Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/6ef146-dac6-4ea5-be58-4ee69a777bbe/1/jlfdZHmVvHdz_53apg0OZWLxSVw.roa
File:                     jlfdZHmVvHdz_53apg0OZWLxSVw.roa (raw, json)
Hash identifier:          jgBY+KV60Sm5+edJ00g2iCkNCnIW/XdZGLc1p19ckko=
Subject key identifier:   8E:57:DD:64:79:95:BC:77:73:FF:9D:DA:A6:0D:0E:65:62:F1:49:5C
Certificate issuer:       /CN=8e5dc732ca2834973547c780e1c3a5ab47805be0
Certificate serial:       0194214400384BA32B864E23B9B73D0AD4A1
Authority key identifier: 8E:5D:C7:32:CA:28:34:97:35:47:C7:80:E1:C3:A5:AB:47:80:5B:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jl3HMsooNJc1R8eA4cOlq0eAW-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/6ef146-dac6-4ea5-be58-4ee69a777bbe/1/jlfdZHmVvHdz_53apg0OZWLxSVw.roa
Signing time:             Wed 01 Jan 2025 09:48:12 +0000
ROA not before:           Wed 01 Jan 2025 09:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207492
IP address blocks:        94.231.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/6ef146-dac6-4ea5-be58-4ee69a777bbe/1/jl3HMsooNJc1R8eA4cOlq0eAW-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/6ef146-dac6-4ea5-be58-4ee69a777bbe/1/jl3HMsooNJc1R8eA4cOlq0eAW-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jl3HMsooNJc1R8eA4cOlq0eAW-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:00:38:4b:a3:2b:86:4e:23:b9:b7:3d:0a:d4:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e5dc732ca2834973547c780e1c3a5ab47805be0
        Validity
            Not Before: Jan  1 09:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e57dd647995bc7773ff9ddaa60d0e6562f1495c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:06:38:09:24:38:eb:92:59:07:95:80:2b:f7:
                    3c:e8:76:13:8b:9e:0a:3a:57:57:01:c2:96:c4:04:
                    47:c8:d2:9a:15:10:5d:3c:62:32:74:a6:38:db:d6:
                    d6:73:c3:e8:37:b2:a0:41:e0:ab:e0:72:fe:ff:c3:
                    e5:26:2d:ce:98:71:ae:10:74:17:76:09:40:c6:2a:
                    e0:bc:61:2c:ac:a9:28:3d:13:48:64:55:dc:72:28:
                    d9:84:30:58:68:b8:32:da:43:62:fb:d1:5a:aa:04:
                    9a:6f:6a:3a:08:82:b4:26:5d:08:6c:cf:6f:0d:64:
                    00:e4:80:89:0d:e9:7e:26:b7:ca:82:68:6b:cf:38:
                    df:f5:52:b7:04:73:d2:f1:f2:ff:5a:d7:f6:17:73:
                    13:17:bd:39:af:b1:92:67:ab:db:aa:14:0d:ab:12:
                    4d:79:b2:39:21:2f:15:90:6b:74:16:bb:4b:d3:8a:
                    05:8a:2e:6d:cb:d2:ee:35:6c:0f:b6:2c:d1:d2:0d:
                    6c:d0:e5:fc:95:d7:eb:6d:d8:4e:25:21:2a:71:4c:
                    be:36:6e:08:47:1b:a7:74:aa:40:4b:a6:96:8d:c3:
                    ef:11:5b:de:d4:d6:7a:b3:18:93:9a:b5:9e:af:b6:
                    eb:ca:84:c7:c9:a1:a4:af:61:e5:23:ab:2b:dd:af:
                    e7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:57:DD:64:79:95:BC:77:73:FF:9D:DA:A6:0D:0E:65:62:F1:49:5C
            X509v3 Authority Key Identifier:
                keyid:8E:5D:C7:32:CA:28:34:97:35:47:C7:80:E1:C3:A5:AB:47:80:5B:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jl3HMsooNJc1R8eA4cOlq0eAW-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/6ef146-dac6-4ea5-be58-4ee69a777bbe/1/jlfdZHmVvHdz_53apg0OZWLxSVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/6ef146-dac6-4ea5-be58-4ee69a777bbe/1/jl3HMsooNJc1R8eA4cOlq0eAW-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:51:05:b1:bd:84:a8:d9:8a:fd:c4:60:c2:63:e8:bf:5e:9e:
         1d:31:60:1c:c1:d5:2b:37:60:4f:50:13:6d:59:9c:1f:f7:5a:
         57:72:b8:1d:20:32:54:7d:db:1e:c5:97:04:44:11:38:ca:01:
         2c:e5:97:32:14:f7:de:a7:02:eb:12:0d:a9:fe:6c:77:e4:34:
         2f:58:17:d5:3a:dd:b7:84:68:89:d8:f2:c4:95:97:dd:3c:40:
         96:89:77:eb:64:74:0c:28:3e:3c:7a:fb:4a:6b:2a:dd:35:35:
         7c:ff:c7:c1:ff:44:f9:e6:c1:72:aa:56:97:9d:63:c1:04:b1:
         17:a0:40:0e:f6:91:68:43:02:be:ef:81:db:3c:78:d2:d3:be:
         a9:c2:0a:c6:ea:e2:4f:b3:3f:12:2d:22:6c:c8:de:af:db:15:
         d4:f7:cd:8d:02:b8:18:06:ef:91:95:6e:f8:bd:a0:e0:9f:c4:
         1b:a3:8c:80:60:bf:4d:71:ad:4d:05:19:e3:f4:7a:e5:9c:a9:
         75:7d:af:f9:8c:52:ba:39:02:7f:c6:cd:f3:02:b1:0b:af:4e:
         fe:bf:ec:cb:30:84:ef:3f:66:a6:68:a1:cb:84:c2:8d:7f:7c:
         26:19:da:a0:97:c8:42:3e:cd:fa:3a:ad:33:6f:3e:dd:8b:fb:
         62:5e:13:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAA4S6Mrhk4jubc9CtShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNWRjNzMyY2EyODM0OTczNTQ3Yzc4MGUxYzNhNWFiNDc4
MDViZTAwHhcNMjUwMTAxMDk0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTU3ZGQ2NDc5OTViYzc3NzNmZjlkZGFhNjBkMGU2NTYyZjE0OTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3gY4CSQ465JZB5WAK/c86HYTi54K
OldXAcKWxARHyNKaFRBdPGIydKY429bWc8PoN7KgQeCr4HL+/8PlJi3OmHGuEHQX
dglAxirgvGEsrKkoPRNIZFXccijZhDBYaLgy2kNi+9FaqgSab2o6CIK0Jl0IbM9v
DWQA5ICJDel+JrfKgmhrzzjf9VK3BHPS8fL/Wtf2F3MTF705r7GSZ6vbqhQNqxJN
ebI5IS8VkGt0FrtL04oFii5ty9LuNWwPtizR0g1s0OX8ldfrbdhOJSEqcUy+Nm4I
RxundKpAS6aWjcPvEVve1NZ6sxiTmrWer7bryoTHyaGkr2HlI6sr3a/nZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5X3WR5lbx3c/+d2qYNDmVi8UlcMB8GA1UdIwQY
MBaAFI5dxzLKKDSXNUfHgOHDpatHgFvgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamwzSE1zb29OSmMxUjhlQTRjT2xxMGVBVy1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy82ZWYxNDYtZGFjNi00ZWE1LWJlNTgt
NGVlNjlhNzc3YmJlLzEvamxmZFpIbVZ2SGR6XzUzYXBnME9aV0x4U1Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy82ZWYxNDYtZGFjNi00ZWE1LWJlNTgtNGVlNjlhNzc3YmJl
LzEvamwzSE1zb29OSmMxUjhlQTRjT2xxMGVBVy1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufCMA0G
CSqGSIb3DQEBCwUAA4IBAQBjUQWxvYSo2Yr9xGDCY+i/Xp4dMWAcwdUrN2BPUBNt
WZwf91pXcrgdIDJUfdsexZcERBE4ygEs5ZcyFPfepwLrEg2p/mx35DQvWBfVOt23
hGiJ2PLElZfdPECWiXfrZHQMKD48evtKayrdNTV8/8fB/0T55sFyqlaXnWPBBLEX
oEAO9pFoQwK+74HbPHjS076pwgrG6uJPsz8SLSJsyN6v2xXU982NArgYBu+RlW74
vaDgn8Qbo4yAYL9Nca1NBRnj9HrlnKl1fa/5jFK6OQJ/xs3zArELr07+v+zLMITv
P2amaKHLhMKNf3wmGdqgl8hCPs36Oq0zbz7di/tiXhPz
-----END CERTIFICATE-----