Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/r8_0uelpgxeJEhOZBb5I-C3t9Dw.roa
File:                     r8_0uelpgxeJEhOZBb5I-C3t9Dw.roa (raw, json)
Hash identifier:          qSHcoGbD5w1VMiNKpysCXUtKw278KTgr4tRmUU21kpE=
Subject key identifier:   AF:CF:F4:B9:E9:69:83:17:89:12:13:99:05:BE:48:F8:2D:ED:F4:3C
Certificate issuer:       /CN=7aa86c8156f0806dcccdc22dcc4d6175b8fa9893
Certificate serial:       01942444B7CC6D69D662343CDD061BA794EE
Authority key identifier: 7A:A8:6C:81:56:F0:80:6D:CC:CD:C2:2D:CC:4D:61:75:B8:FA:98:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eqhsgVbwgG3MzcItzE1hdbj6mJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/r8_0uelpgxeJEhOZBb5I-C3t9Dw.roa
Signing time:             Wed 01 Jan 2025 23:47:50 +0000
ROA not before:           Wed 01 Jan 2025 23:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202675
IP address blocks:        194.76.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/eqhsgVbwgG3MzcItzE1hdbj6mJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/eqhsgVbwgG3MzcItzE1hdbj6mJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eqhsgVbwgG3MzcItzE1hdbj6mJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:b7:cc:6d:69:d6:62:34:3c:dd:06:1b:a7:94:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aa86c8156f0806dcccdc22dcc4d6175b8fa9893
        Validity
            Not Before: Jan  1 23:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afcff4b9e96983178912139905be48f82dedf43c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f9:f4:fe:68:37:ea:c4:09:ee:8f:e0:6a:b9:
                    82:89:84:69:c9:c3:26:21:30:33:7e:da:7a:89:19:
                    7a:e4:a3:62:a8:0d:4a:c0:e2:d7:3e:fe:48:32:17:
                    19:e3:69:04:ca:dd:c9:a9:d8:32:35:a6:11:ba:fd:
                    43:5d:60:5e:91:ea:72:df:c8:81:c5:84:f6:f5:7c:
                    fa:0f:a2:d8:4e:4a:f8:9d:3a:fd:fe:4c:4f:a7:18:
                    7b:7e:3c:91:de:9f:2a:c3:93:9f:a8:b2:95:84:ba:
                    bb:23:73:02:04:8b:06:7e:70:17:61:7d:7e:13:9f:
                    71:fd:3e:38:5a:2c:e6:01:dd:40:1f:4a:e6:d6:ee:
                    fe:dd:1b:b4:e3:dd:27:ec:3c:ba:bd:f6:62:45:a1:
                    70:a9:12:59:1a:ac:9e:b7:21:fb:d6:9b:a0:ab:53:
                    ca:31:49:bc:fa:8e:63:ac:ca:56:7e:21:e1:71:33:
                    1d:0d:50:9c:a6:fd:84:06:2a:d9:ea:ba:34:d6:62:
                    af:ed:8a:62:0d:11:d9:bd:33:35:71:be:29:bc:d8:
                    ae:2a:ad:ec:e3:8c:8d:50:b3:79:1c:f9:9f:6c:47:
                    25:9e:fc:7d:1f:3d:72:9c:87:e1:51:4f:93:65:66:
                    87:e7:07:0e:80:ac:a1:d8:ae:8e:3c:0f:25:55:3f:
                    67:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:CF:F4:B9:E9:69:83:17:89:12:13:99:05:BE:48:F8:2D:ED:F4:3C
            X509v3 Authority Key Identifier:
                keyid:7A:A8:6C:81:56:F0:80:6D:CC:CD:C2:2D:CC:4D:61:75:B8:FA:98:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eqhsgVbwgG3MzcItzE1hdbj6mJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/r8_0uelpgxeJEhOZBb5I-C3t9Dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b2d4d8-4f7c-4756-a461-fafdbed574ad/1/eqhsgVbwgG3MzcItzE1hdbj6mJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:c8:2c:96:5f:3f:2f:13:a5:db:cc:c8:da:90:3b:0c:90:9f:
         68:76:84:ae:1c:40:da:c5:9f:1f:c1:46:45:23:37:7b:cb:87:
         03:b6:b4:3c:f3:a9:5c:61:6c:5c:6d:6f:c3:e0:fa:7e:91:e6:
         dd:f6:9e:ef:c8:c2:7c:ca:34:5e:62:95:01:a4:d0:14:ef:ce:
         82:1a:3f:8a:36:c7:f0:77:67:ab:9d:2d:ab:fd:69:ea:55:62:
         87:84:8d:cd:94:d7:e9:f8:b4:e2:a3:7e:b6:44:a9:7e:55:d5:
         97:a2:9d:9a:05:e8:15:7e:e4:44:87:40:b1:ce:80:5e:66:8e:
         2f:0f:ba:e3:3e:05:a6:0c:c1:d7:6e:49:71:a7:90:32:9a:44:
         ee:9d:03:1e:05:e2:7c:5b:a1:05:5c:5c:a4:76:18:5a:e6:ca:
         26:d4:fe:a2:8a:2d:be:07:a6:f8:32:b2:7c:c8:0b:63:35:b1:
         07:4a:0d:98:5a:65:07:5b:89:7e:53:5f:cd:c6:35:3c:8e:e0:
         b0:ef:2f:f8:83:0d:eb:2d:e3:c0:26:48:00:c6:9d:fa:fb:1c:
         e1:78:26:9a:0f:ce:ac:e4:c4:f6:a8:af:10:f2:c6:ed:4d:e3:
         08:ba:d7:22:9c:e8:37:b2:ab:93:cf:ce:fb:7a:d2:26:a7:77:
         d6:9c:c6:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRLfMbWnWYjQ83QYbp5TuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhYTg2YzgxNTZmMDgwNmRjY2NkYzIyZGNjNGQ2MTc1Yjhm
YTk4OTMwHhcNMjUwMTAxMjM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmNmZjRiOWU5Njk4MzE3ODkxMjEzOTkwNWJlNDhmODJkZWRmNDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/n0/mg36sQJ7o/garmCiYRpycMm
ITAzftp6iRl65KNiqA1KwOLXPv5IMhcZ42kEyt3JqdgyNaYRuv1DXWBekepy38iB
xYT29Xz6D6LYTkr4nTr9/kxPpxh7fjyR3p8qw5OfqLKVhLq7I3MCBIsGfnAXYX1+
E59x/T44WizmAd1AH0rm1u7+3Ru0490n7Dy6vfZiRaFwqRJZGqyetyH71pugq1PK
MUm8+o5jrMpWfiHhcTMdDVCcpv2EBirZ6ro01mKv7YpiDRHZvTM1cb4pvNiuKq3s
44yNULN5HPmfbEclnvx9Hz1ynIfhUU+TZWaH5wcOgKyh2K6OPA8lVT9nTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/P9LnpaYMXiRITmQW+SPgt7fQ8MB8GA1UdIwQY
MBaAFHqobIFW8IBtzM3CLcxNYXW4+piTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXFoc2dWYndnRzNNemNJdHpFMWhkYmo2bUpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9iMmQ0ZDgtNGY3Yy00NzU2LWE0NjEt
ZmFmZGJlZDU3NGFkLzEvcjhfMHVlbHBneGVKRWhPWkJiNUktQzN0OUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9iMmQ0ZDgtNGY3Yy00NzU2LWE0NjEtZmFmZGJlZDU3NGFk
LzEvZXFoc2dWYndnRzNNemNJdHpFMWhkYmo2bUpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwkx0MA0G
CSqGSIb3DQEBCwUAA4IBAQB0yCyWXz8vE6XbzMjakDsMkJ9odoSuHEDaxZ8fwUZF
Izd7y4cDtrQ886lcYWxcbW/D4Pp+kebd9p7vyMJ8yjReYpUBpNAU786CGj+KNsfw
d2ernS2r/WnqVWKHhI3NlNfp+LTio362RKl+VdWXop2aBegVfuREh0CxzoBeZo4v
D7rjPgWmDMHXbklxp5AymkTunQMeBeJ8W6EFXFykdhha5som1P6iii2+B6b4MrJ8
yAtjNbEHSg2YWmUHW4l+U1/NxjU8juCw7y/4gw3rLePAJkgAxp36+xzheCaaD86s
5MT2qK8Q8sbtTeMIutcinOg3squTz877etImp3fWnMb7
-----END CERTIFICATE-----