Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/zwNxRZCXOiLKuZa_7Wmh9NcuOqQ.roa
File:                     zwNxRZCXOiLKuZa_7Wmh9NcuOqQ.roa (raw, json)
Hash identifier:          6xxBkLaHc1up/veCbZl0eXM5uTf3B1SDA3dM0Oft33U=
Subject key identifier:   CF:03:71:45:90:97:3A:22:CA:B9:96:BF:ED:69:A1:F4:D7:2E:3A:A4
Certificate issuer:       /CN=a4176719912989979e086125a2a41a133fffdc24
Certificate serial:       0194AC0D0061BFFEE6E52583C3A22FD8F44E
Authority key identifier: A4:17:67:19:91:29:89:97:9E:08:61:25:A2:A4:1A:13:3F:FF:DC:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pBdnGZEpiZeeCGEloqQaEz__3CQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/zwNxRZCXOiLKuZa_7Wmh9NcuOqQ.roa
Signing time:             Tue 28 Jan 2025 08:35:20 +0000
ROA not before:           Tue 28 Jan 2025 08:35:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41897
IP address blocks:        94.154.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/pBdnGZEpiZeeCGEloqQaEz__3CQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/pBdnGZEpiZeeCGEloqQaEz__3CQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pBdnGZEpiZeeCGEloqQaEz__3CQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:0d:00:61:bf:fe:e6:e5:25:83:c3:a2:2f:d8:f4:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4176719912989979e086125a2a41a133fffdc24
        Validity
            Not Before: Jan 28 08:35:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf03714590973a22cab996bfed69a1f4d72e3aa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0d:3d:e1:a1:d7:82:06:6d:13:d5:ed:41:87:
                    86:6d:bb:c7:2d:77:37:78:53:28:6d:bc:fb:36:1e:
                    45:45:88:ef:c2:9b:a5:54:15:7b:3b:29:3d:2c:6d:
                    ef:b7:07:2c:57:b5:6b:dd:d7:93:67:fc:a7:9d:5e:
                    15:ff:a7:3e:a5:10:97:b7:3f:d8:f9:60:68:63:1e:
                    81:e4:6f:ed:66:f9:c0:20:8c:a8:23:28:83:2a:d9:
                    fd:1d:1b:20:1c:d1:72:80:50:5e:57:f0:7d:69:e6:
                    50:3e:7a:c7:24:77:59:bd:99:ab:05:7f:e0:5a:c4:
                    22:50:50:94:c5:70:12:9a:9f:08:07:02:34:63:68:
                    98:e1:1c:78:7d:e3:a5:2d:8c:4e:6b:06:30:d3:7e:
                    15:96:b4:b0:68:6b:5b:3e:41:d1:67:37:cb:39:51:
                    5f:0f:f2:8b:1d:87:50:e8:47:29:39:83:31:0c:8a:
                    d6:8e:d6:f0:be:58:34:e4:14:d6:bc:41:3a:57:71:
                    bd:78:85:1c:19:ef:c1:89:d1:5d:99:75:94:92:53:
                    fb:ae:a1:d2:ca:40:0f:1a:7f:f5:0a:12:9a:77:ed:
                    52:c8:79:95:6b:c8:0e:d5:ab:d8:99:99:3a:0f:18:
                    4c:cd:49:11:9f:f1:35:53:cd:66:08:11:52:26:50:
                    ec:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:03:71:45:90:97:3A:22:CA:B9:96:BF:ED:69:A1:F4:D7:2E:3A:A4
            X509v3 Authority Key Identifier:
                keyid:A4:17:67:19:91:29:89:97:9E:08:61:25:A2:A4:1A:13:3F:FF:DC:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pBdnGZEpiZeeCGEloqQaEz__3CQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/zwNxRZCXOiLKuZa_7Wmh9NcuOqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/1a40f5-b9c9-4856-83c6-ef040aebea60/1/pBdnGZEpiZeeCGEloqQaEz__3CQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:39:9c:e0:26:8b:4a:c1:8c:29:3a:87:a8:0b:53:e0:54:e7:
         02:fb:e3:c7:a6:ed:5f:79:77:5a:3b:c3:b3:88:fb:4b:52:74:
         49:a5:ad:6c:2c:c3:f6:7a:c8:a1:72:8c:3a:e5:de:3d:2f:d9:
         f9:32:e1:03:45:4e:c3:91:e2:7f:b8:8d:e0:a5:40:0e:da:76:
         fd:23:3b:f0:f3:cc:95:db:f5:b9:62:f0:82:98:03:c6:ec:ca:
         ed:e8:1d:97:b9:d1:ff:db:b1:e9:4a:39:4f:c7:5d:8b:36:7e:
         75:65:02:eb:02:b5:21:33:a1:e8:eb:e3:e0:60:d6:f4:4a:ee:
         22:cd:46:46:63:e4:11:b7:50:a6:b9:9d:46:7c:64:f9:e1:29:
         e8:55:0f:43:25:17:a1:f4:99:6e:ce:b9:31:dc:6a:68:b6:33:
         0d:26:22:fc:a6:8a:e4:1c:31:df:26:83:e7:92:84:a0:9c:45:
         b5:d9:ea:e1:6e:6f:67:a4:ed:4c:ea:14:bd:59:a4:f9:a8:34:
         6a:a2:bd:bd:88:67:03:65:1f:1a:c7:58:5d:c6:bc:fc:46:80:
         1f:3c:d5:35:0d:77:dd:fb:58:06:a2:0c:4c:6e:42:41:0c:97:
         ef:1c:67:ff:90:1a:59:3f:cd:f9:1d:e0:18:2b:ef:c8:e4:b3:
         c2:5e:1e:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSsDQBhv/7m5SWDw6Iv2PROMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MTc2NzE5OTEyOTg5OTc5ZTA4NjEyNWEyYTQxYTEzM2Zm
ZmRjMjQwHhcNMjUwMTI4MDgzNTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjAzNzE0NTkwOTczYTIyY2FiOTk2YmZlZDY5YTFmNGQ3MmUzYWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQ094aHXggZtE9XtQYeGbbvHLXc3
eFMobbz7Nh5FRYjvwpulVBV7Oyk9LG3vtwcsV7Vr3deTZ/ynnV4V/6c+pRCXtz/Y
+WBoYx6B5G/tZvnAIIyoIyiDKtn9HRsgHNFygFBeV/B9aeZQPnrHJHdZvZmrBX/g
WsQiUFCUxXASmp8IBwI0Y2iY4Rx4feOlLYxOawYw034VlrSwaGtbPkHRZzfLOVFf
D/KLHYdQ6EcpOYMxDIrWjtbwvlg05BTWvEE6V3G9eIUcGe/BidFdmXWUklP7rqHS
ykAPGn/1ChKad+1SyHmVa8gO1avYmZk6DxhMzUkRn/E1U81mCBFSJlDsbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8DcUWQlzoiyrmWv+1pofTXLjqkMB8GA1UdIwQY
MBaAFKQXZxmRKYmXnghhJaKkGhM//9wkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEJkbkdaRXBpWmVlQ0dFbG9xUWFFel9fM0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xYTQwZjUtYjljOS00ODU2LTgzYzYt
ZWYwNDBhZWJlYTYwLzEvendOeFJaQ1hPaUxLdVphXzdXbWg5TmN1T3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xYTQwZjUtYjljOS00ODU2LTgzYzYtZWYwNDBhZWJlYTYw
LzEvcEJkbkdaRXBpWmVlQ0dFbG9xUWFFel9fM0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXppsMA0G
CSqGSIb3DQEBCwUAA4IBAQB+OZzgJotKwYwpOoeoC1PgVOcC++PHpu1feXdaO8Oz
iPtLUnRJpa1sLMP2esihcow65d49L9n5MuEDRU7DkeJ/uI3gpUAO2nb9Izvw88yV
2/W5YvCCmAPG7Mrt6B2XudH/27HpSjlPx12LNn51ZQLrArUhM6Ho6+PgYNb0Su4i
zUZGY+QRt1CmuZ1GfGT54SnoVQ9DJReh9Jluzrkx3GpotjMNJiL8porkHDHfJoPn
koSgnEW12erhbm9npO1M6hS9WaT5qDRqor29iGcDZR8ax1hdxrz8RoAfPNU1DXfd
+1gGogxMbkJBDJfvHGf/kBpZP835HeAYK+/I5LPCXh4K
-----END CERTIFICATE-----
Generated at Sun Feb 2 09:56:36 2025 by rpki-client