Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/9qyXVuFB4kEruZP7Tzct03twJ_I.roa
File:                     9qyXVuFB4kEruZP7Tzct03twJ_I.roa (raw, json)
Hash identifier:          hIsqqE6gRN3SgnPSDtXcuN1cooM5ZwIkThIR/rS3Njs=
Subject key identifier:   F6:AC:97:56:E1:41:E2:41:2B:B9:93:FB:4F:37:2D:D3:7B:70:27:F2
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       018CC348B14C6BEC464540F81498585C7BAB
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/9qyXVuFB4kEruZP7Tzct03twJ_I.roa
Signing time:             Mon 01 Jan 2024 04:29:30 +0000
ROA not before:           Mon 01 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206282
IP address blocks:        94.240.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b1:4c:6b:ec:46:45:40:f8:14:98:58:5c:7b:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6ac9756e141e2412bb993fb4f372dd37b7027f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a3:41:11:5b:88:5b:ce:04:85:eb:c0:5c:ff:
                    3e:f5:4a:65:b0:3f:16:43:74:a2:fa:7b:60:99:cc:
                    dc:2d:79:5c:8d:42:a7:58:48:3c:fd:9c:26:12:b4:
                    84:ab:75:99:52:8c:95:56:b9:0e:04:86:5b:66:a2:
                    95:a4:fc:20:44:5e:94:f2:19:2b:cf:19:5f:ff:47:
                    c6:d0:c1:b5:08:e8:fc:fd:48:63:55:ff:2e:51:5a:
                    11:12:86:fd:a6:b9:46:69:07:13:6b:b2:d1:be:53:
                    19:21:7a:56:c9:67:00:07:88:25:d4:01:1e:71:78:
                    8b:a4:01:ad:f5:0c:37:40:ec:59:42:43:cc:a8:ff:
                    79:80:d9:cf:f7:ff:83:de:18:3c:cc:18:c9:6a:7c:
                    68:41:1e:ce:61:8d:3d:41:af:7d:1a:da:52:e6:ba:
                    70:f1:65:1c:01:6d:10:8d:f3:30:1b:f5:32:0d:62:
                    9f:50:f2:85:43:bf:fe:97:d5:1a:41:2c:e2:8f:cb:
                    59:29:4f:5e:36:e4:0a:4e:1c:be:48:df:3f:dd:74:
                    f4:b6:cc:d7:43:75:be:d0:39:89:a9:5e:bd:87:de:
                    a7:a7:bf:3f:f0:f2:7e:9c:2d:98:15:e5:96:b1:57:
                    21:96:63:b5:09:43:bf:94:a5:80:43:7d:73:59:7a:
                    99:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:AC:97:56:E1:41:E2:41:2B:B9:93:FB:4F:37:2D:D3:7B:70:27:F2
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/9qyXVuFB4kEruZP7Tzct03twJ_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:28:56:98:4f:ed:72:f9:e7:9d:74:48:2f:3b:79:86:fa:3d:
         f3:4d:2c:68:e3:12:42:67:e9:c0:34:07:9f:56:31:31:f3:a6:
         63:f9:0f:89:db:df:73:14:41:25:e2:3e:bc:9a:32:23:f2:b5:
         ca:1c:78:d4:ea:98:71:00:c5:7f:04:78:1b:48:17:ce:c0:ba:
         8f:30:53:71:1d:74:69:17:5d:8d:10:3f:5b:34:08:bc:59:3d:
         4d:53:b1:f6:f9:a9:e3:28:22:dd:b8:bf:43:31:b4:cb:f9:dc:
         84:cb:c4:51:42:35:ad:7a:a1:32:2a:1f:fb:be:a8:57:64:7f:
         3d:45:9c:ae:4f:87:78:20:fd:13:85:4e:45:cb:5a:18:64:06:
         e4:db:ca:2d:4b:2b:e8:4e:f4:aa:53:47:d4:6b:01:76:a0:4d:
         d0:d5:e5:bd:68:59:98:73:ff:47:9f:65:fd:b8:b8:03:fa:c2:
         ef:96:3d:1a:92:f9:10:b6:77:49:39:51:cd:85:18:db:03:7f:
         06:8d:ca:80:6a:80:b8:8a:39:1d:e1:7a:8e:2f:a7:cf:38:c1:
         58:60:ad:db:7a:e7:b3:42:b2:bc:e9:76:ba:64:6a:29:c9:b6:
         50:c4:62:ed:3c:06:25:88:63:92:b2:7d:b7:59:30:01:89:c7:
         4e:56:2e:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLFMa+xGRUD4FJhYXHurMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmFjOTc1NmUxNDFlMjQxMmJiOTkzZmI0ZjM3MmRkMzdiNzAyN2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKNBEVuIW84EhevAXP8+9UplsD8W
Q3Si+ntgmczcLXlcjUKnWEg8/ZwmErSEq3WZUoyVVrkOBIZbZqKVpPwgRF6U8hkr
zxlf/0fG0MG1COj8/UhjVf8uUVoREob9prlGaQcTa7LRvlMZIXpWyWcAB4gl1AEe
cXiLpAGt9Qw3QOxZQkPMqP95gNnP9/+D3hg8zBjJanxoQR7OYY09Qa99GtpS5rpw
8WUcAW0QjfMwG/UyDWKfUPKFQ7/+l9UaQSzij8tZKU9eNuQKThy+SN8/3XT0tszX
Q3W+0DmJqV69h96np78/8PJ+nC2YFeWWsVchlmO1CUO/lKWAQ31zWXqZ9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPasl1bhQeJBK7mT+083LdN7cCfyMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvOXF5WFZ1RkI0a0VydVpQN1R6Y3QwM3R3Sl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvAYMA0G
CSqGSIb3DQEBCwUAA4IBAQAKKFaYT+1y+eeddEgvO3mG+j3zTSxo4xJCZ+nANAef
VjEx86Zj+Q+J299zFEEl4j68mjIj8rXKHHjU6phxAMV/BHgbSBfOwLqPMFNxHXRp
F12NED9bNAi8WT1NU7H2+anjKCLduL9DMbTL+dyEy8RRQjWteqEyKh/7vqhXZH89
RZyuT4d4IP0ThU5Fy1oYZAbk28otSyvoTvSqU0fUawF2oE3Q1eW9aFmYc/9Hn2X9
uLgD+sLvlj0akvkQtndJOVHNhRjbA38GjcqAaoC4ijkd4XqOL6fPOMFYYK3beuez
QrK86Xa6ZGopybZQxGLtPAYliGOSsn23WTABicdOVi4P
-----END CERTIFICATE-----