Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/FfIZ2qbJX7YHYpHv1LL-IF7peRc.roa
File:                     FfIZ2qbJX7YHYpHv1LL-IF7peRc.roa (raw, json)
Hash identifier:          5KAjkEvQR+TyOSqH9rjqbi9YEXImRnTFiCP8cdRcDNc=
Subject key identifier:   15:F2:19:DA:A6:C9:5F:B6:07:62:91:EF:D4:B2:FE:20:5E:E9:79:17
Certificate issuer:       /CN=38083044fb6c43bffad5fd54b07d2cc7c00d1bd3
Certificate serial:       018CC94AA81CDEAD3D77E8579AB559695587
Authority key identifier: 38:08:30:44:FB:6C:43:BF:FA:D5:FD:54:B0:7D:2C:C7:C0:0D:1B:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OAgwRPtsQ7_61f1UsH0sx8ANG9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/FfIZ2qbJX7YHYpHv1LL-IF7peRc.roa
Signing time:             Tue 02 Jan 2024 08:29:22 +0000
ROA not before:           Tue 02 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        94.101.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OAgwRPtsQ7_61f1UsH0sx8ANG9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OAgwRPtsQ7_61f1UsH0sx8ANG9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OAgwRPtsQ7_61f1UsH0sx8ANG9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:a8:1c:de:ad:3d:77:e8:57:9a:b5:59:69:55:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38083044fb6c43bffad5fd54b07d2cc7c00d1bd3
        Validity
            Not Before: Jan  2 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15f219daa6c95fb6076291efd4b2fe205ee97917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2a:42:79:af:81:4a:76:c5:8e:e8:5a:8a:54:
                    cd:31:59:30:4a:fb:f5:3a:f8:fb:55:b6:b4:29:ea:
                    7a:5e:18:38:3c:34:61:5a:7d:29:bc:c7:29:22:4d:
                    8f:91:83:42:a0:85:90:95:99:1f:37:c6:49:3e:b7:
                    81:d4:c4:be:02:dd:ca:52:64:91:34:50:c4:e5:a5:
                    22:e1:4c:b4:bf:27:63:78:76:0b:ca:75:ad:54:ad:
                    64:cb:7b:16:5e:ad:73:e1:ab:f8:15:71:c2:2e:09:
                    3a:70:f5:52:9f:f1:24:45:9d:9f:f4:bc:d1:5e:57:
                    14:98:ef:8f:79:c5:ab:8b:a5:ab:c0:0c:57:5d:73:
                    5f:83:a8:52:b9:3c:90:62:79:b3:09:dc:94:66:7f:
                    cb:0c:ac:2c:33:d1:d7:e3:b5:a7:ac:c7:42:ec:e9:
                    63:f4:ac:5e:23:3c:d2:41:d1:09:1b:ce:1c:a0:3a:
                    51:b4:8b:dc:19:36:fa:7b:9c:bb:25:f0:dc:da:0d:
                    ee:65:90:f5:32:02:35:5a:8b:70:34:d5:6b:4f:52:
                    55:40:7f:9c:ff:1f:3d:26:b4:01:a9:07:4b:0e:26:
                    32:fc:2f:3a:0d:24:4e:f1:90:2a:09:44:9d:fb:4f:
                    7b:9a:c6:52:69:6e:3f:e0:e8:9c:74:10:c1:76:f7:
                    1b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:F2:19:DA:A6:C9:5F:B6:07:62:91:EF:D4:B2:FE:20:5E:E9:79:17
            X509v3 Authority Key Identifier:
                keyid:38:08:30:44:FB:6C:43:BF:FA:D5:FD:54:B0:7D:2C:C7:C0:0D:1B:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OAgwRPtsQ7_61f1UsH0sx8ANG9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/FfIZ2qbJX7YHYpHv1LL-IF7peRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OAgwRPtsQ7_61f1UsH0sx8ANG9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.101.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:46:17:a9:e2:d4:03:d2:d1:95:66:e0:1c:b1:6f:81:3d:47:
         74:25:a5:99:4e:24:22:bf:32:ae:5c:ec:ae:96:0b:75:72:1c:
         8f:d7:4a:06:b1:ac:74:f4:1e:7f:72:83:b4:dd:4c:2f:db:a5:
         b6:a3:4e:1c:1b:51:fa:60:6b:e3:70:a2:24:10:b1:8d:d6:c7:
         14:f6:35:31:b6:d4:ef:67:4e:37:06:8a:c9:dd:98:9e:d7:ee:
         7a:61:27:8b:e8:76:5c:85:9f:22:ea:4a:1c:3a:b8:e0:5e:4a:
         90:dc:64:b8:5f:db:0f:72:be:1f:76:51:94:2e:0a:4c:d7:04:
         36:9b:a9:a2:9c:92:52:04:12:38:ac:f5:03:8d:51:a6:fe:57:
         30:ca:83:2c:85:76:b3:a4:36:55:c5:fe:22:0a:fc:03:a1:3a:
         61:d2:a6:67:6c:9f:a1:05:b6:ca:1d:ee:10:05:06:fa:ae:ef:
         64:cf:f2:e4:b7:d4:70:99:9c:53:8b:ea:60:15:3f:bd:de:b3:
         f5:9b:c3:96:f6:6c:7c:45:d1:48:68:e0:b1:c2:4f:bb:5b:fe:
         6b:14:9f:c6:08:91:00:82:83:8a:bc:23:a1:18:05:2f:ba:39:
         82:0a:61:43:f1:99:55:41:94:f1:e0:09:f0:4c:f5:78:6a:aa:
         c9:b1:53:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSqgc3q09d+hXmrVZaVWHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MDgzMDQ0ZmI2YzQzYmZmYWQ1ZmQ1NGIwN2QyY2M3YzAw
ZDFiZDMwHhcNMjQwMTAyMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWYyMTlkYWE2Yzk1ZmI2MDc2MjkxZWZkNGIyZmUyMDVlZTk3OTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSpCea+BSnbFjuhailTNMVkwSvv1
Ovj7Vba0Kep6Xhg4PDRhWn0pvMcpIk2PkYNCoIWQlZkfN8ZJPreB1MS+At3KUmSR
NFDE5aUi4Uy0vydjeHYLynWtVK1ky3sWXq1z4av4FXHCLgk6cPVSn/EkRZ2f9LzR
XlcUmO+PecWri6WrwAxXXXNfg6hSuTyQYnmzCdyUZn/LDKwsM9HX47WnrMdC7Olj
9KxeIzzSQdEJG84coDpRtIvcGTb6e5y7JfDc2g3uZZD1MgI1WotwNNVrT1JVQH+c
/x89JrQBqQdLDiYy/C86DSRO8ZAqCUSd+097msZSaW4/4OicdBDBdvcbDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXyGdqmyV+2B2KR79Sy/iBe6XkXMB8GA1UdIwQY
MBaAFDgIMET7bEO/+tX9VLB9LMfADRvTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Fnd1JQdHNRN182MWYxVXNIMHN4OEFORzlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NGE2YjgtMzlkMy00Zjc5LWFlMjUt
YTk1NTExYmE0ZDQ2LzEvRmZJWjJxYkpYN1lIWXBIdjFMTC1JRjdwZVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NGE2YjgtMzlkMy00Zjc5LWFlMjUtYTk1NTExYmE0ZDQ2
LzEvT0Fnd1JQdHNRN182MWYxVXNIMHN4OEFORzlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmVjMA0G
CSqGSIb3DQEBCwUAA4IBAQAjRhep4tQD0tGVZuAcsW+BPUd0JaWZTiQivzKuXOyu
lgt1chyP10oGsax09B5/coO03Uwv26W2o04cG1H6YGvjcKIkELGN1scU9jUxttTv
Z043BorJ3Zie1+56YSeL6HZchZ8i6kocOrjgXkqQ3GS4X9sPcr4fdlGULgpM1wQ2
m6minJJSBBI4rPUDjVGm/lcwyoMshXazpDZVxf4iCvwDoTph0qZnbJ+hBbbKHe4Q
BQb6ru9kz/Lkt9RwmZxTi+pgFT+93rP1m8OW9mx8RdFIaOCxwk+7W/5rFJ/GCJEA
goOKvCOhGAUvujmCCmFD8ZlVQZTx4AnwTPV4aqrJsVMy
-----END CERTIFICATE-----