Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/kMzTs15lml0u--8DeDIZ3ahYB-8.roa
File:                     kMzTs15lml0u--8DeDIZ3ahYB-8.roa (raw, json)
Hash identifier:          hmu1j5piIsrOJ4koHYlWa9Aa3VoNfnl47fPB74RcAdg=
Subject key identifier:   90:CC:D3:B3:5E:65:9A:5D:2E:FB:EF:03:78:32:19:DD:A8:58:07:EF
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801D6C0B738DC88F5E25F7D93E9D72F
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/kMzTs15lml0u--8DeDIZ3ahYB-8.roa
Signing time:             Tue 02 Jan 2024 02:30:12 +0000
ROA not before:           Tue 02 Jan 2024 02:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35537
IP address blocks:        94.124.116.0/24 maxlen: 24
                          2a09:7:2004::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d6:c0:b7:38:dc:88:f5:e2:5f:7d:93:e9:d7:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90ccd3b35e659a5d2efbef03783219dda85807ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9f:e3:3d:38:43:b0:ea:0e:7e:08:0e:ed:27:
                    6f:5e:6c:95:fb:7f:5e:4b:2e:af:e3:5f:aa:a6:b5:
                    09:f4:f8:69:d0:e3:e0:c0:28:3a:90:99:f2:6f:5b:
                    5d:84:94:8e:2c:89:67:1a:1f:c0:46:f6:78:a6:4d:
                    70:e4:ba:5a:27:a9:83:58:a5:e6:95:66:a6:f5:fc:
                    03:2d:f8:08:ba:38:30:5c:c8:0e:4c:e8:f6:ba:9b:
                    72:7e:c5:07:4a:84:ab:9a:8d:af:f6:ab:ef:6f:a5:
                    24:df:db:74:2b:c7:77:e5:0d:49:a9:77:ce:d8:01:
                    97:57:76:d5:a6:95:38:ca:af:59:b7:27:08:da:f7:
                    22:7b:db:b8:2e:f1:f9:52:37:b3:1e:47:97:99:84:
                    3d:7a:1b:47:f0:5c:25:95:c2:71:4f:6a:a2:6c:e9:
                    12:7c:dc:b9:f8:88:91:7e:1d:b4:b0:a5:37:1d:8b:
                    3c:86:e0:0e:e2:4b:61:4a:e1:64:0c:91:6f:55:b6:
                    89:db:c9:6e:48:1a:65:37:3e:53:01:1b:8d:66:92:
                    5b:b5:b7:a5:87:c5:e3:c6:4f:54:9a:75:d9:a2:07:
                    29:b3:10:d4:c6:44:3a:df:17:7e:ac:d3:4d:e4:65:
                    c8:f3:ff:61:a5:fd:d9:4e:6e:dc:f3:c4:5b:00:07:
                    67:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:CC:D3:B3:5E:65:9A:5D:2E:FB:EF:03:78:32:19:DD:A8:58:07:EF
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/kMzTs15lml0u--8DeDIZ3ahYB-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.116.0/24
                IPv6:
                  2a09:7:2004::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:ed:da:58:2c:83:72:90:ee:cb:7c:c1:c9:b6:b6:55:66:a0:
         f4:41:8c:5b:4a:42:3f:87:82:f0:0a:21:5f:aa:28:1d:b1:f6:
         8a:c8:07:22:22:0f:66:6f:3f:07:4d:4b:b9:8b:09:fd:6d:5b:
         a6:85:d8:a8:e8:00:ab:3c:66:1c:a6:2c:06:72:a4:69:bf:1a:
         f8:7a:63:51:66:95:b1:8d:de:35:41:69:2b:fb:04:a9:14:bc:
         b2:0f:18:d6:00:1f:77:e1:23:d6:06:08:4b:9e:ef:3e:f2:b7:
         d3:96:57:eb:95:21:fa:f8:5a:0e:fe:c4:07:e8:f8:f6:b3:00:
         56:3c:23:c6:38:9a:47:d6:22:27:77:e8:1d:ea:16:64:25:84:
         45:f7:0f:cb:df:35:5c:bd:7e:b1:0d:06:ba:5a:71:0b:38:ea:
         88:bf:0b:8f:f8:bf:95:31:96:f7:f5:78:2a:56:a1:2b:c7:c2:
         c1:22:fb:00:5f:a4:e9:ac:5c:4d:15:c2:57:6a:07:78:03:82:
         27:7e:0a:17:43:2f:8e:ae:00:6f:bb:53:68:b6:ca:a4:00:44:
         c4:f8:63:a5:1e:28:0b:8f:5f:56:d6:52:fc:ee:15:e9:2e:79:
         d6:6f:e0:be:c0:82:03:29:f9:44:eb:b0:c1:34:fa:1c:4f:27:
         2c:ad:5e:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAdbAtzjciPXiX32T6dcvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGNjZDNiMzVlNjU5YTVkMmVmYmVmMDM3ODMyMTlkZGE4NTgwN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxp/jPThDsOoOfggO7SdvXmyV+39e
Sy6v41+qprUJ9Php0OPgwCg6kJnyb1tdhJSOLIlnGh/ARvZ4pk1w5LpaJ6mDWKXm
lWam9fwDLfgIujgwXMgOTOj2uptyfsUHSoSrmo2v9qvvb6Uk39t0K8d35Q1JqXfO
2AGXV3bVppU4yq9ZtycI2vcie9u4LvH5UjezHkeXmYQ9ehtH8FwllcJxT2qibOkS
fNy5+IiRfh20sKU3HYs8huAO4kthSuFkDJFvVbaJ28luSBplNz5TARuNZpJbtbel
h8Xjxk9UmnXZogcpsxDUxkQ63xd+rNNN5GXI8/9hpf3ZTm7c88RbAAdnEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJDM07NeZZpdLvvvA3gyGd2oWAfvMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEva016VHMxNWxtbDB1LS04RGVESVozYWhZQi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXnx0MA8E
AgACMAkDBwAqCQAHIAQwDQYJKoZIhvcNAQELBQADggEBAHzt2lgsg3KQ7st8wcm2
tlVmoPRBjFtKQj+HgvAKIV+qKB2x9orIByIiD2ZvPwdNS7mLCf1tW6aF2KjoAKs8
ZhymLAZypGm/Gvh6Y1FmlbGN3jVBaSv7BKkUvLIPGNYAH3fhI9YGCEue7z7yt9OW
V+uVIfr4Wg7+xAfo+PazAFY8I8Y4mkfWIid36B3qFmQlhEX3D8vfNVy9frENBrpa
cQs46oi/C4/4v5Uxlvf1eCpWoSvHwsEi+wBfpOmsXE0VwldqB3gDgid+ChdDL46u
AG+7U2i2yqQARMT4Y6UeKAuPX1bWUvzuFekuedZv4L7AggMp+UTrsME0+hxPJyyt
Xh8=
-----END CERTIFICATE-----