTFlY2U5LzEvS2RkdERFcXVHbndQYWIwRkJfQU5QcXF1RmIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzktYzNjYzVkZTFlY2U5
LzEvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1F42MA0G
CSqGSIb3DQEBCwUAA4IBAQBZHVCj3HyvBgwhBSlVouSgFZwvlJ/yyPEy8I3xSOmx
ZSTQlYGBH03nD3/oBAJhwN7jbjBrFWx463F/GDfzMBCixUR/A9h2GszskWvwhKXJ
5yftU/vcBC4/Rg3xzfTYhI9fmrljPyecmLp1RRZwcqQfu6TXbbKKF0F1SjNCXWkc
WhIIGFfLOci0Re25Gr11trFLj5ulpmzwWgG2+OKjeYNTo3iSkIeNxco7fcBg8G0J
YGPJ4A5k7DQf1oJKSsZiqzgJDqjzLYXKlO/sesDD/CuUsNXr4ofn87c0+oWT9kbU
Z5qrwk7X2VEg6oxuXP+5WdumrxVwUeyb46JhrzEqnLWe
-----END CERTIFICATE-----