Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/CR-VkdeASkR3_0SMcJQlp7n7NoA.roa
File:                     CR-VkdeASkR3_0SMcJQlp7n7NoA.roa (raw, json)
Hash identifier:          UEJDI4DsMhleHJeSaViGwWEZfrpFaeasb9218Q4DXWs=
Subject key identifier:   09:1F:95:91:D7:80:4A:44:77:FF:44:8C:70:94:25:A7:B9:FB:36:80
Certificate issuer:       /CN=33954330349f57502a76ae6e99987efc3e3b8109
Certificate serial:       018CC56E592E804B8511D7E98F83D3063D1A
Authority key identifier: 33:95:43:30:34:9F:57:50:2A:76:AE:6E:99:98:7E:FC:3E:3B:81:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M5VDMDSfV1Aqdq5umZh-_D47gQk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/CR-VkdeASkR3_0SMcJQlp7n7NoA.roa
Signing time:             Mon 01 Jan 2024 14:29:52 +0000
ROA not before:           Mon 01 Jan 2024 14:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209928
IP address blocks:        94.231.40.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/M5VDMDSfV1Aqdq5umZh-_D47gQk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/M5VDMDSfV1Aqdq5umZh-_D47gQk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M5VDMDSfV1Aqdq5umZh-_D47gQk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:59:2e:80:4b:85:11:d7:e9:8f:83:d3:06:3d:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33954330349f57502a76ae6e99987efc3e3b8109
        Validity
            Not Before: Jan  1 14:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=091f9591d7804a4477ff448c709425a7b9fb3680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:17:ef:29:37:95:6c:9e:6b:ed:df:49:55:ed:
                    d4:68:d1:80:fb:20:20:c8:7d:71:c9:fd:86:be:db:
                    10:b0:90:c0:fb:73:bf:7f:61:de:dc:fb:b6:20:af:
                    8c:ec:9c:da:73:c0:7a:09:ce:ee:c6:a0:87:42:be:
                    20:f3:7b:7c:51:7d:48:14:79:54:87:1d:80:30:3c:
                    47:b0:3b:9e:75:9d:fd:b2:f6:3a:24:b7:08:9b:8c:
                    f1:55:04:79:5d:c7:30:66:c2:04:12:8f:22:68:7b:
                    de:5a:77:37:2e:6c:e5:e1:4f:49:57:b3:33:3b:62:
                    de:25:67:cf:5b:bb:8d:6e:64:12:79:9f:9d:38:f3:
                    59:93:c9:75:b7:ae:6f:ed:f5:5e:70:e2:c4:96:23:
                    d0:9a:e9:be:aa:04:e0:5a:10:56:b0:f3:58:da:ec:
                    37:48:0d:06:8d:ee:98:49:8e:ad:54:c3:87:67:12:
                    ae:13:75:8c:6a:e7:41:33:52:40:10:67:71:82:50:
                    ae:f0:62:ae:0b:7b:7f:82:da:eb:2c:12:2e:e0:41:
                    f8:61:29:a8:53:37:c2:71:71:6c:82:eb:8f:4b:3c:
                    9e:c7:41:4c:d6:1b:d7:7b:17:5f:64:e0:00:0c:25:
                    db:25:ee:e3:71:2c:84:03:f1:47:80:e5:7d:14:d4:
                    17:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:1F:95:91:D7:80:4A:44:77:FF:44:8C:70:94:25:A7:B9:FB:36:80
            X509v3 Authority Key Identifier:
                keyid:33:95:43:30:34:9F:57:50:2A:76:AE:6E:99:98:7E:FC:3E:3B:81:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M5VDMDSfV1Aqdq5umZh-_D47gQk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/CR-VkdeASkR3_0SMcJQlp7n7NoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/0f19e9-1b2b-4812-ab5a-fdf84f83a274/1/M5VDMDSfV1Aqdq5umZh-_D47gQk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         03:0e:70:ef:0c:5e:20:7c:e3:42:da:1d:8f:51:b0:be:3b:6a:
         02:13:a8:a8:8f:cc:b0:34:b6:9b:a3:b4:23:b6:ce:99:cf:14:
         d3:7f:98:8f:ff:04:85:55:77:f7:c2:cc:cc:32:cc:69:40:3a:
         4a:f0:84:10:f0:01:2c:78:f8:cb:b3:e6:db:76:42:56:ef:eb:
         37:fb:ad:fe:63:a8:5f:12:29:32:87:93:8e:8a:67:e2:cb:de:
         67:ea:fe:b1:4f:ac:a1:ea:79:3f:b3:c3:c5:a4:6f:82:28:9d:
         ba:ed:59:6c:8b:40:d7:f3:2e:a3:b9:e1:7f:09:f3:ed:33:a2:
         b1:65:b3:e2:8d:61:7b:3f:49:57:7f:38:37:14:11:c4:e8:e1:
         de:ac:cb:03:54:26:6a:50:bc:75:3b:71:1d:34:c0:1a:28:a4:
         78:d2:24:aa:1c:2e:72:fa:bc:db:b6:dc:d2:28:1d:c2:9d:3e:
         c7:12:c3:7a:ab:ae:24:14:a9:4f:b8:85:9b:36:91:2b:91:12:
         eb:b2:a0:b9:a7:b0:39:22:14:bd:28:01:9f:31:42:ef:aa:1a:
         97:41:47:e8:6c:ef:59:6a:ce:8a:ec:06:ed:c0:64:fe:bd:54:
         ce:cb:4b:dd:38:22:c9:52:30:68:f4:91:db:8d:de:17:cd:bd:
         e3:be:54:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFblkugEuFEdfpj4PTBj0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOTU0MzMwMzQ5ZjU3NTAyYTc2YWU2ZTk5OTg3ZWZjM2Uz
YjgxMDkwHhcNMjQwMTAxMTQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTFmOTU5MWQ3ODA0YTQ0NzdmZjQ0OGM3MDk0MjVhN2I5ZmIzNjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRfvKTeVbJ5r7d9JVe3UaNGA+yAg
yH1xyf2GvtsQsJDA+3O/f2He3Pu2IK+M7Jzac8B6Cc7uxqCHQr4g83t8UX1IFHlU
hx2AMDxHsDuedZ39svY6JLcIm4zxVQR5XccwZsIEEo8iaHveWnc3Lmzl4U9JV7Mz
O2LeJWfPW7uNbmQSeZ+dOPNZk8l1t65v7fVecOLEliPQmum+qgTgWhBWsPNY2uw3
SA0Gje6YSY6tVMOHZxKuE3WMaudBM1JAEGdxglCu8GKuC3t/gtrrLBIu4EH4YSmo
UzfCcXFsguuPSzyex0FM1hvXexdfZOAADCXbJe7jcSyEA/FHgOV9FNQXoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkflZHXgEpEd/9EjHCUJae5+zaAMB8GA1UdIwQY
MBaAFDOVQzA0n1dQKnaubpmYfvw+O4EJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTVWRE1EU2ZWMUFxZHE1dW1aaC1fRDQ3Z1FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8wZjE5ZTktMWIyYi00ODEyLWFiNWEt
ZmRmODRmODNhMjc0LzEvQ1ItVmtkZUFTa1IzXzBTTWNKUWxwN243Tm9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8wZjE5ZTktMWIyYi00ODEyLWFiNWEtZmRmODRmODNhMjc0
LzEvTTVWRE1EU2ZWMUFxZHE1dW1aaC1fRDQ3Z1FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXucoMA0G
CSqGSIb3DQEBCwUAA4IBAQADDnDvDF4gfONC2h2PUbC+O2oCE6ioj8ywNLabo7Qj
ts6ZzxTTf5iP/wSFVXf3wszMMsxpQDpK8IQQ8AEsePjLs+bbdkJW7+s3+63+Y6hf
Eikyh5OOimfiy95n6v6xT6yh6nk/s8PFpG+CKJ267Vlsi0DX8y6jueF/CfPtM6Kx
ZbPijWF7P0lXfzg3FBHE6OHerMsDVCZqULx1O3EdNMAaKKR40iSqHC5y+rzbttzS
KB3CnT7HEsN6q64kFKlPuIWbNpErkRLrsqC5p7A5IhS9KAGfMULvqhqXQUfobO9Z
as6K7AbtwGT+vVTOy0vdOCLJUjBo9JHbjd4Xzb3jvlSq
-----END CERTIFICATE-----