Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/auApMcvT0ghtABN_47-F8XLxrNw.roa
File:                     auApMcvT0ghtABN_47-F8XLxrNw.roa (raw, json)
Hash identifier:          XofAinsDeuW+LGI1qiG7UWKXoZIw8N+n+gNQOT5w3Kk=
Subject key identifier:   6A:E0:29:31:CB:D3:D2:08:6D:00:13:7F:E3:BF:85:F1:72:F1:AC:DC
Certificate issuer:       /CN=38083044fb6c43bffad5fd54b07d2cc7c00d1bd3
Certificate serial:       01941F8C96B68776343D8B69DA60F907DAAA
Authority key identifier: 38:08:30:44:FB:6C:43:BF:FA:D5:FD:54:B0:7D:2C:C7:C0:0D:1B:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OAgwRPtsQ7_61f1UsH0sx8ANG9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/auApMcvT0ghtABN_47-F8XLxrNw.roa
Signing time:             Wed 01 Jan 2025 01:48:14 +0000
ROA not before:           Wed 01 Jan 2025 01:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        94.101.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OAgwRPtsQ7_61f1UsH0sx8ANG9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OAgwRPtsQ7_61f1UsH0sx8ANG9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OAgwRPtsQ7_61f1UsH0sx8ANG9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:96:b6:87:76:34:3d:8b:69:da:60:f9:07:da:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38083044fb6c43bffad5fd54b07d2cc7c00d1bd3
        Validity
            Not Before: Jan  1 01:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ae02931cbd3d2086d00137fe3bf85f172f1acdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:be:31:f6:a8:46:dd:ba:60:11:17:62:ed:fb:
                    31:d6:fb:bf:da:6e:12:cc:b4:1b:60:0a:b4:85:5c:
                    a5:10:f5:18:7f:86:23:a2:cd:c9:58:17:c3:a5:3a:
                    09:98:96:e8:13:63:13:1d:c1:bf:ff:b4:e6:09:13:
                    aa:4e:29:a6:e3:77:00:db:46:ef:ec:e0:12:96:39:
                    f0:76:76:ab:a9:38:fb:dd:f4:ad:61:50:97:ac:ad:
                    b4:37:d5:a0:5c:44:b4:6b:8d:45:4b:8a:99:5f:fc:
                    3f:97:19:a3:62:a5:4a:25:3a:5a:56:b2:22:fa:76:
                    f3:92:3e:50:16:29:f0:45:66:b1:4a:d3:6c:c4:14:
                    60:08:d7:6e:2c:54:05:48:23:c6:82:fb:de:47:5a:
                    16:c7:68:a6:f3:5b:1d:e3:35:8b:ae:ca:ba:12:21:
                    c8:11:5a:b8:28:d9:33:20:81:a8:5d:ce:02:74:6e:
                    78:37:3d:6e:f1:27:fd:68:bb:4f:94:4a:94:97:bb:
                    3b:88:70:02:3f:af:ef:a6:6f:a0:f1:c9:68:0c:14:
                    f9:ce:b9:33:cd:68:ae:ac:f2:29:32:cc:22:d3:97:
                    de:30:e4:b2:f5:22:96:1f:25:92:e7:3e:12:e4:71:
                    10:45:96:c8:92:4b:1e:1a:57:5f:3a:34:bf:3a:51:
                    34:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:E0:29:31:CB:D3:D2:08:6D:00:13:7F:E3:BF:85:F1:72:F1:AC:DC
            X509v3 Authority Key Identifier:
                keyid:38:08:30:44:FB:6C:43:BF:FA:D5:FD:54:B0:7D:2C:C7:C0:0D:1B:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OAgwRPtsQ7_61f1UsH0sx8ANG9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/auApMcvT0ghtABN_47-F8XLxrNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/94a6b8-39d3-4f79-ae25-a95511ba4d46/1/OAgwRPtsQ7_61f1UsH0sx8ANG9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.101.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:7e:f9:00:2f:c1:e6:99:8c:25:c0:4b:f8:93:ae:6f:5f:fc:
         8f:85:f3:62:db:e7:57:de:eb:5f:2f:db:82:45:c8:0d:53:aa:
         37:b2:eb:51:f5:e9:ec:76:cd:a2:6b:2c:09:d2:e3:76:01:dc:
         0e:ea:9a:7e:01:c3:96:3c:b7:c4:f1:a6:82:d0:2a:31:ec:e7:
         91:96:2e:d1:ef:94:aa:d2:de:d4:8d:97:95:b9:dc:75:4f:62:
         3a:f3:7d:54:88:dd:58:a2:ae:c6:5c:a9:87:de:6f:c4:d2:67:
         e5:5d:7e:24:a8:6c:61:c1:18:b8:e2:85:83:e8:70:25:e4:0f:
         81:0e:95:43:85:13:b1:64:5f:41:bb:6c:3b:a9:73:ae:c5:d1:
         25:9e:c2:e3:1a:bd:43:04:63:15:74:a4:9f:70:de:16:29:01:
         47:10:2f:bf:cd:13:f3:76:f9:61:d4:bc:b6:fd:70:31:2a:2a:
         87:36:1a:c5:2c:fc:b1:62:6f:ee:69:01:3e:94:33:1f:bb:f0:
         d4:c8:ed:00:3d:20:2f:06:d7:97:9e:fb:50:f7:c0:1c:c0:a8:
         85:a9:32:c7:4a:e0:d3:8c:ff:b0:eb:a7:6c:50:f3:9a:7d:05:
         a5:89:91:a5:98:52:f9:4d:21:87:0a:5b:90:64:0c:1a:83:62:
         be:de:93:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJa2h3Y0PYtp2mD5B9qqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MDgzMDQ0ZmI2YzQzYmZmYWQ1ZmQ1NGIwN2QyY2M3YzAw
ZDFiZDMwHhcNMjUwMTAxMDE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWUwMjkzMWNiZDNkMjA4NmQwMDEzN2ZlM2JmODVmMTcyZjFhY2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsL4x9qhG3bpgERdi7fsx1vu/2m4S
zLQbYAq0hVylEPUYf4Yjos3JWBfDpToJmJboE2MTHcG//7TmCROqTimm43cA20bv
7OASljnwdnarqTj73fStYVCXrK20N9WgXES0a41FS4qZX/w/lxmjYqVKJTpaVrIi
+nbzkj5QFinwRWaxStNsxBRgCNduLFQFSCPGgvveR1oWx2im81sd4zWLrsq6EiHI
EVq4KNkzIIGoXc4CdG54Nz1u8Sf9aLtPlEqUl7s7iHACP6/vpm+g8cloDBT5zrkz
zWiurPIpMswi05feMOSy9SKWHyWS5z4S5HEQRZbIkkseGldfOjS/OlE0KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrgKTHL09IIbQATf+O/hfFy8azcMB8GA1UdIwQY
MBaAFDgIMET7bEO/+tX9VLB9LMfADRvTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Fnd1JQdHNRN182MWYxVXNIMHN4OEFORzlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NGE2YjgtMzlkMy00Zjc5LWFlMjUt
YTk1NTExYmE0ZDQ2LzEvYXVBcE1jdlQwZ2h0QUJOXzQ3LUY4WEx4ck53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NGE2YjgtMzlkMy00Zjc5LWFlMjUtYTk1NTExYmE0ZDQ2
LzEvT0Fnd1JQdHNRN182MWYxVXNIMHN4OEFORzlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmVjMA0G
CSqGSIb3DQEBCwUAA4IBAQAvfvkAL8HmmYwlwEv4k65vX/yPhfNi2+dX3utfL9uC
RcgNU6o3sutR9ensds2iaywJ0uN2AdwO6pp+AcOWPLfE8aaC0Cox7OeRli7R75Sq
0t7UjZeVudx1T2I6831UiN1Yoq7GXKmH3m/E0mflXX4kqGxhwRi44oWD6HAl5A+B
DpVDhROxZF9Bu2w7qXOuxdElnsLjGr1DBGMVdKSfcN4WKQFHEC+/zRPzdvlh1Ly2
/XAxKiqHNhrFLPyxYm/uaQE+lDMfu/DUyO0APSAvBteXnvtQ98AcwKiFqTLHSuDT
jP+w66dsUPOafQWliZGlmFL5TSGHCluQZAwag2K+3pPA
-----END CERTIFICATE-----